follow-up after 387c71e

api/v1beta1/additional.go

@@ -579,14 +579,39 @@ func (l *License) IsProvided() bool {
 	return l.Key != nil || l.KeyRef != nil
 }
 
-// RequiresVolumeMounts returns true if license requires volume mounts.
-// Volume mount is required to pass license key content from secret to container.
-func (l *License) RequiresVolumeMounts() bool {
-	if !l.IsProvided() {
-		return false
+// MaybeAddToArgs conditionally adds license commandline args into given args
+func (l *License) MaybeAddToArgs(args []string, secretMountDir string) []string {
+	if l == nil || !l.IsProvided() {
+		return args
+	}
+	if l.Key != nil {
+		args = append(args, fmt.Sprintf("-license=%s", *l.Key))
+	}
+	if l.KeyRef != nil {
+		args = append(args, fmt.Sprintf("-licenseFile=%s", path.Join(secretMountDir, l.KeyRef.Name, l.KeyRef.Key)))
 	}
+	return args
+}
 
-	return l.KeyRef != nil
+// MaybeAddToVolumes conditionally mounts secret with license key into given volumes and mounts
+func (l *License) MaybeAddToVolumes(volumes []v1.Volume, mounts []v1.VolumeMount, secretMountDir string) ([]v1.Volume, []v1.VolumeMount) {
+	if l == nil || l.KeyRef == nil {
+		return volumes, mounts
+	}
+	volumes = append(volumes, v1.Volume{
+		Name: "license",
+		VolumeSource: v1.VolumeSource{
+			Secret: &v1.SecretVolumeSource{
+				SecretName: l.KeyRef.Name,
+			},
+		},
+	})
+	mounts = append(mounts, v1.VolumeMount{
+		Name:      "license",
+		ReadOnly:  true,
+		MountPath: path.Join(secretMountDir, l.KeyRef.Name),
+	})
+	return volumes, mounts
 }
 
 func (l *License) sanityCheck() error {

api/v1beta1/vmauth_types.go

@@ -187,6 +187,11 @@ type VMAuthSpec struct {
 	// drops not needed security permissions
 	// +optional
 	UseStrictSecurity *bool `json:"useStrictSecurity,omitempty"`
+	// License allows to configure license key to be used for enterprise features.
+	// Using license key is supported starting from VictoriaMetrics v1.94.0.
+	// See: https://docs.victoriametrics.com/enterprise.html
+	// +optional
+	License *License `json:"license,omitempty"`
 }
 
 // VMAuthUnauthorizedPath defines url_map for unauthorized access

api/victoriametrics/v1beta1/additional.go

@@ -556,3 +556,72 @@ func (m *StringOrArray) UnmarshalJSON(data []byte) error {
 		return &json.UnmarshalTypeError{Value: string(data), Type: rawType}
 	}
 }
+
+// License holds license key for enterprise features.
+// Using license key is supported starting from VictoriaMetrics v1.94.0
+// See: https://docs.victoriametrics.com/enterprise.html
+type License struct {
+	// Enterprise license key. This flag is available only in VictoriaMetrics enterprise.
+	// Documentation - https://docs.victoriametrics.com/enterprise.html
+	// for more information, visit https://victoriametrics.com/products/enterprise/ .
+	// To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/
+	Key *string `json:"key,omitempty"`
+	// KeyRef is reference to secret with license key for enterprise features.
+	KeyRef *v1.SecretKeySelector `json:"keyRef,omitempty"`
+}
+
+// IsProvided returns true if license is provided.
+func (l *License) IsProvided() bool {
+	if l == nil {
+		return false
+	}
+
+	return l.Key != nil || l.KeyRef != nil
+}
+
+// MaybeAddToArgs conditionally adds license commandline args into given args
+func (l *License) MaybeAddToArgs(args []string, secretMountDir string) []string {
+	if !l.IsProvided() {
+		return args
+	}
+	if l.Key != nil {
+		args = append(args, fmt.Sprintf("-license=%s", *l.Key))
+	}
+	if l.KeyRef != nil {
+		args = append(args, fmt.Sprintf("-licenseFile=%s", path.Join(secretMountDir, l.KeyRef.Name, l.KeyRef.Key)))
+	}
+	return args
+}
+
+// MaybeAddToVolumes conditionally mounts secret with license key into given volumes and mounts
+func (l *License) MaybeAddToVolumes(volumes []v1.Volume, mounts []v1.VolumeMount, secretMountDir string) ([]v1.Volume, []v1.VolumeMount) {
+	if l.KeyRef == nil {
+		return volumes, mounts
+	}
+	volumes = append(volumes, v1.Volume{
+		Name: "license",
+		VolumeSource: v1.VolumeSource{
+			Secret: &v1.SecretVolumeSource{
+				SecretName: l.KeyRef.Name,
+			},
+		},
+	})
+	mounts = append(mounts, v1.VolumeMount{
+		Name:      "license",
+		ReadOnly:  true,
+		MountPath: path.Join(secretMountDir, l.KeyRef.Name),
+	})
+	return volumes, mounts
+}
+
+func (l *License) sanityCheck() error {
+	if !l.IsProvided() {
+		return nil
+	}
+
+	if l.Key != nil && l.KeyRef != nil {
+		return fmt.Errorf("only one of key or keyRef can be specified")
+	}
+
+	return nil
+}

api/victoriametrics/v1beta1/vmagent_types.go

@@ -388,6 +388,12 @@ type VMAgentSpec struct {
 	// drops not needed security permissions
 	// +optional
 	UseStrictSecurity *bool `json:"useStrictSecurity,omitempty"`
+
+	// License allows to configure license key to be used for enterprise features.
+	// Using license key is supported starting from VictoriaMetrics v1.94.0.
+	// See: https://docs.victoriametrics.com/enterprise.html
+	// +optional
+	License *License `json:"license,omitempty"`
 }
 
 // UnmarshalJSON implements json.Unmarshaler interface

api/victoriametrics/v1beta1/vmalert_types.go

@@ -260,6 +260,12 @@ type VMAlertSpec struct {
 	// drops not needed security permissions
 	// +optional
 	UseStrictSecurity *bool `json:"useStrictSecurity,omitempty"`
+
+	// License allows to configure license key to be used for enterprise features.
+	// Using license key is supported starting from VictoriaMetrics v1.94.0.
+	// See: https://docs.victoriametrics.com/enterprise.html
+	// +optional
+	License *License `json:"license,omitempty"`
 }
 
 // UnmarshalJSON implements json.Unmarshaler interface

api/victoriametrics/v1beta1/vmauth_types.go

@@ -187,6 +187,11 @@ type VMAuthSpec struct {
 	// drops not needed security permissions
 	// +optional
 	UseStrictSecurity *bool `json:"useStrictSecurity,omitempty"`
+	// License allows to configure license key to be used for enterprise features.
+	// Using license key is supported starting from VictoriaMetrics v1.94.0.
+	// See: https://docs.victoriametrics.com/enterprise.html
+	// +optional
+	License *License `json:"license,omitempty"`
 }
 
 // VMAuthUnauthorizedPath defines url_map for unauthorized access

api/victoriametrics/v1beta1/vmcluster_types.go

@@ -57,6 +57,13 @@ type VMClusterSpec struct {
 	// see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
 	// +optional
 	ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+
+	// License allows to configure license key to be used for enterprise features.
+	// Using license key is supported starting from VictoriaMetrics v1.94.0.
+	// See: https://docs.victoriametrics.com/enterprise.html
+	// +optional
+	License *License `json:"license,omitempty"`
+
 	// +optional
 	VMSelect *VMSelect `json:"vmselect,omitempty"`
 	// +optional
@@ -686,6 +693,7 @@ type VMBackup struct {
 	// AcceptEULA accepts enterprise feature usage, must be set to true.
 	// otherwise backupmanager cannot be added to single/cluster version.
 	// https://victoriametrics.com/legal/esa/
+	// +optional
 	AcceptEULA bool `json:"acceptEULA"`
 	// SnapshotCreateURL overwrites url for snapshot create
 	// +optional
@@ -759,6 +767,18 @@ type VMBackup struct {
 	Restore *VMRestore `json:"restore,omitempty"`
 }
 
+func (cr *VMBackup) sanityCheck(l *License) error {
+	if !l.IsProvided() && !cr.AcceptEULA {
+		return fmt.Errorf("it is required to provide license key. See: https://docs.victoriametrics.com/enterprise.html")
+	}
+
+	if l.IsProvided() {
+		return l.sanityCheck()
+	}
+
+	return nil
+}
+
 type VMRestore struct {
 	// OnStart defines configuration for restore on pod start
 	// +optional

api/victoriametrics/v1beta1/vmcluster_webhook.go

@@ -41,6 +41,12 @@ func (r *VMCluster) sanityCheck() error {
 			}
 		}
 	}
+	if r.Spec.VMStorage != nil && r.Spec.VMStorage.VMBackup != nil {
+		if err := r.Spec.VMStorage.VMBackup.sanityCheck(r.Spec.License); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 

api/victoriametrics/v1beta1/vmsingle_types.go

@@ -176,6 +176,11 @@ type VMSingleSpec struct {
 	// VMBackup configuration for backup
 	// +optional
 	VMBackup *VMBackup `json:"vmBackup,omitempty"`
+	// License allows to configure license key to be used for enterprise features.
+	// Using license key is supported starting from VictoriaMetrics v1.94.0.
+	// See: https://docs.victoriametrics.com/enterprise.html
+	// +optional
+	License *License `json:"license,omitempty"`
 	// ExtraArgs that will be passed to  VMSingle pod
 	// for example remoteWrite.tmpDataPath: /tmp
 	// +optional

api/victoriametrics/v1beta1/vmsingle_webhook.go

@@ -22,7 +22,12 @@ func (r *VMSingle) SetupWebhookWithManager(mgr ctrl.Manager) error {
 var _ webhook.Validator = &VMSingle{}
 
 func (r *VMSingle) sanityCheck() error {
-	// todo add some checks.
+	if r.Spec.VMBackup != nil {
+		if err := r.Spec.VMBackup.sanityCheck(r.Spec.License); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 

config/crd/bases/operator.victoriametrics.com_vmagents.yaml

@@ -885,7 +885,6 @@ spec:
                       in VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html
                       for more information, visit https://victoriametrics.com/products/enterprise/
                       . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/
-                      .
                     type: string
                   keyRef:
                     description: KeyRef is reference to secret with license key for

config/crd/bases/operator.victoriametrics.com_vmalerts.yaml

@@ -397,7 +397,6 @@ spec:
                       in VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html
                       for more information, visit https://victoriametrics.com/products/enterprise/
                       . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/
-                      .
                     type: string
                   keyRef:
                     description: KeyRef is reference to secret with license key for