update

YuryHrytsuk · YuryHrytsuk · commit 443378136886 · 2025-11-02T11:51:52.000+01:00
diff --git a/charts/Makefile b/charts/Makefile
@@ -52,11 +52,6 @@ helmfile-diff: .check-helmfile-installed helmfile.yaml ## Shows the differences
 	@set -a; source $(REPO_CONFIG_LOCATION); set +a; \
 	$(HELMFILE) -f $(REPO_BASE_DIR)/charts/helmfile.yaml diff
 
-.PHONY: helmfile-delete
-helmfile-delete: .check-helmfile-installed helmfile.yaml ## Deletes the helmfile configuration
-	@set -a; source $(REPO_CONFIG_LOCATION); set +a; \
-	$(HELMFILE) -f $(REPO_BASE_DIR)/charts/helmfile.yaml delete
-
 .PHONY: up
 up: helmfile-apply ## Start the stack
 
diff --git a/charts/victoria-metrics-k8s-stack/values.yaml.gotmpl b/charts/victoria-metrics-k8s-stack/values.yaml.gotmpl
@@ -1,7 +1,7 @@
 vmsingle:
   # values documented here https://docs.victoriametrics.com/operator/api/#vmsingle
   spec:
-    replicaCount: 2
+    replicaCount: 1
     port: "8428"  # must be string or field validation fails
     useStrictSecurity: true
 
@@ -11,14 +11,14 @@ vmsingle:
     #   runAsUser: 1000
     #   privileged: false
 
-    securityContext: &restrictedSecurityContext
-      enabled: true
-      capabilities:
-        drop: ["ALL"]
-      readOnlyRootFilesystem: true
-      allowPrivilegeEscalation: false
-      seccompProfile:
-        type: RuntimeDefault
+    # securityContext: &restrictedSecurityContext
+    #   enabled: true
+    #   capabilities:
+    #     drop: ["ALL"]
+    #   readOnlyRootFilesystem: true
+    #   allowPrivilegeEscalation: false
+    #   seccompProfile:
+    #     type: RuntimeDefault
 
     topologySpreadConstraints:
       - maxSkew: 1
@@ -30,6 +30,7 @@ vmsingle:
             app: server
             app.kubernetes.io/instance: victoria-metrics
             app.kubernetes.io/name: victoria-metrics-k8s-stack
+
 # we manage operator and crds in separate chart
 # it is easier to delete victoria metrics charts
 # separately this way
diff --git a/charts/victoria-metrics-stack/Chart.lock b/charts/victoria-metrics-stack/Chart.lock
@@ -1,12 +1,6 @@
 dependencies:
-- name: victoria-metrics-single
+- name: victoria-metrics-k8s-stack
   repository: https://victoriametrics.github.io/helm-charts/
-  version: 0.25.2
-- name: victoria-metrics-auth
-  repository: https://victoriametrics.github.io/helm-charts/
-  version: 0.19.7
-- name: victoria-metrics-agent
-  repository: https://victoriametrics.github.io/helm-charts/
-  version: 0.26.2
-digest: sha256:1b9f1ec96dee105d9ac83f78883e6ee5b8558fad9bac4e41b71d37a69dd5c745
-generated: "2025-10-29T15:55:10.919914456+01:00"
+  version: 0.62.0
+digest: sha256:1bf510e968425917526abc435f4f69961cd0a940cc0f59af3a2a4f0107e9e549
+generated: "2025-11-01T10:25:28.465780639+01:00"
diff --git a/charts/victoria-metrics-stack/Chart.yaml b/charts/victoria-metrics-stack/Chart.yaml
@@ -24,17 +24,17 @@ version: 0.0.1
 appVersion: "1.128.0"
 
 dependencies:
-  - name: victoria-metrics-single
-    version: 0.25.2
-    repository: &victoria-metrics-repo "https://victoriametrics.github.io/helm-charts/"
+  - name: victoria-metrics-k8s-stack
+    version: 0.62.0
+    repository: "https://victoriametrics.github.io/helm-charts/"
     condition: victoria-metrics-single.enabled
 
-  - name: victoria-metrics-auth
-    version: 0.19.7
-    repository: *victoria-metrics-repo
-    condition: victoria-metrics-auth.enabled
+#   - name: victoria-metrics-auth
+#     version: 0.19.7
+#     repository: *victoria-metrics-repo
+#     condition: victoria-metrics-auth.enabled
 
-  - name: victoria-metrics-agent
-    version: 0.26.2
-    repository: *victoria-metrics-repo
-    condition: victoria-metrics-agent.enabled
+#   - name: victoria-metrics-agent
+#     version: 0.26.2
+#     repository: *victoria-metrics-repo
+#     condition: victoria-metrics-agent.enabled
diff --git a/charts/victoria-metrics-stack/networkpolicies/vm-agent.yaml b/charts/victoria-metrics-stack/networkpolicies/vm-agent.yaml
diff --git a/charts/victoria-metrics-stack/networkpolicies/vm-auth.yaml b/charts/victoria-metrics-stack/networkpolicies/vm-auth.yaml
diff --git a/charts/victoria-metrics-stack/networkpolicies/vm-server.yaml b/charts/victoria-metrics-stack/networkpolicies/vm-server.yaml
diff --git a/charts/victoria-metrics-stack/templates/vmsingle.yaml b/charts/victoria-metrics-stack/templates/vmsingle.yaml
@@ -0,0 +1,17 @@
+{{ range $i, $e := until ( .Values.vmsingle.instanceCount | int ) }}
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMSingle
+metadata:
+  name: vmsingle-{{ $i }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: vmsingle
+    app.kubernetes.io/instance: vmsingle-{{ $i }}
+    app.kubernetes.io/component: monitoring
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/part-of: {{ $.Release.Name }}
+    app.kubernetes.io/version: {{ $.Values.vmsingle.spec.image.tag }}
+    helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
+spec: {{ toYaml $.Values.vmsingle.spec | nindent 2 }}
+---
+{{- end }}
diff --git a/charts/victoria-metrics-stack/values.old.yaml.gotmpl b/charts/victoria-metrics-stack/values.old.yaml.gotmpl
@@ -0,0 +1,96 @@
+victoria-metrics-single:
+  enabled: false
+
+  server:
+    replicaCount: 2
+
+    service:
+      servicePort: 8428
+
+    mode: statefulSet
+
+    # avoid name to long (>63 char) error
+    fullnameOverride: vm-server
+
+    podSecurityContext: &restrictedPodSecurityContext
+      enabled: true
+      runAsNonRoot: true
+      runAsUser: 1000
+      privileged: false
+
+    securityContext: &restrictedSecurityContext
+      enabled: true
+      capabilities:
+        drop: ["ALL"]
+      readOnlyRootFilesystem: true
+      allowPrivilegeEscalation: false
+      seccompProfile:
+        type: RuntimeDefault
+
+victoria-metrics-agent:
+  enabled: false
+  fullnameOverride: vm-agent
+
+  config:
+    global:
+      scrape_interval: 20s
+
+  service:
+    enabled: true
+    servicePort: 8429
+
+  remoteWrite:
+    - url: "http://vm-server-0.vm-server.{{ .Release.Namespace }}.svc.cluster.local:8428/api/v1/write"
+    - url: "http://vm-server-1.vm-server.{{ .Release.Namespace }}.svc.cluster.local:8428/api/v1/write"
+
+  podSecurityContext: *restrictedPodSecurityContext
+  securityContext: *restrictedSecurityContext
+
+  resources:
+    limits:
+      cpu: 2
+      memory: 1Gi
+    requests:
+      cpu: 0.5
+      memory: 256Mi
+
+victoria-metrics-auth:
+  enabled: false
+  fullnameOverride: vm-auth
+
+  service:
+    servicePort: 8427
+
+  ingress:
+    enabled: true
+    annotations:
+      namespace: {{ .Release.Namespace }}
+      traefik.ingress.kubernetes.io/router.tls: "true"
+      traefik.ingress.kubernetes.io/router.middlewares: >-
+        traefik-metrics-path-append-slash@kubernetescrd,
+        traefik-metrics-strip-prefix@kubernetescrd,
+        traefik-traefik-basic-auth@kubernetescrd
+      traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    hosts:
+      - name: {{ requiredEnv "K8S_MONITORING_FQDN" }}
+        path:
+          - /metrics
+        port: http
+
+  podSecurityContext: *restrictedPodSecurityContext
+  securityContext: *restrictedSecurityContext
+
+  resources:
+    limits:
+      cpu: 0.5
+      memory: 256Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
+
+  config:
+    unauthorized_user:
+      url_prefix:
+        - "http://vm-server-0.vm-server.{{ .Release.Namespace }}.svc.cluster.local:8428/"
+        - "http://vm-server-1.vm-server.{{ .Release.Namespace }}.svc.cluster.local:8428/"
+      load_balancing_policy: first_available
diff --git a/charts/victoria-metrics-stack/values.yaml.gotmpl b/charts/victoria-metrics-stack/values.yaml.gotmpl
@@ -1,96 +1,77 @@
-victoria-metrics-single:
-  enabled: true
-
-  server:
-    replicaCount: 2
-
-    service:
-      servicePort: 8428
-
-    mode: statefulSet
-
-    # avoid name to long (>63 char) error
-    fullnameOverride: vm-server
-
-    podSecurityContext: &restrictedPodSecurityContext
-      enabled: true
-      runAsNonRoot: true
-      runAsUser: 1000
-      privileged: false
-
-    securityContext: &restrictedSecurityContext
-      enabled: true
-      capabilities:
-        drop: ["ALL"]
-      readOnlyRootFilesystem: true
-      allowPrivilegeEscalation: false
-      seccompProfile:
-        type: RuntimeDefault
-
-victoria-metrics-agent:
-  enabled: true
-  fullnameOverride: vm-agent
-
-  config:
-    global:
-      scrape_interval: 20s
-
-  service:
-    enabled: true
-    servicePort: 8429
-
-  remoteWrite:
-    - url: "http://vm-server-0.vm-server.{{ .Release.Namespace }}.svc.cluster.local:8428/api/v1/write"
-    - url: "http://vm-server-1.vm-server.{{ .Release.Namespace }}.svc.cluster.local:8428/api/v1/write"
-
-  podSecurityContext: *restrictedPodSecurityContext
-  securityContext: *restrictedSecurityContext
-
-  resources:
-    limits:
-      cpu: 2
-      memory: 1Gi
-    requests:
-      cpu: 0.5
-      memory: 256Mi
-
-victoria-metrics-auth:
-  enabled: true
-  fullnameOverride: vm-auth
-
-  service:
-    servicePort: 8427
-
-  ingress:
-    enabled: true
-    annotations:
-      namespace: {{ .Release.Namespace }}
-      traefik.ingress.kubernetes.io/router.tls: "true"
-      traefik.ingress.kubernetes.io/router.middlewares: >-
-        traefik-metrics-path-append-slash@kubernetescrd,
-        traefik-metrics-strip-prefix@kubernetescrd,
-        traefik-traefik-basic-auth@kubernetescrd
-      traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    hosts:
-      - name: {{ requiredEnv "K8S_MONITORING_FQDN" }}
-        path:
-          - /metrics
-        port: http
-
-  podSecurityContext: *restrictedPodSecurityContext
-  securityContext: *restrictedSecurityContext
-
-  resources:
-    limits:
-      cpu: 0.5
-      memory: 256Mi
-    requests:
-      cpu: 100m
-      memory: 128Mi
-
-  config:
-    unauthorized_user:
-      url_prefix:
-        - "http://vm-server-0.vm-server.{{ .Release.Namespace }}.svc.cluster.local:8428/"
-        - "http://vm-server-1.vm-server.{{ .Release.Namespace }}.svc.cluster.local:8428/"
-      load_balancing_policy: first_available
+vmsingle:
+  instanceCount: 2  # number of separate / independent vmsingle servers`
+  spec: # values documented here https://docs.victoriametrics.com/operator/api/#vmsingle
+    image:
+      tag: v1.128.0
+    port: "8428"  # must be string or field validation fails
+    useStrictSecurity: true
+    podMetadata:
+      labels:
+        app.kubernetes.io/name: vmsingle
+        app.kubernetes.io/part-of: {{ .Release.Name }}
+
+    topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: "kubernetes.io/hostname"
+        whenUnsatisfiable: DoNotSchedule
+        # hardcoded due to https://github.com/VictoriaMetrics/helm-charts/issues/2219
+        labelSelector:
+          matchLabels:
+            app.kubernetes.io/name: vmsingle
+            app.kubernetes.io/part-of: {{ .Release.Name }}
+
+victoria-metrics-k8s-stack:
+  vmsingle:
+    enabled: false
+
+  # we manage operator and crds in separate chart
+  # it is easier to delete victoria metrics charts
+  # separately this way
+  victoria-metrics-operator:
+    enabled: false
+
+  alertmanager:
+    enabled: false
+
+  vmagent:
+    enabled: false
+
+  vmalert:
+    enabled: false
+
+  grafana:
+    enabled: false
+
+  prometheus-node-exporter:
+    enabled: false
+
+  kube-state-metrics:
+    enabled: false
+
+  kubelet:
+    enabled: false
+
+  kubeApiServer:
+    enabled: false
+
+  kubeControllerManager:
+    enabled: false
+
+  coreDns:
+    # -- Enabled CoreDNS metrics scraping
+    enabled: false
+
+  kubeEtcd:
+    enabled: false
+
+  kubeScheduler:
+    # -- Enable KubeScheduler metrics scraping
+    enabled: false
+
+  defaultDashboards:
+    # -- Enable custom dashboards installation
+    enabled: false
+
+  defaultRules:
+    # -- Enable custom alerting rules installation
+    create: false
