helm-charts

Victoria Metrics Helm Chart for vmgateway

Version: 0.1.59 Artifact Hub Slack

Victoria Metrics Gateway - Auth & Rate-Limitting proxy for Victoria Metrics

Table of Content

Prerequisites

Chart Details

This chart will do the following:

How to install

Access a Kubernetes cluster.

Add a chart helm repository with follow commands:

helm repo add vm https://victoriametrics.github.io/helm-charts/

helm repo update

List versions of vm/victoria-metrics-gateway chart available to installation:

helm search repo vm/victoria-metrics-gateway -l

Export default values of victoria-metrics-gateway chart to file values.yaml:

helm show values vm/victoria-metrics-gateway > values.yaml

Change the values according to the need of the environment in values.yaml file.

Test the installation with command:

helm install vmgateway vm/victoria-metrics-gateway -f values.yaml -n NAMESPACE --debug --dry-run

Install chart with command:

helm install vmgateway vm/victoria-metrics-gateway -f values.yaml -n NAMESPACE

Get the pods lists by running this commands:

kubectl get pods -A | grep 'vmgateway'

Get the application by running this command:

helm list -f vmgateway -n NAMESPACE

See the history of versions of vmgateway application with command.

helm history vmgateway -n NAMESPACE

How to uninstall

Remove application with command.

helm uninstall vmgateway -n NAMESPACE

How to use JWT signature verification

Kubernetes best-practice is to store sensitive configuration parts in secrets. For example, 2 keys will be stored as:

apiVersion: v1
data:
  key: "<<KEY_DATA>>"
kind: Secret
metadata:
  name: key1
---
apiVersion: v1
data:
  key: "<<KEY_DATA>>"
kind: Secret
metadata:
  name: key2

In order to use those secrets it is needed to:

Here is an example values.yml file configuration to achieve this:

auth:
  enable: true

extraVolumes:
  - name: key1
    secret:
      secretName: key1
  - name: key2
    secret:
      secretName: key2

extraVolumeMounts:
  - name: key1
    mountPath: /key1
  - name: key2
    mountPath: /key2

extraArgs:
  envflag.enable: "true"
  envflag.prefix: VM_
  loggerFormat: json
  auth.publicKeyFiles: "/key1/key,/key2/key"

Note that in this configuration all secret keys will be mounted and accessible to pod. Please, refer to this doc to see all available secret source options.

Documentation of Helm Chart

Install helm-docs following the instructions on this tutorial.

Generate docs with helm-docs command.

cd charts/victoria-metrics-gateway

helm-docs

The markdown generation is entirely go template driven. The tool parses metadata from charts and generates a number of sub-templates that can be referenced in a template file (by default README.md.gotmpl). If no template file is provided, the tool has a default internal template that will generate a reasonably formatted README.

Parameters

The following tables lists the configurable parameters of the chart and their default values.

Change the values according to the need of the environment in victoria-metrics-gateway/values.yaml file.

Key Type Default Description
affinity object {} Affinity configurations
annotations object {} Annotations to be added to the deployment
auth object {"enable":false} Access Control configuration. https://docs.victoriametrics.com/vmgateway.html#access-control
auth.enable bool false Enable/Disable access-control
clusterMode bool false Specify to True if the source for rate-limiting, reading and writing as a VictoriaMetrics Cluster. Must be true for rate limiting
configMap string "" Use existing configmap if specified otherwise .config values will be used. Ref: https://victoriametrics.github.io/vmgateway.html
containerWorkingDir string "/"  
env list [] Additional environment variables (ex.: secret tokens, flags) https://github.com/VictoriaMetrics/VictoriaMetrics#environment-variables
envFrom list []  
eula bool false should be true and means that you have the legal right to run a vmgateway that can either be a signed contract or an email with confirmation to run the service in a trial period https://victoriametrics.com/legal/esa/
extraArgs.”envflag.enable” string "true"  
extraArgs.”envflag.prefix” string "VM_"  
extraArgs.loggerFormat string "json"  
extraContainers list []  
extraHostPathMounts list [] Additional hostPath mounts
extraVolumeMounts list [] Extra Volume Mounts for the container
extraVolumes list [] Extra Volumes for the pod
fullnameOverride string ""  
image.pullPolicy string "IfNotPresent" Pull policy of Docker image
image.repository string "victoriametrics/vmgateway" Victoria Metrics gateway Docker repository and image name
image.tag string "v1.101.0-enterprise" Tag of Docker image
imagePullSecrets list []  
ingress.annotations object {}  
ingress.enabled bool false  
ingress.extraLabels object {}  
ingress.hosts list []  
ingress.pathType string "Prefix" pathType is only for k8s >= 1.1=
ingress.tls list []  
license object {"key":"","secret":{"key":"","name":""}} Enterprise license key configuration for VictoriaMetrics enterprise. Required only for VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html, for more information, visit https://victoriametrics.com/products/enterprise/ . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/ Supported starting from VictoriaMetrics v1.94.0
license.key string "" License key
license.secret object {"key":"","name":""} Use existing secret with license key
license.secret.key string "" Key in secret with license key
license.secret.name string "" Existing secret name
nameOverride string ""  
nodeSelector object {} NodeSelector configurations. Ref: https://kubernetes.io/docs/user-guide/node-selection/
podAnnotations object {} Annotations to be added to pod
podDisruptionBudget object {"enabled":false,"labels":{}} See kubectl explain poddisruptionbudget.spec for more. Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
podSecurityContext object {}  
rateLimiter object {"config":{},"datasource":{"url":""},"enable":false} Rate limiter configuration. Docs https://docs.victoriametrics.com/vmgateway.html#rate-limiter
rateLimiter.datasource.url string "" Datasource VictoriaMetrics or vmselects. Required. Example http://victoroametrics:8428 or http://vmselect:8481/select/0/prometheus
rateLimiter.enable bool false Enable/Disable rate-limiting
read.url string "" Read endpoint without suffixes, victoriametrics or vmselect. Example http://victoroametrics:8428 or http://vmselect:8481
replicaCount int 1 Number of replicas of vmgateway
resources object {} We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after ‘resources:’.
securityContext.runAsGroup int 1000  
securityContext.runAsNonRoot bool true  
securityContext.runAsUser int 1000  
service.annotations object {}  
service.clusterIP string ""  
service.enabled bool true  
service.externalIPs list []  
service.extraLabels object {}  
service.loadBalancerIP string ""  
service.loadBalancerSourceRanges list []  
service.servicePort int 8431  
service.type string "ClusterIP"  
serviceAccount.annotations object {} Annotations to add to the service account
serviceAccount.create bool true Specifies whether a service account should be created
serviceAccount.name string nil The name of the service account to use. If not set and create is true, a name is generated using the fullname template
serviceMonitor.annotations object {}  
serviceMonitor.enabled bool false  
serviceMonitor.extraLabels object {}  
serviceMonitor.metricRelabelings list []  
serviceMonitor.relabelings list []  
tolerations list [] Tolerations configurations. Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
write.url string "" Write endpoint without suffixes, victoriametrics or vminsert. Example http://victoroametrics:8428 or http://vminsert:8480