updates

VictoriaMetrics · Sep 20, 2023 · 18972f7 · 18972f7
1 parent 59a4c0a
commit 18972f7
Show file tree

Hide file tree

Showing 9 changed files with 226 additions and 14 deletions.
diff --git a/docs/resources/vmalertmanagerconfig.md b/docs/resources/vmalertmanagerconfig.md
@@ -10,6 +10,8 @@ It behaves like other config parts - `VMServiceScrape` and etc.
 You can see the full actual specification of the `VMAlertmanagerConfig` resource in 
 the **[API docs -> VMAlertmanagerConfig](https://docs.victoriametrics.com/operator/api.html#vmalertmanagerconfig)**.
 
+Also, you can check out the [examples](#examples) section.
+
 ## Using
 
 `VMAlertmanagerConfig` allows delegating notification configuration to the kubernetes cluster users.
@@ -48,3 +50,50 @@ VMAlertmanagerConfig has enforced namespace matcher.
 Alerts must have a proper namespace label, with the same value as name of namespace for VMAlertmanagerConfig.
 
 It can be disabled, by setting the following value to the VMAlertmanager: `spec.disableNamespaceMatcher: true`.
+
+## Examples
+
+```yaml
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMAlertmanagerConfig
+metadata:
+  name: example
+  namespace: default
+spec:
+  inhibit_rules:
+    - equals: []
+      target_matchers: []
+      source_matchers: []
+  route:
+    routes:
+      - receiver: webhook
+        continue: true
+    receiver: email
+    group_by: []
+    continue: false
+    matchers:
+      - job = "alertmanager"
+    group_wait: 30s
+    group_interval: 45s
+    repeat_interval: 1h
+  mute_time_intervals:
+    - name: base
+      time_intervals:
+        - times:
+            - start_time: ""
+              end_time: ""
+          weekdays: []
+          days_of_month: []
+          months: []
+          years: []
+  receivers:
+      email_configs: []
+      webhook_configs:
+        - url: http://some-other-wh
+      pagerduty_configs: []
+      pushover_configs: []
+      slack_configs: []
+      opsgenie_configs: []
+      victorops_configs: []
+      wechat_configs: []
+```
diff --git a/docs/resources/vmauth.md b/docs/resources/vmauth.md
@@ -13,6 +13,8 @@ the **[API docs -> VMAuth](https://docs.victoriametrics.com/operator/api.html#vm
 If you can't find necessary field in the specification of the custom resource,
 see [Extra arguments section](https://docs.victoriametrics.com/operator/resources/#extra-args).
 
+Also, you can check out the [examples](#examples) section.
+
 ## Users
 
 The CRD specifies which `VMUser`s should be covered by the deployed `VMAuth` instances based on label selection.
@@ -121,3 +123,18 @@ spec:
     - name: my-repo-secret
 # ...
 ```
+
+## Examples
+
+```yaml
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMAuth
+metadata:
+  name: example
+  namespace: default
+spec:
+  selectAllByDefault: true
+  ingress:
+    class_name: nginx # <-- change this to your ingress-controller
+    host: vm-demo.k8s.orb.local # <-- change this to your domain
+```
diff --git a/docs/resources/vmnodescrape.md b/docs/resources/vmnodescrape.md
@@ -1,6 +1,7 @@
 # VMNodeScrape
 
-The `VMNodeScrape` CRD provides discovery mechanism for scraping metrics kubernetes nodes.
+The `VMNodeScrape` CRD provides discovery mechanism for scraping metrics kubernetes nodes,
+it is useful for node exporters monitoring.
 
 `VMNodeScrape` object generates part of [VMAgent](https://docs.victoriametrics.com/operator/resources/vmagent.html) configuration.
 It has various options for scraping configuration of target (with basic auth,tls access, by specific port name etc.).
@@ -16,4 +17,30 @@ More information about selectors you can find in [this doc](https://docs.victori
 You can see the full actual specification of the `VMNodeScrape` resource in
 the **[API docs -> VMNodeScrape](https://docs.victoriametrics.com/operator/api.html#vmnodescrape)**.
 
-<!-- TODO: examples -->
+Also, you can check out the [examples](#examples) section.
+
+## Examples
+
+### Cadvisor scraping
+
+```yaml
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMNodeScrape
+metadata:
+  name: cadvisor-metrics
+spec:
+  scheme: "https"
+  tlsConfig:
+    insecureSkipVerify: true
+    caFile: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+  bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token"
+  relabelConfigs:
+    - action: labelmap
+      regex: __meta_kubernetes_node_label_(.+)
+    - targetLabel: __address__
+      replacement: kubernetes.default.svc:443
+    - sourceLabels: [__meta_kubernetes_node_name]
+      regex: (.+)
+      targetLabel: __metrics_path__
+      replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
+```
diff --git a/docs/resources/vmpodscrape.md b/docs/resources/vmpodscrape.md
@@ -38,11 +38,27 @@ More information about selectors you can find in [this doc](https://docs.victori
 You can see the full actual specification of the `VMPodScrape` resource in
 the **[API docs -> VMPodScrape](https://docs.victoriametrics.com/operator/api.html#vmpodscrape)**.
 
+Also, you can check out the [examples](#examples) section.
+
 ## Migration from Prometheus
 
 The `VMPodScrape` CRD from VictoriaMetrics Operator is a drop-in replacement
 for the Prometheus `PodMonitor` from prometheus-operator.
 
 More details about migration from prometheus-operator you can read in [this doc](https://docs.victoriametrics.com/operator/migration.html).
 
-<!-- TODO: examples -->
+## Examples
+
+```yaml
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMPodScrape
+metadata:
+  name: example-pod-scrape
+spec:
+  podMetricsEndpoints:
+    - port: web
+      scheme: http
+  selector:
+    matchLabels:
+     owner: dev
+```
diff --git a/docs/resources/vmprobe.md b/docs/resources/vmprobe.md
@@ -19,6 +19,8 @@ See more details about selectors [here](https://docs.victoriametrics.com/operato
 You can see the full actual specification of the `VMProbe` resource in
 the **[API docs -> VMProbe](https://docs.victoriametrics.com/operator/api.html#vmprobe)**.
 
+Also, you can check out the [examples](#examples) section.
+
 ## Migration from Prometheus
 
 The `VMProbe` CRD from VictoriaMetrics Operator is a drop-in replacement

diff --git a/docs/resources/vmservicescrape.md b/docs/resources/vmservicescrape.md
@@ -50,11 +50,28 @@ More information about selectors you can find in [this doc](https://docs.victori
 You can see the full actual specification of the `VMServiceScrape` resource in
 the **[API docs -> VMServiceScrape](https://docs.victoriametrics.com/operator/api.html#vmservicescrape)**.
 
+Also, you can check out the [examples](#examples) section.
+
 ## Migration from Prometheus
 
 The `VMServiceScrape` CRD from VictoriaMetrics Operator is a drop-in replacement 
 for the Prometheus `ServiceMonitor` from prometheus-operator.
 
 More details about migration from prometheus-operator you can read in [this doc](https://docs.victoriametrics.com/operator/migration.html).
 
-<!-- TODO: examples -->
+## Examples
+
+```yaml
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMServiceScrape
+metadata:
+  name: example-app
+  labels:
+    team: frontend
+spec:
+  selector:
+    matchLabels:
+      app: example-app
+  endpoints:
+  - port: web
+```
diff --git a/docs/resources/vmstaticscrape.md b/docs/resources/vmstaticscrape.md
@@ -18,4 +18,20 @@ More information about selectors you can find in [this doc](https://docs.victori
 You can see the full actual specification of the `VMStaticScrape` resource in
 the **[API docs -> VMStaticScrape](https://docs.victoriametrics.com/operator/api.html#vmstaticscrape)**.
 
-<!-- TODO: examples -->
+Also, you can check out the [examples](#examples) section.
+
+## Examples
+
+```yaml
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMStaticScrape
+metadata:
+  name: vmstaticscrape-sample
+spec:
+  jobName: static
+  targetEndpoints:
+    - targets: ["192.168.0.1:9100", "196.168.0.50:9100"]
+      labels:
+        env: dev
+        project: operator
+```
diff --git a/docs/resources/vmuser.md b/docs/resources/vmuser.md
@@ -11,26 +11,94 @@ operator queries kubernetes API, retrieves information about CRD and builds prop
 You can see the full actual specification of the `VMUser` resource in
 the **[API docs -> VMUser](https://docs.victoriametrics.com/operator/api.html#vmuser)**.
 
+Also, you can check out the [examples](#examples) section.
+
 ## Authentication methods
 
+There are two authentication mechanisms: ["Bearer token"](#bearer-token) and ["Basic auth"](#basic-auth) with `username` and `password`. 
+Only one of them can be used with `VMUser` at one time.
+
+Operator creates `Secret` for every `VMUser` with name - `vmuser-{VMUser.metadata.name}`.
+It places `username` + `password` or `bearerToken` into `data` section.
+
+### Bearer token
+
+Bearer token is a way to authenticate user with `Authorization` header. 
+User defines `token` field in `auth` section.
+
+Also, you can check out the [examples](#examples) section.
+
 ### Basic auth
 
 Basic auth is the simplest way to authenticate user. User defines `username` and `password` fields in `auth` section.
 
-### Bearer token
+If `username` is empty, `metadata.name` from `VMUser` used as `username`.
 
-Bearer token is a way to authenticate user with `Authorization` header. User defines `token` field in `auth` section.
+You can automatically generate `password` if:
+- Set `generatePassword: true` field
+- Don't fill `password` field
+
+Operator generates random password for this `VMUser`, 
+this password will be added to the `Secret` for this `VMUser` at `data.password` field.
+
+Also, you can check out the [examples](#examples) section.
 
 ## Routing
 
-User can define routing target with `static` config, by entering target `url`, or with `CRDRef`, in this case,
-operator queries kubernetes API, retrieves information about CRD and builds proper url.
+You can define routes for user in `targetRefs` section. 
+
+For every entry in `targetRefs` you can define routing target with `static` config, by entering target `url`, 
+or with `crd`, in this case, operator queries kubernetes API, retrieves information about CRD and builds proper url.
+
+Here are details about other fields in `targetRefs`:
+
+- `paths` is the same as `src_paths` from [auth config](https://docs.victoriametrics.com/vmauth.html#auth-config)
+- `headers` is the same as `headers` from [auth config](https://docs.victoriametrics.com/vmauth.html#auth-config)
+- `targetPathSuffix` is the suffix for `url_prefix` (target URL) from [auth config](https://docs.victoriametrics.com/vmauth.html#auth-config)
 
 ### Static
 
-<!-- TODO -->
+The `static` field is the same as `url_prefix` (target URL) from [auth config](https://docs.victoriametrics.com/vmauth.html#auth-config),
+it allows you to set a specific static URL.
 
 ### CRDRef
 
-<!-- TODO -->
-
+The `crd` field is a more convenient form for specifying the components handled by the operator as auth targets.
+
+User can define routing target with `crd` config, by entering `kind`, `name` and `namespace` of CRD.
+
+Operator supports following kinds in `kind` field:
+
+- `VMAgent` for [VMAgent](https://docs.victoriametrics.com/operator/resources/vmagent.html)
+- `VMAlert` for [VMAlert](https://docs.victoriametrics.com/operator/resources/vmalert.html)
+- `VMAlertmanager` for [VMAlertmanager](https://docs.victoriametrics.com/operator/resources/vmalertmanager.html)
+- `VMSingle` for [VMSingle](https://docs.victoriametrics.com/operator/resources/vmsingle.html)
+- `VMCluster/vmselect`, `VMCluster/vminsert` and `VMCluster/vmstorage` for [VMCluster](https://docs.victoriametrics.com/operator/resources/vmcluster.html)
+
+Also, you can check out the [examples](#examples) section.
+
+Additional fields like `path` and `scheme` can be added to `CRDRef` config.
+
+## Examples
+
+```yaml
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMUser
+metadata:
+  name: example
+spec:
+  username: simple-user
+  password: simple-password
+  targetRefs:
+    - crd:
+        kind: VMSingle
+        name: example
+        namespace: default
+      paths: ["/.*"]
+    - static:
+        url: http://vmalert-example.default.svc:8080
+      paths: ["/api/v1/groups","/api/v1/alerts"]
+```
+
+More examples see on [Authorization and exposing components](https://docs.victoriametrics.com/operator/auth.html) page
+and in [Quickstart guide](https://docs.victoriametrics.com/operator/quickstart.html#vmuser).
diff --git a/docs/security.md b/docs/security.md
@@ -15,6 +15,8 @@ To run in a cluster the operator needs certain permissions, you can see them in
 - [`role.yaml` file](https://github.com/VictoriaMetrics/operator/blob/master/config/rbac/role.yaml) - basic set of cluster roles for launching an operator.
 - [`leader_election_role.yaml` file](https://github.com/VictoriaMetrics/operator/blob/master/config/rbac/leader_election_role.yaml) - set of roles with permissions to do leader election (is necessary to run the operator in several replicas for high availability).
 
+Also, you can use single-namespace mode with minimal permissions, see [this section](https://docs.victoriametrics.com/operator/configuration.html#namespaced-mode) for details.
+
 Also in [the same directory](https://github.com/VictoriaMetrics/operator/tree/master/config/rbac) are files with a set of separate permissions to view or edit [operator resources](https://docs.victoriametrics.com/operator/resources/) to organize fine-grained access:
 
 - file `<RESOURCE_NAME>_viewer_role.yaml` - permissions for viewing (`get`, `list` and `watch`) some resource of vmoperator.
@@ -23,8 +25,6 @@ Also in [the same directory](https://github.com/VictoriaMetrics/operator/tree/ma
 For instance, [`vmalert_editor_role.yaml` file](https://github.com/VictoriaMetrics/operator/blob/master/config/rbac/vmalert_editor_role.yaml) contain permission
 for editing [`vmagent` custom resources](https://docs.victoriametrics.com/operator/resources/vmagent.html).
 
-**TODO**
-
 <!-- TODO: service accounts / role bindings? -->
 <!-- TODO: resource/roles relations -->
 <!-- TODO: strict pod security -->