API Docs

This Document documents the types introduced by the VictoriaMetrics to be consumed by users.

Note this document is generated from code comments. When contributing a change to this document please do so by changing the code comments.

Table of Contents#

VMAlertmanager#

VMAlertmanager represents Victoria-Metrics deployment for Alertmanager.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specSpecification of the desired behavior of the VMAlertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusVMAlertmanagerSpectrue
statusMost recent observed status of the VMAlertmanager cluster. Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusVMAlertmanagerStatusfalse

Back to TOC

VMAlertmanagerList#

VMAlertmanagerList is a list of Alertmanagers.

FieldDescriptionSchemeRequired
metadataStandard list metadata More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadatametav1.ListMetafalse
itemsList of Alertmanagers[]VMAlertmanagertrue

Back to TOC

VMAlertmanagerSpec#

VMAlertmanagerSpec is a specification of the desired behavior of the VMAlertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

FieldDescriptionSchemeRequired
podMetadataPodMetadata configures Labels and Annotations which are propagated to the alertmanager pods.*EmbeddedObjectMetadatafalse
imageImage - docker image settings for VMAlertmanager if no specified operator uses default config versionImagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod[]v1.LocalObjectReferencefalse
secretsSecrets is a list of Secrets in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>[]stringfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.[]stringfalse
templatesTemplates is a list of ConfigMap key references for ConfigMaps in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The Templates are mounted into /etc/vm/templates/<configmap-name>/<configmap-key>.[]ConfigMapKeyReferencefalse
configRawYamlConfigRawYaml - raw configuration for alertmanager, it helps it to start without secret. priority -> hardcoded ConfigRaw -> ConfigRaw, provided by user -> ConfigSecret.stringfalse
configSecretConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAlertmanager object, which contains configuration for this VMAlertmanager, configuration must be inside secret key: alertmanager.yaml. It must be created by user. instance. Defaults to 'vmalertmanager-<alertmanager-name>' The secret is mounted into /etc/alertmanager/config.stringfalse
logLevelLog level for VMAlertmanager to be configured with.stringfalse
logFormatLogFormat for VMAlertmanager to be configured with.stringfalse
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy stateint32false
replicaCountReplicaCount Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected*int32false
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.*int32false
retentionRetention Time duration VMAlertmanager shall retain data for. Default is '120h', and must match the regular expression [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).stringfalse
storageStorage is the definition of how storage will be used by the VMAlertmanager instances.*StorageSpecfalse
volumesVolumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.[]v1.Volumefalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects.[]v1.VolumeMountfalse
externalURLExternalURL the VMAlertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if VMAlertmanager is not served from root of a DNS name.stringfalse
routePrefixRoutePrefix VMAlertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with kubectl proxy.stringfalse
pausedPaused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.boolfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.map[string]stringfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/v1.ResourceRequirementsfalse
affinityAffinity If specified, the pod's scheduling constraints.*v1.Affinityfalse
tolerationsTolerations If specified, the pod's tolerations.[]v1.Tolerationfalse
securityContextSecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.*v1.PodSecurityContextfalse
serviceAccountNameServiceAccountName is the name of the ServiceAccount to usestringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/*stringfalse
listenLocalListenLocal makes the VMAlertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the VMAlertmanager UI, not the gossip communication.boolfalse
containersContainers allows injecting additional containers or patching existing containers. This is meant to allow adding an authentication proxy to an VMAlertmanager pod.[]v1.Containerfalse
initContainersInitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.[]v1.Containerfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespaceboolfalse
dnsPolicyDNSPolicy sets DNS policy for the podv1.DNSPolicyfalse
dnsConfigSpecifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.*v1.PodDNSConfigfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[]v1.TopologySpreadConstraintfalse
additionalPeersAdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.[]stringfalse
clusterAdvertiseAddressClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918stringfalse
portNamePortName used for the pods and governing service. This defaults to webstringfalse
serviceSpecServiceSpec that will be added to vmalertmanager service spec*AdditionalServiceSpecfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmalertmanager VMServiceScrape spec*VMServiceScrapeSpecfalse
podDisruptionBudgetPodDisruptionBudget created by operator*EmbeddedPodDisruptionBudgetSpecfalse
livenessProbeLivenessProbe that will be added CRD pod*v1.Probefalse
readinessProbeReadinessProbe that will be added CRD pod*v1.Probefalse
startupProbeStartupProbe that will be added to CRD pod*v1.Probefalse
selectAllByDefaultSelectAllByDefault changes default behavior for empty CRD selectors, such ConfigSelector. with selectAllByDefault: true and undefined ConfigSelector and ConfigNamespaceSelector Operator selects all exist alertManagerConfigs with selectAllByDefault: false - selects nothingboolfalse
configSelectorConfigSelector defines selector for VMAlertmanagerConfig, result config will be merged with with Raw or Secret config. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
configNamespaceSelector\n ConfigNamespaceSelector defines namespace selector for VMAlertmanagerConfig.\nWorks in combination with Selector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
configReloaderExtraArgsConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container for example resyncInterval: &#34;30s&#34;map[string]stringfalse
extraArgsExtraArgs that will be passed to VMAlertmanager pod for example log.level: debugmap[string]stringfalse
extraEnvsExtraEnvs that will be added to VMAlertmanager pod[]v1.EnvVarfalse
disableNamespaceMatcherDisableNamespaceMatcher disables namespace label matcher for VMAlertmanagerConfig It may be useful if alert doesn't have namespace label for some reasonboolfalse
disableRouteContinueEnforceDisableRouteContinueEnforce cancel the behavior for VMAlertmanagerConfig that always enforce first-level route continue to trueboolfalse
rollingUpdateStrategyRollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdateappsv1.StatefulSetUpdateStrategyTypefalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful termination*int64false
readinessGatesReadinessGates defines pod readiness gates[]v1.PodReadinessGatefalse
claimTemplatesClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet[]v1.PersistentVolumeClaimfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions*boolfalse

Back to TOC

VMAlertmanagerStatus#

VMAlertmanagerStatus is the most recent observed status of the VMAlertmanager cluster Operator API itself. More info:

FieldDescriptionSchemeRequired
updateStatusStatus defines a status of object updateUpdateStatusfalse
reasonReason has non empty reason for update failurestringfalse

Back to TOC

DiscordConfig#

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
webhook_urlThe discord webhook URL one of urlSecret and url must be defined.*stringfalse
webhook_url_secretURLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of urlSecret and url must be defined.*v1.SecretKeySelectorfalse
titleThe message title templatestringfalse
messageThe message body templatestringfalse
http_configHTTP client configuration.*HTTPConfigfalse

Back to TOC

EmailConfig#

EmailConfig configures notifications via Email.

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
toThe email address to send notifications to.stringfalse
fromThe sender address.stringfalse
helloThe hostname to identify to the SMTP server.stringfalse
smarthostThe SMTP host through which emails are sent.stringfalse
auth_usernameThe username to use for authentication.stringfalse
auth_passwordAuthPassword defines secret name and key at CRD namespace.*v1.SecretKeySelectorfalse
auth_secretAuthSecret defines secrent name and key at CRD namespace. It must contain the CRAM-MD5 secret.*v1.SecretKeySelectorfalse
auth_identityThe identity to use for authentication.stringfalse
headersFurther headers email header key/value pairs. Overrides any headers previously set by the notification implementation.EmailConfigHeadersfalse
htmlThe HTML body of the email notification.stringfalse
textThe text body of the email notification.stringfalse
require_tlsThe SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.*boolfalse
tls_configTLS configuration*TLSConfigfalse

Back to TOC

HTTPConfig#

HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config

FieldDescriptionSchemeRequired
basic_authBasicAuth for the client.*BasicAuthfalse
bearer_token_secretThe secret's key that contains the bearer token It must be at them same namespace as CRD*v1.SecretKeySelectorfalse
bearer_token_fileBearerTokenFile defines filename for bearer token, it must be mounted to pod.stringfalse
tls_configTLS configuration for the client.*TLSConfigfalse
proxyURLOptional proxy URL.stringfalse

Back to TOC

ImageConfig#

ImageConfig is used to attach images to the incident. See https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event#the-images-property for more information.

FieldDescriptionSchemeRequired
hrefstringfalse
sourcestringtrue
altstringfalse

Back to TOC

InhibitRule#

InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. Note, it doesn’t support deprecated alertmanager config options. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule

FieldDescriptionSchemeRequired
target_matchersTargetMatchers defines a list of matchers that have to be fulfilled by the target alerts to be muted.[]stringfalse
source_matchersSourceMatchers defines a list of matchers for which one or more alerts have to exist for the inhibition to take effect.[]stringfalse
equalLabels that must have an equal value in the source and target alert for the inhibition to take effect.[]stringfalse

Back to TOC

LinkConfig#

LinkConfig is used to attach text links to the incident. See https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event#the-links-property for more information.

FieldDescriptionSchemeRequired
hrefstringtrue
textstringfalse

Back to TOC

MSTeamsConfig#

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
webhook_urlThe incoming webhook URL one of urlSecret and url must be defined.*stringfalse
webhook_url_secretURLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of urlSecret and url must be defined.*v1.SecretKeySelectorfalse
titleThe title of the teams notification.stringfalse
textThe text body of the teams notification.stringfalse
http_configHTTP client configuration.*HTTPConfigfalse

Back to TOC

MuteTimeInterval#

MuteTimeInterval for alerts

FieldDescriptionSchemeRequired
nameName of intervalstringfalse
time_intervalsTimeIntervals interval configuration[]TimeIntervaltrue

Back to TOC

OpsGenieConfig#

OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
api_keyThe secret's key that contains the OpsGenie API key. It must be at them same namespace as CRD*v1.SecretKeySelectorfalse
apiURLThe URL to send OpsGenie API requests to.stringfalse
messageAlert text limited to 130 characters.stringfalse
descriptionDescription of the incident.stringfalse
sourceBacklink to the sender of the notification.stringfalse
tagsComma separated list of tags attached to the notifications.stringfalse
noteAdditional alert note.stringfalse
priorityPriority level of alert. Possible values are P1, P2, P3, P4, and P5.stringfalse
detailsA set of arbitrary key/value pairs that provide further detail about the incident.ReceiverConfigDetailsfalse
respondersList of responders responsible for notifications.[]OpsGenieConfigResponderfalse
entityOptional field that can be used to specify which domain alert is related to.stringfalse
actionsComma separated list of actions that will be available for the alert.stringfalse
update_alertsWhether to update message and description of the alert in OpsGenie if it already exists By default, the alert is never updated in OpsGenie, the new message only appears in activity log.boolfalse
http_configHTTP client configuration.*HTTPConfigfalse

Back to TOC

OpsGenieConfigResponder#

OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined.

FieldDescriptionSchemeRequired
idID of the responder.stringfalse
nameName of the responder.stringfalse
usernameUsername of the responder.stringfalse
typeType of responder.stringtrue

Back to TOC

PagerDutyConfig#

PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
routing_keyThe secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or serviceKey needs to be defined. It must be at them same namespace as CRD*v1.SecretKeySelectorfalse
service_keyThe secret's key that contains the PagerDuty service key (when using integration type &#34;Prometheus&#34;). Either this field or routingKey needs to be defined. It must be at them same namespace as CRD*v1.SecretKeySelectorfalse
urlThe URL to send requests to.stringfalse
clientClient identification.stringfalse
client_urlBacklink to the sender of notification.stringfalse
imagesImages to attach to the incident.[]ImageConfigfalse
linksLinks to attach to the incident.[]LinkConfigfalse
descriptionDescription of the incident.stringfalse
severitySeverity of the incident.stringfalse
classThe class/type of the event.stringfalse
groupA cluster or grouping of sources.stringfalse
componentThe part or component of the affected system that is broken.stringfalse
detailsArbitrary key/value pairs that provide further detail about the incident.ReceiverConfigDetailsfalse
http_configHTTP client configuration.*HTTPConfigfalse

Back to TOC

PushoverConfig#

PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
user_keyThe secret's key that contains the recipient user’s user key. It must be at them same namespace as CRD*v1.SecretKeySelectorfalse
tokenThe secret's key that contains the registered application’s API token, see https://pushover.net/apps. It must be at them same namespace as CRD*v1.SecretKeySelectorfalse
titleNotification title.stringfalse
messageNotification message.stringfalse
urlA supplementary URL shown alongside the message.stringfalse
url_titleA title for supplementary URL, otherwise just the URL is shownstringfalse
soundThe name of one of the sounds supported by device clients to override the user's default sound choicestringfalse
priorityPriority, see https://pushover.net/api#prioritystringfalse
retryHow often the Pushover servers will send the same notification to the user. Must be at least 30 seconds.stringfalse
expireHow long your notification will continue to be retried for, unless the user acknowledges the notification.stringfalse
htmlWhether notification message is HTML or plain text.boolfalse
http_configHTTP client configuration.*HTTPConfigfalse

Back to TOC

Receiver#

Receiver defines one or more notification integrations.

FieldDescriptionSchemeRequired
nameName of the receiver. Must be unique across all items from the list.stringtrue
email_configsEmailConfigs defines email notification configurations.[]EmailConfigfalse
pagerduty_configsPagerDutyConfigs defines pager duty notification configurations.[]PagerDutyConfigfalse
pushover_configsPushoverConfigs defines push over notification configurations.[]PushoverConfigfalse
slack_configsSlackConfigs defines slack notification configurations.[]SlackConfigfalse
opsgenie_configsOpsGenieConfigs defines ops genie notification configurations.[]OpsGenieConfigfalse
webhook_configsWebhookConfigs defines webhook notification configurations.[]WebhookConfigfalse
victorops_configsVictorOpsConfigs defines victor ops notification configurations.[]VictorOpsConfigfalse
wechat_configsWeChatConfigs defines wechat notification configurations.[]WeChatConfigfalse
telegram_configs[]TelegramConfigfalse
msteams_configs[]MSTeamsConfigfalse
discord_configs[]DiscordConfigfalse
sns_configs[]SnsConfigfalse
webex_configs[]WebexConfigfalse

Back to TOC

Route#

Route defines a node in the routing tree.

FieldDescriptionSchemeRequired
receiverName of the receiver for this route.stringtrue
group_byList of labels to group by.[]stringfalse
group_waitHow long to wait before sending the initial notification.stringfalse
group_intervalHow long to wait before sending an updated notification.stringfalse
repeat_intervalHow long to wait before repeating the last notification.stringfalse
matchersList of matchers that the alert’s labels should match. For the first level route, the operator adds a namespace: &#34;CRD_NS&#34; matcher. https://prometheus.io/docs/alerting/latest/configuration/#matcher[]stringfalse
continueContinue indicating whether an alert should continue matching subsequent sibling nodes. It will always be true for the first-level route if disableRouteContinueEnforce for vmalertmanager not set.boolfalse
routesChild routes. https://prometheus.io/docs/alerting/latest/configuration/#route[]apiextensionsv1.JSONfalse
mute_time_intervalsMuteTimeIntervals for alerts[]stringfalse
active_time_intervalsActiveTimeIntervals Times when the route should be active These must match the name at time_intervals[]stringfalse

Back to TOC

Sigv4Config#

FieldDescriptionSchemeRequired
regionAWS region, if blank the region from the default credentials chain is usedstringfalse
access_keyThe AWS API keys. Both access_key and secret_key must be supplied or both must be blank. If blank the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are used.stringfalse
access_key_selectorsecret key selector to get the keys from a Kubernetes Secret*v1.SecretKeySelectorfalse
secret_key_selectorsecret key selector to get the keys from a Kubernetes Secret*v1.SecretKeySelectorfalse
profileNamed AWS profile used to authenticatestringfalse
role_arnAWS Role ARN, an alternative to using AWS API keysstringfalse

Back to TOC

SlackAction#

SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.

FieldDescriptionSchemeRequired
typestringtrue
textstringtrue
urlstringfalse
stylestringfalse
namestringfalse
valuestringfalse
confirm*SlackConfirmationFieldfalse

Back to TOC

SlackConfig#

SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
api_urlThe secret's key that contains the Slack webhook URL. It must be at them same namespace as CRD*v1.SecretKeySelectorfalse
channelThe channel or user to send notifications to.stringfalse
usernamestringfalse
colorstringfalse
titlestringfalse
title_linkstringfalse
pretextstringfalse
textstringfalse
fieldsA list of Slack fields that are sent with each notification.[]SlackFieldfalse
short_fieldsboolfalse
footerstringfalse
fallbackstringfalse
callback_idstringfalse
icon_emojistringfalse
icon_urlstringfalse
image_urlstringfalse
thumb_urlstringfalse
link_namesboolfalse
mrkdwn_in[]stringfalse
actionsA list of Slack actions that are sent with each notification.[]SlackActionfalse
http_configHTTP client configuration.*HTTPConfigfalse

Back to TOC

SlackConfirmationField#

SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.

FieldDescriptionSchemeRequired
textstringtrue
titlestringfalse
ok_textstringfalse
dismiss_textstringfalse

Back to TOC

SlackField#

SlackField configures a single Slack field that is sent with each notification. See https://api.slack.com/docs/message-attachments#fields for more information.

FieldDescriptionSchemeRequired
titlestringtrue
valuestringtrue
short*boolfalse

Back to TOC

SnsConfig#

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
api_urlThe api URLstringfalse
sigv4Configure the AWS Signature Verification 4 signing process*Sigv4Configfalse
topic_arnSNS topic ARN, either specify this, phone_number or target_arnstringfalse
subjectThe subject line if message is delivered to an email endpoint.stringfalse
phone_numberPhone number if message is delivered via SMS Specify this, topic_arn or target_arnstringfalse
target_arnMobile platform endpoint ARN if message is delivered via mobile notifications Specify this, topic_arn or phone_numberstringfalse
messageThe message content of the SNS notification.stringfalse
attributesSNS message attributesmap[string]stringfalse
http_configHTTP client configuration.*HTTPConfigfalse

Back to TOC

TelegramConfig#

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
api_urlAPIUrl the Telegram API URL i.e. https://api.telegram.org.stringfalse
bot_tokenBotToken token for the bot https://core.telegram.org/bots/api*v1.SecretKeySelectortrue
chat_idChatID is ID of the chat where to send the messages.inttrue
messageMessage is templated messagestringfalse
disable_notificationsDisableNotifications*boolfalse
parse_modeParseMode for telegram message, supported values are MarkdownV2, Markdown, Markdown and empty string for plain text.stringfalse
http_configHTTP client configuration.*HTTPConfigfalse

Back to TOC

TimeInterval#

TimeInterval defines intervals of time

FieldDescriptionSchemeRequired
timesTimes defines time range for mute[]TimeRangefalse
weekdaysWeekdays defines list of days of the week, where the week begins on Sunday and ends on Saturday.[]stringfalse
days_of_monthDayOfMonth defines list of numerical days in the month. Days begin at 1. Negative values are also accepted. for example, ['1:5', '-3:-1'][]stringfalse
monthsMonths defines list of calendar months identified by a case-insensitive name (e.g. ‘January’) or numeric 1. For example, ['1:3', 'may:august', 'december'][]stringfalse
yearsYears defines numerical list of years, ranges are accepted. For example, ['2020:2022', '2030'][]stringfalse
locationLocation in golang time location form, e.g. UTCstringfalse

Back to TOC

TimeRange#

TimeRange ranges inclusive of the starting time and exclusive of the end time

FieldDescriptionSchemeRequired
start_timeStartTime for example HH:MMstringtrue
end_timeEndTime for example HH:MMstringtrue

Back to TOC

VMAlertmanagerConfig#

VMAlertmanagerConfig is the Schema for the vmalertmanagerconfigs API

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMAlertmanagerConfigSpecfalse
statusVMAlertmanagerConfigStatusfalse

Back to TOC

VMAlertmanagerConfigList#

VMAlertmanagerConfigList contains a list of VMAlertmanagerConfig

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMAlertmanagerConfigtrue

Back to TOC

VMAlertmanagerConfigSpec#

VMAlertmanagerConfigSpec defines configuration for VMAlertmanagerConfig

FieldDescriptionSchemeRequired
routeRoute definition for alertmanager, may include nested routes.*Routetrue
receiversReceivers defines alert receivers. without defined Route, receivers will be skipped.[]Receivertrue
inhibit_rulesInhibitRules will only apply for alerts matching the resource's namespace.[]InhibitRulefalse
mute_time_intervalsMuteTimeInterval - global mute time See https://prometheus.io/docs/alerting/latest/configuration/#mute_time_interval[]MuteTimeIntervalfalse
time_intervalsParsingError contents error with context if operator was failed to parse json object from kubernetes api server TimeIntervals modern config option, use it instead of mute_time_intervals[]MuteTimeIntervalfalse

Back to TOC

VMAlertmanagerConfigStatus#

VMAlertmanagerConfigStatus defines the observed state of VMAlertmanagerConfig

FieldDescriptionSchemeRequired
reasonErrorReason describes validation or any other errors.stringfalse

Back to TOC

VictorOpsConfig#

VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
api_keyThe secret's key that contains the API key to use when talking to the VictorOps API. It must be at them same namespace as CRD*v1.SecretKeySelectorfalse
api_urlThe VictorOps API URL.stringfalse
routing_keyA key used to map the alert to a team.stringtrue
message_typeDescribes the behavior of the alert (CRITICAL, WARNING, INFO).stringfalse
entity_display_nameContains summary of the alerted problem.stringfalse
state_messageContains long explanation of the alerted problem.stringfalse
monitoring_toolThe monitoring tool the state message is from.stringfalse
http_configThe HTTP client's configuration.*HTTPConfigfalse
custom_fieldsAdds optional custom fields https://github.com/prometheus/alertmanager/blob/v0.24.0/config/notifiers.go#L537map[string]stringfalse

Back to TOC

WeChatConfig#

WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
api_secretThe secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.*v1.SecretKeySelectorfalse
api_urlThe WeChat API URL.stringfalse
corp_idThe corp id for authentication.stringfalse
agent_idstringfalse
to_userstringfalse
to_partystringfalse
to_tagstringfalse
messageAPI request data as defined by the WeChat API.stringfalse
message_typestringfalse
http_configHTTP client configuration.*HTTPConfigfalse

Back to TOC

WebexConfig#

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
api_urlThe Webex Teams API URL, i.e. https://webexapis.com/v1/messages*stringfalse
room_idThe ID of the Webex Teams room where to send the messagesstringfalse
messageThe message body templatestringfalse
http_configHTTP client configuration. You must use this configuration to supply the bot token as part of the HTTP Authorization header.*HTTPConfigfalse

Back to TOC

WebhookConfig#

WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config

FieldDescriptionSchemeRequired
send_resolvedSendResolved controls notify about resolved alerts.*boolfalse
urlURL to send requests to, one of urlSecret and url must be defined.*stringfalse
url_secretURLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of urlSecret and url must be defined.*v1.SecretKeySelectorfalse
http_configHTTP client configuration.*HTTPConfigfalse
max_alertsMaximum number of alerts to be sent per webhook message. When 0, all alerts are included.int32false

Back to TOC

VMAgent#

VMAgent - is a tiny but brave agent, which helps you collect metrics from various sources and stores them in VictoriaMetrics or any other Prometheus-compatible storage system that supports the remote_write protocol.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMAgentSpecfalse
statusVMAgentStatusfalse

Back to TOC

VMAgentList#

VMAgentList contains a list of VMAgent

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMAgenttrue

Back to TOC

VMAgentRemoteWriteSettings#

VMAgentRemoteWriteSettings - defines global settings for all remoteWrite urls.

FieldDescriptionSchemeRequired
maxBlockSizeThe maximum size in bytes of unpacked request to send to remote storage*int32false
maxDiskUsagePerURLThe maximum file-based buffer size in bytes at -remoteWrite.tmpDataPath*int64false
queuesThe number of concurrent queues*int32false
showURLWhether to show -remoteWrite.url in the exported metrics. It is hidden by default, since it can contain sensitive auth info*boolfalse
tmpDataPathPath to directory where temporary data for remote write component is stored (default vmagent-remotewrite-data)*stringfalse
flushIntervalInterval for flushing the data to remote storage. (default 1s)*stringfalse
labelLabels in the form 'name=value' to add to all the metrics before sending them. This overrides the label if it already exists.map[string]stringfalse
useMultiTenantModeConfigures vmagent in multi-tenant mode with direct cluster support docs https://docs.victoriametrics.com/vmagent.html#multitenancy it's global setting and affects all remote storage configurationsboolfalse

Back to TOC

VMAgentRemoteWriteSpec#

VMAgentRemoteWriteSpec defines the remote storage configuration for VmAgent

FieldDescriptionSchemeRequired
urlURL of the endpoint to send samples to.stringtrue
basicAuthBasicAuth allow an endpoint to authenticate over basic authentication*BasicAuthfalse
bearerTokenSecretOptional bearer auth token to use for -remoteWrite.url*v1.SecretKeySelectorfalse
urlRelabelConfigConfigMap with relabeling config which is applied to metrics before sending them to the corresponding -remoteWrite.url*v1.ConfigMapKeySelectorfalse
inlineUrlRelabelConfigInlineUrlRelabelConfig defines relabeling config for remoteWriteURL, it can be defined at crd spec.[]RelabelConfigfalse
oauth2OAuth2 defines auth configuration*OAuth2false
tlsConfigTLSConfig describes tls configuration for remote write target*TLSConfigfalse
sendTimeoutTimeout for sending a single block of data to -remoteWrite.url (default 1m0s)*stringfalse
headersHeaders allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName: headerValue vmagent supports since 1.79.0 version[]stringfalse
streamAggrConfigStreamAggrConfig defines stream aggregation configuration for VMAgent for -remoteWrite.url*StreamAggrConfigfalse

Back to TOC

VMAgentSpec#

VMAgentSpec defines the desired state of VMAgent

FieldDescriptionSchemeRequired
podMetadataPodMetadata configures Labels and Annotations which are propagated to the vmagent pods.*EmbeddedObjectMetadatafalse
imageImage - docker image settings for VMAgent if no specified operator uses default config versionImagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod[]v1.LocalObjectReferencefalse
secretsSecrets is a list of Secrets in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/secrets[]stringfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/configs[]stringfalse
logLevelLogLevel for VMAgent to be configured with. INFO, WARN, ERROR, FATAL, PANICstringfalse
logFormatLogFormat for VMAgent to be configured with.stringfalse
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy stateint32false
replicaCountReplicaCount is the expected size of the VMAgent cluster. The controller will eventually make the size of the running cluster equal to the expected size. NOTE enable VMSingle deduplication for replica usage*int32false
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.*int32false
volumesVolumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.[]v1.Volumefalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output deploy definition. VolumeMounts specified will be appended to other VolumeMounts in the vmagent container, that are generated as a result of StorageSpec objects.[]v1.VolumeMountfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not specified - default setting will be usedv1.ResourceRequirementsfalse
affinityAffinity If specified, the pod's scheduling constraints.*v1.Affinityfalse
tolerationsTolerations If specified, the pod's tolerations.[]v1.Tolerationfalse
securityContextSecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.*v1.PodSecurityContextfalse
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the VMAgent Pods.stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/*stringfalse
host_aliasesHostAliases provides mapping between ip and hostnames, that would be propagated to pod, cannot be used with HostNetwork.[]v1.HostAliasfalse
containersContainers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.[]v1.Containerfalse
initContainersInitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmagent configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.[]v1.Containerfalse
priorityClassNamePriorityClassName assigned to the Podsstringfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespaceboolfalse
dnsPolicyDNSPolicy set DNS policy for the podv1.DNSPolicyfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[]v1.TopologySpreadConstraintfalse
scrapeIntervalScrapeInterval defines how often scrape targets by defaultstringfalse
scrapeTimeoutScrapeTimeout defines global timeout for targets scrapestringfalse
aPIServerConfigAPIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, VMAgent is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.*APIServerConfigfalse
overrideHonorLabelsOverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceScrape or PodScrape to true, this overrides honor_labels to false.boolfalse
overrideHonorTimestampsOverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.boolfalse
ignoreNamespaceSelectorsIgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podscrape and vmservicescrape configs, and they will only discover endpoints within their current namespace. Defaults to false.boolfalse
enforcedNamespaceLabelEnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.stringfalse
vmAgentExternalLabelNameVMAgentExternalLabelName Name of vmAgent external label used to denote vmAgent instance name. Defaults to the value of prometheus. External label will not be added when value is set to empty string (\&#34;\&#34;).*stringfalse
externalLabelsExternalLabels The labels to add to any time series scraped by vmagent. it doesn't affect metrics ingested directly by push API'smap[string]stringfalse
remoteWriteRemoteWrite list of victoria metrics /some other remote write system for vm it must looks like: http://victoria-metrics-single:8429/api/v1/write or for cluster different url https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmagent#splitting-data-streams-among-multiple-systems[]VMAgentRemoteWriteSpectrue
remoteWriteSettingsRemoteWriteSettings defines global settings for all remoteWrite urls.*VMAgentRemoteWriteSettingsfalse
relabelConfigRelabelConfig ConfigMap with global relabel config -remoteWrite.relabelConfig This relabeling is applied to all the collected metrics before sending them to remote storage.*v1.ConfigMapKeySelectorfalse
inlineRelabelConfigInlineRelabelConfig - defines GlobalRelabelConfig for vmagent, can be defined directly at CRD.[]RelabelConfigfalse
selectAllByDefaultSelectAllByDefault changes default behavior for empty CRD selectors, such ServiceScrapeSelector. with selectAllByDefault: true and empty serviceScrapeSelector and ServiceScrapeNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothingboolfalse
serviceScrapeSelectorServiceScrapeSelector defines ServiceScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
serviceScrapeNamespaceSelectorServiceScrapeNamespaceSelector Namespaces to be selected for VMServiceScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
podScrapeSelectorPodScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
podScrapeNamespaceSelectorPodScrapeNamespaceSelector defines Namespaces to be selected for VMPodScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
probeSelectorProbeSelector defines VMProbe to be selected for target probing. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
probeNamespaceSelectorProbeNamespaceSelector defines Namespaces to be selected for VMProbe discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
nodeScrapeSelectorNodeScrapeSelector defines VMNodeScrape to be selected for scraping. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
nodeScrapeNamespaceSelectorNodeScrapeNamespaceSelector defines Namespaces to be selected for VMNodeScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
staticScrapeSelectorStaticScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. If both nil - match everything. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces.*metav1.LabelSelectorfalse
staticScrapeNamespaceSelectorStaticScrapeNamespaceSelector defines Namespaces to be selected for VMStaticScrape discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
scrapeConfigSelectorScrapeConfigSelector defines VMScrapeConfig to be selected for target discovery. Works in combination with NamespaceSelector.*metav1.LabelSelectorfalse
scrapeConfigNamespaceSelectorScrapeConfigNamespaceSelector defines Namespaces to be selected for VMScrapeConfig discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
inlineScrapeConfigInlineScrapeConfig As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade. it should be defined as single yaml file. inlineScrapeConfig: |\n - job_name: &#34;prometheus&#34;\n static_configs:\n - targets: [&#34;localhost:9090&#34;]stringfalse
additionalScrapeConfigsAdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade.*v1.SecretKeySelectorfalse
arbitraryFSAccessThroughSMsArbitraryFSAccessThroughSMs configures whether configuration based on a service scrape can access arbitrary files on the file system of the VMAgent container e.g. bearer token files.ArbitraryFSAccessThroughSMsConfigfalse
insertPortsInsertPorts - additional listen ports for data ingestion.*InsertPortsfalse
portPort listen addressstringfalse
configReloaderExtraArgsConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container for example resyncInterval: &#34;30s&#34;map[string]stringfalse
extraArgsExtraArgs that will be passed to VMAgent pod for example remoteWrite.tmpDataPath: /tmp it would be converted to flag –remoteWrite.tmpDataPath=/tmpmap[string]stringfalse
extraEnvsExtraEnvs that will be added to VMAgent pod[]v1.EnvVarfalse
serviceSpecServiceSpec that will be added to vmagent service spec*AdditionalServiceSpecfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmagent VMServiceScrape spec*VMServiceScrapeSpecfalse
shardCountShardCount - numbers of shards of VMAgent in this case operator will use 1 deployment/sts per shard with replicas count according to spec.replicas, see https://docs.victoriametrics.com/vmagent.html#scraping-big-number-of-targets*intfalse
updateStrategyUpdateStrategy - overrides default update strategy. works only for deployments, statefulset always use OnDelete.*appsv1.DeploymentStrategyTypefalse
rollingUpdateRollingUpdate - overrides deployment update params.*appsv1.RollingUpdateDeploymentfalse
podDisruptionBudgetPodDisruptionBudget created by operator*EmbeddedPodDisruptionBudgetSpecfalse
livenessProbeLivenessProbe that will be added CRD pod*v1.Probefalse
readinessProbeReadinessProbe that will be added CRD pod*v1.Probefalse
startupProbeStartupProbe that will be added to CRD pod*v1.Probefalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.map[string]stringfalse
serviceScrapeRelabelTemplateServiceScrapeRelabelTemplate defines relabel config, that will be added to each VMServiceScrape. it's useful for adding specific labels to all targets[]*RelabelConfigfalse
podScrapeRelabelTemplatePodScrapeRelabelTemplate defines relabel config, that will be added to each VMPodScrape. it's useful for adding specific labels to all targets[]*RelabelConfigfalse
nodeScrapeRelabelTemplateNodeScrapeRelabelTemplate defines relabel config, that will be added to each VMNodeScrape. it's useful for adding specific labels to all targets[]*RelabelConfigfalse
staticScrapeRelabelTemplateStaticScrapeRelabelTemplate defines relabel config, that will be added to each VMStaticScrape. it's useful for adding specific labels to all targets[]*RelabelConfigfalse
probeScrapeRelabelTemplateProbeScrapeRelabelTemplate defines relabel config, that will be added to each VMProbeScrape. it's useful for adding specific labels to all targets[]*RelabelConfigfalse
scrapeConfigRelabelTemplateScrapeConfigRelabelTemplate defines relabel config, that will be added to each VMScrapeConfig. it's useful for adding specific labels to all targets[]*RelabelConfigfalse
minScrapeIntervalMinScrapeInterval allows limiting minimal scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is lower than defined limit, minScrapeInterval will be used.*stringfalse
maxScrapeIntervalMaxScrapeInterval allows limiting maximum scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is higher than defined limit, maxScrapeInterval will be used.*stringfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful termination*int64false
dnsConfigSpecifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.*v1.PodDNSConfigfalse
statefulModeStatefulMode enables StatefulSet for VMAgent instead of Deployment it allows using persistent storage for vmagent's persistentQueueboolfalse
statefulStorageStatefulStorage configures storage for StatefulSet*StorageSpecfalse
statefulRollingUpdateStrategyStatefulRollingUpdateStrategy allows configuration for strategyType set it to RollingUpdate for disabling operator statefulSet rollingUpdateappsv1.StatefulSetUpdateStrategyTypefalse
readinessGatesReadinessGates defines pod readiness gates[]v1.PodReadinessGatefalse
claimTemplatesClaimTemplates allows adding additional VolumeClaimTemplates for VMAgent in StatefulMode[]v1.PersistentVolumeClaimfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions*boolfalse
ingestOnlyModeIngestOnlyMode switches vmagent into unmanaged mode it disables any config generation for scraping Currently it prevents vmagent from managing tls and auth options for remote writeboolfalse
licenseLicense allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html*Licensefalse
pausedPaused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.boolfalse

Back to TOC

VMAgentStatus#

VMAgentStatus defines the observed state of VMAgent

FieldDescriptionSchemeRequired
shardsShards represents total number of vmagent deployments with uniq scrape targetsint32false
selectorSelector string form of label value set for autoscalingstringfalse
replicasReplicaCount Total number of pods targeted by this VMAgentint32false
updatedReplicasUpdatedReplicas Total number of non-terminated pods targeted by this VMAgent cluster that have the desired version spec.int32false
availableReplicasAvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMAlert cluster.int32false
unavailableReplicasUnavailableReplicas Total number of unavailable pods targeted by this VMAgent cluster.int32false
updateStatusUpdateStatus defines a status for update rollout, effective only for statefulModeUpdateStatusfalse
reasonReason defines fail reason for update process, effective only for statefulModestringfalse

Back to TOC

AdditionalServiceSpec#

ServiceSpec defines additional service for CRD with user-defined params. by default, some of fields can be inherited from default service definition for the CRD: labels,selector, ports. if metadata.name is not defined, service will have format {{CRD_TYPE}}-{{CRD_NAME}}-additional-service. if UseAsDefault is set to true, changes applied to the main service without additional service creation

FieldDescriptionSchemeRequired
useAsDefaultUseAsDefault applies changes from given service definition to the main object Service Changing from headless service to clusterIP or loadbalancer may break cross-component communicationboolfalse
metadataEmbeddedObjectMetadata defines objectMeta for additional service.EmbeddedObjectMetadatafalse
specServiceSpec describes the attributes that a user creates on a service. More info: https://kubernetes.io/docs/concepts/services-networking/service/v1.ServiceSpectrue

Back to TOC

BasicAuth#

BasicAuth allow an endpoint to authenticate over basic authentication

FieldDescriptionSchemeRequired
usernameThe secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRDv1.SecretKeySelectorfalse
passwordThe secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRDv1.SecretKeySelectorfalse
password_filePasswordFile defines path to password file at diskstringfalse

Back to TOC

BearerAuth#

BearerAuth defines auth with bearer token

FieldDescriptionSchemeRequired
bearerTokenFilePath to bearer token filestringfalse
bearerTokenSecretOptional bearer auth token to use for -remoteWrite.url*v1.SecretKeySelectorfalse

Back to TOC

ConfigMapKeyReference#

ConfigMapKeyReference refers to a key in a ConfigMap.

FieldDescriptionSchemeRequired
keyThe ConfigMap key to refer to.stringtrue

Back to TOC

DiscoverySelector#

DiscoverySelector can be used at CRD components discovery

FieldDescriptionSchemeRequired
namespaceSelector*NamespaceSelectorfalse
labelSelector*metav1.LabelSelectorfalse

Back to TOC

EmbeddedHPA#

EmbeddedHPA embeds HorizontalPodAutoScaler spec v2. https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2/

FieldDescriptionSchemeRequired
minReplicas*int32false
maxReplicasint32false
metrics[]v2beta2.MetricSpecfalse
behaviour*v2beta2.HorizontalPodAutoscalerBehaviorfalse

Back to TOC

EmbeddedObjectMetadata#

EmbeddedObjectMetadata contains a subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta Only fields which are relevant to embedded resources are included.

FieldDescriptionSchemeRequired
nameName must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#namesstringfalse
labelsLabels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labelsmap[string]stringfalse
annotationsAnnotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotationsmap[string]stringfalse

Back to TOC

EmbeddedPersistentVolumeClaim#

EmbeddedPersistentVolumeClaim is an embedded version of k8s.io/api/core/v1.PersistentVolumeClaim. It contains TypeMeta and a reduced ObjectMeta.

FieldDescriptionSchemeRequired
metadataEmbeddedMetadata contains metadata relevant to an EmbeddedResource.EmbeddedObjectMetadatafalse
specSpec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaimsv1.PersistentVolumeClaimSpecfalse
statusStatus represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaimsv1.PersistentVolumeClaimStatusfalse

Back to TOC

EmbeddedPodDisruptionBudgetSpec#

FieldDescriptionSchemeRequired
minAvailableAn eviction is allowed if at least &#34;minAvailable&#34; pods selected by &#34;selector&#34; will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying &#34;100%&#34;.*intstr.IntOrStringfalse
maxUnavailableAn eviction is allowed if at most &#34;maxUnavailable&#34; pods selected by &#34;selector&#34; are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with &#34;minAvailable&#34;.*intstr.IntOrStringfalse
selectorLabelsreplaces default labels selector generated by operator it's useful when you need to create custom budgetmap[string]stringfalse

Back to TOC

EmbeddedProbes#

EmbeddedProbes - it allows to override some probe params. its not necessary to specify all options, operator will replace missing spec with default values.

FieldDescriptionSchemeRequired
livenessProbeLivenessProbe that will be added CRD pod*v1.Probefalse
readinessProbeReadinessProbe that will be added CRD pod*v1.Probefalse
startupProbeStartupProbe that will be added to CRD pod*v1.Probefalse

Back to TOC

HTTPAuth#

HTTPAuth generic auth used with http protocols

FieldDescriptionSchemeRequired
basicAuth*BasicAuthfalse
oauth2*OAuth2false
tlsConfig*TLSConfigfalse
bearerTokenFilePath to bearer token filestringfalse
bearerTokenSecretOptional bearer auth token to use for -remoteWrite.url*v1.SecretKeySelectorfalse
headersHeaders allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version[]stringfalse

Back to TOC

KeyValue#

KeyValue defines a (key, value) tuple.

FieldDescriptionSchemeRequired
keyKey of the tuple.stringtrue
valueValue of the tuple.stringtrue

Back to TOC

License#

License holds license key for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0 See: https://docs.victoriametrics.com/enterprise.html

FieldDescriptionSchemeRequired
keyEnterprise license key. This flag is available only in VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html for more information, visit https://victoriametrics.com/products/enterprise/ . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/*stringfalse
keyRefKeyRef is reference to secret with license key for enterprise features.*v1.SecretKeySelectorfalse

Back to TOC

StorageSpec#

StorageSpec defines the configured storage for a group Prometheus servers. If neither emptyDir nor volumeClaimTemplate is specified, then by default an EmptyDir will be used.

FieldDescriptionSchemeRequired
disableMountSubPathDeprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.boolfalse
emptyDirEmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir*v1.EmptyDirVolumeSourcefalse
volumeClaimTemplateA PVC spec to be used by the VMAlertManager StatefulSets.EmbeddedPersistentVolumeClaimfalse

Back to TOC

StreamAggrConfig#

StreamAggrConfig defines the stream aggregation config

FieldDescriptionSchemeRequired
rulesStream aggregation rules[]StreamAggrRuletrue
keepInputAllows writing both raw and aggregate databoolfalse
dropInputAllow drop all the input samples after the aggregationboolfalse
dedupIntervalAllows setting different de-duplication intervals per each configured remote storagestringfalse

Back to TOC

StreamAggrRule#

StreamAggrRule defines the rule in stream aggregation config

FieldDescriptionSchemeRequired
matchMatch is a label selector (or list of label selectors) for filtering time series for the given selector.\n\nIf the match isn't set, then all the input time series are processed.StringOrArrayfalse
intervalInterval is the interval between aggregations.stringtrue
no_align_flush_to_intervalNoAlignFlushToInterval disables aligning of flushes to multiples of Interval. By default flushes are aligned to Interval.*boolfalse
flush_on_shutdownFlushOnShutdown defines whether to flush the aggregation state on process termination or config reload. Is false by default. It is not recommended changing this setting, unless unfinished aggregations states are preferred to missing data points.boolfalse
dedup_intervalDedupInterval is an optional interval for deduplication.stringfalse
staleness_intervalStaleness interval is interval after which the series state will be reset if no samples have been sent during it. The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket.stringfalse
outputsOutputs is a list of output aggregate functions to produce.\n\nThe following names are allowed:\n\n- total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series - count_samples - counts the input samples - sum_samples - sums the input samples - last - the last biggest sample value - min - the minimum sample value - max - the maximum sample value - avg - the average value across all the samples - stddev - standard deviation across all the samples - stdvar - standard variance across all the samples - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, …, phiN) - quantiles' estimation for phi in the range [0..1]\n\nThe output time series will have the following names:\n\n input_name:aggr_<interval>_<output>[]stringtrue
keep_metric_namesKeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.*boolfalse
ignore_old_samplesIgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.*boolfalse
byBy is an optional list of labels for grouping input series.\n\nSee also Without.\n\nIf neither By nor Without are set, then the Outputs are calculated individually per each input time series.[]stringfalse
withoutWithout is an optional list of labels, which must be excluded when grouping input series.\n\nSee also By.\n\nIf neither By nor Without are set, then the Outputs are calculated individually per each input time series.[]stringfalse
drop_input_labelsDropInputLabels is an optional list with labels, which must be dropped before further processing of input samples.\n\nLabels are dropped before de-duplication and aggregation.*[]stringfalse
input_relabel_configsInputRelabelConfigs is an optional relabeling rules, which are applied on the input before aggregation.[]RelabelConfigfalse
output_relabel_configsOutputRelabelConfigs is an optional relabeling rules, which are applied on the aggregated output before being sent to remote storage.[]RelabelConfigfalse

Back to TOC

VMAlert#

VMAlert executes a list of given alerting or recording rules against configured address.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMAlertSpecfalse
statusVMAlertStatusfalse

Back to TOC

VMAlertDatasourceSpec#

VMAlertDatasourceSpec defines the remote storage configuration for VmAlert to read alerts from

FieldDescriptionSchemeRequired
urlVictoria Metrics or VMSelect url. Required parameter. E.g. http://127.0.0.1:8428stringtrue
basicAuth*BasicAuthfalse
oauth2*OAuth2false
tlsConfig*TLSConfigfalse
bearerTokenFilePath to bearer token filestringfalse
bearerTokenSecretOptional bearer auth token to use for -remoteWrite.url*v1.SecretKeySelectorfalse
headersHeaders allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version[]stringfalse

Back to TOC

VMAlertList#

VMAlertList contains a list of VMAlert

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMAlerttrue

Back to TOC

VMAlertNotifierSpec#

VMAlertNotifierSpec defines the notifier url for sending information about alerts

FieldDescriptionSchemeRequired
urlAlertManager url. E.g. http://127.0.0.1:9093stringfalse
selectorSelector allows service discovery for alertmanager in this case all matched vmalertmanager replicas will be added into vmalert notifier.url as statefulset pod.fqdn*DiscoverySelectorfalse
basicAuth*BasicAuthfalse
oauth2*OAuth2false
tlsConfig*TLSConfigfalse
bearerTokenFilePath to bearer token filestringfalse
bearerTokenSecretOptional bearer auth token to use for -remoteWrite.url*v1.SecretKeySelectorfalse
headersHeaders allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version[]stringfalse

Back to TOC

VMAlertRemoteReadSpec#

VMAlertRemoteReadSpec defines the remote storage configuration for VmAlert to read alerts from

FieldDescriptionSchemeRequired
urlURL of the endpoint to send samples to.stringtrue
lookbackLookback defines how far to look into past for alerts timeseries. For example, if lookback=1h then range from now() to now()-1h will be scanned. (default 1h0m0s) Applied only to RemoteReadSpec*stringfalse
basicAuth*BasicAuthfalse
oauth2*OAuth2false
tlsConfig*TLSConfigfalse
bearerTokenFilePath to bearer token filestringfalse
bearerTokenSecretOptional bearer auth token to use for -remoteWrite.url*v1.SecretKeySelectorfalse
headersHeaders allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version[]stringfalse

Back to TOC

VMAlertRemoteWriteSpec#

VMAlertRemoteWriteSpec defines the remote storage configuration for VmAlert

FieldDescriptionSchemeRequired
urlURL of the endpoint to send samples to.stringtrue
concurrencyDefines number of readers that concurrently write into remote storage (default 1)*int32false
flushIntervalDefines interval of flushes to remote write endpoint (default 5s)*stringfalse
maxBatchSizeDefines defines max number of timeseries to be flushed at once (default 1000)*int32false
maxQueueSizeDefines the max number of pending datapoints to remote write endpoint (default 100000)*int32false
basicAuth*BasicAuthfalse
oauth2*OAuth2false
tlsConfig*TLSConfigfalse
bearerTokenFilePath to bearer token filestringfalse
bearerTokenSecretOptional bearer auth token to use for -remoteWrite.url*v1.SecretKeySelectorfalse
headersHeaders allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version[]stringfalse

Back to TOC

VMAlertSpec#

VMAlertSpec defines the desired state of VMAlert

FieldDescriptionSchemeRequired
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMAlert pods.*EmbeddedObjectMetadatafalse
imageImage - docker image settings for VMAlert if no specified operator uses default config versionImagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod[]v1.LocalObjectReferencefalse
secretsSecrets is a list of Secrets in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.[]stringfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.[]stringfalse
logFormatLogFormat for VMAlert to be configured with. default or jsonstringfalse
logLevelLogLevel for VMAlert to be configured with.stringfalse
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy stateint32false
replicaCountReplicaCount is the expected size of the VMAlert cluster. The controller will eventually make the size of the running cluster equal to the expected size.*int32false
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.*int32false
volumesVolumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.[]v1.Volumefalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAlert container, that are generated as a result of StorageSpec objects.[]v1.VolumeMountfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/v1.ResourceRequirementsfalse
affinityAffinity If specified, the pod's scheduling constraints.*v1.Affinityfalse
tolerationsTolerations If specified, the pod's tolerations.[]v1.Tolerationfalse
securityContextSecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.*v1.PodSecurityContextfalse
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the VMAlert Pods.stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/*stringfalse
containersContainers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.[]v1.Containerfalse
initContainersInitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlert configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.[]v1.Containerfalse
priorityClassNamePriority class assigned to the Podsstringfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespaceboolfalse
dnsPolicyDNSPolicy sets DNS policy for the podv1.DNSPolicyfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[]v1.TopologySpreadConstraintfalse
evaluationIntervalEvaluationInterval defines how often to evaluate rules by defaultstringfalse
enforcedNamespaceLabelEnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.stringfalse
selectAllByDefaultSelectAllByDefault changes default behavior for empty CRD selectors, such RuleSelector. with selectAllByDefault: true and empty serviceScrapeSelector and RuleNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothingboolfalse
ruleSelectorRuleSelector selector to select which VMRules to mount for loading alerting rules from. Works in combination with NamespaceSelector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace.*metav1.LabelSelectorfalse
ruleNamespaceSelectorRuleNamespaceSelector to be selected for VMRules discovery. Works in combination with Selector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace.*metav1.LabelSelectorfalse
portPort for listenstringfalse
notifierNotifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier*VMAlertNotifierSpecfalse
notifiersNotifiers prometheus alertmanager endpoints. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier[]VMAlertNotifierSpecfalse
notifierConfigRefNotifierConfigRef reference for secret with notifier configuration for vmalert only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier*v1.SecretKeySelectorfalse
remoteWriteRemoteWrite Optional URL to remote-write compatible storage to persist vmalert state and rule results to. Rule results will be persisted according to each rule. Alerts state will be persisted in the form of time series named ALERTS and ALERTS_FOR_STATE see -remoteWrite.url docs in vmalerts for details. E.g. http://127.0.0.1:8428*VMAlertRemoteWriteSpecfalse
remoteReadRemoteRead Optional URL to read vmalert state (persisted via RemoteWrite) This configuration only makes sense if alerts state has been successfully persisted (via RemoteWrite) before. see -remoteRead.url docs in vmalerts for details. E.g. http://127.0.0.1:8428*VMAlertRemoteReadSpecfalse
rulePathRulePath to the file with alert rules. Supports patterns. Flag can be specified multiple times. Examples: -rule /path/to/file. Path to a single file with alerting rules -rule dir/.yaml -rule /.yaml. Relative path to all .yaml files in folder, absolute path to all .yaml files in root. by default operator adds /etc/vmalert/configs/base/vmalert.yaml[]stringfalse
datasourceDatasource Victoria Metrics or VMSelect url. Required parameter. e.g. http://127.0.0.1:8428VMAlertDatasourceSpectrue
configReloaderExtraArgsConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container for example resyncInterval: &#34;30s&#34;map[string]stringfalse
extraArgsExtraArgs that will be passed to VMAlert pod for example -remoteWrite.tmpDataPath=/tmpmap[string]stringfalse
extraEnvsExtraEnvs that will be added to VMAlert pod[]v1.EnvVarfalse
externalLabelsExternalLabels in the form 'name: value' to add to all generated recording rules and alerts.map[string]stringfalse
serviceSpecServiceSpec that will be added to vmalert service spec*AdditionalServiceSpecfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmalert VMServiceScrape spec*VMServiceScrapeSpecfalse
updateStrategyUpdateStrategy - overrides default update strategy.*appsv1.DeploymentStrategyTypefalse
rollingUpdateRollingUpdate - overrides deployment update params.*appsv1.RollingUpdateDeploymentfalse
podDisruptionBudgetPodDisruptionBudget created by operator*EmbeddedPodDisruptionBudgetSpecfalse
livenessProbeLivenessProbe that will be added CRD pod*v1.Probefalse
readinessProbeReadinessProbe that will be added CRD pod*v1.Probefalse
startupProbeStartupProbe that will be added to CRD pod*v1.Probefalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.map[string]stringfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful termination*int64false
dnsConfigSpecifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.*v1.PodDNSConfigfalse
readinessGatesReadinessGates defines pod readiness gates[]v1.PodReadinessGatefalse
useStrictSecurityUseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions*boolfalse
licenseLicense allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html*Licensefalse
pausedPaused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.boolfalse

Back to TOC

VMAlertStatus#

VMAlertStatus defines the observed state of VMAlert

FieldDescriptionSchemeRequired
replicasReplicaCount Total number of non-terminated pods targeted by this VMAlert cluster (their labels match the selector).int32false
updatedReplicasUpdatedReplicas Total number of non-terminated pods targeted by this VMAlert cluster that have the desired version spec.int32false
availableReplicasAvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMAlert cluster.int32false
unavailableReplicasUnavailableReplicas Total number of unavailable pods targeted by this VMAlert cluster.int32false
updateStatusUpdateStatus defines a status for update rollout, effective only for statefulModeUpdateStatusfalse
reasonReason defines fail reason for update process, effective only for statefulModestringfalse

Back to TOC

VMSingle#

VMSingle is fast, cost-effective and scalable time-series database.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMSingleSpecfalse
statusVMSingleStatusfalse

Back to TOC

VMSingleList#

VMSingleList contains a list of VMSingle

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMSingletrue

Back to TOC

VMSingleSpec#

VMSingleSpec defines the desired state of VMSingle

FieldDescriptionSchemeRequired
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMSingle pods.*EmbeddedObjectMetadatafalse
imageImage - docker image settings for VMSingle if no specified operator uses default config versionImagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod[]v1.LocalObjectReferencefalse
secretsSecrets is a list of Secrets in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods.[]stringfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods.[]stringfalse
logLevelLogLevel for victoria metrics single to be configured with.stringfalse
logFormatLogFormat for VMSingle to be configured with.stringfalse
replicaCountReplicaCount is the expected size of the VMSingle it can be 0 or 1 if you need more - use vm cluster*int32false
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.*int32false
storageDataPathStorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary –storageDataPath, its users responsibility to mount proper device into given path.stringfalse
storageStorage is the definition of how storage will be used by the VMSingle by default it`s empty dir*v1.PersistentVolumeClaimSpecfalse
storageMetadataStorageMeta defines annotations and labels attached to PVC for given vmsingle CREmbeddedObjectMetadatafalse
volumesVolumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.[]v1.Volumefalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSingle container, that are generated as a result of StorageSpec objects.[]v1.VolumeMountfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be usedv1.ResourceRequirementsfalse
affinityAffinity If specified, the pod's scheduling constraints.*v1.Affinityfalse
tolerationsTolerations If specified, the pod's tolerations.[]v1.Tolerationfalse
securityContextSecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.*v1.PodSecurityContextfalse
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the VMSingle Pods.stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/*stringfalse
hostAliasesHostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork.[]v1.HostAliasfalse
containersContainers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.[]v1.Containerfalse
initContainersInitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.[]v1.Containerfalse
priorityClassNamePriorityClassName assigned to the Podsstringfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespaceboolfalse
dnsPolicyDNSPolicy sets DNS policy for the podv1.DNSPolicyfalse
dnsConfigSpecifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.*v1.PodDNSConfigfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[]v1.TopologySpreadConstraintfalse
insertPortsInsertPorts - additional listen ports for data ingestion.*InsertPortsfalse
portPort listen portstringfalse
removePvcAfterDeleteRemovePvcAfterDelete - if true, controller adds ownership to pvc and after VMSingle objest deletion - pvc will be garbage collected by controller managerboolfalse
retentionPeriodRetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retentionstringtrue
vmBackupVMBackup configuration for backup*VMBackupfalse
licenseLicense allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html*Licensefalse
extraArgsExtraArgs that will be passed to VMSingle pod for example remoteWrite.tmpDataPath: /tmpmap[string]stringfalse
extraEnvsExtraEnvs that will be added to VMSingle pod[]v1.EnvVarfalse
serviceSpecServiceSpec that will be added to vmsingle service spec*AdditionalServiceSpecfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmsingle VMServiceScrape spec*VMServiceScrapeSpecfalse
livenessProbeLivenessProbe that will be added CRD pod*v1.Probefalse
readinessProbeReadinessProbe that will be added CRD pod*v1.Probefalse
startupProbeStartupProbe that will be added to CRD pod*v1.Probefalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.map[string]stringfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful termination*int64false
readinessGatesReadinessGates defines pod readiness gates[]v1.PodReadinessGatefalse
streamAggrConfigStreamAggrConfig defines stream aggregation configuration for VMSingle*StreamAggrConfigfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions*boolfalse
pausedPaused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.boolfalse

Back to TOC

VMSingleStatus#

VMSingleStatus defines the observed state of VMSingle

FieldDescriptionSchemeRequired
replicasReplicaCount Total number of non-terminated pods targeted by this VMSingle.int32true
updatedReplicasUpdatedReplicas Total number of non-terminated pods targeted by this VMSingle.int32true
availableReplicasAvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMSingle.int32true
unavailableReplicasUnavailableReplicas Total number of unavailable pods targeted by this VMSingle.int32true
singleStatusUpdateStatus defines a status of single node rolloutUpdateStatusfalse
reasonReason defines a reason in case of update failurestringfalse

Back to TOC

Rule#

Rule describes an alerting or recording rule.

FieldDescriptionSchemeRequired
recordRecord represents a query, that will be recorded to dataSourcestringfalse
alertAlert is a name for alertstringfalse
exprExpr is query, that will be evaluated at dataSourcestringtrue
debugDebug enables logging for rule it useful for tracking*boolfalse
forFor evaluation interval in time.Duration format 30s, 1m, 1h or nanosecondsstringfalse
keep_firing_forKeepFiringFor will make alert continue firing for this long even when the alerting expression no longer has results. Use time.Duration format, 30s, 1m, 1h or nanosecondsstringfalse
labelsLabels will be added to rule configurationmap[string]stringfalse
annotationsAnnotations will be added to rule configurationmap[string]stringfalse
update_entries_limitUpdateEntriesLimit defines max number of rule's state updates stored in memory. Overrides -rule.updateEntriesLimit in vmalert.*intfalse

Back to TOC

RuleGroup#

RuleGroup is a list of sequentially evaluated recording and alerting rules.

FieldDescriptionSchemeRequired
nameName of groupstringtrue
intervalevaluation interval for groupstringfalse
rulesRules list of alert rules[]Ruletrue
limitLimit the number of alerts an alerting rule and series a recording rule can produceintfalse
concurrencyConcurrency defines how many rules execute at once.intfalse
labelsLabels optional list of labels added to every rule within a group. It has priority over the external labels. Labels are commonly used for adding environment or tenant-specific tag.map[string]stringfalse
extra_filter_labelsExtraFilterLabels optional list of label filters applied to every rule's request withing a group. Is compatible only with VM datasource. See more details at https://docs.victoriametrics.com#prometheus-querying-api-enhancements Deprecated, use params insteadmap[string]stringfalse
tenantTenant id for group, can be used only with enterprise version of vmalert See more details at https://docs.victoriametrics.com/vmalert.html#multitenancystringfalse
paramsParams optional HTTP URL parameters added to each rule requesturl.Valuesfalse
typeType defines datasource type for enterprise version of vmalert possible values - prometheus,graphitestringfalse
headersHeaders contains optional HTTP headers added to each rule request Must be in form header-name: value For example:\n headers:\n - &#34;CustomHeader: foo&#34;\n - &#34;CustomHeader2: bar&#34;[]stringfalse
notifier_headersNotifierHeaders contains optional HTTP headers added to each alert request which will send to notifier Must be in form header-name: value For example:\n headers:\n - &#34;CustomHeader: foo&#34;\n - &#34;CustomHeader2: bar&#34;[]stringfalse

Back to TOC

VMRule#

VMRule defines rule records for vmalert application

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMRuleSpectrue
statusVMRuleStatusfalse

Back to TOC

VMRuleList#

VMRuleList contains a list of VMRule

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
itemsItems list of VMRule[]*VMRuletrue

Back to TOC

VMRuleSpec#

VMRuleSpec defines the desired state of VMRule

FieldDescriptionSchemeRequired
groupsGroups list of group rules[]RuleGrouptrue

Back to TOC

APIServerConfig#

APIServerConfig defines a host and auth methods to access apiserver. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config

FieldDescriptionSchemeRequired
hostHost of apiserver. A valid string consisting of a hostname or IP followed by an optional port numberstringtrue
basicAuthBasicAuth allow an endpoint to authenticate over basic authentication*BasicAuthfalse
bearerTokenBearer token for accessing apiserver.stringfalse
bearerTokenFileFile to read bearer token for accessing apiserver.stringfalse
tlsConfigTLSConfig Config to use for accessing apiserver.*TLSConfigfalse
authorization*Authorizationfalse

Back to TOC

AttachMetadata#

AttachMetadata configures metadata attachment

FieldDescriptionSchemeRequired
nodeNode instructs vmagent to add node specific metadata from service discovery Valid for roles: pod, endpoints, endpointslice.*boolfalse

Back to TOC

Authorization#

Authorization configures generic authorization params

FieldDescriptionSchemeRequired
typeType of authorization, default to bearerstringfalse
credentialsReference to the secret with value for authorization*v1.SecretKeySelectorfalse
credentialsFileFile with value for authorizationstringfalse

Back to TOC

Endpoint#

Endpoint defines a scrapeable endpoint serving Prometheus metrics.

FieldDescriptionSchemeRequired
portName of the service port this endpoint refers to. Mutually exclusive with targetPort.stringfalse
targetPortName or number of the pod port this endpoint refers to. Mutually exclusive with port.*intstr.IntOrStringfalse
pathHTTP path to scrape for metrics.stringfalse
schemeHTTP scheme to use for scraping.stringfalse
paramsOptional HTTP URL parametersmap[string][]stringfalse
follow_redirectsFollowRedirects controls redirects for scraping.*boolfalse
intervalInterval at which metrics should be scrapedstringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be usedstringfalse
scrapeTimeoutTimeout after which the scrape is endedstringfalse
sampleLimitSampleLimit defines per-endpoint limit on number of scraped samples that will be accepted.uint64false
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.uint64false
oauth2OAuth2 defines auth configuration*OAuth2false
authorizationAuthorization with http header Authorization*Authorizationfalse
tlsConfigTLSConfig configuration to use when scraping the endpoint*TLSConfigfalse
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator.*v1.SecretKeySelectorfalse
honorLabelsHonorLabels chooses the metric's labels on collisions with target labels.boolfalse
honorTimestampsHonorTimestamps controls whether vmagent respects the timestamps present in scraped data.*boolfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints*BasicAuthfalse
metricRelabelConfigsMetricRelabelConfigs to apply to samples before ingestion.[]*RelabelConfigfalse
relabelConfigsRelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[]*RelabelConfigfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.*stringfalse
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parameters*VMScrapeParamsfalse
attach_metadataAttachMetadata configures metadata attaching from service discoveryAttachMetadatafalse

Back to TOC

NamespaceSelector#

NamespaceSelector is a selector for selecting either all namespaces or a list of namespaces.

FieldDescriptionSchemeRequired
anyBoolean describing whether all namespaces are selected in contrast to a list restricting them.boolfalse
matchNamesList of namespace names.[]stringfalse

Back to TOC

OAuth2#

OAuth2 defines OAuth2 configuration

FieldDescriptionSchemeRequired
client_idThe secret or configmap containing the OAuth2 client idSecretOrConfigMaptrue
client_secretThe secret containing the OAuth2 client secret*v1.SecretKeySelectorfalse
client_secret_fileClientSecretFile defines path for client secret file.stringfalse
token_urlThe URL to fetch the token fromstringtrue
scopesOAuth2 scopes used for the token request[]stringfalse
endpoint_paramsParameters to append to the token URLmap[string]stringfalse

Back to TOC

ProxyAuth#

ProxyAuth represent proxy auth config Only VictoriaMetrics scrapers supports it. See https://github.com/VictoriaMetrics/VictoriaMetrics/commit/a6a71ef861444eb11fe8ec6d2387f0fc0c4aea87

FieldDescriptionSchemeRequired
basic_auth*BasicAuthfalse
bearer_token*v1.SecretKeySelectorfalse
bearer_token_filestringfalse
tls_config*TLSConfigfalse

Back to TOC

RelabelConfig#

RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines <metric_relabel_configs>-section of configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs

FieldDescriptionSchemeRequired
source_labelsUnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131[]stringfalse
target_labelUnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131stringfalse
sourceLabelsThe source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.[]stringfalse
separatorSeparator placed between concatenated source label values. default is ';'.stringfalse
targetLabelLabel to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.stringfalse
regexRegular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancementsStringOrArrayfalse
modulusModulus to take of the hash of the source label values.uint64false
replacementReplacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'stringfalse
actionAction to perform based on regex matching. Default is 'replace'stringfalse
ifIf represents metricsQL match expression (or list of expressions): '{name=~&#34;foo_.*&#34;}'StringOrArrayfalse
matchMatch is used together with Labels for action: graphitestringfalse
labelsLabels is used together with Match for action: graphitemap[string]stringfalse

Back to TOC

SecretOrConfigMap#

SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive.

FieldDescriptionSchemeRequired
secretSecret containing data to use for the targets.*v1.SecretKeySelectorfalse
configMapConfigMap containing data to use for the targets.*v1.ConfigMapKeySelectorfalse

Back to TOC

TLSConfig#

TLSConfig specifies TLSConfig configuration parameters.

FieldDescriptionSchemeRequired
caFilePath to the CA cert in the container to use for the targets.stringfalse
caStuct containing the CA cert to use for the targets.SecretOrConfigMapfalse
certFilePath to the client cert file in the container for the targets.stringfalse
certStruct containing the client cert file for the targets.SecretOrConfigMapfalse
keyFilePath to the client key file in the container for the targets.stringfalse
keySecretSecret containing the client key file for the targets.*v1.SecretKeySelectorfalse
serverNameUsed to verify the hostname for the targets.stringfalse
insecureSkipVerifyDisable target certificate validation.boolfalse

Back to TOC

VMScrapeParams#

VMScrapeParams defines scrape target configuration that compatible only with VictoriaMetrics scrapers VMAgent and VMSingle

FieldDescriptionSchemeRequired
relabel_debugdeprecated since v1.85, will be removed in next release*boolfalse
metric_relabel_debugdeprecated since v1.85, will be removed in next release*boolfalse
disable_compression*boolfalse
disable_keep_alivedisable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent.html#scrape_config-enhancements*boolfalse
no_stale_markers*boolfalse
stream_parse*boolfalse
scrape_align_interval*stringfalse
scrape_offset*stringfalse
proxy_client_configProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy*ProxyAuthfalse
headersHeaders allows sending custom headers to scrape targets must be in of semicolon separated header with it's value eg: headerName: headerValue vmagent supports since 1.79.0 version[]stringfalse

Back to TOC

VMServiceScrape#

VMServiceScrape is scrape configuration for endpoints associated with kubernetes service, it generates scrape configuration for vmagent based on selectors. result config will scrape service endpoints

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMServiceScrapeSpectrue
statusVMServiceScrapeStatusfalse

Back to TOC

VMServiceScrapeList#

VMServiceScrapeList contains a list of VMServiceScrape

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMServiceScrapetrue

Back to TOC

VMServiceScrapeSpec#

VMServiceScrapeSpec defines the desired state of VMServiceScrape

FieldDescriptionSchemeRequired
discoveryRoleDiscoveryRole - defines kubernetes_sd role for objects discovery. by default, its endpoints. can be changed to service or endpointslices. note, that with service setting, you have to use port: &#34;name&#34; and cannot use targetPort for endpoints.stringfalse
jobLabelThe label to use to retrieve the job name from.stringfalse
targetLabelsTargetLabels transfers labels on the Kubernetes Service onto the target.[]stringfalse
podTargetLabelsPodTargetLabels transfers labels on the Kubernetes Pod onto the target.[]stringfalse
endpointsA list of endpoints allowed as part of this ServiceScrape.[]Endpointtrue
selectorSelector to select Endpoints objects by corresponding Service labels.metav1.LabelSelectorfalse
namespaceSelectorSelector to select which namespaces the Endpoints objects are discovered from.NamespaceSelectorfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.uint64false
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.uint64false
attach_metadataAttachMetadata configures metadata attaching from service discoveryAttachMetadatafalse

Back to TOC

ArbitraryFSAccessThroughSMsConfig#

ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service scrape selected by the vmagent instance is allowed to use arbitrary files on the file system of the vmagent container. This is the case when e.g. a service scrape specifies a BearerTokenFile in an endpoint. A malicious user could create a service scrape selecting arbitrary secret files in the vmagent container. Those secrets would then be sent with a scrape request by vmagent to a malicious target. Denying the above would prevent the attack, users can instead use the BearerTokenSecret field.

FieldDescriptionSchemeRequired
denyboolfalse

Back to TOC

PodMetricsEndpoint#

PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics.

FieldDescriptionSchemeRequired
portName of the pod port this endpoint refers to. Mutually exclusive with targetPort.stringfalse
targetPortDeprecated: Use 'port' instead.*intstr.IntOrStringfalse
pathHTTP path to scrape for metrics.stringfalse
schemeHTTP scheme to use for scraping.stringfalse
paramsOptional HTTP URL parametersmap[string][]stringfalse
follow_redirectsFollowRedirects controls redirects for scraping.*boolfalse
intervalInterval at which metrics should be scrapedstringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be usedstringfalse
scrapeTimeoutTimeout after which the scrape is endedstringfalse
sampleLimitSampleLimit defines per-podEndpoint limit on number of scraped samples that will be accepted.uint64false
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.uint64false
honorLabelsHonorLabels chooses the metric's labels on collisions with target labels.boolfalse
honorTimestampsHonorTimestamps controls whether vmagent respects the timestamps present in scraped data.*boolfalse
metricRelabelConfigsMetricRelabelConfigs to apply to samples before ingestion.[]*RelabelConfigfalse
relabelConfigsRelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[]*RelabelConfigfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.*stringfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints*BasicAuthfalse
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator.*v1.SecretKeySelectorfalse
tlsConfigTLSConfig configuration to use when scraping the endpoint*TLSConfigfalse
oauth2OAuth2 defines auth configuration*OAuth2false
authorizationAuthorization with http header Authorization*Authorizationfalse
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parameters*VMScrapeParamsfalse
attach_metadataAttachMetadata configures metadata attaching from service discoveryAttachMetadatafalse
filterRunningFilterRunning applies filter with pod status == running it prevents from scrapping metrics at failed or succeed state pods. enabled by default*boolfalse

Back to TOC

VMPodScrape#

VMPodScrape is scrape configuration for pods, it generates vmagent’s config for scraping pod targets based on selectors.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMPodScrapeSpecfalse
statusVMPodScrapeStatustrue

Back to TOC

VMPodScrapeList#

VMPodScrapeList contains a list of VMPodScrape

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMPodScrapetrue

Back to TOC

VMPodScrapeSpec#

VMPodScrapeSpec defines the desired state of VMPodScrape

FieldDescriptionSchemeRequired
jobLabelThe label to use to retrieve the job name from.stringfalse
podTargetLabelsPodTargetLabels transfers labels on the Kubernetes Pod onto the target.[]stringfalse
podMetricsEndpointsA list of endpoints allowed as part of this PodMonitor.[]PodMetricsEndpointtrue
selectorSelector to select Pod objects.metav1.LabelSelectorfalse
namespaceSelectorSelector to select which namespaces the Endpoints objects are discovered from.NamespaceSelectorfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.uint64false
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.uint64false
attach_metadataAttachMetadata configures metadata attaching from service discoveryAttachMetadatafalse

Back to TOC

Image#

Image defines docker image settings

FieldDescriptionSchemeRequired
repositoryRepository contains name of docker image + it's repository if neededstringfalse
tagTag contains desired docker image versionstringfalse
pullPolicyPullPolicy describes how to pull docker imagev1.PullPolicyfalse

Back to TOC

InsertPorts#

FieldDescriptionSchemeRequired
graphitePortGraphitePort listen portstringfalse
influxPortInfluxPort listen portstringfalse
openTSDBHTTPPortOpenTSDBHTTPPort for http connections.stringfalse
openTSDBPortOpenTSDBPort for tcp and udp listenstringfalse

Back to TOC

VMBackup#

FieldDescriptionSchemeRequired
acceptEULAAcceptEULA accepts enterprise feature usage, must be set to true. otherwise backupmanager cannot be added to single/cluster version. https://victoriametrics.com/legal/esa/booltrue
snapshotCreateURLSnapshotCreateURL overwrites url for snapshot createstringfalse
snapshotDeleteURLSnapShotDeleteURL overwrites url for snapshot deletestringfalse
concurrencyDefines number of concurrent workers. Higher concurrency may reduce backup duration (default 10)*int32false
destinationDefines destination for backupstringfalse
destinationDisableSuffixAddDestinationDisableSuffixAdd - disables suffix adding for cluster version backups each vmstorage backup must have unique backup folder so operator adds POD_NAME as suffix for backup destination folder.boolfalse
customS3EndpointCustom S3 endpoint for use with S3-compatible storages (e.g. MinIO). S3 is used if not set*stringfalse
credentialsSecretCredentialsSecret is secret in the same namespace for access to remote storage The secret is mounted into /etc/vm/creds.*v1.SecretKeySelectorfalse
disableHourlyDefines if hourly backups disabled (default false)*boolfalse
disableDailyDefines if daily backups disabled (default false)*boolfalse
disableWeeklyDefines if weekly backups disabled (default false)*boolfalse
disableMonthlyDefines if monthly backups disabled (default false)*boolfalse
imageImage - docker image settings for VMBackuperImagefalse
portPort for health check connectionsstringfalse
logFormatLogFormat for VMBackup to be configured with. default or json*stringfalse
logLevelLogLevel for VMBackup to be configured with.*stringfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be usedv1.ResourceRequirementsfalse
extraArgsextra args like maxBytesPerSecond default 0map[string]stringfalse
extraEnvs[]v1.EnvVarfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the vmbackupmanager container, that are generated as a result of StorageSpec objects.[]v1.VolumeMountfalse
restoreRestore Allows to enable restore options for pod Read more: https://docs.victoriametrics.com/vmbackupmanager.html#restore-commands*VMRestorefalse

Back to TOC

VMCluster#

VMCluster is fast, cost-effective and scalable time-series database. Cluster version with

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMClusterSpectrue
statusVMClusterStatusfalse

Back to TOC

VMClusterList#

VMClusterList contains a list of VMCluster

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMClustertrue

Back to TOC

VMClusterSpec#

VMClusterSpec defines the desired state of VMCluster

FieldDescriptionSchemeRequired
retentionPeriodRetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retentionstringtrue
replicationFactorReplicationFactor defines how many copies of data make among distinct storage nodes*int32false
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the VMSelect, VMStorage and VMInsert Pods.stringfalse
clusterVersionClusterVersion defines default images tag for all components. it can be overwritten with component specific image.tag value.stringfalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod[]v1.LocalObjectReferencefalse
licenseLicense allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html*Licensefalse
vmselect*VMSelectfalse
vminsert*VMInsertfalse
vmstorage*VMStoragefalse
pausedPaused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.boolfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions*boolfalse

Back to TOC

VMClusterStatus#

VMClusterStatus defines the observed state of VMCluster

FieldDescriptionSchemeRequired
updateFailCountDeprecated.inttrue
lastSyncDeprecated.stringfalse
clusterStatusUpdateStatusfalse
reasonstringfalse

Back to TOC

VMInsert#

FieldDescriptionSchemeRequired
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMInsert pods.*EmbeddedObjectMetadatafalse
imageImage - docker image settings for VMInsertImagefalse
secretsSecrets is a list of Secrets in the same namespace as the VMInsert object, which shall be mounted into the VMInsert Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.[]stringfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the VMInsert object, which shall be mounted into the VMInsert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.[]stringfalse
logFormatLogFormat for VMInsert to be configured with. default or jsonstringfalse
logLevelLogLevel for VMInsert to be configured with.stringfalse
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy stateint32false
replicaCountReplicaCount is the expected size of the VMInsert cluster. The controller will eventually make the size of the running cluster equal to the expected size.*int32true
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.*int32false
volumesVolumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.[]v1.Volumefalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMInsert container, that are generated as a result of StorageSpec objects.[]v1.VolumeMountfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/v1.ResourceRequirementsfalse
affinityAffinity If specified, the pod's scheduling constraints.*v1.Affinityfalse
tolerationsTolerations If specified, the pod's tolerations.[]v1.Tolerationfalse
securityContextSecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.*v1.PodSecurityContextfalse
containersContainers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.[]v1.Containerfalse
initContainersInitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMInsert configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.[]v1.Containerfalse
priorityClassNamePriority class assigned to the Podsstringfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespaceboolfalse
dnsPolicyDNSPolicy sets DNS policy for the podv1.DNSPolicyfalse
dnsConfigSpecifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.*v1.PodDNSConfigfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[]v1.TopologySpreadConstraintfalse
extraArgsmap[string]stringfalse
insertPortsInsertPorts - additional listen ports for data ingestion.*InsertPortsfalse
portPort listen portstringfalse
clusterNativeListenPortClusterNativePort for multi-level cluster setup. More details: https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setupstringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/*stringfalse
extraEnvsExtraEnvs that will be added to VMInsert pod[]v1.EnvVarfalse
serviceSpecServiceSpec that will be added to vminsert service spec*AdditionalServiceSpecfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vminsert VMServiceScrape spec*VMServiceScrapeSpecfalse
updateStrategyUpdateStrategy - overrides default update strategy.*appsv1.DeploymentStrategyTypefalse
rollingUpdateRollingUpdate - overrides deployment update params.*appsv1.RollingUpdateDeploymentfalse
podDisruptionBudgetPodDisruptionBudget created by operator*EmbeddedPodDisruptionBudgetSpecfalse
livenessProbeLivenessProbe that will be added CRD pod*v1.Probefalse
readinessProbeReadinessProbe that will be added CRD pod*v1.Probefalse
startupProbeStartupProbe that will be added to CRD pod*v1.Probefalse
hpaHPA defines kubernetes PodAutoScaling configuration version 2.*EmbeddedHPAfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.map[string]stringfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful termination*int64false
readinessGatesReadinessGates defines pod readiness gates[]v1.PodReadinessGatefalse

Back to TOC

VMRestore#

FieldDescriptionSchemeRequired
onStartOnStart defines configuration for restore on pod start*VMRestoreOnStartConfigfalse

Back to TOC

VMRestoreOnStartConfig#

FieldDescriptionSchemeRequired
enabledEnabled defines if restore on start enabledboolfalse

Back to TOC

VMSelect#

FieldDescriptionSchemeRequired
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMSelect pods.*EmbeddedObjectMetadatafalse
imageImage - docker image settings for VMSelectImagefalse
secretsSecrets is a list of Secrets in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.[]stringfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.[]stringfalse
logFormatLogFormat for VMSelect to be configured with. default or jsonstringfalse
logLevelLogLevel for VMSelect to be configured with.stringfalse
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy stateint32false
replicaCountReplicaCount is the expected size of the VMSelect cluster. The controller will eventually make the size of the running cluster equal to the expected size.*int32true
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.*int32false
volumesVolumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.[]v1.Volumefalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSelect container, that are generated as a result of StorageSpec objects.[]v1.VolumeMountfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/v1.ResourceRequirementsfalse
affinityAffinity If specified, the pod's scheduling constraints.*v1.Affinityfalse
tolerationsTolerations If specified, the pod's tolerations.[]v1.Tolerationfalse
securityContextSecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.*v1.PodSecurityContextfalse
containersContainers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.[]v1.Containerfalse
initContainersInitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMSelect configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.[]v1.Containerfalse
priorityClassNamePriority class assigned to the Podsstringfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespaceboolfalse
dnsPolicyDNSPolicy sets DNS policy for the podv1.DNSPolicyfalse
dnsConfigSpecifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.*v1.PodDNSConfigfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[]v1.TopologySpreadConstraintfalse
cacheMountPathCacheMountPath allows to add cache persistent for VMSelect, will use &#34;/cache&#34; as default if not specified.stringfalse
persistentVolumeStorage - add persistent volume for cacheMountPath its useful for persistent cache use storage instead of persistentVolume.*StorageSpecfalse
storageStorageSpec - add persistent volume claim for cacheMountPath its needed for persistent cache*StorageSpecfalse
extraEnvsExtraEnvs that will be added to VMSelect pod[]v1.EnvVarfalse
extraArgsmap[string]stringfalse
portPort listen portstringfalse
clusterNativeListenPortClusterNativePort for multi-level cluster setup. More details: https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setupstringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/*stringfalse
serviceSpecServiceSpec that will be added to vmselect service spec*AdditionalServiceSpecfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmselect VMServiceScrape spec*VMServiceScrapeSpecfalse
podDisruptionBudgetPodDisruptionBudget created by operator*EmbeddedPodDisruptionBudgetSpecfalse
livenessProbeLivenessProbe that will be added CRD pod*v1.Probefalse
readinessProbeReadinessProbe that will be added CRD pod*v1.Probefalse
startupProbeStartupProbe that will be added to CRD pod*v1.Probefalse
hpaConfigures horizontal pod autoscaling. Note, enabling this option disables vmselect to vmselect communication. In most cases it's not an issue.*EmbeddedHPAfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.map[string]stringfalse
rollingUpdateStrategyRollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdateappsv1.StatefulSetUpdateStrategyTypefalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful termination*int64false
readinessGatesReadinessGates defines pod readiness gates[]v1.PodReadinessGatefalse
claimTemplatesClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet[]v1.PersistentVolumeClaimfalse

Back to TOC

VMStorage#

FieldDescriptionSchemeRequired
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy stateint32false
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMStorage pods.*EmbeddedObjectMetadatafalse
imageImage - docker image settings for VMStorageImagefalse
secretsSecrets is a list of Secrets in the same namespace as the VMStorage object, which shall be mounted into the VMStorage Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.[]stringfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the VMStorage object, which shall be mounted into the VMStorage Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.[]stringfalse
logFormatLogFormat for VMStorage to be configured with. default or jsonstringfalse
logLevelLogLevel for VMStorage to be configured with.stringfalse
replicaCountReplicaCount is the expected size of the VMStorage cluster. The controller will eventually make the size of the running cluster equal to the expected size.*int32true
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.*int32false
volumesVolumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.[]v1.Volumefalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMStorage container, that are generated as a result of StorageSpec objects.[]v1.VolumeMountfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/v1.ResourceRequirementsfalse
affinityAffinity If specified, the pod's scheduling constraints.*v1.Affinityfalse
tolerationsTolerations If specified, the pod's tolerations.[]v1.Tolerationfalse
securityContextSecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.*v1.PodSecurityContextfalse
containersContainers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.[]v1.Containerfalse
initContainersInitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMStorage configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.[]v1.Containerfalse
priorityClassNamePriority class assigned to the Podsstringfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespaceboolfalse
dnsPolicyDNSPolicy sets DNS policy for the podv1.DNSPolicyfalse
dnsConfigSpecifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.*v1.PodDNSConfigfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[]v1.TopologySpreadConstraintfalse
storageDataPathStorageDataPath - path to storage datastringfalse
storageStorage - add persistent volume for StorageDataPath its useful for persistent cache*StorageSpecfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationint64false
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/*stringfalse
portPort for health check connetionsstringfalse
vmInsertPortVMInsertPort for VMInsert connectionsstringfalse
vmSelectPortVMSelectPort for VMSelect connectionsstringfalse
vmBackupVMBackup configuration for backup*VMBackupfalse
extraArgsmap[string]stringfalse
extraEnvsExtraEnvs that will be added to VMStorage pod[]v1.EnvVarfalse
serviceSpecServiceSpec that will be create additional service for vmstorage*AdditionalServiceSpecfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmstorage VMServiceScrape spec*VMServiceScrapeSpecfalse
podDisruptionBudgetPodDisruptionBudget created by operator*EmbeddedPodDisruptionBudgetSpecfalse
livenessProbeLivenessProbe that will be added CRD pod*v1.Probefalse
readinessProbeReadinessProbe that will be added CRD pod*v1.Probefalse
startupProbeStartupProbe that will be added to CRD pod*v1.Probefalse
maintenanceInsertNodeIDsMaintenanceInsertNodeIDs - excludes given node ids from insert requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc. lets say, you have pod-0, pod-1, pod-2, pod-3. to exclude pod-0 and pod-3 from insert routing, define nodeIDs: [0,3]. Useful at storage expanding, when you want to rebalance some data at cluster.[]int32false
maintenanceSelectNodeIDsMaintenanceInsertNodeIDs - excludes given node ids from select requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc.[]int32false
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.map[string]stringfalse
rollingUpdateStrategyRollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdateappsv1.StatefulSetUpdateStrategyTypefalse
readinessGatesReadinessGates defines pod readiness gates[]v1.PodReadinessGatefalse
claimTemplatesClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet[]v1.PersistentVolumeClaimfalse

Back to TOC

VMNodeScrape#

VMNodeScrape defines discovery for targets placed on kubernetes nodes, usually its node-exporters and other host services. InternalIP is used as address for scraping.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMNodeScrapeSpecfalse
statusVMNodeScrapeStatusfalse

Back to TOC

VMNodeScrapeList#

VMNodeScrapeList contains a list of VMNodeScrape

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMNodeScrapetrue

Back to TOC

VMNodeScrapeSpec#

VMNodeScrapeSpec defines specification for VMNodeScrape.

FieldDescriptionSchemeRequired
jobLabelThe label to use to retrieve the job name from.stringfalse
targetLabelsTargetLabels transfers labels on the Kubernetes Node onto the target.[]stringfalse
portName of the port exposed at Node.stringfalse
pathHTTP path to scrape for metrics.stringfalse
schemeHTTP scheme to use for scraping.stringfalse
paramsOptional HTTP URL parametersmap[string][]stringfalse
follow_redirectsFollowRedirects controls redirects for scraping.*boolfalse
intervalInterval at which metrics should be scrapedstringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be usedstringfalse
scrapeTimeoutTimeout after which the scrape is endedstringfalse
oauth2OAuth2 defines auth configuration*OAuth2false
authorizationAuthorization with http header Authorization*Authorizationfalse
tlsConfig*TLSConfigfalse
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret needs to be accessible by the victoria-metrics operator.*v1.SecretKeySelectorfalse
honorLabelsHonorLabels chooses the metric's labels on collisions with target labels.boolfalse
honorTimestampsHonorTimestamps controls whether vmagent respects the timestamps present in scraped data.*boolfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints*BasicAuthfalse
metricRelabelConfigsMetricRelabelConfigs to apply to samples before ingestion.[]*RelabelConfigfalse
relabelConfigsRelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[]*RelabelConfigfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.*stringfalse
selectorSelector to select kubernetes Nodes.metav1.LabelSelectorfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.uint64false
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.uint64false
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parameters*VMScrapeParamsfalse

Back to TOC

CRDRef#

CRDRef describe CRD target reference.

FieldDescriptionSchemeRequired
kindKind one of: VMAgent VMAlert VMCluster VMSingle or VMAlertManagerstringtrue
nameName target CRD object namestringtrue
namespaceNamespace target CRD object namespace.stringtrue

Back to TOC

StaticRef#

StaticRef - user-defined routing host address.

FieldDescriptionSchemeRequired
urlURL http url for given staticRef.stringfalse
urlsURLs allows setting multiple urls for load-balancing at vmauth-side.[]stringfalse

Back to TOC

TargetRef#

TargetRef describes target for user traffic forwarding. one of target types can be chosen: crd or static per targetRef. user can define multiple targetRefs with different ref Types.

FieldDescriptionSchemeRequired
crdCRD describes exist operator's CRD object, operator generates access url based on CRD params.*CRDReffalse
staticStatic - user defined url for traffic forward, for instance http://vmsingle:8429*StaticReffalse
pathsPaths - matched path to route.[]stringfalse
hosts[]stringfalse
URLMapCommonURLMapCommonfalse
target_path_suffixTargetPathSuffix allows to add some suffix to the target path It allows to hide tenant configuration from user with crd as ref. it also may contain any url encoded params.stringfalse
targetRefBasicAuthTargetRefBasicAuth allow an target endpoint to authenticate over basic authentication*TargetRefBasicAuthfalse

Back to TOC

TargetRefBasicAuth#

TargetRefBasicAuth target basic authentication

FieldDescriptionSchemeRequired
usernameThe secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRDv1.SecretKeySelectortrue
passwordThe secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRDv1.SecretKeySelectortrue

Back to TOC

VMUser#

VMUser is the Schema for the vmusers API

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMUserSpecfalse
statusVMUserStatusfalse

Back to TOC

VMUserIPFilters#

VMUserIPFilters defines filters for IP addresses supported only with enterprise version of vmauth https://docs.victoriametrics.com/vmauth.html#ip-filters

FieldDescriptionSchemeRequired
deny_list[]stringfalse
allow_list[]stringfalse

Back to TOC

VMUserList#

VMUserList contains a list of VMUser

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMUsertrue

Back to TOC

VMUserSpec#

VMUserSpec defines the desired state of VMUser

FieldDescriptionSchemeRequired
nameName of the VMUser object.*stringfalse
usernameUserName basic auth user name for accessing protected endpoint, will be replaced with metadata.name of VMUser if omitted.*stringfalse
passwordPassword basic auth password for accessing protected endpoint.*stringfalse
passwordRefPasswordRef allows fetching password from user-create secret by its name and key.*v1.SecretKeySelectorfalse
tokenRefTokenRef allows fetching token from user-created secrets by its name and key.*v1.SecretKeySelectorfalse
generatePasswordGeneratePassword instructs operator to generate password for user if spec.password if empty.boolfalse
bearerTokenBearerToken Authorization header value for accessing protected endpoint.*stringfalse
targetRefsTargetRefs - reference to endpoints, which user may access.[]TargetReftrue
default_urlDefaultURLs backend url for non-matching paths filter usually used for default backend with error message[]stringfalse
tlsConfig*TLSConfigfalse
ip_filtersIPFilters defines per target src ip filters supported only with enterprise version of vmauth https://docs.victoriametrics.com/vmauth.html#ip-filtersVMUserIPFiltersfalse
discover_backend_ipsDiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.*boolfalse
headersHeaders represent additional http headers, that vmauth uses in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.68.0 version of vmauth[]stringfalse
response_headersResponseHeaders represent additional http headers, that vmauth adds for request response in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.93.0 version of vmauth[]stringfalse
retry_status_codesRetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503][]intfalse
max_concurrent_requestsMaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth*intfalse
load_balancing_policyLoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default &#34;least_loaded&#34;)*stringfalse
drop_src_path_prefix_partsDropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.*intfalse
metric_labelsMetricLabels - additional labels for metrics exported by vmauth for given user.map[string]stringfalse
disable_secret_creationDisableSecretCreation skips related secret creation for vmuserboolfalse

Back to TOC

EmbeddedIngress#

EmbeddedIngress describes ingress configuration options.

FieldDescriptionSchemeRequired
class_nameClassName defines ingress class name for VMAuth*stringfalse
nameName must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#namesstringfalse
labelsLabels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labelsmap[string]stringfalse
annotationsAnnotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotationsmap[string]stringfalse
tlsHostsTlsHosts configures TLS access for ingress, tlsSecretName must be defined for it.[]stringfalse
tlsSecretNameTlsSecretName defines secretname at the VMAuth namespace with cert and key https://kubernetes.io/docs/concepts/services-networking/ingress/#tlsstringfalse
extraRulesExtraRules - additional rules for ingress, must be checked for correctness by user.[]v12.IngressRulefalse
extraTlsExtraTLS - additional TLS configuration for ingress must be checked for correctness by user.[]v12.IngressTLSfalse
hostHost defines ingress host parameter for default rule It will be used, only if TlsHosts is emptystringfalse

Back to TOC

URLMapCommon#

URLMapCommon contains common fields for unauthorized user and user in vmuser

FieldDescriptionSchemeRequired
src_query_argsSrcQueryArgs is an optional list of query args, which must match request URL query args.[]stringfalse
src_headersSrcHeaders is an optional list of headers, which must match request headers.[]stringfalse
discover_backend_ipsDiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.*boolfalse
headersRequestHeaders represent additional http headers, that vmauth uses in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.68.0 version of vmauth[]stringfalse
response_headersResponseHeaders represent additional http headers, that vmauth adds for request response in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.93.0 version of vmauth[]stringfalse
retry_status_codesRetryStatusCodes defines http status codes in numeric format for request retries Can be defined per target or at VMUser.spec level e.g. [429,503][]intfalse
load_balancing_policyLoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default &#34;least_loaded&#34;)*stringfalse
drop_src_path_prefix_partsDropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.*intfalse

Back to TOC

UnauthorizedAccessConfigURLMap#

FieldDescriptionSchemeRequired
src_pathsSrcPaths is an optional list of regular expressions, which must match the request path.[]stringfalse
src_hostsSrcHosts is an optional list of regular expressions, which must match the request hostname.[]stringfalse
url_prefixUrlPrefix contains backend url prefixes for the proxied request url.[]stringfalse
URLMapCommonURLMapCommonfalse

Back to TOC

UserConfigOption#

FieldDescriptionSchemeRequired
default_urlDefaultURLs backend url for non-matching paths filter usually used for default backend with error message[]stringfalse
tlsConfig*TLSConfigfalse
ip_filtersIPFilters defines per target src ip filters supported only with enterprise version of vmauth https://docs.victoriametrics.com/vmauth.html#ip-filtersVMUserIPFiltersfalse
discover_backend_ipsDiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.*boolfalse
headersHeaders represent additional http headers, that vmauth uses in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.68.0 version of vmauth[]stringfalse
response_headersResponseHeaders represent additional http headers, that vmauth adds for request response in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.93.0 version of vmauth[]stringfalse
retry_status_codesRetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503][]intfalse
max_concurrent_requestsMaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth*intfalse
load_balancing_policyLoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default &#34;least_loaded&#34;)*stringfalse
drop_src_path_prefix_partsDropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.*intfalse

Back to TOC

VMAuth#

VMAuth is the Schema for the vmauths API

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMAuthSpecfalse
statusVMAuthStatusfalse

Back to TOC

VMAuthList#

VMAuthList contains a list of VMAuth

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMAuthtrue

Back to TOC

VMAuthSpec#

VMAuthSpec defines the desired state of VMAuth

FieldDescriptionSchemeRequired
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMAuth pods.*EmbeddedObjectMetadatafalse
imageImage - docker image settings for VMAuth if no specified operator uses default config versionImagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod[]v1.LocalObjectReferencefalse
secretsSecrets is a list of Secrets in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods.[]stringfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods.[]stringfalse
logLevelLogLevel for victoria metrics single to be configured with.stringfalse
logFormatLogFormat for VMAuth to be configured with.stringfalse
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy stateint32false
replicaCountReplicaCount is the expected size of the VMAuth*int32false
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.*int32false
volumesVolumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.[]v1.Volumefalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAuth container, that are generated as a result of StorageSpec objects.[]v1.VolumeMountfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be usedv1.ResourceRequirementsfalse
affinityAffinity If specified, the pod's scheduling constraints.*v1.Affinityfalse
tolerationsTolerations If specified, the pod's tolerations.[]v1.Tolerationfalse
securityContextSecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.*v1.PodSecurityContextfalse
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the VMAuth Pods.stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/*stringfalse
hostAliasesHostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork.[]v1.HostAliasfalse
containersContainers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.[]v1.Containerfalse
initContainersInitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.[]v1.Containerfalse
priorityClassNamePriorityClassName assigned to the Podsstringfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespaceboolfalse
dnsPolicyDNSPolicy sets DNS policy for the podv1.DNSPolicyfalse
dnsConfigSpecifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.*v1.PodDNSConfigfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[]v1.TopologySpreadConstraintfalse
portPort listen portstringfalse
selectAllByDefaultSelectAllByDefault changes default behavior for empty CRD selectors, such userSelector. with selectAllByDefault: true and empty userSelector and userNamespaceSelector Operator selects all exist users with selectAllByDefault: false - selects nothingboolfalse
userSelectorUserSelector defines VMUser to be selected for config file generation. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAuth namespace. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
userNamespaceSelectorUserNamespaceSelector Namespaces to be selected for VMAuth discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAuth namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault*metav1.LabelSelectorfalse
configReloaderExtraArgsConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container for example resyncInterval: &#34;30s&#34;map[string]stringfalse
extraArgsExtraArgs that will be passed to VMAuth pod for example remoteWrite.tmpDataPath: /tmpmap[string]stringfalse
extraEnvsExtraEnvs that will be added to VMAuth pod[]v1.EnvVarfalse
serviceSpecServiceSpec that will be added to vmsingle service spec*AdditionalServiceSpecfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmauth VMServiceScrape spec*VMServiceScrapeSpecfalse
podDisruptionBudgetPodDisruptionBudget created by operator*EmbeddedPodDisruptionBudgetSpecfalse
ingressIngress enables ingress configuration for VMAuth.*EmbeddedIngressfalse
livenessProbeLivenessProbe that will be added CRD pod*v1.Probefalse
readinessProbeReadinessProbe that will be added CRD pod*v1.Probefalse
startupProbeStartupProbe that will be added to CRD pod*v1.Probefalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.map[string]stringfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful termination*int64false
readinessGatesReadinessGates defines pod readiness gates[]v1.PodReadinessGatefalse
unauthorizedAccessConfigUnauthorizedAccessConfig configures access for un authorized users[]UnauthorizedAccessConfigURLMapfalse
default_urlDefaultURLs backend url for non-matching paths filter usually used for default backend with error message[]stringfalse
tlsConfig*TLSConfigfalse
ip_filtersIPFilters defines per target src ip filters supported only with enterprise version of vmauth https://docs.victoriametrics.com/vmauth.html#ip-filtersVMUserIPFiltersfalse
discover_backend_ipsDiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.*boolfalse
headersHeaders represent additional http headers, that vmauth uses in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.68.0 version of vmauth[]stringfalse
response_headersResponseHeaders represent additional http headers, that vmauth adds for request response in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.93.0 version of vmauth[]stringfalse
retry_status_codesRetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503][]intfalse
max_concurrent_requestsMaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth*intfalse
load_balancing_policyLoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default &#34;least_loaded&#34;)*stringfalse
drop_src_path_prefix_partsDropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.*intfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions*boolfalse
licenseLicense allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html*Licensefalse
configSecretConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAuth object, which contains auth configuration for vmauth, configuration must be inside secret key: config.yaml. It must be created and managed manually. If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloadersstringfalse
pausedPaused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.boolfalse

Back to TOC

VMAuthStatus#

VMAuthStatus defines the observed state of VMAuth

FieldDescriptionSchemeRequired
updateStatusUpdateStatus defines a status for update rollout, effective only for statefulModeUpdateStatusfalse
reasonReason defines fail reason for update process, effective only for statefulModestringfalse

Back to TOC

TargetEndpoint#

TargetEndpoint defines single static target endpoint.

FieldDescriptionSchemeRequired
targetsTargets static targets addresses in form of [&#34;192.122.55.55:9100&#34;,&#34;some-name:9100&#34;].[]stringtrue
labelsLabels static labels for targets.map[string]stringfalse
portDefault port for target.stringfalse
pathHTTP path to scrape for metrics.stringfalse
schemeHTTP scheme to use for scraping.stringfalse
paramsOptional HTTP URL parametersmap[string][]stringfalse
follow_redirectsFollowRedirects controls redirects for scraping.*boolfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.uint64false
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.uint64false
intervalInterval at which metrics should be scrapedstringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be usedstringfalse
scrapeTimeoutTimeout after which the scrape is endedstringfalse
oauth2OAuth2 defines auth configuration*OAuth2false
tlsConfigTLSConfig configuration to use when scraping the endpoint*TLSConfigfalse
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator.*v1.SecretKeySelectorfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints*BasicAuthfalse
authorizationAuthorization with http header Authorization*Authorizationfalse
metricRelabelConfigsMetricRelabelConfigs to apply to samples before ingestion.[]*RelabelConfigfalse
relabelConfigsRelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[]*RelabelConfigfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.*stringfalse
honorLabelsHonorLabels chooses the metric's labels on collisions with target labels.boolfalse
honorTimestampsHonorTimestamps controls whether vmagent respects the timestamps present in scraped data.*boolfalse
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parameters*VMScrapeParamsfalse

Back to TOC

VMStaticScrape#

VMStaticScrape defines static targets configuration for scraping.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMStaticScrapeSpecfalse
statusVMStaticScrapeStatusfalse

Back to TOC

VMStaticScrapeList#

VMStaticScrapeList contains a list of VMStaticScrape

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMStaticScrapetrue

Back to TOC

VMStaticScrapeSpec#

VMStaticScrapeSpec defines the desired state of VMStaticScrape.

FieldDescriptionSchemeRequired
jobNameJobName name of job.stringfalse
targetEndpointsA list of target endpoints to scrape metrics from.[]*TargetEndpointtrue
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.uint64false
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.uint64false

Back to TOC

ProbeTargetIngress#

ProbeTargetIngress defines the set of Ingress objects considered for probing.

FieldDescriptionSchemeRequired
selectorSelect Ingress objects by labels.metav1.LabelSelectorfalse
namespaceSelectorSelect Ingress objects by namespace.NamespaceSelectorfalse
relabelingConfigsRelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[]*RelabelConfigfalse

Back to TOC

VMProbe#

VMProbe defines a probe for targets, that will be executed with prober, like blackbox exporter. It helps to monitor reachability of target with various checks.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMProbeSpectrue
statusVMProbeStatusfalse

Back to TOC

VMProbeList#

VMProbeList contains a list of VMProbe

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMProbetrue

Back to TOC

VMProbeSpec#

VMProbeSpec contains specification parameters for a Probe.

FieldDescriptionSchemeRequired
jobNameThe job name assigned to scraped metrics by default.stringfalse
vmProberSpecSpecification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty.VMProberSpectrue
moduleThe module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.ymlstringfalse
targetsTargets defines a set of static and/or dynamically discovered targets to be probed using the prober.VMProbeTargetsfalse
intervalInterval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used.stringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be usedstringfalse
scrapeTimeoutTimeout for scraping metrics from the Prometheus exporter.stringfalse
paramsOptional HTTP URL parametersmap[string][]stringfalse
follow_redirectsFollowRedirects controls redirects for scraping.*boolfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.uint64false
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.uint64false
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator.*v1.SecretKeySelectorfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints*BasicAuthfalse
oauth2OAuth2 defines auth configuration*OAuth2false
authorizationAuthorization with http header Authorization*Authorizationfalse
tlsConfigTLSConfig configuration to use when scraping the endpoint*TLSConfigfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.*stringfalse
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parameters*VMScrapeParamsfalse

Back to TOC

VMProbeTargetStaticConfig#

VMProbeTargetStaticConfig defines the set of static targets considered for probing.

FieldDescriptionSchemeRequired
targetsTargets is a list of URLs to probe using the configured prober.[]stringtrue
labelsLabels assigned to all metrics scraped from the targets.map[string]stringfalse
relabelingConfigsMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[]*RelabelConfigfalse

Back to TOC

VMProbeTargets#

VMProbeTargets defines a set of static and dynamically discovered targets for the prober.

FieldDescriptionSchemeRequired
staticConfigStaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.*VMProbeTargetStaticConfigfalse
ingressIngress defines the set of dynamically discovered ingress objects which hosts are considered for probing.*ProbeTargetIngressfalse

Back to TOC

VMProberSpec#

VMProberSpec contains specification parameters for the Prober used for probing.

FieldDescriptionSchemeRequired
urlMandatory URL of the prober.stringtrue
schemeHTTP scheme to use for scraping. Defaults to http.stringfalse
pathPath to collect metrics from. Defaults to /probe.stringfalse

Back to TOC

AzureSDConfig#

AzureSDConfig allow retrieving scrape targets from Azure VMs. See https://docs.victoriametrics.com/sd_configs/#azure_sd_configs

FieldDescriptionSchemeRequired
environmentThe Azure environment.*stringfalse
authenticationMethod# The authentication method, either OAuth or ManagedIdentity. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview*stringfalse
subscriptionIDThe subscription ID. Always required.stringtrue
tenantIDOptional tenant ID. Only required with the OAuth authentication method.*stringfalse
clientIDOptional client ID. Only required with the OAuth authentication method.*stringfalse
clientSecretOptional client secret. Only required with the OAuth authentication method.*v1.SecretKeySelectorfalse
resourceGroupOptional resource group name. Limits discovery to this resource group.*stringfalse
portThe port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.*inttrue

Back to TOC

ConsulSDConfig#

ConsulSDConfig defines a Consul service discovery configuration See https://docs.victoriametrics.com/sd_configs/#consul_sd_configs

FieldDescriptionSchemeRequired
serverA valid string consisting of a hostname or IP followed by an optional port number.stringtrue
tokenRefConsul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent.*v1.SecretKeySelectorfalse
datacenterConsul Datacenter name, if not provided it will use the local Consul Agent Datacenter.*stringfalse
namespaceNamespaces are only supported in Consul Enterprise.*stringfalse
partitionAdmin Partitions are only supported in Consul Enterprise.*stringfalse
schemeHTTP Scheme default &#34;http&#34;*stringfalse
servicesA list of services for which targets are retrieved. If omitted, all services are scraped.[]stringfalse
tagsAn optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.[]stringfalse
tagSeparatorThe string by which Consul tags are joined into the tag label. If unset, use its default value.*stringfalse
nodeMetaNode metadata key/value pairs to filter nodes for a given service.map[string]stringfalse
allowStaleAllow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. If unset, use its default value.*boolfalse
basicAuthBasicAuth information to use on every scrape request.*BasicAuthfalse
authorizationAuthorization header to use on every scrape request.*Authorizationfalse
oauth2OAuth2 defines auth configuration*OAuth2false
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.*stringfalse
proxy_client_configProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy*ProxyAuthfalse
followRedirectsConfigure whether HTTP requests follow HTTP 3xx redirects. If unset, use its default value.*boolfalse
tlsConfigTLS configuration to use on every scrape request*TLSConfigfalse

Back to TOC

DNSSDConfig#

DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. The DNS servers to be contacted are read from /etc/resolv.conf. See https://docs.victoriametrics.com/sd_configs/#dns_sd_configs

FieldDescriptionSchemeRequired
namesA list of DNS domain names to be queried.[]stringtrue
type*stringtrue
portThe port number used if the query type is not SRV Ignored for SRV records*inttrue

Back to TOC

DigitalOceanSDConfig#

DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean’s Droplets API. This service discovery uses the public IPv4 address by default, by that can be changed with relabeling See https://docs.victoriametrics.com/sd_configs/#digitalocean_sd_configs

FieldDescriptionSchemeRequired
authorizationAuthorization header to use on every scrape request.*Authorizationfalse
oauth2OAuth2 defines auth configuration*OAuth2false
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.*stringfalse
proxy_client_configProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy*ProxyAuthfalse
followRedirectsConfigure whether HTTP requests follow HTTP 3xx redirects.*boolfalse
tlsConfigTLS configuration to use on every scrape request*TLSConfigfalse
portThe port to scrape metrics from.*intfalse

Back to TOC

EC2Filter#

EC2Filter is the configuration for filtering EC2 instances.

FieldDescriptionSchemeRequired
namestringtrue
values[]stringtrue

Back to TOC

EC2SDConfig#

EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. The private IP address is used by default, but may be changed to the public IP address with relabeling. The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets See https://docs.victoriametrics.com/sd_configs/#ec2_sd_configs

FieldDescriptionSchemeRequired
regionThe AWS region*stringtrue
accessKeyAccessKey is the AWS API key.*v1.SecretKeySelectorfalse
secretKeySecretKey is the AWS API secret.*v1.SecretKeySelectorfalse
roleARNAWS Role ARN, an alternative to using AWS API keys.*stringfalse
portThe port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.*inttrue
filtersFilters can be used optionally to filter the instance list by other criteria. Available filter criteria can be found here: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html[]*EC2Filtertrue

Back to TOC

FileSDConfig#

FileSDConfig defines a file service discovery configuration See https://docs.victoriametrics.com/sd_configs/#file_sd_configs

FieldDescriptionSchemeRequired
filesList of files to be used for file discovery.[]stringtrue

Back to TOC

GCESDConfig#

GCESDConfig configures scrape targets from GCP GCE instances. The private IP address is used by default, but may be changed to the public IP address with relabeling. See https://docs.victoriametrics.com/sd_configs/#gce_sd_configs\n\nThe GCE service discovery will load the Google Cloud credentials from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform

FieldDescriptionSchemeRequired
projectThe Google Cloud Project IDstringtrue
zoneThe zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs.stringtrue
filterFilter can be used optionally to filter the instance list by other criteria Syntax of this filter is described in the filter query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list*stringfalse
portThe port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.*inttrue
tagSeparatorThe tag separator is used to separate the tags on concatenation*stringfalse

Back to TOC

HTTPSDConfig#

HTTPSDConfig defines a HTTP service discovery configuration See https://docs.victoriametrics.com/sd_configs/#http_sd_configs

FieldDescriptionSchemeRequired
urlURL from which the targets are fetched.stringtrue
basicAuthBasicAuth information to use on every scrape request.*BasicAuthfalse
authorizationAuthorization header to use on every scrape request.*Authorizationfalse
tlsConfigTLS configuration to use on every scrape request*TLSConfigfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.*stringfalse
proxy_client_configProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy*ProxyAuthfalse

Back to TOC

K8SSelectorConfig#

K8SSelectorConfig is Kubernetes Selector Config

FieldDescriptionSchemeRequired
rolestringtrue
labelstringfalse
fieldstringfalse

Back to TOC

KubernetesSDConfig#

KubernetesSDConfig allows retrieving scrape targets from Kubernetes’ REST API. See https://docs.victoriametrics.com/sd_configs/#kubernetes_sd_configs

FieldDescriptionSchemeRequired
apiServerThe API server address consisting of a hostname or IP address followed by an optional port number. If left empty, assuming process is running inside of the cluster. It will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.*stringfalse
roleRole of the Kubernetes entities that should be discovered.stringtrue
basicAuthBasicAuth information to use on every scrape request.*BasicAuthfalse
authorizationAuthorization header to use on every scrape request.*Authorizationfalse
tlsConfigTLS configuration to use on every scrape request*TLSConfigfalse
oauth2OAuth2 defines auth configuration*OAuth2false
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.*stringfalse
proxy_client_configProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy*ProxyAuthfalse
followRedirectsConfigure whether HTTP requests follow HTTP 3xx redirects.*boolfalse
namespacesOptional namespace discovery. If omitted, discover targets across all namespaces.*NamespaceDiscoveryfalse
attach_metadataAttachMetadata configures metadata attaching from service discoveryAttachMetadatafalse
selectorsSelector to select objects.[]K8SSelectorConfigfalse

Back to TOC

NamespaceDiscovery#

NamespaceDiscovery is the configuration for discovering Kubernetes namespaces.

FieldDescriptionSchemeRequired
ownNamespaceIncludes the namespace in which the pod exists to the list of watched namespaces.*boolfalse
namesList of namespaces where to watch for resources. If empty and ownNamespace isn't true, watch for resources in all namespaces.[]stringfalse

Back to TOC

OpenStackSDConfig#

OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances. See https://docs.victoriametrics.com/sd_configs/#openstack_sd_configs

FieldDescriptionSchemeRequired
roleThe OpenStack role of entities that should be discovered.stringtrue
regionThe OpenStack Region.stringtrue
identityEndpointIdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version.*stringfalse
usernameUsername is required if using Identity V2 API. Consult with your provider's control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed*stringfalse
useridUserID*stringfalse
passwordPassword for the Identity V2 and V3 APIs. Consult with your provider's control panel to discover your account's preferred method of authentication.*v1.SecretKeySelectorfalse
domainNameAt most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional.*stringfalse
domainIDDomainID*stringfalse
projectNameThe ProjectId and ProjectName fields are optional for the Identity V2 API. Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication.*stringfalse
projectID\n ProjectID*stringfalse
applicationCredentialNameThe ApplicationCredentialID or ApplicationCredentialName fields are required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password.*stringfalse
applicationCredentialIdApplicationCredentialID*stringfalse
applicationCredentialSecretThe applicationCredentialSecret field is required if using an application credential to authenticate.*v1.SecretKeySelectorfalse
allTenantsWhether the service discovery should list all instances for all projects. It is only relevant for the 'instance' role and usually requires admin permissions.*boolfalse
portThe port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.*inttrue
availabilityAvailability of the endpoint to connect to.*stringfalse
tlsConfigTLS configuration to use on every scrape request*TLSConfigfalse

Back to TOC

StaticConfig#

StaticConfig defines a static configuration. See https://docs.victoriametrics.com/sd_configs/#static_configs

FieldDescriptionSchemeRequired
targetsList of targets for this static configuration.[]stringfalse
labelsLabels assigned to all metrics scraped from the targets.map[string]stringfalse

Back to TOC

VMScrapeConfig#

VMScrapeConfig specifies a set of targets and parameters describing how to scrape them.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specVMScrapeConfigSpecfalse
statusVMScrapeConfigStatustrue

Back to TOC

VMScrapeConfigList#

VMScrapeConfigList contains a list of VMScrapeConfig

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]VMScrapeConfigtrue

Back to TOC

VMScrapeConfigSpec#

VMScrapeConfigSpec defines the desired state of VMScrapeConfig

FieldDescriptionSchemeRequired
staticConfigsStaticConfigs defines a list of static targets with a common label set.[]StaticConfigfalse
fileSDConfigsFileSDConfigs defines a list of file service discovery configurations.[]FileSDConfigfalse
httpSDConfigsHTTPSDConfigs defines a list of HTTP service discovery configurations.[]HTTPSDConfigfalse
kubernetesSDConfigsKubernetesSDConfigs defines a list of Kubernetes service discovery configurations.[]KubernetesSDConfigfalse
consulSDConfigsConsulSDConfigs defines a list of Consul service discovery configurations.[]ConsulSDConfigfalse
dnsSDConfigsDNSSDConfigs defines a list of DNS service discovery configurations.[]DNSSDConfigfalse
ec2SDConfigsEC2SDConfigs defines a list of EC2 service discovery configurations.[]EC2SDConfigfalse
azureSDConfigsAzureSDConfigs defines a list of Azure service discovery configurations.[]AzureSDConfigfalse
gceSDConfigsGCESDConfigs defines a list of GCE service discovery configurations.[]GCESDConfigfalse
openstackSDConfigsOpenStackSDConfigs defines a list of OpenStack service discovery configurations.[]OpenStackSDConfigfalse
digitalOceanSDConfigsDigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations.[]DigitalOceanSDConfigfalse
metricsPathMetricsPath HTTP path to scrape for metrics. If empty, use the default value (e.g. /metrics).*stringfalse
scrapeIntervalScrapeInterval is the interval between consecutive scrapes.stringfalse
scrapeTimeoutScrapeTimeout is the number of seconds to wait until a scrape request times out.stringfalse
honorTimestampsHonorTimestamps controls whether to respect the timestamps present in scraped data.*boolfalse
honorLabelsHonorLabels chooses the metric's labels on collisions with target labels.boolfalse
paramsOptional HTTP URL parametersmap[string][]stringfalse
schemeConfigures the protocol scheme used for requests. If empty, use HTTP by default.*stringfalse
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parameters*VMScrapeParamsfalse
follow_redirectsFollowRedirects controls redirects for scraping.*boolfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.*stringfalse
basicAuthBasicAuth information to use on every scrape request.*BasicAuthfalse
authorizationAuthorization header to use on every scrape request.*Authorizationfalse
oauth2OAuth2 defines auth configuration*OAuth2false
tlsConfigTLS configuration to use on every scrape request*TLSConfigfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.uint64false
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.uint64false
metricRelabelConfigsMetricRelabelConfigs to apply to samples before ingestion.[]*RelabelConfigfalse
relabelConfigsRelabelConfigs to apply to samples before scraping. See https://docs.victoriametrics.com/vmagent.html#relabeling[]*RelabelConfigfalse

Back to TOC