The operator is set up using environment variables and command-line flags . Most environment variables control settings related to Resources , like CPU and memory defaults, image versions. Command-line flags configure the operator itself, like leader election, TLS, webhook validation, and rate limits.
Environment variables #
Run this command Available from v0.57.0 to see all environment variables your operator supports:
OPERATOR_POD_NAME=$(kubectl get pod -l "app.kubernetes.io/name=victoria-metrics-operator" -n vm -o jsonpath="{.items[0].metadata.name}");
kubectl exec -n vm "$OPERATOR_POD_NAME" -- /app --printDefaults 2>&1
# Output:
# KEY DEFAULT REQUIRED DESCRIPTION
# VM_METRICS_VERSION v1.117.0 false
# VM_LOGS_VERSION v1.21.0 false
# ...
This is the latest operator environment variables:
Environment variables |
---|
VM_METRICS_VERSION: v1.117.0 # |
VM_LOGS_VERSION: v1.21.0 # |
VM_USECUSTOMCONFIGRELOADER: false #enables custom config reloader for vmauth and vmagent, it should speed-up config reloading process. |
VM_CONTAINERREGISTRY: - #container registry name prefix, e.g. docker.io |
VM_CUSTOMCONFIGRELOADERIMAGE: victoriametrics/operator:config-reloader-v0.57.0 # |
VM_PSPAUTOCREATEENABLED: false # |
VM_CONFIG_RELOADER_LIMIT_CPU: unlimited #defines global resource.limits.cpu for all config-reloader containers |
VM_CONFIG_RELOADER_LIMIT_MEMORY: unlimited #defines global resource.limits.memory for all config-reloader containers |
VM_CONFIG_RELOADER_REQUEST_CPU: - #defines global resource.requests.cpu for all config-reloader containers |
VM_CONFIG_RELOADER_REQUEST_MEMORY: - #defines global resource.requests.memory for all config-reloader containers |
VM_VLOGSDEFAULT_IMAGE: victoriametrics/victoria-logs # |
VM_VLOGSDEFAULT_VERSION: ${VM_LOGS_VERSION}-victorialogs # |
VM_VLOGSDEFAULT_PORT: 9428 # |
VM_VLOGSDEFAULT_USEDEFAULTRESOURCES: true # |
VM_VLOGSDEFAULT_RESOURCE_LIMIT_MEM: 1500Mi # |
VM_VLOGSDEFAULT_RESOURCE_LIMIT_CPU: 1200m # |
VM_VLOGSDEFAULT_RESOURCE_REQUEST_MEM: 500Mi # |
VM_VLOGSDEFAULT_RESOURCE_REQUEST_CPU: 150m # |
VM_VLSINGLEDEFAULT_IMAGE: victoriametrics/victoria-logs # |
VM_VLSINGLEDEFAULT_VERSION: ${VM_LOGS_VERSION}-victorialogs # |
VM_VLSINGLEDEFAULT_PORT: 9428 # |
VM_VLSINGLEDEFAULT_USEDEFAULTRESOURCES: true # |
VM_VLSINGLEDEFAULT_RESOURCE_LIMIT_MEM: 1500Mi # |
VM_VLSINGLEDEFAULT_RESOURCE_LIMIT_CPU: 1200m # |
VM_VLSINGLEDEFAULT_RESOURCE_REQUEST_MEM: 500Mi # |
VM_VLSINGLEDEFAULT_RESOURCE_REQUEST_CPU: 150m # |
VM_VMALERTDEFAULT_IMAGE: victoriametrics/vmalert # |
VM_VMALERTDEFAULT_VERSION: ${VM_METRICS_VERSION} # |
VM_VMALERTDEFAULT_CONFIGRELOADIMAGE: jimmidyson/configmap-reload:v0.3.0 # |
VM_VMALERTDEFAULT_PORT: 8080 # |
VM_VMALERTDEFAULT_USEDEFAULTRESOURCES: true # |
VM_VMALERTDEFAULT_RESOURCE_LIMIT_MEM: 500Mi # |
VM_VMALERTDEFAULT_RESOURCE_LIMIT_CPU: 200m # |
VM_VMALERTDEFAULT_RESOURCE_REQUEST_MEM: 200Mi # |
VM_VMALERTDEFAULT_RESOURCE_REQUEST_CPU: 50m # |
VM_VMALERTDEFAULT_CONFIGRELOADERCPU: 10m #deprecated use VM_CONFIG_RELOADER_REQUEST_CPU instead |
VM_VMALERTDEFAULT_CONFIGRELOADERMEMORY: 25Mi #deprecated use VM_CONFIG_RELOADER_REQUEST_MEMORY instead |
VM_VMSERVICESCRAPEDEFAULT_ENFORCEENDPOINTSLICES: false #Use endpointslices instead of endpoints as discovery role for vmservicescrape when generate scrape config for vmagent. |
VM_VMAGENTDEFAULT_IMAGE: victoriametrics/vmagent # |
VM_VMAGENTDEFAULT_VERSION: ${VM_METRICS_VERSION} # |
VM_VMAGENTDEFAULT_CONFIGRELOADIMAGE: quay.io/prometheus-operator/prometheus-config-reloader:v0.82.1 # |
VM_VMAGENTDEFAULT_PORT: 8429 # |
VM_VMAGENTDEFAULT_USEDEFAULTRESOURCES: true # |
VM_VMAGENTDEFAULT_RESOURCE_LIMIT_MEM: 500Mi # |
VM_VMAGENTDEFAULT_RESOURCE_LIMIT_CPU: 200m # |
VM_VMAGENTDEFAULT_RESOURCE_REQUEST_MEM: 200Mi # |
VM_VMAGENTDEFAULT_RESOURCE_REQUEST_CPU: 50m # |
VM_VMAGENTDEFAULT_CONFIGRELOADERCPU: 10m #deprecated use VM_CONFIG_RELOADER_REQUEST_CPU instead |
VM_VMAGENTDEFAULT_CONFIGRELOADERMEMORY: 25Mi #deprecated use VM_CONFIG_RELOADER_REQUEST_MEMORY instead |
VM_VMSINGLEDEFAULT_IMAGE: victoriametrics/victoria-metrics # |
VM_VMSINGLEDEFAULT_VERSION: ${VM_METRICS_VERSION} # |
VM_VMSINGLEDEFAULT_PORT: 8429 # |
VM_VMSINGLEDEFAULT_USEDEFAULTRESOURCES: true # |
VM_VMSINGLEDEFAULT_RESOURCE_LIMIT_MEM: 1500Mi # |
VM_VMSINGLEDEFAULT_RESOURCE_LIMIT_CPU: 1200m # |
VM_VMSINGLEDEFAULT_RESOURCE_REQUEST_MEM: 500Mi # |
VM_VMSINGLEDEFAULT_RESOURCE_REQUEST_CPU: 150m # |
VM_VMCLUSTERDEFAULT_USEDEFAULTRESOURCES: true # |
VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_IMAGE: victoriametrics/vmselect # |
VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_VERSION: ${VM_METRICS_VERSION}-cluster # |
VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_PORT: 8481 # |
VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_LIMIT_MEM: 1000Mi # |
VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_LIMIT_CPU: 500m # |
VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_REQUEST_MEM: 500Mi # |
VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_REQUEST_CPU: 100m # |
VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_IMAGE: victoriametrics/vmstorage # |
VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_VERSION: ${VM_METRICS_VERSION}-cluster # |
VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_VMINSERTPORT: 8400 # |
VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_VMSELECTPORT: 8401 # |
VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_PORT: 8482 # |
VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_RESOURCE_LIMIT_MEM: 1500Mi # |
VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_RESOURCE_LIMIT_CPU: 1000m # |
VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_RESOURCE_REQUEST_MEM: 500Mi # |
VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_RESOURCE_REQUEST_CPU: 250m # |
VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_IMAGE: victoriametrics/vminsert # |
VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_VERSION: ${VM_METRICS_VERSION}-cluster # |
VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_PORT: 8480 # |
VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_RESOURCE_LIMIT_MEM: 500Mi # |
VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_RESOURCE_LIMIT_CPU: 500m # |
VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_RESOURCE_REQUEST_MEM: 200Mi # |
VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_RESOURCE_REQUEST_CPU: 150m # |
VM_VMALERTMANAGER_CONFIGRELOADERIMAGE: jimmidyson/configmap-reload:v0.3.0 # |
VM_VMALERTMANAGER_CONFIGRELOADERCPU: 10m #deprecated use VM_CONFIG_RELOADER_REQUEST_CPU instead |
VM_VMALERTMANAGER_CONFIGRELOADERMEMORY: 25Mi #deprecated use VM_CONFIG_RELOADER_REQUEST_MEMORY instead |
VM_VMALERTMANAGER_ALERTMANAGERDEFAULTBASEIMAGE: prom/alertmanager # |
VM_VMALERTMANAGER_ALERTMANAGERVERSION: v0.28.1 # |
VM_VMALERTMANAGER_LOCALHOST: 127.0.0.1 # |
VM_VMALERTMANAGER_USEDEFAULTRESOURCES: true # |
VM_VMALERTMANAGER_RESOURCE_LIMIT_MEM: 256Mi # |
VM_VMALERTMANAGER_RESOURCE_LIMIT_CPU: 100m # |
VM_VMALERTMANAGER_RESOURCE_REQUEST_MEM: 56Mi # |
VM_VMALERTMANAGER_RESOURCE_REQUEST_CPU: 30m # |
VM_DISABLESELFSERVICESCRAPECREATION: false # |
VM_VMBACKUP_IMAGE: victoriametrics/vmbackupmanager # |
VM_VMBACKUP_VERSION: ${VM_METRICS_VERSION}-enterprise # |
VM_VMBACKUP_PORT: 8300 # |
VM_VMBACKUP_USEDEFAULTRESOURCES: true # |
VM_VMBACKUP_RESOURCE_LIMIT_MEM: 500Mi # |
VM_VMBACKUP_RESOURCE_LIMIT_CPU: 500m # |
VM_VMBACKUP_RESOURCE_REQUEST_MEM: 200Mi # |
VM_VMBACKUP_RESOURCE_REQUEST_CPU: 150m # |
VM_VMAUTHDEFAULT_IMAGE: victoriametrics/vmauth # |
VM_VMAUTHDEFAULT_VERSION: ${VM_METRICS_VERSION} # |
VM_VMAUTHDEFAULT_CONFIGRELOADIMAGE: quay.io/prometheus-operator/prometheus-config-reloader:v0.82.1 # |
VM_VMAUTHDEFAULT_PORT: 8427 # |
VM_VMAUTHDEFAULT_USEDEFAULTRESOURCES: true # |
VM_VMAUTHDEFAULT_RESOURCE_LIMIT_MEM: 300Mi # |
VM_VMAUTHDEFAULT_RESOURCE_LIMIT_CPU: 200m # |
VM_VMAUTHDEFAULT_RESOURCE_REQUEST_MEM: 100Mi # |
VM_VMAUTHDEFAULT_RESOURCE_REQUEST_CPU: 50m # |
VM_VMAUTHDEFAULT_CONFIGRELOADERCPU: 10m #deprecated use VM_CONFIG_RELOADER_REQUEST_CPU instead |
VM_VMAUTHDEFAULT_CONFIGRELOADERMEMORY: 25Mi #deprecated use VM_CONFIG_RELOADER_REQUEST_MEMORY instead |
VM_ENABLEDPROMETHEUSCONVERTER_PODMONITOR: true # |
VM_ENABLEDPROMETHEUSCONVERTER_SERVICESCRAPE: true # |
VM_ENABLEDPROMETHEUSCONVERTER_PROMETHEUSRULE: true # |
VM_ENABLEDPROMETHEUSCONVERTER_PROBE: true # |
VM_ENABLEDPROMETHEUSCONVERTER_ALERTMANAGERCONFIG: true # |
VM_ENABLEDPROMETHEUSCONVERTER_SCRAPECONFIG: true # |
VM_FILTERCHILDLABELPREFIXES: - # |
VM_FILTERCHILDANNOTATIONPREFIXES: - # |
VM_PROMETHEUSCONVERTERADDARGOCDIGNOREANNOTATIONS: false #adds compare-options and sync-options for prometheus objects converted by operator. It helps to properly use converter with ArgoCD |
VM_ENABLEDPROMETHEUSCONVERTEROWNERREFERENCES: false # |
VM_FILTERPROMETHEUSCONVERTERLABELPREFIXES: - #allows filtering for converted labels, labels with matched prefix will be ignored |
VM_FILTERPROMETHEUSCONVERTERANNOTATIONPREFIXES: - #allows filtering for converted annotations, annotations with matched prefix will be ignored |
VM_CLUSTERDOMAINNAME: - #Defines domain name suffix for in-cluster addresses most known ClusterDomainName is .cluster.local |
VM_APPREADYTIMEOUT: 80s #Defines deadline for deployment/statefulset to transit into ready state to wait for transition to ready state |
VM_PODWAITREADYTIMEOUT: 80s #Defines single pod deadline to wait for transition to ready state |
VM_PODWAITREADYINTERVALCHECK: 5s #Defines poll interval for pods ready check at statefulset rollout update |
VM_FORCERESYNCINTERVAL: 60s #configures force resync interval for VMAgent, VMAlert, VMAlertmanager and VMAuth. |
VM_ENABLESTRICTSECURITY: false #EnableStrictSecurity will add default securityContext to pods and containers created by operator Default PodSecurityContext include: 1. RunAsNonRoot: true 2. RunAsUser/RunAsGroup/FSGroup: 65534 ‘65534’ refers to ’nobody’ in all the used default images like alpine, busybox. If you’re using customize image, please make sure ‘65534’ is a valid uid in there or specify SecurityContext. 3. FSGroupChangePolicy: &onRootMismatch If KubeVersion>=1.20, use FSGroupChangePolicy="onRootMismatch" to skip the recursive permission change when the root of the volume already has the correct permissions 4. SeccompProfile: type: RuntimeDefault Use RuntimeDefault seccomp profile by default, which is defined by the container runtime, instead of using the Unconfined (seccomp disabled) mode. Default container SecurityContext include: 1. AllowPrivilegeEscalation: false 2. ReadOnlyRootFilesystem: true 3. Capabilities: drop: - all turn off EnableStrictSecurity by default, see https://github.com/VictoriaMetrics/operator/issues/749
for details |
Modify environment variables #
To add environment variables to the operator, use the following Kustomize -based approach. This method assumes the operator was installed using the Quick Start guide . If a different installation method was used, some adjustments may be required.
The example below customize CPU\Memory limits for VMSingle
resource.
The commands create a patch operator-patch.yaml
that adds environment variables to the operator deployment,
a kustomization.yaml
configuration to apply the patch, and then call kustomize build
to rewrite the operator-and-crds.yaml
file with the applied changes:
cat <<'EOF' > operator-patch.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: vm-operator
namespace: vm
spec:
template:
spec:
containers:
- name: manager
env:
- name: VM_VMSINGLEDEFAULT_RESOURCE_LIMIT_MEM
value: "3000Mi"
- name: VM_VMSINGLEDEFAULT_RESOURCE_LIMIT_CPU
value: "2400m"
EOF
cat <<'EOF' > kustomization.yaml
resources:
- operator-and-crds.yaml
patches:
- path: operator-patch.yaml
target:
kind: Deployment
name: vm-operator
EOF
kustomize build -o operator-and-crds.yaml;
Apply the changes to the operator deployment:
kubectl apply -f operator-and-crds.yaml;
kubectl -n vm rollout status deployment vm-operator --watch=true;
# Output:
# Waiting for deployment "vm-operator" rollout to finish: 1 old replicas are pending termination...
# Waiting for deployment "vm-operator" rollout to finish: 1 old replicas are pending termination...
# deployment "vm-operator" successfully rolled out
Run this command to print modified environment variables:
kubectl get deployment -n vm vm-operator \
-o jsonpath='{range .spec.template.spec.containers[?(@.name=="manager")].env[*]}{.name}{"\n"}{end}';
# Output:
# WATCH_NAMESPACE
# VM_VMSINGLEDEFAULT_RESOURCE_LIMIT_MEM
# VM_VMSINGLEDEFAULT_RESOURCE_LIMIT_CPU
Flags #
Pass -help
to operator binary in order to see the list of supported command-line flags with their description:
Usage of bin/operator:
-client.burst int
defines K8s client burst (default 100)
-client.qps int
defines K8s client QPS. The value should be increased for the cluster with large number of objects > 10_000. (default 50)
-controller.cacheSyncTimeout duration
controls timeout for caches to be synced. (default 3m0s)
-controller.disableCRDOwnership
disables CRD ownership add to cluster wide objects, must be disabled for clusters, lower than v1.16.0
-controller.disableCacheFor string
disables client for cache for API resources. Supported objects - namespace,pod,service,secret,configmap,deployment,statefulset (default "configmap,secret")
-controller.disableReconcileFor string
disables reconcile controllers for given list of comma separated CRD names. For example - VMCluster,VMSingle,VMAuth.Note, child controllers still require parent object CRDs.
-controller.maxConcurrentReconciles int
Configures number of concurrent reconciles. It should improve performance for clusters with many objects. (default 15)
-controller.prometheusCRD.resyncPeriod duration
Configures resync period for prometheus CRD converter. Disabled by default
-controller.statusLastUpdateTimeTTL duration
Configures TTL for LastUpdateTime status.conditions fields. It's used to detect stale parent objects on child objects. Like VMAlert->VMRule .status.Conditions.Type (default 1h0m0s)
-default.kubernetesVersion.major uint
Major version of kubernetes server, if operator cannot parse actual kubernetes response (default 1)
-default.kubernetesVersion.minor uint
Minor version of kubernetes server, if operator cannot parse actual kubernetes response (default 21)
-disableSecretKeySpaceTrim
disables trim of space at Secret/Configmap value content. It's a common mistake to put new line to the base64 encoded secret value.
-health-probe-bind-address string
The address the probes (health, ready) binds to. (default ":8081")
-leader-elect
Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.
-leader-elect-id string
Defines the name of the resource that leader election will use for holding the leader lock. (default "57410f0d.victoriametrics.com")
-leader-elect-namespace string
Defines optional namespace name in which the leader election resource will be created. By default, uses in-cluster namespace name.
-loggerJSONFields string
Allows renaming fields in JSON formatted logsExample: "ts:timestamp,msg:message" renames "ts" to "timestamp" and "msg" to "message".Supported fields: ts, level, caller, msg
-metrics-bind-address string
The address the metric endpoint binds to. (default ":8080")
-mtls.CAName string
Optional name of TLS Root CA for verifying client certificates at the corresponding -metrics-bind-address when -mtls.enable is enabled. By default the host system TLS Root CA is used for client certificate verification. (default "clietCA.crt")
-mtls.enable
Whether to require valid client certificate for https requests to the corresponding -metrics-bind-address. This flag works only if -tls.enable flag is set.
-pprof-addr string
The address for pprof/debug API. Empty value disables server (default ":8435")
-printDefaults
print all variables with their default values and exit
-printFormat string
output format for --printDefaults. Can be table, json, yaml or list (default "table")
-tls.certDir string
root directory for metrics webserver cert, key and mTLS CA. (default "/tmp/k8s-metrics-server/serving-certs")
-tls.certName string
name of metric server Tls certificate inside tls.certDir. Default - (default "tls.crt")
-tls.enable
enables secure tls (https) for metrics webserver.
-tls.keyName string
name of metric server Tls key inside tls.certDir. Default - tls.key (default "tls.key")
-version
Show operator version
-webhook.certDir string
root directory for webhook cert and key (default "/tmp/k8s-webhook-server/serving-certs/")
-webhook.certName string
name of webhook server Tls certificate inside tls.certDir (default "tls.crt")
-webhook.enable
adds webhook server, you must mount cert and key or use cert-manager
-webhook.keyName string
name of webhook server Tls key inside tls.certDir (default "tls.key")
-webhook.port int
port to start webhook server on (default 9443)
-zap-devel
Development Mode defaults(encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode defaults(encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error)
-zap-encoder value
Zap log encoding (one of 'json' or 'console')
-zap-log-level value
Zap Level to configure the verbosity of logging. Can be one of 'debug', 'info', 'error', or any integer value > 0 which corresponds to custom debug levels of increasing verbosity
-zap-stacktrace-level value
Zap Level at and above which stacktraces are captured (one of 'info', 'error', 'panic').
-zap-time-encoding value
Zap time encoding (one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano'). Defaults to 'epoch'.
Conversion of prometheus-operator objects #
You can read detailed instructions about configuring prometheus-objects conversion in this document .
Helm-charts #
In Helm charts
some important configuration parameters are implemented as separate flags in values.yaml
:
victoria-metrics-k8s-stack #
For possible values refer to parameters .
Also, checkout here possible ENV variables
to configure operator behaviour.
ENV variables can be set in the victoria-metrics-operator.env
section.
# values.yaml
victoria-metrics-operator:
image:
# -- Image repository
repository: victoriametrics/operator
# -- Image tag
tag: v0.35.0
# -- Image pull policy
pullPolicy: IfNotPresent
# -- Tells helm to remove CRD after chart remove
cleanupCRD: true
cleanupImage:
repository: gcr.io/google_containers/hyperkube
tag: v1.18.0
pullPolicy: IfNotPresent
operator:
# -- By default, operator converts prometheus-operator objects.
disable_prometheus_converter: false
# -- Compare-options and sync-options for prometheus objects converted by operator for properly use with ArgoCD
prometheus_converter_add_argocd_ignore_annotations: false
# -- Enables ownership reference for converted prometheus-operator objects,
# it will remove corresponding victoria-metrics objects in case of deletion prometheus one.
enable_converter_ownership: false
# -- By default, operator creates psp for its objects.
psp_auto_creation_enabled: true
# -- Enables custom config-reloader, bundled with operator.
# It should reduce vmagent and vmauth config sync-time and make it predictable.
useCustomConfigReloader: false
# -- extra settings for the operator deployment. full list Ref: https://docs.victoriametrics.com/operator/vars
env:
# -- default version for vmsingle
- name: VM_VMSINGLEDEFAULT_VERSION
value: v1.43.0
# -- container registry name prefix, e.g. docker.io
- name: VM_CONTAINERREGISTRY
value: ""
# -- image for custom reloader (see the useCustomConfigReloader parameter)
- name: VM_CUSTOMCONFIGRELOADERIMAGE
value: victoriametrics/operator:config-reloader-v0.32.0
# By default, the operator will watch all the namespaces
# If you want to override this behavior, specify the namespace it needs to watch separated by a comma.
# Ex: my_namespace1,my_namespace2
watchNamespace: ""
# Count of operator instances (can be increased for HA mode)
replicaCount: 1
# -- VM operator log level
# -- possible values: info and error.
logLevel: "info"
# -- Resource object
resources:
{}
# limits:
# cpu: 120m
# memory: 320Mi
# requests:
# cpu: 80m
# memory: 120Mi
victoria-metrics-operator #
For possible values refer to parameters .
Also, checkout here possible ENV variables
to configure operator behaviour.
ENV variables can be set in the env
section.
# values.yaml
image:
# -- Image repository
repository: victoriametrics/operator
# -- Image tag
tag: v0.35.0
# -- Image pull policy
pullPolicy: IfNotPresent
operator:
# -- By default, operator converts prometheus-operator objects.
disable_prometheus_converter: false
# -- Compare-options and sync-options for prometheus objects converted by operator for properly use with ArgoCD
prometheus_converter_add_argocd_ignore_annotations: false
# -- Enables ownership reference for converted prometheus-operator objects,
# it will remove corresponding victoria-metrics objects in case of deletion prometheus one.
enable_converter_ownership: false
# -- By default, operator creates psp for its objects.
psp_auto_creation_enabled: true
# -- Enables custom config-reloader, bundled with operator.
# It should reduce vmagent and vmauth config sync-time and make it predictable.
useCustomConfigReloader: false
# -- extra settings for the operator deployment. full list Ref: https://docs.victoriametrics.com/operator/vars
env:
# -- default version for vmsingle
- name: VM_VMSINGLEDEFAULT_VERSION
value: v1.43.0
# -- container registry name prefix, e.g. docker.io
- name: VM_CONTAINERREGISTRY
value: ""
# -- image for custom reloader (see the useCustomConfigReloader parameter)
- name: VM_CUSTOMCONFIGRELOADERIMAGE
value: victoriametrics/operator:config-reloader-v0.32.0
# By default, the operator will watch all the namespaces
# If you want to override this behavior, specify the namespace it needs to watch separated by a comma.
# Ex: my_namespace1,my_namespace2
watchNamespace: ""
# Count of operator instances (can be increased for HA mode)
replicaCount: 1
# -- VM operator log level
# -- possible values: info and error.
logLevel: "info"
# -- Resource object
resources:
{}
# limits:
# cpu: 120m
# memory: 320Mi
# requests:
# cpu: 80m
# memory: 120Mi
Namespaced mode #
By default, the operator will watch all namespaces, but it can be configured to watch only specific namespace or multiple namespaces.
If you want to override this behavior, specify the namespace:
- in the
WATCH_NAMESPACE
environment variable. - in the
watchNamespace
field in thevalues.yaml
file of helm-charts.
The operator supports comma separated namespace names for this setting.
If namespaced mode is enabled, operator uses a limited set of features:
- it cannot make any cluster wide API calls.
- it cannot assign rbac permissions for
vmagent
. It must be done manually via serviceAccount for vmagent. - it ignores namespaceSelector fields at CRD objects and uses
WATCH_NAMESPACE
value for object matching.
At each namespace operator must have a set of required permissions, an example can be found at this file .
Monitoring of cluster components #
By default, operator creates VMServiceScrape object for each component that it manages.
You can disable this behaviour with VM_DISABLESELFSERVICESCRAPECREATION
environment variable:
VM_DISABLESELFSERVICESCRAPECREATION=false
Also, you can override default configuration for self-scraping with ServiceScrapeSpec
field in each deployable resource
(vmcluster/select
, vmcluster/insert
, vmcluster/storage
, vmagent
, vmalert
, vmalertmanager
, vmauth
, vmsingle
):
CRD Validation #
Operator supports validation admission webhook docs
It checks resources configuration and returns errors to caller before resource will be created at kubernetes api. This should reduce errors and simplify debugging.
Validation hooks at operator side must be enabled with flags:
./operator
--webhook.enable
# optional configuration for certDir and tls names.
--webhook.certDir=/tmp/k8s-webhook-server/serving-certs/
--webhook.keyName=tls.key
--webhook.certName=tls.crt
You have to mount correct certificates at give directory. It can be simplified with cert-manager and kustomize command:
kustomize build config/deployments/webhook/
Requirements #
- Valid certificate with key must be provided to operator
- Valid CABundle must be added to the
ValidatingWebhookConfiguration
Useful links #
The following legacy links are retained for historical reference.
List of command-line flags #
Moved to operator/configuration/#flags