← Back to index Esc
Kind
VMUser
Group
operator.victoriametrics.com
Version
v1beta1
apiVersion: operator.victoriametrics.com/v1beta1 kind: VMUser metadata: name: example
Tip: use .spec.bearerToken for path-only search
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object
VMUserSpec defines the desired state of VMUser
bearerToken string
BearerToken Authorization header value for accessing protected endpoint.
default_url []string
DefaultURLs backend url for non-matching paths filter usually used for default backend with error message
disable_secret_creation boolean
DisableSecretCreation skips related secret creation for vmuser
discover_backend_ips boolean
DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
drop_src_path_prefix_parts integer
DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See [here](https://docs.victoriametrics.com/victoriametrics/vmauth/#dropping-request-path-prefix) for more details.
dump_request_on_errors boolean
DumpRequestOnErrors instructs vmauth to return detailed request params to the client if routing rules don't allow to forward request to the backends. Useful for debugging `src_hosts` and `src_headers` based routing rules available since v1.107.0 vmauth version
generatePassword boolean
GeneratePassword instructs operator to generate password for user if spec.password if empty.
headers []string
Headers represent additional http headers, that vmauth uses in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.68.0 version of vmauth
ip_filters object
IPFilters defines per target src ip filters supported only with enterprise version of [vmauth](https://docs.victoriametrics.com/victoriametrics/vmauth/#ip-filters)
allow_list []string
deny_list []string
jwt object
JWT defines JWT based auth for a user
matchClaims object
MatchClaims enables claim based routing
oidc object
OIDC defines OIDC configuration section
issuer string required
Issuer defines issuer URL for OIDC
publicKeyRefs []object
PublicKeyRefs defines a list of Secret selectors that reference public keys
key string required
The key of the secret to select from. Must be a valid secret key.
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional boolean
Specify whether the Secret or its key must be defined
publicKeys []string
PublicKeys defines a list of public keys that are used for signature verification
skipVerify boolean
SkipVerify skips signature verification for testing purposes
load_balancing_policy string
LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See [here](https://docs.victoriametrics.com/victoriametrics/vmauth/#load-balancing) for more details (default "least_loaded")
enum: least_loaded, first_available
managedMetadata object
ManagedMetadata defines metadata that will be added to the all objects created by operator for the given CustomResource
annotations object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
labels object
Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
max_concurrent_requests integer
MaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth
metric_labels object
MetricLabels - additional labels for metrics exported by vmauth for given user.
name string
Name of the VMUser object.
password string
Password basic auth password for accessing protected endpoint.
passwordRef object
PasswordRef allows fetching password from user-create secret by its name and key.
key string required
The key of the secret to select from. Must be a valid secret key.
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional boolean
Specify whether the Secret or its key must be defined
response_headers []string
ResponseHeaders represent additional http headers, that vmauth adds for request response in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.93.0 version of vmauth
retry_status_codes []integer
RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503]
targetRefs []object required
TargetRefs - reference to endpoints, which user may access.
crd object
CRD describes exist operator's CRD object, operator generates access url based on CRD params.
kind string required
Kind one of: VMAgent,VMAlert, VMSingle, VMCluster/vmselect, VMCluster/vmstorage,VMCluster/vminsert,VMAlertManager, VLSingle, VLCluster/vlinsert, VLCluster/vlselect, VLCluster/vlstorage, VTSingle, VTCluster/vtinsert, VTCluster/vtselect, VTCluster/vtstorage and VLAgent
enum: VMAgent, VMAlert, VMSingle, VLogs, VMAlertManager, VMAlertmanager, VMCluster/vmselect, VMCluster/vmstorage, VMCluster/vm... VMAgent, VMAlert, VMSingle, VLogs, VMAlertManager, VMAlertmanager, VMCluster/vmselect, VMCluster/vmstorage, VMCluster/vminsert, VLSingle, VLCluster/vlinsert, VLCluster/vlselect, VLCluster/vlstorage, VLAgent, VTCluster/vtinsert, VTCluster/vtselect, VTCluster/vtstorage, VTSingle
name string required
Name of the target Kubernetes object
namespace string required
Namespace of the target Kubernetes object
objects []object
Objects defines list of name/namespace pairs that define existing k8s object
name string required
Name of the target Kubernetes object
namespace string required
Namespace of the target Kubernetes object
discover_backend_ips boolean
DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
drop_src_path_prefix_parts integer
DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See [here](https://docs.victoriametrics.com/victoriametrics/vmauth/#dropping-request-path-prefix) for more details.
headers []string
RequestHeaders represent additional http headers, that vmauth uses in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.68.0 version of vmauth
hosts []string
load_balancing_policy string
LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See [here](https://docs.victoriametrics.com/victoriametrics/vmauth/#load-balancing) for more details (default "least_loaded")
enum: least_loaded, first_available
name string
Name references item at VMAuths spec.defaultTargetRefs map, with name set other attributes are skipped
paths []string
Paths - matched path to route.
query_args []object
QueryArgs appends list of query arguments to generated URL
name string required
Name of query argument
values []string required
Values of query argument
response_headers []string
ResponseHeaders represent additional http headers, that vmauth adds for request response in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.93.0 version of vmauth
retry_status_codes []integer
RetryStatusCodes defines http status codes in numeric format for request retries Can be defined per target or at VMUser.spec level e.g. [429,503]
src_headers []string
SrcHeaders is an optional list of headers, which must match request headers.
src_query_args []string
SrcQueryArgs is an optional list of query args, which must match request URL query args.
static object
Static - user defined url for traffic forward, for instance http://vmsingle:8428
url string
URL http url for given staticRef.
urls []string
URLs allows setting multiple urls for load-balancing at vmauth-side.
targetRefBasicAuth object
TargetRefBasicAuth allow an target endpoint to authenticate over basic authentication
password object required
The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD
key string required
The key of the secret to select from. Must be a valid secret key.
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional boolean
Specify whether the Secret or its key must be defined
username object required
The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD
key string required
The key of the secret to select from. Must be a valid secret key.
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional boolean
Specify whether the Secret or its key must be defined
target_path_suffix string
TargetPathSuffix allows to add some suffix to the target path It allows to hide tenant configuration from user with crd as ref. it also may contain any url encoded params.
tlsConfig object
TLSConfig defines tls configuration for the backend connection
ca object
Struct containing the CA cert to use for the targets.
configMap object
ConfigMap containing data to use for the targets.
key string required
The key to select.
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional boolean
Specify whether the ConfigMap or its key must be defined
secret object
Secret containing data to use for the targets.
key string required
The key of the secret to select from. Must be a valid secret key.
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional boolean
Specify whether the Secret or its key must be defined
caFile string
Path to the CA cert in the container to use for the targets.
cert object
Struct containing the client cert file for the targets.
configMap object
ConfigMap containing data to use for the targets.
key string required
The key to select.
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional boolean
Specify whether the ConfigMap or its key must be defined
secret object
Secret containing data to use for the targets.
key string required
The key of the secret to select from. Must be a valid secret key.
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional boolean
Specify whether the Secret or its key must be defined
certFile string
Path to the client cert file in the container for the targets.
insecureSkipVerify boolean
Disable target certificate validation.
keyFile string
Path to the client key file in the container for the targets.
keySecret object
Secret containing the client key file for the targets.
key string required
The key of the secret to select from. Must be a valid secret key.
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional boolean
Specify whether the Secret or its key must be defined
serverName string
Used to verify the hostname for the targets.
tokenRef object
TokenRef allows fetching token from user-created secrets by its name and key.
key string required
The key of the secret to select from. Must be a valid secret key.
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional boolean
Specify whether the Secret or its key must be defined
username string
Username basic auth user name for accessing protected endpoint, will be replaced with metadata.name of VMUser if omitted.
status object
VMUserStatus defines the observed state of VMUser
conditions []object
Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
lastTransitionTime string required
lastTransitionTime is the last time the condition transitioned from one status to another.
format: date-time
lastUpdateTime string required
LastUpdateTime is the last time of given type update. This value is used for status TTL update and removal
format: date-time
message string
message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
observedGeneration integer
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
reason string required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
minLength: 1
maxLength: 1024
status string required
status of the condition, one of True, False, Unknown.
enum: True, False, Unknown
type string required
Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase.
maxLength: 316
observedGeneration integer
ObservedGeneration defines current generation picked by operator for the reconcile
format: int64
reason string
Reason defines human readable error reason
updateStatus string
UpdateStatus defines a status for update rollout

No matches. Try .spec.bearerToken for an exact path

Copied!