storage

package

v0.6.1 Latest Latest Go to latest Published: Jun 3, 2024 License: AGPL-3.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/grafana/loki

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func BuildSchemaConfig(utcTime time.Time, spec lokiv1.ObjectStorageSpec, ...) ([]lokiv1.ObjectStorageSchema, error)
func ConfigureDeployment(d *appsv1.Deployment, opts Options) error
func ConfigureStatefulSet(d *appsv1.StatefulSet, opts Options) error
func ManagedCredentialsSecretName(stackName string) string
type AlibabaCloudStorageConfig
type AzureStorageConfig
type CloudCredentials
type GCSStorageConfig
type OpenShiftOptions
- func (o OpenShiftOptions) TokenCCOAuthEnabled() bool
type Options
type S3SSEConfig
type S3SSEType
type S3StorageConfig
type SwiftStorageConfig
type TLSConfig

Constants ¶

View Source

const (
	// EnvAlibabaCloudAccessKeyID is the environment variable to specify the AlibabaCloud client id to access S3.
	EnvAlibabaCloudAccessKeyID = "ALIBABA_CLOUD_ACCESS_KEY_ID"
	// EnvAlibabaCloudAccessKeySecret is the environment variable to specify the AlibabaCloud client secret to access S3.
	EnvAlibabaCloudAccessKeySecret = "ALIBABA_CLOUD_ACCESS_KEY_SECRET"
	// EnvAWSAccessKeyID is the environment variable to specify the AWS client id to access S3.
	EnvAWSAccessKeyID = "AWS_ACCESS_KEY_ID"
	// EnvAWSAccessKeySecret is the environment variable to specify the AWS client secret to access S3.
	EnvAWSAccessKeySecret = "AWS_ACCESS_KEY_SECRET"
	// EnvAWSSseKmsEncryptionContext is the environment variable to specify the AWS KMS encryption context when using type SSE-KMS.
	EnvAWSSseKmsEncryptionContext = "AWS_SSE_KMS_ENCRYPTION_CONTEXT"
	// EnvAWSRoleArn is the environment variable to specify the AWS role ARN secret for the federated identity workflow.
	EnvAWSRoleArn = "AWS_ROLE_ARN"
	// EnvAWSWebIdentityTokenFile is the environment variable to specify the path to the web identity token file used in the federated identity workflow.
	EnvAWSWebIdentityTokenFile = "AWS_WEB_IDENTITY_TOKEN_FILE"
	// EnvAWSCredentialsFile is the environment variable to specify the path to the shared credentials file
	EnvAWSCredentialsFile = "AWS_SHARED_CREDENTIALS_FILE"
	// EnvAWSSdkLoadConfig is the environment that enabled the AWS SDK to enable the shared credentials file to be loaded
	EnvAWSSdkLoadConfig = "AWS_SDK_LOAD_CONFIG"
	// EnvAzureStorageAccountName is the environment variable to specify the Azure storage account name to access the container.
	EnvAzureStorageAccountName = "AZURE_STORAGE_ACCOUNT_NAME"
	// EnvAzureStorageAccountKey is the environment variable to specify the Azure storage account key to access the container.
	EnvAzureStorageAccountKey = "AZURE_STORAGE_ACCOUNT_KEY"
	// EnvAzureClientID is the environment variable used to pass the Managed Identity client-ID to the container.
	EnvAzureClientID = "AZURE_CLIENT_ID"
	// EnvAzureTenantID is the environment variable used to pass the Managed Identity tenant-ID to the container.
	EnvAzureTenantID = "AZURE_TENANT_ID"
	// EnvAzureSubscriptionID is the environment variable used to pass the Managed Identity subscription-ID to the container.
	EnvAzureSubscriptionID = "AZURE_SUBSCRIPTION_ID"
	// EnvAzureFederatedTokenFile is the environment variable used to store the path to the Managed Identity token.
	EnvAzureFederatedTokenFile = "AZURE_FEDERATED_TOKEN_FILE"
	// EnvGoogleApplicationCredentials is the environment variable to specify path to key.json
	EnvGoogleApplicationCredentials = "GOOGLE_APPLICATION_CREDENTIALS"
	// EnvSwiftPassword is the environment variable to specify the OpenStack Swift password.
	EnvSwiftPassword = "SWIFT_PASSWORD"
	// EnvSwiftUsername is the environment variable to specify the OpenStack Swift username.
	EnvSwiftUsername = "SWIFT_USERNAME"

	// KeyAlibabaCloudAccessKeyID is the secret data key for the AlibabaCloud client id to access S3.
	KeyAlibabaCloudAccessKeyID = "access_key_id"
	// KeyAlibabaCloudSecretAccessKey is the secret data key for the AlibabaCloud client secret to access S3.
	KeyAlibabaCloudSecretAccessKey = "secret_access_key"
	// KeyAlibabaCloudBucket is the secret data key for the S3 bucket name.
	KeyAlibabaCloudBucket = "bucket"
	// KeyAlibabaCloudEndpoint is the secret data key for the S3 endpoint URL.
	KeyAlibabaCloudEndpoint = "endpoint"

	// KeyAWSAccessKeyID is the secret data key for the AWS client id to access S3.
	KeyAWSAccessKeyID = "access_key_id"
	// KeyAWSAccessKeySecret is the secret data key for the AWS client secret to access S3.
	KeyAWSAccessKeySecret = "access_key_secret"
	// KeyAWSBucketNames is the secret data key for the AWS S3 bucket names.
	KeyAWSBucketNames = "bucketnames"
	// KeyAWSEndpoint is the secret data key for the AWS endpoint URL.
	KeyAWSEndpoint = "endpoint"
	// KeyAWSRegion is the secret data key for the AWS region.
	KeyAWSRegion = "region"
	// KeyAWSSSEType is the secret data key for the AWS server-side encryption type.
	KeyAWSSSEType = "sse_type"
	// KeyAWSSseKmsEncryptionContext is the secret data key for the AWS SSE KMS encryption context.
	KeyAWSSseKmsEncryptionContext = "sse_kms_encryption_context"
	// KeyAWSSseKmsKeyID is the secret data key for the AWS SSE KMS key id.
	KeyAWSSseKmsKeyID = "sse_kms_key_id"
	// KeyAWSRoleArn is the secret data key for the AWS STS role ARN.
	KeyAWSRoleArn = "role_arn"
	// KeyAWSAudience is the audience for the AWS STS workflow.
	KeyAWSAudience = "audience"
	// KeyAWSCredentialsFilename is the config filename containing the AWS authentication credentials.
	KeyAWSCredentialsFilename = "credentials"

	// KeyAzureStorageAccountKey is the secret data key for the Azure storage account key.
	KeyAzureStorageAccountKey = "account_key"
	// KeyAzureStorageAccountName is the secret data key for the Azure storage account name.
	KeyAzureStorageAccountName = "account_name"
	// KeyAzureStorageClientID contains the UUID of the Managed Identity accessing the storage.
	KeyAzureStorageClientID = "client_id"
	// KeyAzureStorageTenantID contains the UUID of the Tenant hosting the Managed Identity.
	KeyAzureStorageTenantID = "tenant_id"
	// KeyAzureStorageSubscriptionID contains the UUID of the subscription hosting the Managed Identity.
	KeyAzureStorageSubscriptionID = "subscription_id"
	// KeyAzureStorageContainerName is the secret data key for the Azure storage container name.
	KeyAzureStorageContainerName = "container"
	// KeyAzureStorageEndpointSuffix is the secret data key for the Azure storage endpoint URL suffix.
	KeyAzureStorageEndpointSuffix = "endpoint_suffix"
	// KeyAzureEnvironmentName is the secret data key for the Azure cloud environment name.
	KeyAzureEnvironmentName = "environment"
	// KeyAzureAudience is the secret data key for customizing the audience used for the ServiceAccount token.
	KeyAzureAudience = "audience"

	// KeyGCPWorkloadIdentityProviderAudience is the secret data key for the GCP Workload Identity Provider audience.
	KeyGCPWorkloadIdentityProviderAudience = "audience"
	// KeyGCPStorageBucketName is the secret data key for the GCS bucket name.
	KeyGCPStorageBucketName = "bucketname"
	// KeyGCPServiceAccountKeyFilename is the service account key filename containing the Google authentication credentials.
	KeyGCPServiceAccountKeyFilename = "key.json"

	// KeySwiftAuthURL is the secret data key for the OpenStack Swift authentication URL.
	KeySwiftAuthURL = "auth_url"
	// KeySwiftContainerName is the secret data key for the OpenStack Swift container name.
	KeySwiftContainerName = "container_name"
	// KeySwiftDomainID is the secret data key for the OpenStack domain ID.
	KeySwiftDomainID = "domain_id"
	// KeySwiftDomainName is the secret data key for the OpenStack domain name.
	KeySwiftDomainName = "domain_name"
	// KeySwiftPassword is the secret data key for the OpenStack Swift password.
	KeySwiftPassword = "password"
	// KeySwiftProjectDomainId is the secret data key for the OpenStack project's domain id.
	KeySwiftProjectDomainId = "project_domain_id"
	// KeySwiftProjectDomainName is the secret data key for the OpenStack project's domain name.
	KeySwiftProjectDomainName = "project_domain_name"
	// KeySwiftProjectID is the secret data key for the OpenStack project id.
	KeySwiftProjectID = "project_id"
	// KeySwiftProjectName is the secret data key for the OpenStack project name.
	KeySwiftProjectName = "project_name"
	// KeySwiftRegion is the secret data key for the OpenStack Swift region.
	KeySwiftRegion = "region"
	// KeySwiftUserDomainID is the secret data key for the OpenStack Swift user domain id.
	KeySwiftUserDomainID = "user_domain_id"
	// KeySwiftUserDomainName is the secret data key for the OpenStack Swift user domain name.
	KeySwiftUserDomainName = "user_domain_name"
	// KeySwiftUserID is the secret data key for the OpenStack Swift user id.
	KeySwiftUserID = "user_id"
	// KeySwiftUsername is the secret data key for the OpenStack Swift password.
	KeySwiftUsername = "username"

	ServiceAccountTokenFilePath = saTokenVolumeMountPath + "/token"
)

Variables ¶

This section is empty.

Functions ¶

func BuildSchemaConfig ¶

func BuildSchemaConfig(
	utcTime time.Time,
	spec lokiv1.ObjectStorageSpec,
	status lokiv1.LokiStackStorageStatus,
) ([]lokiv1.ObjectStorageSchema, error)

BuildSchemaConfig creates a list of schemas to be used to configure the storage schemas for the cluster. This method assumes that the following validation has been done to the statuses and specs:

1. All EffectiveDate fields are able to be parsed 2. All EffectiveDate fields are unique in their respective list

func ConfigureDeployment ¶

func ConfigureDeployment(d *appsv1.Deployment, opts Options) error

ConfigureDeployment appends additional pod volumes and container env vars, args, volume mounts based on the object storage type. Currently supported amendments: - All: Ensure object storage secret mounted and auth projected as env vars. - GCS: Ensure env var GOOGLE_APPLICATION_CREDENTIALS in container - S3: Ensure mounting custom CA configmap if any TLSConfig given

func ConfigureStatefulSet ¶

func ConfigureStatefulSet(d *appsv1.StatefulSet, opts Options) error

ConfigureStatefulSet appends additional pod volumes and container env vars, args, volume mounts based on the object storage type. Currently supported amendments: - All: Ensure object storage secret mounted and auth projected as env vars. - GCS: Ensure env var GOOGLE_APPLICATION_CREDENTIALS in container - S3: Ensure mounting custom CA configmap if any TLSConfig given

func ManagedCredentialsSecretName ¶ added in v0.6.0

func ManagedCredentialsSecretName(stackName string) string

ManagedCredentialsSecretName returns the name of the secret holding the managed credentials.

Types ¶

type AlibabaCloudStorageConfig ¶

type AlibabaCloudStorageConfig struct {
	Endpoint string
	Bucket   string
}

AlibabaCloudStorageConfig for AlibabaCloud storage config

type AzureStorageConfig ¶

type AzureStorageConfig struct {
	Env              string
	Container        string
	EndpointSuffix   string
	Audience         string
	WorkloadIdentity bool
}

AzureStorageConfig for Azure storage config

type CloudCredentials ¶ added in v0.6.0

type CloudCredentials struct {
	SecretName string
	SHA1       string
}

type GCSStorageConfig ¶

type GCSStorageConfig struct {
	Bucket           string
	Audience         string
	WorkloadIdentity bool
}

GCSStorageConfig for GCS storage config

type OpenShiftOptions ¶ added in v0.6.0

type OpenShiftOptions struct {
	Enabled          bool
	CloudCredentials CloudCredentials
}

func (OpenShiftOptions) TokenCCOAuthEnabled ¶ added in v0.6.0

func (o OpenShiftOptions) TokenCCOAuthEnabled() bool

type Options ¶

type Options struct {
	Schemas        []lokiv1.ObjectStorageSchema
	SharedStore    lokiv1.ObjectStorageSecretType
	CredentialMode lokiv1.CredentialMode

	Azure        *AzureStorageConfig
	GCS          *GCSStorageConfig
	S3           *S3StorageConfig
	Swift        *SwiftStorageConfig
	AlibabaCloud *AlibabaCloudStorageConfig

	SecretName string
	SecretSHA1 string
	TLS        *TLSConfig

	OpenShift OpenShiftOptions
}

Options is used to configure Loki to integrate with supported object storages.

type S3SSEConfig ¶ added in v0.5.0

type S3SSEConfig struct {
	Type                 S3SSEType
	KMSKeyID             string
	KMSEncryptionContext string
}

type S3SSEType ¶ added in v0.5.0

type S3SSEType string

const (
	SSEKMSType S3SSEType = "SSE-KMS"
	SSES3Type  S3SSEType = "SSE-S3"
)

type S3StorageConfig ¶

type S3StorageConfig struct {
	Endpoint       string
	Region         string
	Buckets        string
	Audience       string
	STS            bool
	SSE            S3SSEConfig
	ForcePathStyle bool
}

S3StorageConfig for S3 storage config

type SwiftStorageConfig ¶

type SwiftStorageConfig struct {
	AuthURL           string
	UserDomainName    string
	UserDomainID      string
	UserID            string
	DomainID          string
	DomainName        string
	ProjectID         string
	ProjectName       string
	ProjectDomainID   string
	ProjectDomainName string
	Region            string
	Container         string
}

SwiftStorageConfig for Swift storage config

type TLSConfig ¶

type TLSConfig struct {
	CA  string
	Key string
}

TLSConfig for object storage endpoints. Currently supported only by: - S3

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL