github-mirrors/VictoriaMetrics
1
0
Fork 0
mirror of https://github.com/VictoriaMetrics/VictoriaMetrics.git synced 2024-11-21 14:44:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

Automatic update operator docs from VictoriaMetrics/operator@3179fd0

Browse source 
Signed-off-by: Github Actions <133988544+victoriametrics-bot@users.noreply.github.com>
This commit is contained in:
f41gh7 2024-11-04 21:11:23 +00:00 committed by Github Actions
parent 371e193279
commit 8de5879d75
No known key found for this signature in database
GPG key ID: 261D0043999236A6
6 changed files with 155 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
docs/operator/CHANGELOG.md
View file

@ -11,6 +11,17 @@ aliases:
- /operator/changelog/index.html
---
## tip
- [operator](https://docs.victoriametrics.com/operator/): properly apply `useStrictSecurity: true` to the `initContainers` for `VMAuth`, `VMAgent` and `VMAlertmanager`. See [this issue](https://github.com/VictoriaMetrics/operator/issues/1134) for details.
- [vmauth](https://docs.victoriametrics.com/operator/resources/vmauth): Moved `spec.configSecret` to `spec.externalConfig.secretRef.name` and added `spec.externalConfig.localPath` to be able to provide custom configs via sidecar.
- [vmcluster](https://docs.victoriametrics.com/operator/resources/vmcluster): adds `requestsLoadBalancer` configuration to the `VMCluster.spec`. See [this issue](https://github.com/VictoriaMetrics/operator/issues/1130) for details.
- [vmcluster](https://docs.victoriametrics.com/operator/resources/vmcluster): properly configure monitoring for `VMCluster` with enabled `backup`.
- [vmalertmanager](https://docs.victoriametrics.com/operator/resources/vmalertmanager): properly trigger reload when `ConfigMap` provided via `.spec.configMap` are changed.
- [operator](https://docs.victoriametrics.com/operator/): fixed operator reconcile on storage size change
- [operator](https://docs.victoriametrics.com/operator/): fixed converting AlertmanagerConfig to VMAlertmanagerConfig
## [v0.48.4](https://github.com/VictoriaMetrics/operator/releases/tag/v0.48.4) - 15 Oct 2024
- [api](https://docs.victoriametrics.com/operator/api): adds new fields `maxDiskUsagePerUrl` and`forceVMProto` to the `VMagent` `remoteWriteSpec`

106
docs/operator/api.md
View file

@ -78,6 +78,7 @@ _Appears in:_
- [VMAgentSpec](#vmagentspec)
- [VMAlertSpec](#vmalertspec)
- [VMAlertmanagerSpec](#vmalertmanagerspec)
- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec)
- [VMAuthSpec](#vmauthspec)
- [VMInsert](#vminsert)
- [VMSelect](#vmselect)
@ -352,6 +353,7 @@ _Appears in:_
- [VMAgentSpec](#vmagentspec)
- [VMAlertSpec](#vmalertspec)
- [VMAlertmanagerSpec](#vmalertmanagerspec)
- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec)
- [VMAuthSpec](#vmauthspec)
- [VMInsert](#vminsert)
- [VMSelect](#vmselect)
@ -426,6 +428,7 @@ _Appears in:_
- [VMAgentSpec](#vmagentspec)
- [VMAlertSpec](#vmalertspec)
- [VMAlertmanagerSpec](#vmalertmanagerspec)
- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec)
- [VMAuthSpec](#vmauthspec)
- [VMInsert](#vminsert)
- [VMSelect](#vmselect)
@ -727,6 +730,7 @@ _Appears in:_
- [VMAgentSpec](#vmagentspec)
- [VMAlertSpec](#vmalertspec)
- [VMAlertmanagerSpec](#vmalertmanagerspec)
- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec)
- [VMAuthSpec](#vmauthspec)
- [VMInsert](#vminsert)
- [VMSelect](#vmselect)
@ -770,6 +774,7 @@ _Appears in:_
- [VMAgentSpec](#vmagentspec)
- [VMAlertSpec](#vmalertspec)
- [VMAlertmanagerSpec](#vmalertmanagerspec)
- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec)
- [VMAuthSpec](#vmauthspec)
- [VMInsert](#vminsert)
- [VMSelect](#vmselect)
@ -797,6 +802,7 @@ _Appears in:_
- [VMAgentSpec](#vmagentspec)
- [VMAlertSpec](#vmalertspec)
- [VMAlertmanagerSpec](#vmalertmanagerspec)
- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec)
- [VMAuthSpec](#vmauthspec)
- [VMInsert](#vminsert)
- [VMSelect](#vmselect)
@ -931,6 +937,23 @@ _Appears in:_
| `vm_scrape_params` | VMScrapeParams defines VictoriaMetrics specific scrape parameters | _[VMScrapeParams](#vmscrapeparams)_ | false |
#### ExternalConfig
ExternalConfig defines external source of configuration
_Appears in:_
- [VMAuthSpec](#vmauthspec)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `localPath` | LocalPath contains static path to a config, which is managed externally for cases<br />when using secrets is not applicable, e.g.: Vault sidecar. | _string_ | false |
| `secretRef` | SecretRef defines selector for externally managed secret which contains configuration | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
#### FileSDConfig
@ -1068,6 +1091,7 @@ _Appears in:_
- [VMAgentSpec](#vmagentspec)
- [VMAlertSpec](#vmalertspec)
- [VMAlertmanagerSpec](#vmalertmanagerspec)
- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec)
- [VMAuthSpec](#vmauthspec)
- [VMBackup](#vmbackup)
- [VMInsert](#vminsert)
@ -1744,6 +1768,7 @@ _Appears in:_
- [VMAgentSpec](#vmagentspec)
- [VMAlertSpec](#vmalertspec)
- [VMAlertmanagerSpec](#vmalertmanagerspec)
- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec)
- [VMAuthSpec](#vmauthspec)
- [VMInsert](#vminsert)
- [VMSelect](#vmselect)
@ -3003,6 +3028,82 @@ VMAuth is the Schema for the vmauths API
| `spec` | | _[VMAuthSpec](#vmauthspec)_ | true |
#### VMAuthLoadBalancer
VMAuthLoadBalancer configures vmauth as a load balancer
for the requests
_Appears in:_
- [VMClusterSpec](#vmclusterspec)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `disableInsertBalancing` | | _boolean_ | true |
| `disableSelectBalancing` | | _boolean_ | true |
| `enabled` | | _boolean_ | true |
| `spec` | | _[VMAuthLoadBalancerSpec](#vmauthloadbalancerspec)_ | true |
#### VMAuthLoadBalancerSpec
VMAuthLoadBalancerSpec defines configuration spec for VMAuth used as load-balancer
for VMCluster component
_Appears in:_
- [VMAuthLoadBalancer](#vmauthloadbalancer)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `affinity` | Affinity If specified, the pod's scheduling constraints. | _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#affinity-v1-core)_ | false |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br />object, which shall be mounted into the Application container<br />at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br />It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `disableSelfServiceScrape` | DisableSelfServiceScrape controls creation of VMServiceScrape by operator<br />for the application.<br />Has priority over `VM_DISABLESELFSERVICESCRAPECREATION` operator env variable | _boolean_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br />Parameters specified here will be merged to the generated DNS<br />configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br />for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br />that would be propagated to pod,<br />cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `hostNetwork` | HostNetwork controls whether the pod may use the node network namespace | _boolean_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br />that would be propagated to pod,<br />cannot be used with HostNetwork.<br />Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `image` | Image - docker image settings<br />if no specified operator uses default version from operator config | _[Image](#image)_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br />to use for pulling images from registries<br />see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br />Any errors during the execution of an initContainer will lead to a restart of the Pod.<br />More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `logFormat` | LogFormat for vmauth<br />default or json | _string_ | false |
| `logLevel` | LogLevel for vmauth container. | _string_ | false |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br />if previous in healthy state<br />Has no effect for VLogs and VMSingle | _integer_ | false |
| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br />going to be performed, except for delete actions. | _boolean_ | false |
| `podDisruptionBudget` | PodDisruptionBudget created by operator | _[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec)_ | false |
| `podMetadata` | Common params for scheduling<br />PodMetadata configures Labels and Annotations which are propagated to the vmauth lb pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | true |
| `port` | Port listen address | _string_ | false |
| `priorityClassName` | PriorityClassName class assigned to the Pods | _string_ | false |
| `readinessGates` | ReadinessGates defines pod readiness gates | _[PodReadinessGate](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#podreadinessgate-v1-core) array_ | true |
| `replicaCount` | ReplicaCount is the expected size of the Application. | _integer_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br />if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br />maximum number of revisions that will be maintained in the Deployment revision history.<br />Has no effect at StatefulSets<br />Defaults to 10. | _integer_ | false |
| `runtimeClassName` | RuntimeClassName - defines runtime class for kubernetes pod.<br />https://kubernetes.io/docs/concepts/containers/runtime-class/ | _string_ | false |
| `schedulerName` | SchedulerName - defines kubernetes scheduler name | _string_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br />object, which shall be mounted into the Application container<br />at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br />This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `serviceScrapeSpec` | ServiceScrapeSpec that will be added to vmauthlb VMServiceScrape spec | _[VMServiceScrapeSpec](#vmservicescrapespec)_ | false |
| `serviceSpec` | AdditionalServiceSpec defines service override configuration for vmauth lb deployment<br />it'll be only applied to vmclusterlb- service | _[AdditionalServiceSpec](#additionalservicespec)_ | true |
| `terminationGracePeriodSeconds` | TerminationGracePeriodSeconds period for container graceful termination | _integer_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br />controls how pods are spread across your cluster among failure-domains<br />such as regions, zones, nodes, and other user-defined topology domains<br />https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `useDefaultResources` | UseDefaultResources controls resource settings<br />By default, operator sets built-in resource requirements | _boolean_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br />it restricts disk writes access<br />uses non-root user out of the box<br />drops not needed security permissions | _boolean_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br />VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br />Volumes specified will be appended to other volumes that are generated.<br />/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
#### VMAuthSpec
@ -3021,7 +3122,7 @@ _Appears in:_
| `configReloaderExtraArgs` | ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container<br />for example resyncInterval: "30s" | _object (keys:string, values:string)_ | false |
| `configReloaderImageTag` | ConfigReloaderImageTag defines image:tag for config-reloader container | _string_ | false |
| `configReloaderResources` | ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br />if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `configSecret` | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the<br />VMAuth object, which contains auth configuration for vmauth,<br />configuration must be inside secret key: config.yaml.<br />It must be created and managed manually.<br />If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders | _string_ | false |
| `configSecret` | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the<br />VMAuth object, which contains auth configuration for vmauth,<br />configuration must be inside secret key: config.yaml.<br />It must be created and managed manually.<br />If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders<br />Deprecated, use externalConfig.secretRef instead | _string_ | true |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br />It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `default_url` | DefaultURLs backend url for non-matching paths filter<br />usually used for default backend with error message | _string array_ | true |
| `disableSelfServiceScrape` | DisableSelfServiceScrape controls creation of VMServiceScrape by operator<br />for the application.<br />Has priority over `VM_DISABLESELFSERVICESCRAPECREATION` operator env variable | _boolean_ | false |
@ -3029,6 +3130,7 @@ _Appears in:_
| `dnsConfig` | Specifies the DNS parameters of a pod.<br />Parameters specified here will be merged to the generated DNS<br />configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `drop_src_path_prefix_parts` | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend.<br />See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. | _integer_ | false |
| `externalConfig` | ExternalConfig defines a source of external VMAuth configuration.<br />If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders | _[ExternalConfig](#externalconfig)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br />for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `headers` | Headers represent additional http headers, that vmauth uses<br />in form of ["header_key: header_value"]<br />multiple values for header key:<br />["header_key: value1,value2"]<br />it's available since 1.68.0 version of vmauth | _string array_ | false |
@ -3157,6 +3259,7 @@ _Appears in:_
| `license` | License allows to configure license key to be used for enterprise features.<br />Using license key is supported starting from VictoriaMetrics v1.94.0.<br />See [here](https://docs.victoriametrics.com/enterprise) | _[License](#license)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br />going to be performed, except for delete actions. | _boolean_ | false |
| `replicationFactor` | ReplicationFactor defines how many copies of data make among<br />distinct storage nodes | _integer_ | false |
| `requestsLoadBalancer` | RequestsLoadBalancer configures load-balancing for vminsert and vmselect requests<br />it helps to evenly spread load across pods<br />usually it's not possible with kubernetes TCP based service | _[VMAuthLoadBalancer](#vmauthloadbalancer)_ | true |
| `retentionPeriod` | RetentionPeriod for the stored metrics<br />Note VictoriaMetrics has data/ and indexdb/ folders<br />metrics from data/ removed eventually as soon as partition leaves retention period<br />reverse index data at indexdb rotates once at the half of configured<br />[retention period](https://docs.victoriametrics.com/Single-server-VictoriaMetrics/#retention) | _string_ | true |
| `serviceAccountName` | ServiceAccountName is the name of the ServiceAccount to use to run the<br />VMSelect, VMStorage and VMInsert Pods. | _string_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br />it restricts disk writes access<br />uses non-root user out of the box<br />drops not needed security permissions | _boolean_ | false |
@ -3704,6 +3807,7 @@ _Appears in:_
- [VMAgentSpec](#vmagentspec)
- [VMAlertSpec](#vmalertspec)
- [VMAlertmanagerSpec](#vmalertmanagerspec)
- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec)
- [VMAuthSpec](#vmauthspec)
- [VMInsert](#vminsert)
- [VMSelect](#vmselect)

38
docs/operator/resources/vmcluster.md
View file

@ -43,6 +43,44 @@ see [Extra arguments section](./#extra-arguments).
Also, you can check out the [examples](#examples) section.
## Requests Load-Balancing
Operator provides enhanced load-balancing mechanism for `vminsert` and `vmselect` clients. By default, operator uses built-in Kubernetes [service]() with `clusterIP` type for clients connection. It's good solution for short lived connections. But it acts poorly with long-lived TCP sessions and leads to the uneven resources utilisation for `vmselect` and `vminsert` components.
Consider the following example:
![CR](vmcluster_default_balancer.webp)
In this case clients could establish multiple connections to the same `pod` via `service`. And client requests will be served only by subset of `pods`.
Operator allows to tweak this behaviour with enabled `requestsLoadbalacing`:
```yaml
apiVersion: operator.victoriametrics.com/v1beta1
kind: VMCluster
metadata:
name: with-balanacer
spec:
retentionPeriod: "4"
replicationFactor: 1
requestsLoadBalancer:
enabled: true
spec:
replicaCount: 2
```
Operator will deploy `VMAuth` deployment with 2 replicas. And update vminsert and vmselect services to point to `vmauth`.
In addition, operator will create 3 additional services with the following pattern:
- vminsertinternal-CLUSTER_NAME - needed for vmselect pod discovery
- vmselectinternal-CLUSTER_NAME - needed for vminsert pod discovery
- vmclusterlb-CLUSTER_NAME - needed for metrics collection and exposing `vmselect` and `vminsert` components via `VMAuth` balancer.
Network scheme with load-balancing:
![CR](vmcluster_with_balancer.webp)
Operator allows to customise load-balancing configuration with `requestsLoadBalancer.Spec` settings.
## High availability
The cluster version provides a full set of high availability features - metrics replication, node failover, horizontal scaling.

BIN
docs/operator/resources/vmcluster_default_balancer.webp Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
docs/operator/resources/vmcluster_with_balancer.webp Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 36 KiB