added vl-k8s-stack chart

[AndrewChubatiuk]

fixes #1909

TODO:

• add set of basic alerting rules and dashbards for logs (depends on dashboard: official Grafana dashboard for Kubernetes workloads VictoriaLogs#1008 and Feature Request: Support for collecting Kubernetes Events VictoriaLogs#968)
• conditionally add dashboards and rules that depend on metrics (chart doesn't include any VM instance)
• allow installing both built in and third-party dashboards

---

Summary by cubic

Adds a new victoria-logs-k8s-stack Helm chart to deploy VictoriaLogs on Kubernetes with operator-managed CRs, Grafana provisioning, dashboards, and alerting. Supports single-node or cluster installs, Ingress and Gateway API, external VL endpoints, and license keys.

• New Features

  • Chart scaffolding with docs, .helmignore, example Quay values, lint/e2e configs; CI uses Helm 4.1.1 with setup-kube-tools v0.13.1
  • Operator CRs: VLSingle or VLCluster (mutually exclusive, enforced), VLAgent (with RBAC), VMAlert (notifiers auto-target VMAlertmanager), VMAlertmanager (managed config or Secret, Monzo template), VMAuth
  • Grafana integration via sidecar or Grafana Operator; datasources auto-provisioned; dashboards for single-node, cluster, and VLAgent (supports Grafana Operator CRs)
  • Default alerting rules (vl-health, vlogs, vlagent) with overrides; extraRules supported; extraObjects hook for custom resources
  • Networking: Ingress and Gateway API HTTPRoute templates per component
  • Terratest covering operator readiness and optional Grafana

• Refactors

  • Enable victorialogs-single dashboard when vlsingle is enabled
  • Add conditions and metrics mapping for cluster and VLAgent dashboards

^{Written for commit 9769df2. Summary will update on new commits.}

[cubic-dev-ai]

10 issues found across 40 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="charts/victoria-logs-k8s-stack/templates/grafana/datasource.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/grafana/datasource.yaml:31">
P1: `default` is called without the required value argument, which will fail template rendering. Initialize the list directly with `list`.</violation>

<violation number="2" location="charts/victoria-logs-k8s-stack/templates/grafana/datasource.yaml:46">
P2: The annotations block renders the root context (`$`) instead of the annotations map (`.`), which will produce invalid annotations output. Use the annotations map from the `with` block.</violation>
</file>

<file name="hack/rules-and-dashboards/main.go">

<violation number="1" location="hack/rules-and-dashboards/main.go:132">
P2: dashboardClusterMetric uses a key that doesn’t match the newly added "victorialogs-agent" dashboard name, so the cluster variable lookup will miss and skip injection for that dashboard. Align the key with the dashboard name.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/notifiers.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/notifiers.yaml:17">
P2: `default` is called with only one argument, which will make the chart fail to render. Initialize `$targets` with `list` directly (or pass a second argument) so the template can render.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/_helpers.tpl">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/_helpers.tpl:170">
P2: User-specified `vlagent.spec.remoteWrite` entries are ignored because `| list (default dict)` always makes the empty dict the first element. Default the list while preserving provided values.</violation>

<violation number="2" location="charts/victoria-logs-k8s-stack/templates/_helpers.tpl:207">
P1: `set` is missing the key argument, which will cause a template rendering error when using external write URLs for vlcluster. Set the `write` key explicitly.</violation>

<violation number="3" location="charts/victoria-logs-k8s-stack/templates/_helpers.tpl:215">
P1: `set` is missing the key argument, which breaks template rendering when external read URLs are configured for vlcluster. Set the `read` key explicitly.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/rule.yml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/rule.yml:48">
P2: `mergeOverwrite $ctx $group` mutates `$ctx` in-place (Sprig's `mergeOverwrite` modifies and returns its first argument). Because `$ctx` is shared across all loop iterations, keys from one group's `$group` dict leak into the rendering context of every subsequent group. Use `deepCopy $ctx` as the first argument to avoid cross-iteration pollution.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/lint/simple.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/lint/simple.yaml:4">
P2: `additionalVictoriaMetricsMap` isn’t used anywhere in the victoria-logs-k8s-stack chart, so these rules are ignored during linting. Use the chart’s supported `extraRules` key instead to exercise rule rendering.</violation>

<violation number="2" location="charts/victoria-logs-k8s-stack/lint/simple.yaml:11">
P2: The lint values use `alertmanager`, but this chart reads `vmalertmanager`, so these settings are ignored. Rename the top-level key so linting actually exercises the alertmanager configuration.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[AndrewChubatiuk]

@cubic-dev-ai review this PR

[cubic-dev-ai]

@cubic-dev-ai review this PR

@AndrewChubatiuk I have started the AI code review. It will take a few minutes to complete.

[cubic-dev-ai]

4 issues found across 43 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/rule.yml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/rule.yml:48">
P1: `mergeOverwrite $ctx $group` mutates the shared `$ctx` dict in-place. Because `$ctx` is declared outside the `range` loop, keys injected from `$group` (spec, alerting, recording, rules, etc.) persist across all subsequent loop iterations, causing group-specific values from earlier files to contaminate the rendering context of later files. Use `deepCopy $ctx` as the destination instead.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/_helpers.tpl">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/_helpers.tpl:46">
P2: The first `set $remotes "remoteWrite"` assignment is dead code. It is always overwritten by the second `set $remotes "remoteWrite"` inside the later `with $remoteWrite` block, regardless of whether `external.vm.write.url` is set.</violation>

<violation number="2" location="charts/victoria-logs-k8s-stack/templates/_helpers.tpl:256">
P1: `$Values.vmalertmanager.templateFiles | dict` is incorrect. Piping an existing map to `dict` passes it as a single odd argument, turning the map's string representation into a key with an empty value. None of the actual template file entries will be iterated. Remove `| dict`.</violation>

<violation number="3" location="charts/victoria-logs-k8s-stack/templates/_helpers.tpl:409">
P2: `index grafana.ingress.hosts 0` will panic if `grafana.ingress.hosts` is an empty list. Add a length guard before accessing index 0.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[AndrewChubatiuk]

@cubic-dev-ai review this PR

[cubic-dev-ai]

@cubic-dev-ai review this PR

@AndrewChubatiuk I have started the AI code review. It will take a few minutes to complete.

[cubic-dev-ai]

6 issues found across 43 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/rule.yml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/rule.yml:48">
P1: `mergeOverwrite $ctx $group` mutates `$ctx` in-place because Sprig's `mergeOverwrite` modifies its destination argument. This means each loop iteration starts with a `$ctx` that has been polluted by all previous groups' properties. All other `mergeOverwrite` calls in this file guard against this with `deepCopy`; this one should too.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/grafana/dashboard.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/grafana/dashboard.yaml:22">
P1: Dashboard templates expect `.helm` in their context (e.g., `(.helm).Values` in generated dashboards), but `tpl` is invoked with `$` instead of the custom `$ctx`. This will cause rendering errors or missing values in dashboards. Use the `$ctx` dictionary when calling `tpl` so `.helm` is defined.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/_helpers.tpl">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/_helpers.tpl:14">
P1: The loop variable `appIdx` leaks from the `vlsingle` loop into the subsequent `vmalertmanager` datasource configuration. The `vm.url` helper uses `appIdx` to generate pod-specific URLs. As a result, the `vmalertmanager` datasource URL will incorrectly point to the last replica of `vlsingle` instead of the `vmalertmanager` service, potentially causing connection failures or pointing to non-existent pods.</violation>

<violation number="2" location="charts/victoria-logs-k8s-stack/templates/_helpers.tpl:184">
P1: The generated `remoteWrite` configuration (which includes the managed URL) is overwritten by the user's `Values.vlagent.spec` because `Values` is the last argument to `mergeOverwrite`. This causes the managed VictoriaLogs URL configuration to be discarded if `remoteWrite` is defined in `values.yaml`. The generated `$spec` should take precedence for the managed configuration fields.</violation>

<violation number="3" location="charts/victoria-logs-k8s-stack/templates/_helpers.tpl:224">
P2: The template modifies `$Values.vmauth.spec` in place using `unset`. Since `.Values` is shared across template executions, this mutation can cause side effects in other templates that rely on the original values. Use `deepCopy` to work on a local copy of the spec.</violation>

<violation number="4" location="charts/victoria-logs-k8s-stack/templates/_helpers.tpl:318">
P1: The plugin version extraction logic is incorrect for plugins defined as `name;version`. `splitList ";" $plugin | reverse | first` extracts the version string (e.g., "1.2.3") instead of the plugin name. This causes the check `has $ds.type $installed` to fail because it compares the plugin type (name) against version strings, erroneously disabling datasources that depend on specific plugin versions.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[AndrewChubatiuk]

@cubic-dev-ai review this PR

[cubic-dev-ai]

@cubic-dev-ai review this PR

@AndrewChubatiuk I have started the AI code review. It will take a few minutes to complete.

[cubic-dev-ai]

7 issues found across 43 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="charts/victoria-logs-k8s-stack/_index.md.gotmpl">

<violation number="1" location="charts/victoria-logs-k8s-stack/_index.md.gotmpl:115">
P3: Remove the stray duplicate `argocd.argoproj.io/sync-options: ServerSideApply=true` line outside the YAML block to avoid confusing rendered documentation.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/grafana/dashboard.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/grafana/dashboard.yaml:28">
P2: Guard against missing dashboard entries before calling hasKey; otherwise the template errors when a dashboard file lacks an entry in `.Values.defaultDashboards.dashboards`.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/notifiers.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/notifiers.yaml:17">
P1: `default` requires two arguments; using `default list` without a value will fail template rendering. Initialize the list directly instead.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/rule.yml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/rule.yml:43">
P1: `(default dict)` is incorrect here. `default` requires two arguments, but only one is supplied. This should be `(dict)` — a zero-arg call that returns an empty map — matching the established pattern in the equivalent `victoria-metrics-k8s-stack` template.</violation>

<violation number="2" location="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/rule.yml:81">
P1: `default list` is incorrect. `default` needs two arguments; here only one is provided. The correct initializer for an empty list is `list` (or `(list)`), matching the working reference template.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/ingress.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/ingress.yaml:49">
P2: `pathType` is required in networking.k8s.io/v1 Ingress. This template omits it unless users explicitly set ingress.pathType, which can render invalid manifests. Provide a default pathType (e.g., Prefix) to avoid validation failures.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/_helpers.tpl">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/_helpers.tpl:341">
P2: The per-replica datasource loop always uses `vlsingle.spec.replicaCount`, so VLCluster installs with multiple `vlselect` replicas will only render one datasource when `perReplica` is enabled. Use the active component’s replica count (vlsingle or vlcluster.vlselect) when building per-replica datasources.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[AndrewChubatiuk]

@cubic-dev-ai review this PR

[cubic-dev-ai]

@cubic-dev-ai review this PR

@AndrewChubatiuk I have started the AI code review. It will take a few minutes to complete.

[cubic-dev-ai]

3 issues found across 44 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="charts/victoria-logs-k8s-stack/templates/grafana/datasource.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/grafana/datasource.yaml:13">
P2: The name sanitizer allows underscores (`\w`), which can generate an invalid Kubernetes resource name when datasource names include `_`. Restrict the replacement to non `[a-z0-9]` so the final name stays DNS-1123 compliant.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/grafana/dashboard.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/grafana/dashboard.yaml:28">
P2: Guard the lookup of `.Values.defaultDashboards.dashboards[$dashboardName]` before calling `hasKey`; otherwise missing dashboard entries will cause a template error during rendering.</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalertmanager/vmalertmanager.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalertmanager/vmalertmanager.yaml:28">
P2: Appending a new `templates:` section after rendering the full config will overwrite user-provided `templates` entries and can produce duplicate keys. Merge the extra template path into the config before calling `toYaml`.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[AndrewChubatiuk]

@cubic-dev-ai review this PR

[cubic-dev-ai]

@cubic-dev-ai review this PR

@AndrewChubatiuk I have started the AI code review. It will take a few minutes to complete.

[cubic-dev-ai]

2 issues found across 44 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/notifiers.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalert/notifiers.yaml:19">
P2: Guard against missing vmalertmanager.spec.webConfig before accessing tls_server_config; otherwise templating fails when webConfig is not set (default values).</violation>
</file>

<file name="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalertmanager/monzo-template.yaml">

<violation number="1" location="charts/victoria-logs-k8s-stack/templates/victoria-metrics-operator/vmalertmanager/monzo-template.yaml:25">
P2: URL-encode the alertname value in the silence link so special characters don’t break the generated URL.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}