added new fields to VMUser: drop_src_path_prefix_parts, `tls_insecu…

…re_skip_verify`, `metric_labels` and `load_balancing_policy`. (#851) Co-authored-by: Nikolay <nik@victoriametrics.com>
VictoriaMetrics · Jan 23, 2024 · 6716fbe · 6716fbe
1 parent dc7f62d
commit 6716fbe
Show file tree

Hide file tree

Showing 8 changed files with 296 additions and 44 deletions.
diff --git a/api/v1beta1/vmuser_types.go b/api/v1beta1/vmuser_types.go
@@ -67,11 +67,33 @@ type VMUserSpec struct {
 	// e.g. [429,503]
 	// +optional
 	RetryStatusCodes []int `json:"retry_status_codes,omitempty"`
+
 	// MaxConcurrentRequests defines max concurrent requests per user
 	// 300 is default value for vmauth
 	// +optional
 	MaxConcurrentRequests *int `json:"max_concurrent_requests,omitempty"`
 
+	// LoadBalancingPolicy defines load balancing policy to use for backend urls.
+	// Supported policies: least_loaded, first_available.
+	// See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default "least_loaded")
+	// +optional
+	// +kubebuilder:validation:Enum=least_loaded;first_available
+	LoadBalancingPolicy *string `json:"load_balancing_policy,omitempty"`
+
+	// DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend.
+	// See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.
+	// +optional
+	DropSrcPathPrefixParts *int `json:"drop_src_path_prefix_parts,omitempty"`
+
+	// TLSInsecureSkipVerify - whether to skip TLS verification when connecting to backend over HTTPS.
+	// See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup
+	// +optional
+	TLSInsecureSkipVerify bool `json:"tls_insecure_skip_verify,omitempty"`
+
+	// MetricLabels - additional labels for metrics exported by vmauth for given user.
+	// +optional
+	MetricLabels map[string]string `json:"metric_labels,omitempty"`
+
 	// DisableSecretCreation skips related secret creation for vmuser
 	DisableSecretCreation bool `json:"disable_secret_creation,omitempty"`
 }
@@ -117,6 +139,16 @@ type TargetRef struct {
 	// e.g. [429,503]
 	// +optional
 	RetryStatusCodes []int `json:"retry_status_codes,omitempty"`
+	// LoadBalancingPolicy defines load balancing policy to use for backend urls.
+	// Supported policies: least_loaded, first_available.
+	// See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default "least_loaded")
+	// +optional
+	// +kubebuilder:validation:Enum=least_loaded;first_available
+	LoadBalancingPolicy *string `json:"load_balancing_policy,omitempty"`
+	// DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend.
+	// See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.
+	// +optional
+	DropSrcPathPrefixParts *int `json:"drop_src_path_prefix_parts,omitempty"`
 }
 
 // VMUserIPFilters defines filters for IP addresses

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/api/victoriametrics/v1beta1/vmuser_types.go b/api/victoriametrics/v1beta1/vmuser_types.go
@@ -67,11 +67,33 @@ type VMUserSpec struct {
 	// e.g. [429,503]
 	// +optional
 	RetryStatusCodes []int `json:"retry_status_codes,omitempty"`
+
 	// MaxConcurrentRequests defines max concurrent requests per user
 	// 300 is default value for vmauth
 	// +optional
 	MaxConcurrentRequests *int `json:"max_concurrent_requests,omitempty"`
 
+	// LoadBalancingPolicy defines load balancing policy to use for backend urls.
+	// Supported policies: least_loaded, first_available.
+	// See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default "least_loaded")
+	// +optional
+	// +kubebuilder:validation:Enum=least_loaded;first_available
+	LoadBalancingPolicy *string `json:"load_balancing_policy,omitempty"`
+
+	// DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend.
+	// See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.
+	// +optional
+	DropSrcPathPrefixParts *int `json:"drop_src_path_prefix_parts,omitempty"`
+
+	// TLSInsecureSkipVerify - whether to skip TLS verification when connecting to backend over HTTPS.
+	// See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup
+	// +optional
+	TLSInsecureSkipVerify bool `json:"tls_insecure_skip_verify,omitempty"`
+
+	// MetricLabels - additional labels for metrics exported by vmauth for given user.
+	// +optional
+	MetricLabels map[string]string `json:"metric_labels,omitempty"`
+
 	// DisableSecretCreation skips related secret creation for vmuser
 	DisableSecretCreation bool `json:"disable_secret_creation,omitempty"`
 }
@@ -117,6 +139,16 @@ type TargetRef struct {
 	// e.g. [429,503]
 	// +optional
 	RetryStatusCodes []int `json:"retry_status_codes,omitempty"`
+	// LoadBalancingPolicy defines load balancing policy to use for backend urls.
+	// Supported policies: least_loaded, first_available.
+	// See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default "least_loaded")
+	// +optional
+	// +kubebuilder:validation:Enum=least_loaded;first_available
+	LoadBalancingPolicy *string `json:"load_balancing_policy,omitempty"`
+	// DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend.
+	// See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.
+	// +optional
+	DropSrcPathPrefixParts *int `json:"drop_src_path_prefix_parts,omitempty"`
 }
 
 // VMUserIPFilters defines filters for IP addresses

diff --git a/config/crd/bases/operator.victoriametrics.com_vmusers.yaml b/config/crd/bases/operator.victoriametrics.com_vmusers.yaml
@@ -47,6 +47,12 @@ spec:
                 description: DisableSecretCreation skips related secret creation for
                   vmuser
                 type: boolean
+              drop_src_path_prefix_parts:
+                description: DropSrcPathPrefixParts is the number of `/`-delimited
+                  request path prefix parts to drop before proxying the request to
+                  backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix
+                  for more details.
+                type: integer
               generatePassword:
                 description: GeneratePassword instructs operator to generate password
                   for user if spec.password if empty.
@@ -72,10 +78,25 @@ spec:
                       type: string
                     type: array
                 type: object
+              load_balancing_policy:
+                description: 'LoadBalancingPolicy defines load balancing policy to
+                  use for backend urls. Supported policies: least_loaded, first_available.
+                  See https://docs.victoriametrics.com/vmauth.html#load-balancing
+                  for more details (default "least_loaded")'
+                enum:
+                - least_loaded
+                - first_available
+                type: string
               max_concurrent_requests:
                 description: MaxConcurrentRequests defines max concurrent requests
                   per user 300 is default value for vmauth
                 type: integer
+              metric_labels:
+                additionalProperties:
+                  type: string
+                description: MetricLabels - additional labels for metrics exported
+                  by vmauth for given user.
+                type: object
               name:
                 description: Name of the VMUser object.
                 type: string
@@ -142,6 +163,12 @@ spec:
                       - name
                       - namespace
                       type: object
+                    drop_src_path_prefix_parts:
+                      description: DropSrcPathPrefixParts is the number of `/`-delimited
+                        request path prefix parts to drop before proxying the request
+                        to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix
+                        for more details.
+                      type: integer
                     headers:
                       description: 'Headers represent additional http headers, that
                         vmauth uses in form of ["header_key: header_value"] multiple
@@ -150,6 +177,15 @@ spec:
                       items:
                         type: string
                       type: array
+                    load_balancing_policy:
+                      description: 'LoadBalancingPolicy defines load balancing policy
+                        to use for backend urls. Supported policies: least_loaded,
+                        first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing
+                        for more details (default "least_loaded")'
+                      enum:
+                      - least_loaded
+                      - first_available
+                      type: string
                     paths:
                       description: Paths - matched path to route.
                       items:
@@ -192,6 +228,10 @@ spec:
                       type: string
                   type: object
                 type: array
+              tls_insecure_skip_verify:
+                description: TLSInsecureSkipVerify - whether to skip TLS verification
+                  when connecting to backend over HTTPS. See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup
+                type: boolean
               tokenRef:
                 description: TokenRef allows fetching token from user-created secrets
                   by its name and key.

diff --git a/controllers/factory/vmuser.go b/controllers/factory/vmuser.go
@@ -513,6 +513,12 @@ func genUrlMaps(userName string, refs []victoriametricsv1beta1.TargetRef, result
 			if len(ref.RetryStatusCodes) > 0 {
 				result = append(result, yaml.MapItem{Key: "retry_status_codes", Value: ref.RetryStatusCodes})
 			}
+			if ref.DropSrcPathPrefixParts != nil {
+				result = append(result, yaml.MapItem{Key: "drop_src_path_prefix_parts", Value: ref.DropSrcPathPrefixParts})
+			}
+			if ref.LoadBalancingPolicy != nil {
+				result = append(result, yaml.MapItem{Key: "load_balancing_policy", Value: ref.LoadBalancingPolicy})
+			}
 			return result, nil
 		}
 
@@ -569,10 +575,15 @@ func genUrlMaps(userName string, refs []victoriametricsv1beta1.TargetRef, result
 			urlMap = append(urlMap, yaml.MapItem{Key: "response_headers", Value: ref.ResponseHeaders})
 		}
 		if len(ref.RetryStatusCodes) > 0 {
-			result = append(result, yaml.MapItem{Key: "retry_status_codes", Value: ref.RetryStatusCodes})
+			urlMap = append(urlMap, yaml.MapItem{Key: "retry_status_codes", Value: ref.RetryStatusCodes})
+		}
+		if ref.DropSrcPathPrefixParts != nil {
+			urlMap = append(urlMap, yaml.MapItem{Key: "drop_src_path_prefix_parts", Value: ref.DropSrcPathPrefixParts})
+		}
+		if ref.LoadBalancingPolicy != nil {
+			urlMap = append(urlMap, yaml.MapItem{Key: "load_balancing_policy", Value: ref.LoadBalancingPolicy})
 		}
 		urlMaps = append(urlMaps, urlMap)
-
 	}
 	result = append(result, yaml.MapItem{Key: "url_map", Value: urlMaps})
 	return result, nil
@@ -622,6 +633,30 @@ func genUserCfg(user *victoriametricsv1beta1.VMUser, crdUrlCache map[string]stri
 			Value: *user.Spec.MaxConcurrentRequests,
 		})
 	}
+	if user.Spec.LoadBalancingPolicy != nil {
+		r = append(r, yaml.MapItem{
+			Key:   "load_balancing_policy",
+			Value: *user.Spec.LoadBalancingPolicy,
+		})
+	}
+	if user.Spec.DropSrcPathPrefixParts != nil {
+		r = append(r, yaml.MapItem{
+			Key:   "drop_src_path_prefix_parts",
+			Value: *user.Spec.DropSrcPathPrefixParts,
+		})
+	}
+	if user.Spec.TLSInsecureSkipVerify {
+		r = append(r, yaml.MapItem{
+			Key:   "tls_insecure_skip_verify",
+			Value: user.Spec.TLSInsecureSkipVerify,
+		})
+	}
+	if len(user.Spec.MetricLabels) != 0 {
+		r = append(r, yaml.MapItem{
+			Key:   "metric_labels",
+			Value: user.Spec.MetricLabels,
+		})
+	}
 	if len(user.Spec.RetryStatusCodes) > 0 {
 		r = append(r, yaml.MapItem{
 			Key:   "retry_status_codes",