Documentation ¶
Overview ¶
Package v1 contains API Schema definitions for the config v1 API group +kubebuilder:object:generate=true +groupName=config.loki.grafana.com
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "config.loki.grafana.com", Version: "v1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type BuiltInCertManagement ¶
type BuiltInCertManagement struct { // Enabled defines to flag to enable/disable built-in certificate management feature gate. Enabled bool `json:"enabled,omitempty"` // CACertValidity defines the total duration of the CA certificate validity. CACertValidity string `json:"caValidity,omitempty"` // CACertRefresh defines the duration of the CA certificate validity until a rotation // should happen. It can be set up to 80% of CA certificate validity or equal to the // CA certificate validity. Latter should be used only for rotating only when expired. CACertRefresh string `json:"caRefresh,omitempty"` // CertValidity defines the total duration of the validity for all LokiStack certificates. CertValidity string `json:"certValidity,omitempty"` // CertRefresh defines the duration of the certificate validity until a rotation // should happen. It can be set up to 80% of certificate validity or equal to the // certificate validity. Latter should be used only for rotating only when expired. // The refresh is applied to all LokiStack certificates at once. CertRefresh string `json:"certRefresh,omitempty"` }
BuiltInCertManagement is the configuration for the built-in facility to generate and rotate TLS client and serving certificates for all LokiStack services and internal clients except for the lokistack-gateway.
func (*BuiltInCertManagement) DeepCopy ¶
func (in *BuiltInCertManagement) DeepCopy() *BuiltInCertManagement
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuiltInCertManagement.
func (*BuiltInCertManagement) DeepCopyInto ¶
func (in *BuiltInCertManagement) DeepCopyInto(out *BuiltInCertManagement)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControllerHealth ¶ added in v0.6.0
type ControllerHealth struct { // HealthProbeBindAddress is the TCP address that the controller should bind to // for serving health probes // It can be set to "0" or "" to disable serving the health probe. // +optional HealthProbeBindAddress string `json:"healthProbeBindAddress,omitempty"` }
ControllerHealth defines the health configs.
func (*ControllerHealth) DeepCopy ¶ added in v0.6.0
func (in *ControllerHealth) DeepCopy() *ControllerHealth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerHealth.
func (*ControllerHealth) DeepCopyInto ¶ added in v0.6.0
func (in *ControllerHealth) DeepCopyInto(out *ControllerHealth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControllerManagerConfiguration ¶ added in v0.6.0
type ControllerManagerConfiguration struct { metav1.TypeMeta `json:",inline"` // ControllerManagerConfiguration returns the contfigurations for controllers ControllerManagerConfigurationSpec `json:",inline"` }
ControllerManagerConfiguration is the Schema for the GenericControllerManagerConfigurations API.
func (*ControllerManagerConfiguration) DeepCopy ¶ added in v0.6.0
func (in *ControllerManagerConfiguration) DeepCopy() *ControllerManagerConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerManagerConfiguration.
func (*ControllerManagerConfiguration) DeepCopyInto ¶ added in v0.6.0
func (in *ControllerManagerConfiguration) DeepCopyInto(out *ControllerManagerConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ControllerManagerConfiguration) DeepCopyObject ¶ added in v0.6.0
func (in *ControllerManagerConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ControllerManagerConfigurationSpec ¶ added in v0.6.0
type ControllerManagerConfigurationSpec struct { // LeaderElection is the LeaderElection config to be used when configuring // the manager.Manager leader election // +optional LeaderElection *configv1alpha1.LeaderElectionConfiguration `json:"leaderElection,omitempty"` // Metrics contains the controller metrics configuration // +optional Metrics ControllerMetrics `json:"metrics,omitempty"` // Health contains the controller health configuration // +optional Health ControllerHealth `json:"health,omitempty"` // Webhook contains the controllers webhook configuration // +optional Webhook ControllerWebhook `json:"webhook,omitempty"` }
ControllerManagerConfigurationSpec defines the desired state of GenericControllerManagerConfiguration.
func (*ControllerManagerConfigurationSpec) Complete ¶ added in v0.6.0
func (c *ControllerManagerConfigurationSpec) Complete() (ControllerManagerConfigurationSpec, error)
Complete returns the configuration for controller-runtime.
func (*ControllerManagerConfigurationSpec) DeepCopy ¶ added in v0.6.0
func (in *ControllerManagerConfigurationSpec) DeepCopy() *ControllerManagerConfigurationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerManagerConfigurationSpec.
func (*ControllerManagerConfigurationSpec) DeepCopyInto ¶ added in v0.6.0
func (in *ControllerManagerConfigurationSpec) DeepCopyInto(out *ControllerManagerConfigurationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControllerMetrics ¶ added in v0.6.0
type ControllerMetrics struct { // BindAddress is the TCP address that the controller should bind to // for serving prometheus metrics. // It can be set to "0" to disable the metrics serving. // +optional BindAddress string `json:"bindAddress,omitempty"` }
ControllerMetrics defines the metrics configs.
func (*ControllerMetrics) DeepCopy ¶ added in v0.6.0
func (in *ControllerMetrics) DeepCopy() *ControllerMetrics
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerMetrics.
func (*ControllerMetrics) DeepCopyInto ¶ added in v0.6.0
func (in *ControllerMetrics) DeepCopyInto(out *ControllerMetrics)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControllerWebhook ¶ added in v0.6.0
type ControllerWebhook struct { // Port is the port that the webhook server serves at. // It is used to set webhook.Server.Port. // +optional Port *int `json:"port,omitempty"` }
ControllerWebhook defines the webhook server for the controller.
func (*ControllerWebhook) DeepCopy ¶ added in v0.6.0
func (in *ControllerWebhook) DeepCopy() *ControllerWebhook
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerWebhook.
func (*ControllerWebhook) DeepCopyInto ¶ added in v0.6.0
func (in *ControllerWebhook) DeepCopyInto(out *ControllerWebhook)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FeatureGates ¶
type FeatureGates struct { // ServiceMonitors enables creating a Prometheus-Operator managed ServiceMonitor // resource per LokiStack component. ServiceMonitors bool `json:"serviceMonitors,omitempty"` // ServiceMonitorTLSEndpoints enables TLS for the ServiceMonitor endpoints. ServiceMonitorTLSEndpoints bool `json:"serviceMonitorTlsEndpoints,omitempty"` // LokiStackAlerts enables creating Prometheus-Operator managed PrometheusRules // for common Loki alerts. LokiStackAlerts bool `json:"lokiStackAlerts,omitempty"` // HTTPEncryption enables TLS encryption for all HTTP LokiStack services. // Each HTTP service requires a secret named as the service with the following data: // - `tls.crt`: The TLS server side certificate. // - `tls.key`: The TLS key for server-side encryption. // In addition each service requires a configmap named as the LokiStack CR with the // suffix `-ca-bundle`, e.g. `lokistack-dev-ca-bundle` and the following data: // - `service-ca.crt`: The CA signing the service certificate in `tls.crt`. HTTPEncryption bool `json:"httpEncryption,omitempty"` // GRPCEncryption enables TLS encryption for all GRPC LokiStack services. // Each GRPC service requires a secret named as the service with the following data: // - `tls.crt`: The TLS server side certificate. // - `tls.key`: The TLS key for server-side encryption. // In addition each service requires a configmap named as the LokiStack CR with the // suffix `-ca-bundle`, e.g. `lokistack-dev-ca-bundle` and the following data: // - `service-ca.crt`: The CA signing the service certificate in `tls.crt`. GRPCEncryption bool `json:"grpcEncryption,omitempty"` // BuiltInCertManagement enables the built-in facility for generating and rotating // TLS client and serving certificates for all LokiStack services and internal clients except // for the lokistack-gateway, In detail all internal Loki HTTP and GRPC communication is lifted // to require mTLS. For the lokistack-gateay you need to provide a secret with or use the `ServingCertsService` // on OpenShift: // - `tls.crt`: The TLS server side certificate. // - `tls.key`: The TLS key for server-side encryption. // In addition each service requires a configmap named as the LokiStack CR with the // suffix `-ca-bundle`, e.g. `lokistack-dev-ca-bundle` and the following data: // - `service-ca.crt`: The CA signing the service certificate in `tls.crt`. BuiltInCertManagement BuiltInCertManagement `json:"builtInCertManagement,omitempty"` // LokiStackGateway enables reconciling the reverse-proxy lokistack-gateway // component for multi-tenant authentication/authorization traffic control // to Loki. LokiStackGateway bool `json:"lokiStackGateway,omitempty"` // GrafanaLabsUsageReport enables the Grafana Labs usage report for Loki. // More details: https://grafana.com/docs/loki/latest/release-notes/v2-5/#usage-reporting GrafanaLabsUsageReport bool `json:"grafanaLabsUsageReport,omitempty"` // RestrictedPodSecurityStandard enables compliance with the restrictive pod security standard. // More details: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted RestrictedPodSecurityStandard bool `json:"restrictedPodSecurityStandard,omitempty"` // LokiStackWebhook enables the LokiStack CR validation and conversion webhooks. LokiStackWebhook bool `json:"lokiStackWebhook,omitempty"` // AlertingRuleWebhook enables the AlertingRule CR validation webhook. AlertingRuleWebhook bool `json:"alertingRuleWebhook,omitempty"` // RecordingRuleWebhook enables the RecordingRule CR validation webhook. RecordingRuleWebhook bool `json:"recordingRuleWebhook,omitempty"` // RulerConfigWebhook enables the RulerConfig CR validation webhook. RulerConfigWebhook bool `json:"rulerConfigWebhook,omitempty"` // When DefaultNodeAffinity is enabled the operator will set a default node affinity on all pods. // This will limit scheduling of the pods to Nodes with Linux. DefaultNodeAffinity bool `json:"defaultNodeAffinity,omitempty"` // OpenShift contains a set of feature gates supported only on OpenShift. OpenShift OpenShiftFeatureGates `json:"openshift,omitempty"` // TLSProfile allows to chose a TLS security profile. Enforced // when using HTTPEncryption or GRPCEncryption. TLSProfile string `json:"tlsProfile,omitempty"` }
FeatureGates is the supported set of all operator feature gates.
func (*FeatureGates) DeepCopy ¶
func (in *FeatureGates) DeepCopy() *FeatureGates
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGates.
func (*FeatureGates) DeepCopyInto ¶
func (in *FeatureGates) DeepCopyInto(out *FeatureGates)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OpenShiftFeatureGates ¶
type OpenShiftFeatureGates struct { // Enabled defines the flag to enable that these feature gates are used against OpenShift Container Platform releases. Enabled bool `json:"enabled,omitempty"` // ServingCertsService enables OpenShift service-ca annotations on the lokistack-gateway service only // to use the in-platform CA and generate a TLS cert/key pair per service for // in-cluster data-in-transit encryption. // More details: https://docs.openshift.com/container-platform/latest/security/certificate_types_descriptions/service-ca-certificates.html ServingCertsService bool `json:"servingCertsService,omitempty"` // ExtendedRuleValidation enables extended validation of AlertingRule and RecordingRule // to enforce tenancy in an OpenShift context. ExtendedRuleValidation bool `json:"ruleExtendedValidation,omitempty"` // ClusterTLSPolicy enables usage of TLS policies set in the API Server. // More details: https://docs.openshift.com/container-platform/4.11/security/tls-security-profiles.html ClusterTLSPolicy bool `json:"clusterTLSPolicy,omitempty"` // ClusterProxy enables usage of the proxy variables set in the proxy resource. // More details: https://docs.openshift.com/container-platform/4.11/networking/enable-cluster-wide-proxy.html#enable-cluster-wide-proxy ClusterProxy bool `json:"clusterProxy,omitempty"` // Dashboards enables the loki-mixin dashboards into the OpenShift Console Dashboards bool `json:"dashboards,omitempty"` // TokenCCOAuthEnv is true when OpenShift-functions are enabled and the operator has detected // that it is running with some kind of "workload identity" (AWS STS, Azure WIF) enabled. TokenCCOAuthEnv bool }
OpenShiftFeatureGates is the supported set of all operator features gates on OpenShift.
func (*OpenShiftFeatureGates) DeepCopy ¶
func (in *OpenShiftFeatureGates) DeepCopy() *OpenShiftFeatureGates
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftFeatureGates.
func (*OpenShiftFeatureGates) DeepCopyInto ¶
func (in *OpenShiftFeatureGates) DeepCopyInto(out *OpenShiftFeatureGates)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProjectConfig ¶
type ProjectConfig struct { metav1.TypeMeta `json:",inline"` // ControllerManagerConfigurationSpec returns the contfigurations for controllers ControllerManagerConfigurationSpec `json:",inline"` Gates FeatureGates `json:"featureGates,omitempty"` }
ProjectConfig is the Schema for the projectconfigs API
func (*ProjectConfig) DeepCopy ¶
func (in *ProjectConfig) DeepCopy() *ProjectConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectConfig.
func (*ProjectConfig) DeepCopyInto ¶
func (in *ProjectConfig) DeepCopyInto(out *ProjectConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProjectConfig) DeepCopyObject ¶
func (in *ProjectConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TLSProfileType ¶
type TLSProfileType string
TLSProfileType is a TLS security profile based on the Mozilla definitions: https://wiki.mozilla.org/Security/Server_Side_TLS
const ( // TLSProfileOldType is a TLS security profile based on: // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility TLSProfileOldType TLSProfileType = "Old" // TLSProfileIntermediateType is a TLS security profile based on: // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 TLSProfileIntermediateType TLSProfileType = "Intermediate" // TLSProfileModernType is a TLS security profile based on: // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility TLSProfileModernType TLSProfileType = "Modern" )