release v0.68.3

Dockerfile

@@ -3,7 +3,7 @@ ARG BUILDINFO
 ARG BASEIMAGE=scratch
 
 # Build the manager binary
-FROM golang:1.25.7 AS builder
+FROM golang:1.25.8 AS builder
 ARG TARGETOS
 ARG TARGETARCH
 

api/operator/v1beta1/vmcluster_types.go

@@ -509,9 +509,9 @@ type VMBackup struct {
 	// SnapshotCreateURL overwrites url for snapshot create
 	// +optional
 	SnapshotCreateURL string `json:"snapshotCreateURL,omitempty"`
-	// SnapShotDeleteURL overwrites url for snapshot delete
+	// SnapshotDeleteURL overwrites url for snapshot delete
 	// +optional
-	SnapShotDeleteURL string `json:"snapshotDeleteURL,omitempty"`
+	SnapshotDeleteURL string `json:"snapshotDeleteURL,omitempty"`
 	// Defines number of concurrent workers. Higher concurrency may reduce backup duration (default 10)
 	// +optional
 	Concurrency *int32 `json:"concurrency,omitempty"`

cmd/config-reloader/main.go

@@ -68,6 +68,8 @@ var (
 		"Optional TLS server name to use for connections to -reload-url.")
 	tlsInsecureSkipVerify = flag.Bool("reload.tlsInsecureSkipVerify", true,
 		"Whether to skip tls verification when connecting to -reload-url")
+	logFormat = flag.String("log-format", "",
+		"log format alias to loggerFormat")
 )
 
 var (
@@ -81,6 +83,9 @@ var (
 
 func main() {
 	envflag.Parse()
+	if *logFormat != "" {
+		_ = flag.Set("loggerFormat", *logFormat)
+	}
 	buildinfo.Init()
 	logger.Init()
 	ctx, cancel := context.WithCancel(context.Background())

cmd/config-reloader/main_test.go

@@ -0,0 +1,33 @@
+package main
+
+import (
+	"flag"
+	"testing"
+)
+
+func TestLogFormatAlias(t *testing.T) {
+	f := func(logFormatVal, loggerFormatVal, expected string) {
+		t.Helper()
+		_ = flag.Set("log-format", logFormatVal)
+		_ = flag.Set("loggerFormat", loggerFormatVal)
+
+		if *logFormat != "" {
+			_ = flag.Set("loggerFormat", *logFormat)
+		}
+
+		loggerFormatFlag := flag.Lookup("loggerFormat")
+		if loggerFormatFlag == nil {
+			t.Fatalf("expected loggerFormat flag to be registered")
+		}
+
+		if loggerFormatFlag.Value.String() != expected {
+			t.Fatalf("expected loggerFormat to be %q, got %q", expected, loggerFormatFlag.Value.String())
+		}
+	}
+
+	// only log-format is set
+	f("json", "default", "json")
+
+	// log-format is empty
+	f("", "json", "json")
+}

config/crd/overlay/crd.yaml

@@ -32508,7 +32508,7 @@ spec:
                           create
                         type: string
                       snapshotDeleteURL:
-                        description: SnapShotDeleteURL overwrites url for snapshot
+                        description: SnapshotDeleteURL overwrites url for snapshot
                           delete
                         type: string
                       volumeMounts:
@@ -71837,7 +71837,7 @@ spec:
                     description: SnapshotCreateURL overwrites url for snapshot create
                     type: string
                   snapshotDeleteURL:
-                    description: SnapShotDeleteURL overwrites url for snapshot delete
+                    description: SnapshotDeleteURL overwrites url for snapshot delete
                     type: string
                   volumeMounts:
                     description: |-

docs/CHANGELOG.md

@@ -14,6 +14,15 @@ aliases:
 ## tip
 
 * FEATURE: [vmoperator](https://docs.victoriametrics.com/operator/): prettify reconcile diff in logs, now diff objects show only changed JSON fields.
+* FEATURE: [vmoperator](https://docs.victoriametrics.com/operator/): introduce VM_LOOPBACK env variable, which allows to override default loopback address, which is either `localhost` if `VM_ENABLETCP6=true` or `127.0.0.1` in other cases. Note: this change may cause component rollouts when 127.0.0.1 is used as the loopback address. Make sure to set this env var before upgrading.
+
+* BUGFIX: [vmoperator](https://docs.victoriametrics.com/operator/): recreate STS if immutable fields changed.
+* BUGFIX: [vmoperator](https://docs.victoriametrics.com/operator/): pod recreation isn't lost after triggerring StatefulSet delete.
+* BUGFIX: [vmdistributed](https://docs.victoriametrics.com/operator/resources/vmdistributed/): updated VMAuth config consolidating all VMSelects into a single read and all VMAgents into a single write backend.
+* BUGFIX: [vmoperator](https://docs.victoriametrics.com/operator/): fix finalizer cleanup for VLAgent, VLogs, VMAgent, and VMSingle to target the correct resources.
+* BUGFIX: [config-reloader](https://github.com/VictoriaMetrics/operator/tree/master/cmd/config-reloader): `log-format` option supported as fallback for `loggerFormat`. See [#1954](https://github.com/VictoriaMetrics/operator/issues/1954).
+
+* SECURITY: upgrade Go builder from Go1.25.7 to Go1.25.8. See [the list of issues addressed in Go1.25.8](https://github.com/golang/go/issues?q=milestone%3AGo1.25.8+label%3ACherryPickApproved).
 
 ## [v0.68.2](https://github.com/VictoriaMetrics/operator/releases/tag/v0.68.2)
 **Release date:** 04 March 2026
@@ -22,7 +31,6 @@ aliases:
 
 * BUGFIX: [vmoperator](https://docs.victoriametrics.com/operator/): perform statefulset pods deletion instead of eviction when maxUnavailable set to 100%, which is important for [minimum downtime strategy](https://docs.victoriametrics.com/victoriametrics/cluster-victoriametrics/#minimum-downtime-strategy). See [#1706](https://github.com/VictoriaMetrics/operator/issues/1706).
 * BUGFIX: [vmoperator](https://docs.victoriametrics.com/operator/): VMPodScrape for VLAgent and VMAgent now uses the correct port; previously it used the wrong port and could cause scrape failures. See [#1887](https://github.com/VictoriaMetrics/operator/issues/1887).
-* BUGFIX: [vmdistributed](https://docs.victoriametrics.com/operator/resources/vmdistributed/): updated VMAuth config consolidating all VMSelects into a single read and all VMClusters into a single write backend
 * BUGFIX: [vmdistributed](https://docs.victoriametrics.com/operator/resources/vmdistributed/): fix PVC being owned by StatefulSet and top-level object simultaenously. See [#1845](https://github.com/VictoriaMetrics/operator/issues/1845).
 * BUGFIX: [vmoperator](https://docs.victoriametrics.com/operator/): remove unneeded finalizer from core K8s resources. See [#835](https://github.com/VictoriaMetrics/operator/issues/835).
 * BUGFIX: [vmdistributed](https://docs.victoriametrics.com/operator/resources/vmdistributed/): remove finalizers from VMServiceScrape and VMPodScrape objects, and keep finalizers on VMAgent, VMCluster, and VMAuth when DeletionTimestamp is not empty.

docs/api.md

@@ -3832,7 +3832,7 @@ Appears in: [VMSingleSpec](#vmsinglespec), [VMStorage](#vmstorage)
 | resources<a href="#vmbackup-resources" id="vmbackup-resources">#</a><br/>_[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#resourcerequirements-v1-core)_ | _(Optional)_<br/>Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br />if not defined default resources from operator config will be used |
 | restore<a href="#vmbackup-restore" id="vmbackup-restore">#</a><br/>_[VMRestore](#vmrestore)_ | _(Optional)_<br/>Restore Allows to enable restore options for pod<br />Read [more](https://docs.victoriametrics.com/victoriametrics/vmbackupmanager/#restore-commands) |
 | snapshotCreateURL<a href="#vmbackup-snapshotcreateurl" id="vmbackup-snapshotcreateurl">#</a><br/>_string_ | _(Optional)_<br/>SnapshotCreateURL overwrites url for snapshot create |
-| snapshotDeleteURL<a href="#vmbackup-snapshotdeleteurl" id="vmbackup-snapshotdeleteurl">#</a><br/>_string_ | _(Optional)_<br/>SnapShotDeleteURL overwrites url for snapshot delete |
+| snapshotDeleteURL<a href="#vmbackup-snapshotdeleteurl" id="vmbackup-snapshotdeleteurl">#</a><br/>_string_ | _(Optional)_<br/>SnapshotDeleteURL overwrites url for snapshot delete |
 | volumeMounts<a href="#vmbackup-volumemounts" id="vmbackup-volumemounts">#</a><br/>_[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#volumemount-v1-core) array_ | _(Optional)_<br/>VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition.<br />VolumeMounts specified will be appended to other VolumeMounts in the vmbackupmanager container,<br />that are generated as a result of StorageSpec objects. |
 
 #### VMCluster

docs/config-reloader-flags.md

@@ -69,6 +69,8 @@ Usage of bin/config-reloader:
     	Whether to disable caches for interned strings. This may reduce memory usage at the cost of higher CPU usage. See https://en.wikipedia.org/wiki/String_interning . See also -internStringCacheExpireDuration and -internStringMaxLen
   -internStringMaxLen int
     	The maximum length for strings to intern. A lower limit may save memory at the cost of higher CPU usage. See https://en.wikipedia.org/wiki/String_interning . See also -internStringDisableCache and -internStringCacheExpireDuration (default 500)
+  -log-format string
+    	log format alias to loggerFormat
   -loggerDisableTimestamps
     	Whether to disable writing timestamps in logs
   -loggerErrorsPerSecondLimit int

docs/env.md

@@ -12,6 +12,7 @@
 | VM_CUSTOMCONFIGRELOADERIMAGE: `-` <a href="#variables-vm-customconfigreloaderimage" id="variables-vm-customconfigreloaderimage">#</a><br>Deprecated: use VM_CONFIG_RELOADER_IMAGE instead |
 | VM_PSPAUTOCREATEENABLED: `false` <a href="#variables-vm-pspautocreateenabled" id="variables-vm-pspautocreateenabled">#</a> |
 | VM_ENABLETCP6: `false` <a href="#variables-vm-enabletcp6" id="variables-vm-enabletcp6">#</a> |
+| VM_LOOPBACK: `-` <a href="#variables-vm-loopback" id="variables-vm-loopback">#</a><br>Overrides default loopback interface that will be used for all VM components |
 | VM_CONFIG_RELOADER_IMAGE: `victoriametrics/operator:config-reloader-${VM_OPERATOR_VERSION}` <a href="#variables-vm-config-reloader-image" id="variables-vm-config-reloader-image">#</a><br>default image for all config-reloader containers |
 | VM_CONFIG_RELOADER_LIMIT_MEMORY: `unlimited` <a href="#variables-vm-config-reloader-limit-memory" id="variables-vm-config-reloader-limit-memory">#</a><br>defines global resource.limits.memory for all config-reloader containers |
 | VM_CONFIG_RELOADER_LIMIT_CPU: `unlimited` <a href="#variables-vm-config-reloader-limit-cpu" id="variables-vm-config-reloader-limit-cpu">#</a><br>defines global resource.limits.cpu for all config-reloader containers |

internal/config/config.go

@@ -115,6 +115,8 @@ type BaseOperatorConf struct {
 	CustomConfigReloaderImage string `env:"VM_CUSTOMCONFIGRELOADERIMAGE"`
 	PSPAutoCreateEnabled      bool   `default:"false" env:"VM_PSPAUTOCREATEENABLED"`
 	EnableTCP6                bool   `default:"false" env:"VM_ENABLETCP6"`
+	// Overrides default loopback interface that will be used for all VM components
+	Loopback string `env:"VM_LOOPBACK"`
 
 	// defines global config reloader parameters
 	ConfigReloader struct {
@@ -715,6 +717,9 @@ func MustGetBaseConfig() *BaseOperatorConf {
 // GetLocalhost returns localhost value depending on global configuration
 func GetLocalhost() string {
 	cfg := MustGetBaseConfig()
+	if len(cfg.Loopback) > 0 {
+		return cfg.Loopback
+	}
 	if cfg.EnableTCP6 {
 		return "localhost"
 	}

internal/controller/operator/factory/build/backup.go

@@ -34,7 +34,7 @@ func VMBackupManager(
 		return nil, nil
 	}
 	snapshotCreateURL := cr.SnapshotCreateURL
-	snapshotDeleteURL := cr.SnapShotDeleteURL
+	snapshotDeleteURL := cr.SnapshotDeleteURL
 	if snapshotCreateURL == "" {
 		// http://localhost:port/snapshot/create
 		snapshotCreateURL = cr.SnapshotCreatePathWithFlags(config.GetLocalhost(), port, extraArgs)

internal/controller/operator/factory/reconcile/diff.go

@@ -84,7 +84,7 @@ func (r *fieldDiffRecorder) Report(rs cmp.Result) {
 				key += fmt.Sprintf("[%d\u2192%d]", ix, iy)
 			}
 		case cmp.MapIndex:
-			key += "['" + v.String() + "']"
+			key += strings.ReplaceAll(v.String(), `"`, `'`)
 		}
 	}
 	if !moved {