diff --git a/Makefile b/Makefile index c69f716c..daff95ef 100644 --- a/Makefile +++ b/Makefile @@ -354,7 +354,7 @@ KIND_VERSION ?= v0.23.0 OPERATOR_SDK_VERSION ?= v1.35.0 OPM_VERSION ?= v1.44.0 YQ_VERSION ?= v4.44.2 -ENVCONFIG_DOCS_VERSION ?= 70062e813a6c07ad9b95e0993ea8a906d18679b0 +ENVCONFIG_DOCS_VERSION ?= 746866a6303f8e7e610d39389aa951b3c0d97123 CRD_REF_DOCS_VERSION ?= latest .PHONY: kustomize diff --git a/api/operator/v1beta1/vlogs_types.go b/api/operator/v1beta1/vlogs_types.go index aec79413..62bdc317 100644 --- a/api/operator/v1beta1/vlogs_types.go +++ b/api/operator/v1beta1/vlogs_types.go @@ -171,7 +171,7 @@ type VLogsSpec struct { Port string `json:"port,omitempty"` // RemovePvcAfterDelete - if true, controller adds ownership to pvc - // and after VLogs objest deletion - pvc will be garbage collected + // and after VLogs object deletion - pvc will be garbage collected // by controller manager // +optional RemovePvcAfterDelete bool `json:"removePvcAfterDelete,omitempty"` diff --git a/api/operator/v1beta1/vmsingle_types.go b/api/operator/v1beta1/vmsingle_types.go index 4ca89457..d3df259a 100644 --- a/api/operator/v1beta1/vmsingle_types.go +++ b/api/operator/v1beta1/vmsingle_types.go @@ -157,7 +157,7 @@ type VMSingleSpec struct { Port string `json:"port,omitempty"` // RemovePvcAfterDelete - if true, controller adds ownership to pvc - // and after VMSingle objest deletion - pvc will be garbage collected + // and after VMSingle object deletion - pvc will be garbage collected // by controller manager // +optional RemovePvcAfterDelete bool `json:"removePvcAfterDelete,omitempty"` diff --git a/config/crd/overlay/crd.yaml b/config/crd/overlay/crd.yaml index 89b01220..703d138d 100644 --- a/config/crd/overlay/crd.yaml +++ b/config/crd/overlay/crd.yaml @@ -342,7 +342,7 @@ spec: removePvcAfterDelete: description: |- RemovePvcAfterDelete - if true, controller adds ownership to pvc - and after VLogs objest deletion - pvc will be garbage collected + and after VLogs object deletion - pvc will be garbage collected by controller manager type: boolean replicaCount: @@ -27958,7 +27958,7 @@ spec: removePvcAfterDelete: description: |- RemovePvcAfterDelete - if true, controller adds ownership to pvc - and after VMSingle objest deletion - pvc will be garbage collected + and after VMSingle object deletion - pvc will be garbage collected by controller manager type: boolean replicaCount: diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 51b03849..d9694cd7 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -52,8 +52,8 @@ aliases: - [vmuser](https://docs.victoriametrics.com/operator/resources/vmuser/): allows to skip `VMUser` from `VMAuth` config generation if it has misconfigured fields. Such as references to non-exist `CRD` objects or missing fields. It's highly recommended to enable `Validation` webhook for `VMUsers`, it should reduce surface of potential misconfiguration. See this [issue](https://github.com/VictoriaMetrics/operator/issues/1047) for details. - [vmagent](https://docs.victoriametrics.com/operator/resources/vmagent/): adds `status` and `lastSyncError` status fields to all scrape objects - `VMServiceScrape`, `VMPodScrape`, `VMNodeScrape`,`VMPodScrape`, `VMStaticScrape` and `VMScrapeConfig`. It allows to track config generation for `vmagent` from scrape objects. - [operator](https://docs.victoriametrics.com/operator/): refactors config builder for `VMAgent`. It fixes minor bug with incorrect skip of scrape object with incorrect references for secrets and configmaps. -- [operator](https://docs.victoriametrics.com/operator/): allows to secure `metrics-bind-address` webserver with `TLS` and `mTLS` protection via flags `tls.enable`,`tls.certDir`,`tls.certName`,`tls.key``,`mtls.enable`,`mtls.clietCA`. See this [issue](https://github.com/VictoriaMetrics/operator/issues/1033) for details. -- [operator](https://docs.victoriametrics.com/operator/): fixes bug with possible `tlsConfig` `SecretOrConfigmap` references clash. Operator adds `configmap` prefix to the configmap refrenced tls asset. See this [issue](https://github.com/VictoriaMetrics/operator/issues/1067) for details. +- [operator](https://docs.victoriametrics.com/operator/): allows to secure `metrics-bind-address` webserver with `TLS` and `mTLS` protection via flags `tls.enable`,`tls.certDir`,`tls.certName`,`tls.key``,`mtls.enable`,`mtls.clientCA`. See this [issue](https://github.com/VictoriaMetrics/operator/issues/1033) for details. +- [operator](https://docs.victoriametrics.com/operator/): fixes bug with possible `tlsConfig` `SecretOrConfigmap` references clash. Operator adds `configmap` prefix to the configmap referenced tls asset. See this [issue](https://github.com/VictoriaMetrics/operator/issues/1067) for details. - [operator](https://docs.victoriametrics.com/operator/): properly release `PodDisruptionBudget` object finalizer. Previously it could be kept due to typo. See this [issue](https://github.com/VictoriaMetrics/operator/issues/1036) for details. - [operator](https://docs.victoriametrics.com/operator/): refactors finalizers usage. Simplifies finalizer manipulation with helper functions - [operator](https://docs.victoriametrics.com/operator/): adds `tls_config` and `authKey` settings to auto-created `VMServiceScrape` for CRD objects from `extraArgs`. See [this](https://github.com/VictoriaMetrics/operator/issues/1033) issue for details. @@ -1227,7 +1227,7 @@ aliases: ### Fixes -- Reduces memory usage - coz of improper label selectors and cache usage operator consumed a lot of memory +- Reduces memory usage - improper label selectors and cache usage cause operator to consume a lot of memory - Fixes VMAlert default image tag typo - Fixes logging configuration - Fixes new config reloader watch logic: diff --git a/docs/api.md b/docs/api.md index 6abc9f39..dcebd535 100644 --- a/docs/api.md +++ b/docs/api.md @@ -2284,7 +2284,7 @@ _Appears in:_ | `port` | Port listen port | _string_ | false | | `priorityClassName` | PriorityClassName assigned to the Pods | _string_ | false | | `readinessGates` | ReadinessGates defines pod readiness gates | _[PodReadinessGate](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#podreadinessgate-v1-core) array_ | true | -| `removePvcAfterDelete` | RemovePvcAfterDelete - if true, controller adds ownership to pvc
and after VLogs objest deletion - pvc will be garbage collected
by controller manager | _boolean_ | false | +| `removePvcAfterDelete` | RemovePvcAfterDelete - if true, controller adds ownership to pvc
and after VLogs object deletion - pvc will be garbage collected
by controller manager | _boolean_ | false | | `replicaCount` | ReplicaCount is the expected size of the VLogs
it can be 0 or 1
if you need more - use vm cluster | _integer_ | true | | `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false | | `retentionPeriod` | RetentionPeriod for the stored logs | _string_ | true | @@ -3581,7 +3581,7 @@ _Appears in:_ | `port` | Port listen port | _string_ | false | | `priorityClassName` | PriorityClassName assigned to the Pods | _string_ | false | | `readinessGates` | ReadinessGates defines pod readiness gates | _[PodReadinessGate](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#podreadinessgate-v1-core) array_ | true | -| `removePvcAfterDelete` | RemovePvcAfterDelete - if true, controller adds ownership to pvc
and after VMSingle objest deletion - pvc will be garbage collected
by controller manager | _boolean_ | false | +| `removePvcAfterDelete` | RemovePvcAfterDelete - if true, controller adds ownership to pvc
and after VMSingle object deletion - pvc will be garbage collected
by controller manager | _boolean_ | false | | `replicaCount` | ReplicaCount is the expected size of the VMSingle
it can be 0 or 1
if you need more - use vm cluster | _integer_ | true | | `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false | | `retentionPeriod` | RetentionPeriod for the stored metrics
Note VictoriaMetrics has data/ and indexdb/ folders
metrics from data/ removed eventually as soon as partition leaves retention period
reverse index data at indexdb rotates once at the half of configured [retention period](https://docs.victoriametrics.com/Single-server-VictoriaMetrics/#retention) | _string_ | true | diff --git a/docs/resources/README.md b/docs/resources/README.md index e5044a49..bc7da39d 100644 --- a/docs/resources/README.md +++ b/docs/resources/README.md @@ -55,7 +55,7 @@ Usage example: apiVersion: operator.victoriametrics.com/v1beta1 kind: VMSingle metadata: - name: vmsingle-example-exrtaargs + name: vmsingle-example-extraargs spec: retentionPeriod: "1" extraArgs: @@ -73,7 +73,7 @@ Usage example: ```yaml kind: VMSingle metadata: - name: vmsingle-example--exrtaenvs + name: vmsingle-example-extraenvs spec: retentionPeriod: "1" extraEnvs: @@ -107,7 +107,7 @@ Page for every custom resource contains examples section: - [VMUser examples](https://docs.victoriametrics.com/operator/resources/vmuser#examples) - [VMScrapeConfig examples](https://docs.victoriametrics.com/operator/resources/vmscrapeconfig#examples) -In addition, you can find examples of the custom resources for VIctoriMetrics operator in +In addition, you can find examples of the custom resources for VictoriaMetrics operator in the **[examples directory](https://github.com/VictoriaMetrics/operator/tree/master/config/examples) of operator repository**. ## Managing versions of VM diff --git a/docs/vars.md b/docs/vars.md index 3561e046..7496ee15 100644 --- a/docs/vars.md +++ b/docs/vars.md @@ -10,12 +10,12 @@ aliases: - /operator/vars/index.html --- - updated at Mon Sep 2 21:11:44 UTC 2024 + updated at Mon Sep 16 09:04:10 UTC 2024 | variable name | variable default value | variable required | variable description | | --- | --- | --- | --- | -| VM_USECUSTOMCONFIGRELOADER | false | false | enables custom config reloader for vmauth and vmagent,it should speed-up config reloading process. | +| VM_USECUSTOMCONFIGRELOADER | false | false | enables custom config reloader for vmauth and vmagent, it should speed-up config reloading process. | | VM_CONTAINERREGISTRY | - | false | container registry name prefix, e.g. docker.io | | VM_CUSTOMCONFIGRELOADERIMAGE | victoriametrics/operator:config-reloader-v0.47.2 | false | - | | VM_PSPAUTOCREATEENABLED | false | false | - | @@ -123,7 +123,7 @@ aliases: | VM_ENABLEDPROMETHEUSCONVERTER_SCRAPECONFIG | true | false | - | | VM_FILTERCHILDLABELPREFIXES | - | false | - | | VM_FILTERCHILDANNOTATIONPREFIXES | - | false | - | -| VM_PROMETHEUSCONVERTERADDARGOCDIGNOREANNOTATIONS | false | false | adds compare-options and sync-options for prometheus objects converted by operatorit helps to properly use converter with ArgoCD | +| VM_PROMETHEUSCONVERTERADDARGOCDIGNOREANNOTATIONS | false | false | adds compare-options and sync-options for prometheus objects converted by operator. It helps to properly use converter with ArgoCD | | VM_ENABLEDPROMETHEUSCONVERTEROWNERREFERENCES | false | false | - | | VM_FILTERPROMETHEUSCONVERTERLABELPREFIXES | - | false | allows filtering for converted labels, labels with matched prefix will be ignored | | VM_FILTERPROMETHEUSCONVERTERANNOTATIONPREFIXES | - | false | allows filtering for converted annotations, annotations with matched prefix will be ignored | @@ -136,5 +136,5 @@ aliases: | VM_PODWAITREADYINTERVALCHECK | 5s | false | - | | VM_PODWAITREADYINITDELAY | 10s | false | - | | VM_FORCERESYNCINTERVAL | 60s | false | configures force resync interval for VMAgent, VMAlert, VMAlertmanager and VMAuth. | -| VM_ENABLESTRICTSECURITY | false | false | EnableStrictSecurity will add default `securityContext` to pods and containers created by operatorDefault PodSecurityContext include:1. RunAsNonRoot: true2. RunAsUser/RunAsGroup/FSGroup: 65534'65534' refers to 'nobody' in all the used default images like alpine, busybox.If you're using customize image, please make sure '65534' is a valid uid in there or specify SecurityContext.3. FSGroupChangePolicy: &onRootMismatchIf KubeVersion>=1.20, use `FSGroupChangePolicy="onRootMismatch"` to skip the recursive permission changewhen the root of the volume already has the correct permissions4. SeccompProfile:type: RuntimeDefaultUse `RuntimeDefault` seccomp profile by default, which is defined by the container runtime,instead of using the Unconfined (seccomp disabled) mode.Default container SecurityContext include:1. AllowPrivilegeEscalation: false2. ReadOnlyRootFilesystem: true3. Capabilities:drop:- allturn off `EnableStrictSecurity` by default, see https://github.com/VictoriaMetrics/operator/issues/749 for details | -[envconfig-sum]: 4560053e758cdaf3d11170e5bf296de4 \ No newline at end of file +| VM_ENABLESTRICTSECURITY | false | false | EnableStrictSecurity will add default `securityContext` to pods and containers created by operator Default PodSecurityContext include: 1. RunAsNonRoot: true 2. RunAsUser/RunAsGroup/FSGroup: 65534 '65534' refers to 'nobody' in all the used default images like alpine, busybox. If you're using customize image, please make sure '65534' is a valid uid in there or specify SecurityContext. 3. FSGroupChangePolicy: &onRootMismatch If KubeVersion>=1.20, use `FSGroupChangePolicy="onRootMismatch"` to skip the recursive permission change when the root of the volume already has the correct permissions 4. SeccompProfile: type: RuntimeDefault Use `RuntimeDefault` seccomp profile by default, which is defined by the container runtime, instead of using the Unconfined (seccomp disabled) mode. Default container SecurityContext include: 1. AllowPrivilegeEscalation: false 2. ReadOnlyRootFilesystem: true 3. Capabilities: drop: - all turn off `EnableStrictSecurity` by default, see https://github.com/VictoriaMetrics/operator/issues/749 for details | +[envconfig-sum]: b82e81d45e7a9fe6a06ef0a77736d4c3 \ No newline at end of file diff --git a/internal/config/config.go b/internal/config/config.go index 23fa6deb..8f7d8eda 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -251,8 +251,8 @@ type BaseOperatorConf struct { } FilterChildLabelPrefixes []string `default:""` FilterChildAnnotationPrefixes []string `default:""` - // adds compare-options and sync-options for prometheus objects converted by operator - // it helps to properly use converter with ArgoCD + // adds compare-options and sync-options for prometheus objects converted by operator. + // It helps to properly use converter with ArgoCD PrometheusConverterAddArgoCDIgnoreAnnotations bool `default:"false"` EnabledPrometheusConverterOwnerReferences bool `default:"false"` // allows filtering for converted labels, labels with matched prefix will be ignored