API
This Document contains the types introduced by the Loki Operator to be consumed by users.
This page is automatically generated with
gen-crd-api-reference-docs
.
loki.grafana.com/v1
Package v1 contains API Schema definitions for the loki v1 API group
AlertManagerClientBasicAuth
(Appears on:AlertManagerClientConfig)
AlertManagerClientBasicAuth defines the basic authentication configuration for reaching alertmanager endpoints.
Field | Description |
---|---|
username string |
(Optional)
The subject’s username for the basic authentication configuration. |
password string |
(Optional)
The subject’s password for the basic authentication configuration. |
AlertManagerClientConfig
(Appears on:AlertManagerSpec)
AlertManagerClientConfig defines the client configuration for reaching alertmanager endpoints.
Field | Description |
---|---|
tls AlertManagerClientTLSConfig |
(Optional)
TLS configuration for reaching the alertmanager endpoints. |
headerAuth AlertManagerClientHeaderAuth |
(Optional)
Header authentication configuration for reaching the alertmanager endpoints. |
basicAuth AlertManagerClientBasicAuth |
(Optional)
Basic authentication configuration for reaching the alertmanager endpoints. |
AlertManagerClientHeaderAuth
(Appears on:AlertManagerClientConfig)
AlertManagerClientHeaderAuth defines the header configuration reaching alertmanager endpoints.
Field | Description |
---|---|
type string |
(Optional)
The authentication type for the header authentication configuration. |
credentials string |
(Optional)
The credentials for the header authentication configuration. |
credentialsFile string |
(Optional)
The credentials file for the Header authentication configuration. It is mutually exclusive with |
AlertManagerClientTLSConfig
(Appears on:AlertManagerClientConfig)
AlertManagerClientTLSConfig defines the TLS configuration for reaching alertmanager endpoints.
Field | Description |
---|---|
caPath string |
(Optional)
The CA certificate file path for the TLS configuration. |
serverName string |
(Optional)
The server name to validate in the alertmanager server certificates. |
certPath string |
(Optional)
The client-side certificate file path for the TLS configuration. |
keyPath string |
(Optional)
The client-side key file path for the TLS configuration. |
insecureSkipVerify bool |
(Optional)
Skip validating server certificate. |
AlertManagerDiscoverySpec
(Appears on:AlertManagerSpec)
AlertManagerDiscoverySpec defines the configuration to use DNS resolution for AlertManager hosts.
Field | Description |
---|---|
enableSRV bool |
(Optional)
Use DNS SRV records to discover Alertmanager hosts. |
refreshInterval PrometheusDuration |
(Optional)
How long to wait between refreshing DNS resolutions of Alertmanager hosts. |
AlertManagerNotificationQueueSpec
(Appears on:AlertManagerSpec)
AlertManagerNotificationQueueSpec defines the configuration for AlertManager notification settings.
Field | Description |
---|---|
capacity int32 |
(Optional)
Capacity of the queue for notifications to be sent to the Alertmanager. |
timeout PrometheusDuration |
(Optional)
HTTP timeout duration when sending notifications to the Alertmanager. |
forOutageTolerance PrometheusDuration |
(Optional)
Max time to tolerate outage for restoring “for” state of alert. |
forGracePeriod PrometheusDuration |
(Optional)
Minimum duration between alert and restored “for” state. This is maintained only for alerts with configured “for” time greater than the grace period. |
resendDelay PrometheusDuration |
(Optional)
Minimum amount of time to wait before resending an alert to Alertmanager. |
AlertManagerSpec
(Appears on:RulerConfigSpec, RulerOverrides)
AlertManagerSpec defines the configuration for ruler’s alertmanager connectivity.
Field | Description |
---|---|
externalUrl string |
(Optional)
URL for alerts return path. |
externalLabels map[string]string |
(Optional)
Additional labels to add to all alerts. |
enableV2 bool |
(Optional)
If enabled, then requests to Alertmanager use the v2 API. |
endpoints []string |
List of AlertManager URLs to send notifications to. Each Alertmanager URL is treated as a separate group in the configuration. Multiple Alertmanagers in HA per group can be supported by using DNS resolution (See EnableDNSDiscovery). |
discovery AlertManagerDiscoverySpec |
(Optional)
Defines the configuration for DNS-based discovery of AlertManager hosts. |
notificationQueue AlertManagerNotificationQueueSpec |
(Optional)
Defines the configuration for the notification queue to AlertManager hosts. |
relabelConfigs []RelabelConfig |
(Optional)
List of alert relabel configurations. |
client AlertManagerClientConfig |
(Optional)
Client configuration for reaching the alertmanager endpoint. |
AlertingRule
AlertingRule is the Schema for the alertingrules API
Field | Description |
---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
spec AlertingRuleSpec |
|
status AlertingRuleStatus |
AlertingRuleGroup
(Appears on:AlertingRuleSpec)
AlertingRuleGroup defines a group of Loki alerting rules.
Field | Description |
---|---|
name string |
Name of the alerting rule group. Must be unique within all alerting rules. |
interval PrometheusDuration |
(Optional)
Interval defines the time interval between evaluation of the given alerting rule. |
limit int32 |
(Optional)
Limit defines the number of alerts an alerting rule can produce. 0 is no limit. |
rules []*AlertingRuleGroupSpec |
Rules defines a list of alerting rules |
AlertingRuleGroupSpec
(Appears on:AlertingRuleGroup)
AlertingRuleGroupSpec defines the spec for a Loki alerting rule.
Field | Description |
---|---|
alert string |
(Optional)
The name of the alert. Must be a valid label value. |
expr string |
The LogQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending/firing alerts. |
for PrometheusDuration |
(Optional)
Alerts are considered firing once they have been returned for this long. Alerts which have not yet fired for long enough are considered pending. |
annotations map[string]string |
(Optional)
Annotations to add to each alert. |
labels map[string]string |
(Optional)
Labels to add to each alert. |
AlertingRuleSpec
(Appears on:AlertingRule)
AlertingRuleSpec defines the desired state of AlertingRule
Field | Description |
---|---|
tenantID string |
TenantID of tenant where the alerting rules are evaluated in. |
groups []*AlertingRuleGroup |
(Optional)
List of groups for alerting rules. |
AlertingRuleStatus
(Appears on:AlertingRule)
AlertingRuleStatus defines the observed state of AlertingRule
Field | Description |
---|---|
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions of the AlertingRule generation health. |
AuthenticationSpec
(Appears on:TenantsSpec)
AuthenticationSpec defines the oidc configuration per tenant for lokiStack Gateway component.
Field | Description |
---|---|
tenantName string |
TenantName defines the name of the tenant. |
tenantId string |
TenantID defines the id of the tenant. |
oidc OIDCSpec |
(Optional)
OIDC defines the spec for the OIDC tenant’s authentication. |
mTLS MTLSSpec |
(Optional)
TLSConfig defines the spec for the mTLS tenant’s authentication. |
AuthorizationSpec
(Appears on:TenantsSpec)
AuthorizationSpec defines the opa, role bindings and roles configuration per tenant for lokiStack Gateway component.
Field | Description |
---|---|
opa OPASpec |
(Optional)
OPA defines the spec for the third-party endpoint for tenant’s authorization. |
roles []RoleSpec |
(Optional)
Roles defines a set of permissions to interact with a tenant. |
roleBindings []RoleBindingsSpec |
(Optional)
RoleBindings defines configuration to bind a set of roles to a set of subjects. |
BlockedQuerySpec
(Appears on:PerTenantQueryLimitSpec)
BlockedQuerySpec defines the rule spec for queries to be blocked.
Field | Description |
---|---|
hash int32 |
(Optional)
Hash is a 32-bit FNV-1 hash of the query string. |
pattern string |
(Optional)
Pattern defines the pattern matching the queries to be blocked. |
regex bool |
(Optional)
Regex defines if the pattern is a regular expression. If false the pattern will be used only for exact matches. |
types BlockedQueryTypes |
(Optional)
Types defines the list of query types that should be considered for blocking. |
BlockedQueryType
(string
alias)
BlockedQueryType defines which type of query a blocked query should apply to.
Value | Description |
---|---|
"filter" |
BlockedQueryFilter is used, when the blocked query should apply to queries using a log filter. |
"limited" |
BlockedQueryLimited is used, when the blocked query should apply to queries without a filter or a metric aggregation. |
"metric" |
BlockedQueryMetric is used, when the blocked query should apply to queries with an aggregation. |
BlockedQueryTypes
([]github.com/grafana/loki/operator/api/loki/v1.BlockedQueryType
alias)
(Appears on:BlockedQuerySpec)
BlockedQueryTypes defines a slice of BlockedQueryType values to be used for a blocked query.
CASpec
(Appears on:MTLSSpec, OIDCSpec, ObjectStorageTLSSpec)
Field | Description |
---|---|
caKey string |
(Optional)
Key is the data key of a ConfigMap containing a CA certificate. It needs to be in the same namespace as the LokiStack custom resource. If empty, it defaults to “service-ca.crt”. |
caName string |
CA is the name of a ConfigMap containing a CA certificate. It needs to be in the same namespace as the LokiStack custom resource. |
ClusterProxy
(Appears on:LokiStackSpec)
ClusterProxy is the Proxy configuration when the cluster is behind a Proxy.
Field | Description |
---|---|
httpProxy string |
(Optional)
HTTPProxy configures the HTTP_PROXY/http_proxy env variable. |
httpsProxy string |
(Optional)
HTTPSProxy configures the HTTPS_PROXY/https_proxy env variable. |
noProxy string |
(Optional)
NoProxy configures the NO_PROXY/no_proxy env variable. |
CredentialMode
(string
alias)
(Appears on:LokiStackStorageStatus, ObjectStorageSecretSpec)
CredentialMode represents the type of authentication used for accessing the object storage.
Value | Description |
---|---|
"static" |
CredentialModeStatic represents the usage of static, long-lived credentials stored in a Secret. This is the default authentication mode and available for all supported object storage types. |
"token" |
CredentialModeToken represents the usage of short-lived tokens retrieved from a credential source. In this mode the static configuration does not contain credentials needed for the object storage. Instead, they are generated during runtime using a service, which allows for shorter-lived credentials and much more granular control. This authentication mode is not supported for all object storage types. |
"token-cco" |
CredentialModeTokenCCO represents the usage of short-lived tokens retrieved from a credential source. This mode is similar to CredentialModeToken, but instead of having a user-configured credential source, it is configured by the environment and the operator relies on the Cloud Credential Operator to provide a secret. This mode is only supported for certain object storage types in certain runtime environments. |
HashRingSpec
(Appears on:LokiStackSpec)
HashRingSpec defines the hash ring configuration
Field | Description |
---|---|
type HashRingType |
Type of hash ring implementation that should be used |
memberlist MemberListSpec |
(Optional)
MemberList configuration spec |
HashRingType
(string
alias)
(Appears on:HashRingSpec)
HashRingType defines the type of hash ring which can be used with the Loki cluster.
Value | Description |
---|---|
"memberlist" |
HashRingMemberList when using memberlist for the distributed hash ring. |
IngestionLimitSpec
(Appears on:LimitsTemplateSpec, PerTenantLimitsTemplateSpec)
IngestionLimitSpec defines the limits applied at the ingestion path.
Field | Description |
---|---|
ingestionRate int32 |
(Optional)
IngestionRate defines the sample size per second. Units MB. |
ingestionBurstSize int32 |
(Optional)
IngestionBurstSize defines the local rate-limited sample size per distributor replica. It should be set to the set at least to the maximum logs size expected in a single push request. |
maxLabelNameLength int32 |
(Optional)
MaxLabelNameLength defines the maximum number of characters allowed for label keys in log streams. |
maxLabelValueLength int32 |
(Optional)
MaxLabelValueLength defines the maximum number of characters allowed for label values in log streams. |
maxLabelNamesPerSeries int32 |
(Optional)
MaxLabelNamesPerSeries defines the maximum number of label names per series in each log stream. |
maxGlobalStreamsPerTenant int32 |
(Optional)
MaxGlobalStreamsPerTenant defines the maximum number of active streams per tenant, across the cluster. |
maxLineSize int32 |
(Optional)
MaxLineSize defines the maximum line size on ingestion path. Units in Bytes. |
perStreamDesiredRate int32 |
(Optional)
PerStreamDesiredRate defines the desired ingestion rate per second that LokiStack should target applying automatic stream sharding. Units MB. |
perStreamRateLimit int32 |
(Optional)
PerStreamRateLimit defines the maximum byte rate per second per stream. Units MB. |
perStreamRateLimitBurst int32 |
(Optional)
PerStreamRateLimitBurst defines the maximum burst bytes per stream. Units MB. |
InstanceAddrType
(string
alias)
(Appears on:MemberListSpec)
InstanceAddrType defines the type of pod network to use for advertising IPs to the ring.
Value | Description |
---|---|
"default" |
InstanceAddrDefault when using the first from any private network interfaces (RFC 1918 and RFC 6598). |
"podIP" |
InstanceAddrPodIP when using the public pod IP from the cluster’s pod network. |
LimitsSpec
(Appears on:LokiStackSpec)
LimitsSpec defines the spec for limits applied at ingestion or query path across the cluster or per tenant.
Field | Description |
---|---|
global LimitsTemplateSpec |
(Optional)
Global defines the limits applied globally across the cluster. |
tenants map[string]github.com/grafana/loki/operator/api/loki/v1.PerTenantLimitsTemplateSpec |
(Optional)
Tenants defines the limits applied per tenant. |
LimitsTemplateSpec
(Appears on:LimitsSpec)
LimitsTemplateSpec defines the limits applied at ingestion or query path.
Field | Description |
---|---|
ingestion IngestionLimitSpec |
(Optional)
IngestionLimits defines the limits applied on ingested log streams. |
queries QueryLimitSpec |
(Optional)
QueryLimits defines the limit applied on querying log streams. |
otlp OTLPSpec |
(Optional)
OTLP to configure which resource, scope and log attributes are stored as stream labels or structured metadata. Tenancy modes can provide a default OTLP configuration, when no custom OTLP configuration is set or even enforce the use of some required attributes. |
retention RetentionLimitSpec |
(Optional)
Retention defines how long logs are kept in storage. |
LokiComponentSpec
(Appears on:LokiTemplateSpec)
LokiComponentSpec defines the requirements to configure scheduling of each loki component individually.
Field | Description |
---|---|
replicas int32 |
(Optional)
Replicas defines the number of replica pods of the component. |
nodeSelector map[string]string |
(Optional)
NodeSelector defines the labels required by a node to schedule the component onto it. |
tolerations []Kubernetes core/v1.Toleration |
(Optional)
Tolerations defines the tolerations required by a node to schedule the component onto it. |
podAntiAffinity Kubernetes core/v1.PodAntiAffinity |
(Optional)
PodAntiAffinity defines the pod anti affinity scheduling rules to schedule pods of a component. |
LokiStack
LokiStack is the Schema for the lokistacks API
Field | Description |
---|---|
spec LokiStackSpec |
LokiStack CR spec field. |
status LokiStackStatus |
LokiStack CR spec Status. |
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
LokiStackComponentStatus
(Appears on:LokiStackStatus)
LokiStackComponentStatus defines the map of per pod status per LokiStack component. Each component is represented by a separate map of v1.Phase to a list of pods.
Field | Description |
---|---|
compactor PodStatusMap |
(Optional)
Compactor is a map to the pod status of the compactor pod. |
distributor PodStatusMap |
(Optional)
Distributor is a map to the per pod status of the distributor deployment |
indexGateway PodStatusMap |
(Optional)
IndexGateway is a map to the per pod status of the index gateway statefulset |
ingester PodStatusMap |
(Optional)
Ingester is a map to the per pod status of the ingester statefulset |
querier PodStatusMap |
(Optional)
Querier is a map to the per pod status of the querier deployment |
queryFrontend PodStatusMap |
(Optional)
QueryFrontend is a map to the per pod status of the query frontend deployment |
gateway PodStatusMap |
(Optional)
Gateway is a map to the per pod status of the lokistack gateway deployment. |
ruler PodStatusMap |
(Optional)
Ruler is a map to the per pod status of the lokistack ruler statefulset. |
LokiStackConditionReason
(string
alias)
LokiStackConditionReason defines the type for valid reasons of a Loki deployment conditions.
Value | Description |
---|---|
"FailedCertificateRotation" |
ReasonFailedCertificateRotation when the reconciler cannot rotate any of the required TLS certificates. |
"FailedComponents" |
ReasonFailedComponents when all/some LokiStack components fail to roll out. |
"InvalidGatewayTenantConfigMap" |
ReasonInvalidGatewayTenantConfigMap when the format of the configmap is invalid. |
"InvalidGatewayTenantSecret" |
ReasonInvalidGatewayTenantSecret when the format of the secret is invalid. |
"InvalidObjectStorageCAConfigMap" |
ReasonInvalidObjectStorageCAConfigMap when the format of the CA configmap is invalid. |
"InvalidObjectStorageSchema" |
ReasonInvalidObjectStorageSchema when the spec contains an invalid schema(s). |
"InvalidObjectStorageSecret" |
ReasonInvalidObjectStorageSecret when the format of the secret is invalid. |
"InvalidReplicationConfiguration" |
ReasonInvalidReplicationConfiguration when the configurated replication factor is not valid with the select cluster size. |
"InvalidRulerSecret" |
ReasonInvalidRulerSecret when the format of the ruler remote write authorization secret is invalid. |
"InvalidTenantsConfiguration" |
ReasonInvalidTenantsConfiguration when the tenant configuration provided is invalid. |
"MissingGatewayTenantAuthenticationConfig" |
ReasonMissingGatewayAuthenticationConfig when the config for when a tenant is missing authentication config |
"MissingGatewayOpenShiftBaseDomain" |
ReasonMissingGatewayOpenShiftBaseDomain when the reconciler cannot lookup the OpenShift DNS base domain. |
"MissingGatewayTenantConfigMap" |
ReasonMissingGatewayTenantConfigMap when the required tenant configmap for authentication is missing. |
"MissingGatewayTenantSecret" |
ReasonMissingGatewayTenantSecret when the required tenant secret for authentication is missing. |
"MissingObjectStorageCAConfigMap" |
ReasonMissingObjectStorageCAConfigMap when the required configmap to verify object storage certificates is missing. |
"MissingObjectStorageSecret" |
ReasonMissingObjectStorageSecret when the required secret to store logs to object storage is missing. |
"MissingRulerSecret" |
ReasonMissingRulerSecret when the required secret to authorization remote write connections for the ruler is missing. |
"MissingTokenCCOAuthenticationSecret" |
ReasonMissingTokenCCOAuthSecret when the secret generated by CCO for token authentication is missing. This is usually a transient error because the secret is not immediately available after creating the CredentialsRequest, but it can persist if the CCO or its configuration are incorrect. |
"PendingComponents" |
ReasonPendingComponents when all/some LokiStack components pending dependencies |
"ReasonQueryTimeoutInvalid" |
ReasonQueryTimeoutInvalid when the QueryTimeout can not be parsed. |
"ReadyComponents" |
ReasonReadyComponents when all LokiStack components are ready to serve traffic. |
"StorageNeedsSchemaUpdate" |
ReasonStorageNeedsSchemaUpdate when the object storage schema version is older than V13 |
"ReasonZoneAwareEmptyLabel" |
ReasonZoneAwareEmptyLabel when the node-label used for zone-awareness has an empty value. |
"ReasonZoneAwareNodesMissing" |
ReasonZoneAwareNodesMissing when the cluster does not contain any nodes with the labels needed for zone-awareness. |
LokiStackConditionType
(string
alias)
LokiStackConditionType deifnes the type of condition types of a Loki deployment.
Value | Description |
---|---|
"Degraded" |
ConditionDegraded defines the condition that some or all components in the Loki deployment are degraded or the cluster cannot connect to object storage. |
"Failed" |
ConditionFailed defines the condition that components in the Loki deployment failed to roll out. |
"Pending" |
ConditionPending defines the condition that some or all components are in pending state. |
"Ready" |
ConditionReady defines the condition that all components in the Loki deployment are ready. |
"Warning" |
ConditionWarning is used for configurations that are not recommended, but don’t currently cause issues. There can be multiple warning conditions active at a time. |
LokiStackSizeType
(string
alias)
(Appears on:LokiStackSpec)
LokiStackSizeType declares the type for loki cluster scale outs.
Value | Description |
---|---|
"1x.demo" |
SizeOneXDemo defines the size of a single Loki deployment with tiny resource requirements and without HA support. This size is intended to run in single-node clusters on laptops, it is only useful for very light testing, demonstrations, or prototypes. There are no ingestion/query performance guarantees. DO NOT USE THIS IN PRODUCTION! |
"1x.extra-small" |
SizeOneXExtraSmall defines the size of a single Loki deployment with extra small resources/limits requirements and HA support for all Loki components. This size is dedicated for setup without the requirement for single replication factor and auto-compaction. FIXME: Add clear description of ingestion/query performance expectations. |
"1x.medium" |
SizeOneXMedium defines the size of a single Loki deployment with small resources/limits requirements and HA support for all Loki components. This size is dedicated for setup with the requirement for single replication factor and auto-compaction. FIXME: Add clear description of ingestion/query performance expectations. |
"1x.pico" |
SizeOneXPico defines the size of a single Loki deployment with extra small resources/limits requirements and HA support for all Loki components. This size is dedicated for setup without the requirement for single replication factor and auto-compaction. FIXME: Add clear description of ingestion/query performance expectations. |
"1x.small" |
SizeOneXSmall defines the size of a single Loki deployment with small resources/limits requirements and HA support for all Loki components. This size is dedicated for setup without the requirement for single replication factor and auto-compaction. FIXME: Add clear description of ingestion/query performance expectations. |
LokiStackSpec
(Appears on:LokiStack)
LokiStackSpec defines the desired state of LokiStack
Field | Description |
---|---|
managementState ManagementStateType |
(Optional)
ManagementState defines if the CR should be managed by the operator or not. Default is managed. |
size LokiStackSizeType |
Size defines one of the support Loki deployment scale out sizes. |
hashRing HashRingSpec |
(Optional)
HashRing defines the spec for the distributed hash ring configuration. |
storage ObjectStorageSpec |
Storage defines the spec for the object storage endpoint to store logs. |
storageClassName string |
Storage class name defines the storage class for ingester/querier PVCs. |
proxy ClusterProxy |
(Optional)
Proxy defines the spec for the object proxy to configure cluster proxy information. |
replicationFactor int32 |
(Optional)
Deprecated: Please use replication.factor instead. This field will be removed in future versions of this CRD. ReplicationFactor defines the policy for log stream replication. |
replication ReplicationSpec |
(Optional)
Replication defines the configuration for Loki data replication. |
rules RulesSpec |
(Optional)
Rules defines the spec for the ruler component. |
limits LimitsSpec |
(Optional)
Limits defines the limits to be applied to log stream processing. |
template LokiTemplateSpec |
(Optional)
Template defines the resource/limits/tolerations/nodeselectors per component. |
tenants TenantsSpec |
(Optional)
Tenants defines the per-tenant authentication and authorization spec for the lokistack-gateway component. |
LokiStackStatus
(Appears on:LokiStack)
LokiStackStatus defines the observed state of LokiStack
Field | Description |
---|---|
components LokiStackComponentStatus |
(Optional)
Components provides summary of all Loki pod status grouped per component. |
storage LokiStackStorageStatus |
(Optional)
Storage provides summary of all changes that have occurred to the storage configuration. |
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions of the Loki deployment health. |
LokiStackStorageStatus
(Appears on:LokiStackStatus)
LokiStackStorageStatus defines the observed state of the Loki storage configuration.
Field | Description |
---|---|
schemas []ObjectStorageSchema |
(Optional)
Schemas is a list of schemas which have been applied to the LokiStack. |
credentialMode CredentialMode |
(Optional)
CredentialMode contains the authentication mode used for accessing the object storage. |
LokiTemplateSpec
(Appears on:LokiStackSpec)
LokiTemplateSpec defines the template of all requirements to configure scheduling of all Loki components to be deployed.
Field | Description |
---|---|
compactor LokiComponentSpec |
(Optional)
Compactor defines the compaction component spec. |
distributor LokiComponentSpec |
(Optional)
Distributor defines the distributor component spec. |
ingester LokiComponentSpec |
(Optional)
Ingester defines the ingester component spec. |
querier LokiComponentSpec |
(Optional)
Querier defines the querier component spec. |
queryFrontend LokiComponentSpec |
(Optional)
QueryFrontend defines the query frontend component spec. |
gateway LokiComponentSpec |
(Optional)
Gateway defines the lokistack gateway component spec. |
indexGateway LokiComponentSpec |
(Optional)
IndexGateway defines the index gateway component spec. |
ruler LokiComponentSpec |
(Optional)
Ruler defines the ruler component spec. |
MTLSSpec
(Appears on:AuthenticationSpec)
MTLSSpec specifies mTLS configuration parameters.
Field | Description |
---|---|
ca CASpec |
CA defines the spec for the custom CA for tenant’s authentication. |
ManagementStateType
(string
alias)
(Appears on:LokiStackSpec)
ManagementStateType defines the type for CR management states.
Value | Description |
---|---|
"Managed" |
ManagementStateManaged when the LokiStack custom resource should be reconciled by the operator. |
"Unmanaged" |
ManagementStateUnmanaged when the LokiStack custom resource should not be reconciled by the operator. |
MemberListSpec
(Appears on:HashRingSpec)
MemberListSpec defines the configuration for the memberlist based hash ring.
Field | Description |
---|---|
instanceAddrType InstanceAddrType |
(Optional)
InstanceAddrType defines the type of address to use to advertise to the ring. Defaults to the first address from any private network interfaces of the current pod. Alternatively the public pod IP can be used in case private networks (RFC 1918 and RFC 6598) are not available. |
enableIPv6 bool |
(Optional)
EnableIPv6 enables IPv6 support for the memberlist based hash ring. Currently this also forces the instanceAddrType to podIP to avoid local address lookup for the memberlist. |
ModeType
(string
alias)
(Appears on:TenantsSpec)
ModeType is the authentication/authorization mode in which LokiStack Gateway will be configured.
Value | Description |
---|---|
"dynamic" |
Dynamic mode delegates the authorization to a third-party OPA-compatible endpoint. |
"openshift-logging" |
OpenshiftLogging mode provides fully automatic OpenShift in-cluster authentication and authorization support for application, infrastructure and audit logs. |
"openshift-network" |
OpenshiftNetwork mode provides fully automatic OpenShift in-cluster authentication and authorization support for network logs only. |
"static" |
Static mode asserts the Authorization Spec’s Roles and RoleBindings using an in-process OpenPolicyAgent Rego authorizer. |
OIDCSpec
(Appears on:AuthenticationSpec)
OIDCSpec defines the oidc configuration spec for lokiStack Gateway component.
Field | Description |
---|---|
secret TenantSecretSpec |
Secret defines the spec for the clientID and clientSecret for tenant’s authentication. |
issuerCA CASpec |
(Optional)
IssuerCA defines the spec for the issuer CA for tenant’s authentication. |
issuerURL string |
IssuerURL defines the URL for issuer. |
redirectURL string |
(Optional)
RedirectURL defines the URL for redirect. |
groupClaim string |
(Optional)
Group claim field from ID Token |
usernameClaim string |
(Optional)
User claim field from ID Token |
OPASpec
(Appears on:AuthorizationSpec)
OPASpec defines the opa configuration spec for lokiStack Gateway component.
Field | Description |
---|---|
url string |
URL defines the third-party endpoint for authorization. |
OTLPAttributeReference
(Appears on:OTLPMetadataSpec, OTLPStreamLabelSpec)
Field | Description |
---|---|
name string |
Name contains either a verbatim name of an attribute or a regular expression matching many attributes. |
regex bool |
(Optional)
If Regex is true, then Name is treated as a regular expression instead of as a verbatim attribute name. |
OTLPMetadataSpec
(Appears on:OTLPSpec)
Field | Description |
---|---|
resourceAttributes []OTLPAttributeReference |
(Optional)
ResourceAttributes lists the names of resource attributes that should be included in structured metadata. |
scopeAttributes []OTLPAttributeReference |
(Optional)
ScopeAttributes lists the names of scope attributes that should be included in structured metadata. |
logAttributes []OTLPAttributeReference |
(Optional)
LogAttributes lists the names of log attributes that should be included in structured metadata. |
OTLPSpec
(Appears on:LimitsTemplateSpec, PerTenantLimitsTemplateSpec)
OTLPSpec defines which resource, scope and log attributes should be used as stream labels or stored as structured metadata.
Field | Description |
---|---|
streamLabels OTLPStreamLabelSpec |
(Optional)
StreamLabels configures which resource attributes are converted to Loki stream labels. |
structuredMetadata OTLPMetadataSpec |
(Optional)
StructuredMetadata configures which attributes are saved in structured metadata. |
OTLPStreamLabelSpec
(Appears on:OTLPSpec)
Field | Description |
---|---|
resourceAttributes []OTLPAttributeReference |
(Optional)
ResourceAttributes lists the names of the resource attributes that should be converted into Loki stream labels. |
ObjectStorageSchema
(Appears on:LokiStackStorageStatus, ObjectStorageSpec)
ObjectStorageSchema defines a schema version and the date when it will become effective.
Field | Description |
---|---|
version ObjectStorageSchemaVersion |
Version for writing and reading logs. |
effectiveDate StorageSchemaEffectiveDate |
EffectiveDate contains a date in YYYY-MM-DD format which is interpreted in the UTC time zone. The configuration always needs at least one schema that is currently valid. This means that when creating a new LokiStack it is recommended to add a schema with the latest available version and an effective date of “yesterday”. New schema versions added to the configuration always needs to be placed “in the future”, so that Loki can start using it once the day rolls over. |
ObjectStorageSchemaVersion
(string
alias)
(Appears on:ObjectStorageSchema)
ObjectStorageSchemaVersion defines the storage schema version which will be used with the Loki cluster.
Value | Description |
---|---|
"v11" |
ObjectStorageSchemaV11 when using v11 for the storage schema |
"v12" |
ObjectStorageSchemaV12 when using v12 for the storage schema |
"v13" |
ObjectStorageSchemaV13 when using v13 for the storage schema |
ObjectStorageSecretSpec
(Appears on:ObjectStorageSpec)
ObjectStorageSecretSpec is a secret reference containing name only, no namespace.
Field | Description |
---|---|
type ObjectStorageSecretType |
Type of object storage that should be used |
name string |
Name of a secret in the namespace configured for object storage secrets. |
credentialMode CredentialMode |
(Optional)
CredentialMode can be used to set the desired credential mode for authenticating with the object storage. If this is not set, then the operator tries to infer the credential mode from the provided secret and its own configuration. |
ObjectStorageSecretType
(string
alias)
(Appears on:ObjectStorageSecretSpec)
ObjectStorageSecretType defines the type of storage which can be used with the Loki cluster.
Value | Description |
---|---|
"alibabacloud" |
ObjectStorageSecretAlibabaCloud when using AlibabaCloud OSS for Loki storage |
"azure" |
ObjectStorageSecretAzure when using Azure for Loki storage |
"gcs" |
ObjectStorageSecretGCS when using GCS for Loki storage |
"s3" |
ObjectStorageSecretS3 when using S3 for Loki storage |
"swift" |
ObjectStorageSecretSwift when using Swift for Loki storage |
ObjectStorageSpec
(Appears on:LokiStackSpec)
ObjectStorageSpec defines the requirements to access the object storage bucket to persist logs by the ingester component.
Field | Description |
---|---|
schemas []ObjectStorageSchema |
(Optional)
Schemas for reading and writing logs. |
secret ObjectStorageSecretSpec |
Secret for object storage authentication. Name of a secret in the same namespace as the LokiStack custom resource. |
tls ObjectStorageTLSSpec |
(Optional)
TLS configuration for reaching the object storage endpoint. |
ObjectStorageTLSSpec
(Appears on:ObjectStorageSpec)
ObjectStorageTLSSpec is the TLS configuration for reaching the object storage endpoint.
Field | Description |
---|---|
caKey string |
(Optional)
Key is the data key of a ConfigMap containing a CA certificate. It needs to be in the same namespace as the LokiStack custom resource. If empty, it defaults to “service-ca.crt”. |
caName string |
CA is the name of a ConfigMap containing a CA certificate. It needs to be in the same namespace as the LokiStack custom resource. |
OpenshiftOTLPConfig
(Appears on:OpenshiftTenantSpec)
OpenshiftOTLPConfig defines configuration specific to users using OTLP together with an OpenShift tenancy mode.
Field | Description |
---|---|
disableRecommendedAttributes bool |
(Optional)
DisableRecommendedAttributes can be used to reduce the number of attributes used for stream labels and structured metadata. Enabling this setting removes the “recommended attributes” from the generated Loki configuration. This will cause meta information to not be available as stream labels or structured metadata, potentially making queries more expensive and less performant. Note that there is a set of “required attributes”, needed for OpenShift Logging to work properly. Those will be added to the configuration, even if this field is set to true. This option is supposed to be combined with a custom label configuration customizing the labels for the specific usecase. |
OpenshiftTenantSpec
(Appears on:TenantsSpec)
OpenshiftTenantSpec defines the configuration specific to Openshift modes.
Field | Description |
---|---|
adminGroups []string |
(Optional)
AdminGroups defines a list of groups, whose members are considered to have admin-privileges by the Loki Operator. Setting this to an empty array disables admin groups. By default the following groups are considered admin-groups: - system:cluster-admins - cluster-admin - dedicated-admin |
otlp OpenshiftOTLPConfig |
(Optional)
OTLP contains settings for ingesting data using OTLP in the OpenShift tenancy mode. |
PerTenantLimitsTemplateSpec
(Appears on:LimitsSpec)
PerTenantLimitsTemplateSpec defines the limits applied at ingestion or query path.
Field | Description |
---|---|
ingestion IngestionLimitSpec |
(Optional)
IngestionLimits defines the limits applied on ingested log streams. |
queries PerTenantQueryLimitSpec |
(Optional)
QueryLimits defines the limit applied on querying log streams. |
otlp OTLPSpec |
(Optional)
OTLP to configure which resource, scope and log attributes are stored as stream labels or structured metadata. Tenancy modes can provide a default OTLP configuration, when no custom OTLP configuration is set or even enforce the use of some required attributes. The per-tenant configuration for OTLP attributes will be merged with the global configuration. |
retention RetentionLimitSpec |
(Optional)
Retention defines how long logs are kept in storage. |
PerTenantQueryLimitSpec
(Appears on:PerTenantLimitsTemplateSpec)
PerTenantQueryLimitSpec defines the limits applied to per tenant query path.
Field | Description |
---|---|
QueryLimitSpec QueryLimitSpec |
|
blocked []BlockedQuerySpec |
(Optional)
Blocked defines the list of rules to block matching queries. |
PermissionType
(string
alias)
(Appears on:RoleSpec)
PermissionType is a LokiStack Gateway RBAC permission.
Value | Description |
---|---|
"read" |
Read gives access to read data from a tenant. |
"write" |
Write gives access to write data to a tenant. |
PodStatus
(string
alias)
PodStatus is a short description of the status a Pod can be in.
Value | Description |
---|---|
"Failed" |
PodFailed means that all containers in the pod have terminated, and at least one container has terminated in a failure (exited with a non-zero exit code or was stopped by the system). |
"Pending" |
PodPending means the pod has been accepted by the system, but one or more of the containers has not been started. This includes time before being bound to a node, as well as time spent pulling images onto the host. |
"Ready" |
PodReady means the pod has been started and the readiness probe reports a successful status. |
"Running" |
PodRunning means the pod has been bound to a node and all of the containers have been started. At least one container is still running or is in the process of being restarted. |
"Unknown" |
PodStatusUnknown is used when none of the other statuses apply or the information is not ready yet. |
PodStatusMap
(map[github.com/grafana/loki/operator/api/loki/v1.PodStatus][]string
alias)
(Appears on:LokiStackComponentStatus)
PodStatusMap defines the type for mapping pod status to pod name.
PrometheusDuration
(string
alias)
(Appears on:AlertManagerDiscoverySpec, AlertManagerNotificationQueueSpec, AlertingRuleGroup, AlertingRuleGroupSpec, RecordingRuleGroup, RemoteWriteClientQueueSpec, RemoteWriteClientSpec, RemoteWriteSpec, RulerConfigSpec)
PrometheusDuration defines the type for Prometheus durations.
QueryLimitSpec
(Appears on:LimitsTemplateSpec, PerTenantQueryLimitSpec)
QueryLimitSpec defines the limits applies at the query path.
Field | Description |
---|---|
maxEntriesLimitPerQuery int32 |
(Optional)
MaxEntriesLimitsPerQuery defines the maximum number of log entries that will be returned for a query. |
maxChunksPerQuery int32 |
(Optional)
MaxChunksPerQuery defines the maximum number of chunks that can be fetched by a single query. |
maxQuerySeries int32 |
MaxQuerySeries defines the maximum of unique series that is returned by a metric query. |
queryTimeout string |
(Optional)
Timeout when querying ingesters or storage during the execution of a query request. |
cardinalityLimit int32 |
(Optional)
CardinalityLimit defines the cardinality limit for index queries. |
maxVolumeSeries int32 |
(Optional)
MaxVolumeSeries defines the maximum number of aggregated series in a log-volume response |
RecordingRule
RecordingRule is the Schema for the recordingrules API
Field | Description |
---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
spec RecordingRuleSpec |
|
status RecordingRuleStatus |
RecordingRuleGroup
(Appears on:RecordingRuleSpec)
RecordingRuleGroup defines a group of Loki recording rules.
Field | Description |
---|---|
name string |
Name of the recording rule group. Must be unique within all recording rules. |
interval PrometheusDuration |
(Optional)
Interval defines the time interval between evaluation of the given recoding rule. |
limit int32 |
(Optional)
Limit defines the number of series a recording rule can produce. 0 is no limit. |
rules []*RecordingRuleGroupSpec |
Rules defines a list of recording rules |
RecordingRuleGroupSpec
(Appears on:RecordingRuleGroup)
RecordingRuleGroupSpec defines the spec for a Loki recording rule.
Field | Description |
---|---|
record string |
(Optional)
The name of the time series to output to. Must be a valid metric name. |
expr string |
The LogQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending/firing alerts. |
labels map[string]string |
(Optional)
Labels to add to each recording rule. |
RecordingRuleSpec
(Appears on:RecordingRule)
RecordingRuleSpec defines the desired state of RecordingRule
Field | Description |
---|---|
tenantID string |
TenantID of tenant where the recording rules are evaluated in. |
groups []*RecordingRuleGroup |
(Optional)
List of groups for recording rules. |
RecordingRuleStatus
(Appears on:RecordingRule)
RecordingRuleStatus defines the observed state of RecordingRule
Field | Description |
---|---|
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions of the RecordingRule generation health. |
RelabelActionType
(string
alias)
(Appears on:RelabelConfig)
RelabelActionType defines the enumeration type for RelabelConfig actions.
RelabelConfig
(Appears on:AlertManagerSpec, RemoteWriteClientSpec)
RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion.
It defines <metric_relabel_configs>
and <alert_relabel_configs>
sections of Prometheus configuration.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
Field | Description |
---|---|
sourceLabels []string |
The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. |
separator string |
(Optional)
Separator placed between concatenated source label values. default is ‘;’. |
targetLabel string |
(Optional)
Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. |
regex string |
(Optional)
Regular expression against which the extracted value is matched. Default is ‘(.*)’ |
modulus uint64 |
(Optional)
Modulus to take of the hash of the source label values. |
replacement string |
(Optional)
Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is ‘$1’ |
action RelabelActionType |
(Optional)
Action to perform based on regex matching. Default is ‘replace’ |
RemoteWriteAuthType
(string
alias)
(Appears on:RemoteWriteClientSpec)
RemoteWriteAuthType defines the type of authorization to use to access the remote write endpoint.
Value | Description |
---|---|
"basic" |
BasicAuthorization defines the remote write client to use HTTP basic authorization. |
"bearer" |
BearerAuthorization defines the remote write client to use HTTP bearer authorization. |
RemoteWriteClientQueueSpec
(Appears on:RemoteWriteSpec)
RemoteWriteClientQueueSpec defines the configuration of the remote write client queue.
Field | Description |
---|---|
capacity int32 |
(Optional)
Number of samples to buffer per shard before we block reading of more |
maxShards int32 |
(Optional)
Maximum number of shards, i.e. amount of concurrency. |
minShards int32 |
(Optional)
Minimum number of shards, i.e. amount of concurrency. |
maxSamplesPerSend int32 |
(Optional)
Maximum number of samples per send. |
batchSendDeadline PrometheusDuration |
(Optional)
Maximum time a sample will wait in buffer. |
minBackOffPeriod PrometheusDuration |
(Optional)
Initial retry delay. Gets doubled for every retry. |
maxBackOffPeriod PrometheusDuration |
(Optional)
Maximum retry delay. |
RemoteWriteClientSpec
(Appears on:RemoteWriteSpec)
RemoteWriteClientSpec defines the configuration of the remote write client.
Field | Description |
---|---|
name string |
Name of the remote write config, which if specified must be unique among remote write configs. |
url string |
The URL of the endpoint to send samples to. |
timeout PrometheusDuration |
(Optional)
Timeout for requests to the remote write endpoint. |
authorization RemoteWriteAuthType |
Type of authorzation to use to access the remote write endpoint |
authorizationSecretName string |
Name of a secret in the namespace configured for authorization secrets. |
additionalHeaders map[string]string |
(Optional)
Additional HTTP headers to be sent along with each remote write request. |
relabelConfigs []RelabelConfig |
(Optional)
List of remote write relabel configurations. |
proxyUrl string |
(Optional)
Optional proxy URL. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
RemoteWriteSpec
(Appears on:RulerConfigSpec)
RemoteWriteSpec defines the configuration for ruler’s remote_write connectivity.
Field | Description |
---|---|
enabled bool |
(Optional)
Enable remote-write functionality. |
refreshPeriod PrometheusDuration |
(Optional)
Minimum period to wait between refreshing remote-write reconfigurations. |
client RemoteWriteClientSpec |
(Optional)
Defines the configuration for remote write client. |
queue RemoteWriteClientQueueSpec |
(Optional)
Defines the configuration for remote write client queue. |
ReplicationSpec
(Appears on:LokiStackSpec)
Field | Description |
---|---|
factor int32 |
(Optional)
Factor defines the policy for log stream replication. |
zones []ZoneSpec |
(Optional)
Zones defines an array of ZoneSpec that the scheduler will try to satisfy. IMPORTANT: Make sure that the replication factor defined is less than or equal to the number of available zones. |
RetentionLimitSpec
(Appears on:LimitsTemplateSpec, PerTenantLimitsTemplateSpec)
RetentionLimitSpec controls how long logs will be kept in storage.
Field | Description |
---|---|
days uint |
Days contains the number of days logs are kept. |
streams []*RetentionStreamSpec |
(Optional)
Stream defines the log stream. |
RetentionStreamSpec
(Appears on:RetentionLimitSpec)
RetentionStreamSpec defines a log stream with separate retention time.
Field | Description |
---|---|
days uint |
Days contains the number of days logs are kept. |
priority uint32 |
(Optional)
Priority defines the priority of this selector compared to other retention rules. |
selector string |
Selector contains the LogQL query used to define the log stream. |
RoleBindingsSpec
(Appears on:AuthorizationSpec)
RoleBindingsSpec binds a set of roles to a set of subjects.
Field | Description |
---|---|
name string |
|
subjects []Subject |
|
roles []string |
RoleSpec
(Appears on:AuthorizationSpec)
RoleSpec describes a set of permissions to interact with a tenant.
Field | Description |
---|---|
name string |
|
resources []string |
|
tenants []string |
|
permissions []PermissionType |
RulerConfig
RulerConfig is the Schema for the rulerconfigs API
Field | Description |
---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
spec RulerConfigSpec |
|
status RulerConfigStatus |
RulerConfigSpec
(Appears on:RulerConfig)
RulerConfigSpec defines the desired state of Ruler
Field | Description |
---|---|
evaluationInterval PrometheusDuration |
(Optional)
Interval on how frequently to evaluate rules. |
pollInterval PrometheusDuration |
(Optional)
Interval on how frequently to poll for new rule definitions. |
alertmanager AlertManagerSpec |
(Optional)
Defines alert manager configuration to notify on firing alerts. |
remoteWrite RemoteWriteSpec |
(Optional)
Defines a remote write endpoint to write recording rule metrics. |
overrides map[string]github.com/grafana/loki/operator/api/loki/v1.RulerOverrides |
(Optional)
Overrides defines the config overrides to be applied per-tenant. |
RulerConfigStatus
(Appears on:RulerConfig)
RulerConfigStatus defines the observed state of RulerConfig
Field | Description |
---|---|
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions of the RulerConfig health. |
RulerOverrides
(Appears on:RulerConfigSpec)
RulerOverrides defines the overrides applied per-tenant.
Field | Description |
---|---|
alertmanager AlertManagerSpec |
(Optional)
AlertManagerOverrides defines the overrides to apply to the alertmanager config. |
RulesSpec
(Appears on:LokiStackSpec)
RulesSpec defines the spec for the ruler component.
Field | Description |
---|---|
enabled bool |
Enabled defines a flag to enable/disable the ruler component |
selector Kubernetes meta/v1.LabelSelector |
(Optional)
A selector to select which LokiRules to mount for loading alerting/recording rules from. |
namespaceSelector Kubernetes meta/v1.LabelSelector |
(Optional)
Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the LokiStack object is in is used. |
StorageSchemaEffectiveDate
(string
alias)
(Appears on:ObjectStorageSchema)
StorageSchemaEffectiveDate defines the type for the Storage Schema Effect Date
Subject
(Appears on:RoleBindingsSpec)
Subject represents a subject that has been bound to a role.
Field | Description |
---|---|
name string |
|
kind SubjectKind |
SubjectKind
(string
alias)
(Appears on:Subject)
SubjectKind is a kind of LokiStack Gateway RBAC subject.
Value | Description |
---|---|
"group" |
Group represents a subject that is a group. |
"user" |
User represents a subject that is a user. |
TenantSecretSpec
(Appears on:OIDCSpec)
TenantSecretSpec is a secret reference containing name only for a secret living in the same namespace as the LokiStack custom resource.
Field | Description |
---|---|
name string |
Name of a secret in the namespace configured for tenant secrets. |
TenantsSpec
(Appears on:LokiStackSpec)
TenantsSpec defines the mode, authentication and authorization configuration of the lokiStack gateway component.
Field | Description |
---|---|
mode ModeType |
Mode defines the mode in which lokistack-gateway component will be configured. |
authentication []AuthenticationSpec |
(Optional)
Authentication defines the lokistack-gateway component authentication configuration spec per tenant. |
authorization AuthorizationSpec |
(Optional)
Authorization defines the lokistack-gateway component authorization configuration spec per tenant. |
openshift OpenshiftTenantSpec |
(Optional)
Openshift defines the configuration specific to Openshift modes. |
ZoneSpec
(Appears on:ReplicationSpec)
ZoneSpec defines the spec to support zone-aware component deployments.
Field | Description |
---|---|
maxSkew int |
MaxSkew describes the maximum degree to which Pods can be unevenly distributed. |
topologyKey string |
TopologyKey is the key that defines a topology in the Nodes’ labels. |
loki.grafana.com/v1beta1
Package v1beta1 contains API Schema definitions for the loki v1beta1 API group
AlertManagerClientBasicAuth
(Appears on:AlertManagerClientConfig)
AlertManagerClientBasicAuth defines the basic authentication configuration for reaching alertmanager endpoints.
Field | Description |
---|---|
username string |
(Optional)
The subject’s username for the basic authentication configuration. |
password string |
(Optional)
The subject’s password for the basic authentication configuration. |
AlertManagerClientConfig
(Appears on:AlertManagerSpec)
AlertManagerClientConfig defines the client configuration for reaching alertmanager endpoints.
Field | Description |
---|---|
tls AlertManagerClientTLSConfig |
(Optional)
TLS configuration for reaching the alertmanager endpoints. |
headerAuth AlertManagerClientHeaderAuth |
(Optional)
Header authentication configuration for reaching the alertmanager endpoints. |
basicAuth AlertManagerClientBasicAuth |
(Optional)
Basic authentication configuration for reaching the alertmanager endpoints. |
AlertManagerClientHeaderAuth
(Appears on:AlertManagerClientConfig)
AlertManagerClientHeaderAuth defines the header configuration reaching alertmanager endpoints.
Field | Description |
---|---|
type string |
(Optional)
The authentication type for the header authentication configuration. |
credentials string |
(Optional)
The credentials for the header authentication configuration. |
credentialsFile string |
(Optional)
The credentials file for the Header authentication configuration. It is mutually exclusive with |
AlertManagerClientTLSConfig
(Appears on:AlertManagerClientConfig)
AlertManagerClientTLSConfig defines the TLS configuration for reaching alertmanager endpoints.
Field | Description |
---|---|
caPath string |
(Optional)
The CA certificate file path for the TLS configuration. |
serverName string |
(Optional)
The server name to validate in the alertmanager server certificates. |
certPath string |
(Optional)
The client-side certificate file path for the TLS configuration. |
keyPath string |
(Optional)
The client-side key file path for the TLS configuration. |
AlertManagerDiscoverySpec
(Appears on:AlertManagerSpec)
AlertManagerDiscoverySpec defines the configuration to use DNS resolution for AlertManager hosts.
Field | Description |
---|---|
enableSRV bool |
(Optional)
Use DNS SRV records to discover Alertmanager hosts. |
refreshInterval PrometheusDuration |
(Optional)
How long to wait between refreshing DNS resolutions of Alertmanager hosts. |
AlertManagerNotificationQueueSpec
(Appears on:AlertManagerSpec)
AlertManagerNotificationQueueSpec defines the configuration for AlertManager notification settings.
Field | Description |
---|---|
capacity int32 |
(Optional)
Capacity of the queue for notifications to be sent to the Alertmanager. |
timeout PrometheusDuration |
(Optional)
HTTP timeout duration when sending notifications to the Alertmanager. |
forOutageTolerance PrometheusDuration |
(Optional)
Max time to tolerate outage for restoring “for” state of alert. |
forGracePeriod PrometheusDuration |
(Optional)
Minimum duration between alert and restored “for” state. This is maintained only for alerts with configured “for” time greater than the grace period. |
resendDelay PrometheusDuration |
(Optional)
Minimum amount of time to wait before resending an alert to Alertmanager. |
AlertManagerSpec
(Appears on:RulerConfigSpec, RulerOverrides)
AlertManagerSpec defines the configuration for ruler’s alertmanager connectivity.
Field | Description |
---|---|
externalUrl string |
(Optional)
URL for alerts return path. |
externalLabels map[string]string |
(Optional)
Additional labels to add to all alerts. |
enableV2 bool |
(Optional)
If enabled, then requests to Alertmanager use the v2 API. |
endpoints []string |
List of AlertManager URLs to send notifications to. Each Alertmanager URL is treated as a separate group in the configuration. Multiple Alertmanagers in HA per group can be supported by using DNS resolution (See EnableDNSDiscovery). |
discovery AlertManagerDiscoverySpec |
(Optional)
Defines the configuration for DNS-based discovery of AlertManager hosts. |
notificationQueue AlertManagerNotificationQueueSpec |
(Optional)
Defines the configuration for the notification queue to AlertManager hosts. |
relabelConfigs []RelabelConfig |
(Optional)
List of alert relabel configurations. |
client AlertManagerClientConfig |
(Optional)
Client configuration for reaching the alertmanager endpoint. |
AlertingRule
AlertingRule is the Schema for the alertingrules API
Field | Description |
---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
spec AlertingRuleSpec |
|
status AlertingRuleStatus |
AlertingRuleGroup
(Appears on:AlertingRuleSpec)
AlertingRuleGroup defines a group of Loki alerting rules.
Field | Description |
---|---|
name string |
Name of the alerting rule group. Must be unique within all alerting rules. |
interval PrometheusDuration |
(Optional)
Interval defines the time interval between evaluation of the given alerting rule. |
limit int32 |
(Optional)
Limit defines the number of alerts an alerting rule can produce. 0 is no limit. |
rules []*AlertingRuleGroupSpec |
Rules defines a list of alerting rules |
AlertingRuleGroupSpec
(Appears on:AlertingRuleGroup)
AlertingRuleGroupSpec defines the spec for a Loki alerting rule.
Field | Description |
---|---|
alert string |
(Optional)
The name of the alert. Must be a valid label value. |
expr string |
The LogQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending/firing alerts. |
for PrometheusDuration |
(Optional)
Alerts are considered firing once they have been returned for this long. Alerts which have not yet fired for long enough are considered pending. |
annotations map[string]string |
(Optional)
Annotations to add to each alert. |
labels map[string]string |
(Optional)
Labels to add to each alert. |
AlertingRuleSpec
(Appears on:AlertingRule)
AlertingRuleSpec defines the desired state of AlertingRule
Field | Description |
---|---|
tenantID string |
TenantID of tenant where the alerting rules are evaluated in. |
groups []*AlertingRuleGroup |
(Optional)
List of groups for alerting rules. |
AlertingRuleStatus
(Appears on:AlertingRule)
AlertingRuleStatus defines the observed state of AlertingRule
Field | Description |
---|---|
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions of the AlertingRule generation health. |
AuthenticationSpec
(Appears on:TenantsSpec)
AuthenticationSpec defines the oidc configuration per tenant for lokiStack Gateway component.
Field | Description |
---|---|
tenantName string |
TenantName defines the name of the tenant. |
tenantId string |
TenantID defines the id of the tenant. |
oidc OIDCSpec |
OIDC defines the spec for the OIDC tenant’s authentication. |
AuthorizationSpec
(Appears on:TenantsSpec)
AuthorizationSpec defines the opa, role bindings and roles configuration per tenant for lokiStack Gateway component.
Field | Description |
---|---|
opa OPASpec |
(Optional)
OPA defines the spec for the third-party endpoint for tenant’s authorization. |
roles []RoleSpec |
(Optional)
Roles defines a set of permissions to interact with a tenant. |
roleBindings []RoleBindingsSpec |
(Optional)
RoleBindings defines configuration to bind a set of roles to a set of subjects. |
IngestionLimitSpec
(Appears on:LimitsTemplateSpec)
IngestionLimitSpec defines the limits applied at the ingestion path.
Field | Description |
---|---|
ingestionRate int32 |
(Optional)
IngestionRate defines the sample size per second. Units MB. |
ingestionBurstSize int32 |
(Optional)
IngestionBurstSize defines the local rate-limited sample size per distributor replica. It should be set to the set at least to the maximum logs size expected in a single push request. |
maxLabelNameLength int32 |
(Optional)
MaxLabelNameLength defines the maximum number of characters allowed for label keys in log streams. |
maxLabelValueLength int32 |
(Optional)
MaxLabelValueLength defines the maximum number of characters allowed for label values in log streams. |
maxLabelNamesPerSeries int32 |
(Optional)
MaxLabelNamesPerSeries defines the maximum number of label names per series in each log stream. |
maxGlobalStreamsPerTenant int32 |
(Optional)
MaxGlobalStreamsPerTenant defines the maximum number of active streams per tenant, across the cluster. |
maxLineSize int32 |
(Optional)
MaxLineSize defines the maximum line size on ingestion path. Units in Bytes. |
LimitsSpec
(Appears on:LokiStackSpec)
LimitsSpec defines the spec for limits applied at ingestion or query path across the cluster or per tenant. It also defines the per-tenant configuration overrides.
Field | Description |
---|---|
global LimitsTemplateSpec |
(Optional)
Global defines the limits applied globally across the cluster. |
tenants map[string]github.com/grafana/loki/operator/api/loki/v1beta1.LimitsTemplateSpec |
(Optional)
Tenants defines the limits and overrides applied per tenant. |
LimitsTemplateSpec
(Appears on:LimitsSpec)
LimitsTemplateSpec defines the limits and overrides applied per-tenant.
Field | Description |
---|---|
ingestion IngestionLimitSpec |
(Optional)
IngestionLimits defines the limits applied on ingested log streams. |
queries QueryLimitSpec |
(Optional)
QueryLimits defines the limit applied on querying log streams. |
LokiComponentSpec
(Appears on:LokiTemplateSpec)
LokiComponentSpec defines the requirements to configure scheduling of each loki component individually.
Field | Description |
---|---|
replicas int32 |
(Optional)
Replicas defines the number of replica pods of the component. |
nodeSelector map[string]string |
(Optional)
NodeSelector defines the labels required by a node to schedule the component onto it. |
tolerations []Kubernetes core/v1.Toleration |
(Optional)
Tolerations defines the tolerations required by a node to schedule the component onto it. |
LokiStack
LokiStack is the Schema for the lokistacks API
Field | Description |
---|---|
spec LokiStackSpec |
|
status LokiStackStatus |
|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
LokiStackComponentStatus
(Appears on:LokiStackStatus)
LokiStackComponentStatus defines the map of per pod status per LokiStack component. Each component is represented by a separate map of v1.Phase to a list of pods.
Field | Description |
---|---|
compactor PodStatusMap |
(Optional)
Compactor is a map to the pod status of the compactor pod. |
distributor PodStatusMap |
(Optional)
Distributor is a map to the per pod status of the distributor deployment |
indexGateway PodStatusMap |
(Optional)
IndexGateway is a map to the per pod status of the index gateway statefulset |
ingester PodStatusMap |
(Optional)
Ingester is a map to the per pod status of the ingester statefulset |
querier PodStatusMap |
(Optional)
Querier is a map to the per pod status of the querier deployment |
queryFrontend PodStatusMap |
(Optional)
QueryFrontend is a map to the per pod status of the query frontend deployment |
gateway PodStatusMap |
(Optional)
Gateway is a map to the per pod status of the lokistack gateway deployment. |
ruler PodStatusMap |
(Optional)
Ruler is a map to the per pod status of the lokistack ruler statefulset. |
LokiStackConditionReason
(string
alias)
LokiStackConditionReason defines the type for valid reasons of a Loki deployment conditions.
Value | Description |
---|---|
"FailedComponents" |
ReasonFailedComponents when all/some LokiStack components fail to roll out. |
"InvalidGatewayTenantSecret" |
ReasonInvalidGatewayTenantSecret when the format of the secret is invalid. |
"InvalidObjectStorageCAConfigMap" |
ReasonInvalidObjectStorageCAConfigMap when the format of the CA configmap is invalid. |
"InvalidObjectStorageSchema" |
ReasonInvalidObjectStorageSchema when the spec contains an invalid schema(s). |
"InvalidObjectStorageSecret" |
ReasonInvalidObjectStorageSecret when the format of the secret is invalid. |
"InvalidReplicationConfiguration" |
ReasonInvalidReplicationConfiguration when the configurated replication factor is not valid with the select cluster size. |
"InvalidRulerSecret" |
ReasonInvalidRulerSecret when the format of the ruler remote write authorization secret is invalid. |
"InvalidTenantsConfiguration" |
ReasonInvalidTenantsConfiguration when the tenant configuration provided is invalid. |
"MissingGatewayOpenShiftBaseDomain" |
ReasonMissingGatewayOpenShiftBaseDomain when the reconciler cannot lookup the OpenShift DNS base domain. |
"MissingGatewayTenantSecret" |
ReasonMissingGatewayTenantSecret when the required tenant secret for authentication is missing. |
"MissingObjectStorageCAConfigMap" |
ReasonMissingObjectStorageCAConfigMap when the required configmap to verify object storage certificates is missing. |
"MissingObjectStorageSecret" |
ReasonMissingObjectStorageSecret when the required secret to store logs to object storage is missing. |
"MissingRulerSecret" |
ReasonMissingRulerSecret when the required secret to authorization remote write connections for the ruler is missing. |
"PendingComponents" |
ReasonPendingComponents when all/some LokiStack components pending dependencies |
"ReadyComponents" |
ReasonReadyComponents when all LokiStack components are ready to serve traffic. |
LokiStackConditionType
(string
alias)
LokiStackConditionType deifnes the type of condition types of a Loki deployment.
Value | Description |
---|---|
"Degraded" |
ConditionDegraded defines the condition that some or all components in the Loki deployment are degraded or the cluster cannot connect to object storage. |
"Failed" |
ConditionFailed defines the condition that components in the Loki deployment failed to roll out. |
"Pending" |
ConditionPending defines the condition that some or all components are in pending state. |
"Ready" |
ConditionReady defines the condition that all components in the Loki deployment are ready. |
LokiStackSizeType
(string
alias)
(Appears on:LokiStackSpec)
LokiStackSizeType declares the type for loki cluster scale outs.
Value | Description |
---|---|
"1x.extra-small" |
SizeOneXExtraSmall defines the size of a single Loki deployment with extra small resources/limits requirements and without HA support. This size is ultimately dedicated for development and demo purposes. DO NOT USE THIS IN PRODUCTION! FIXME: Add clear description of ingestion/query performance expectations. |
"1x.medium" |
SizeOneXMedium defines the size of a single Loki deployment with small resources/limits requirements and HA support for all Loki components. This size is dedicated for setup with the requirement for single replication factor and auto-compaction. FIXME: Add clear description of ingestion/query performance expectations. |
"1x.small" |
SizeOneXSmall defines the size of a single Loki deployment with small resources/limits requirements and HA support for all Loki components. This size is dedicated for setup without the requirement for single replication factor and auto-compaction. FIXME: Add clear description of ingestion/query performance expectations. |
LokiStackSpec
(Appears on:LokiStack)
LokiStackSpec defines the desired state of LokiStack
Field | Description |
---|---|
managementState ManagementStateType |
ManagementState defines if the CR should be managed by the operator or not. Default is managed. |
size LokiStackSizeType |
Size defines one of the support Loki deployment scale out sizes. |
storage ObjectStorageSpec |
Storage defines the spec for the object storage endpoint to store logs. |
storageClassName string |
Storage class name defines the storage class for ingester/querier PVCs. |
replicationFactor int32 |
(Optional)
ReplicationFactor defines the policy for log stream replication. |
rules RulesSpec |
(Optional)
Rules defines the spec for the ruler component |
limits LimitsSpec |
(Optional)
Limits defines the per-tenant limits to be applied to log stream processing and the per-tenant the config overrides. |
template LokiTemplateSpec |
(Optional)
Template defines the resource/limits/tolerations/nodeselectors per component |
tenants TenantsSpec |
(Optional)
Tenants defines the per-tenant authentication and authorization spec for the lokistack-gateway component. |
LokiStackStatus
(Appears on:LokiStack)
LokiStackStatus defines the observed state of LokiStack
Field | Description |
---|---|
components LokiStackComponentStatus |
(Optional)
Components provides summary of all Loki pod status grouped per component. |
storage LokiStackStorageStatus |
(Optional)
Storage provides summary of all changes that have occurred to the storage configuration. |
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions of the Loki deployment health. |
LokiStackStorageStatus
(Appears on:LokiStackStatus)
LokiStackStorageStatus defines the observed state of the Loki storage configuration.
Field | Description |
---|---|
schemas []ObjectStorageSchema |
(Optional)
Schemas is a list of schemas which have been applied to the LokiStack. |
LokiTemplateSpec
(Appears on:LokiStackSpec)
LokiTemplateSpec defines the template of all requirements to configure scheduling of all Loki components to be deployed.
Field | Description |
---|---|
compactor LokiComponentSpec |
(Optional)
Compactor defines the compaction component spec. |
distributor LokiComponentSpec |
(Optional)
Distributor defines the distributor component spec. |
ingester LokiComponentSpec |
(Optional)
Ingester defines the ingester component spec. |
querier LokiComponentSpec |
(Optional)
Querier defines the querier component spec. |
queryFrontend LokiComponentSpec |
(Optional)
QueryFrontend defines the query frontend component spec. |
gateway LokiComponentSpec |
(Optional)
Gateway defines the lokistack gateway component spec. |
indexGateway LokiComponentSpec |
(Optional)
IndexGateway defines the index gateway component spec. |
ruler LokiComponentSpec |
(Optional)
Ruler defines the ruler component spec. |
ManagementStateType
(string
alias)
(Appears on:LokiStackSpec)
ManagementStateType defines the type for CR management states.
Value | Description |
---|---|
"Managed" |
ManagementStateManaged when the LokiStack custom resource should be reconciled by the operator. |
"Unmanaged" |
ManagementStateUnmanaged when the LokiStack custom resource should not be reconciled by the operator. |
ModeType
(string
alias)
(Appears on:TenantsSpec)
ModeType is the authentication/authorization mode in which LokiStack Gateway will be configured.
Value | Description |
---|---|
"dynamic" |
Dynamic mode delegates the authorization to a third-party OPA-compatible endpoint. |
"openshift-logging" |
OpenshiftLogging mode provides fully automatic OpenShift in-cluster authentication and authorization support. |
"static" |
Static mode asserts the Authorization Spec’s Roles and RoleBindings using an in-process OpenPolicyAgent Rego authorizer. |
OIDCSpec
(Appears on:AuthenticationSpec)
OIDCSpec defines the oidc configuration spec for lokiStack Gateway component.
Field | Description |
---|---|
secret TenantSecretSpec |
Secret defines the spec for the clientID, clientSecret and issuerCAPath for tenant’s authentication. |
issuerURL string |
IssuerURL defines the URL for issuer. |
redirectURL string |
(Optional)
RedirectURL defines the URL for redirect. |
groupClaim string |
(Optional)
Group claim field from ID Token |
usernameClaim string |
(Optional)
User claim field from ID Token |
OPASpec
(Appears on:AuthorizationSpec)
OPASpec defines the opa configuration spec for lokiStack Gateway component.
Field | Description |
---|---|
url string |
URL defines the third-party endpoint for authorization. |
ObjectStorageSchema
(Appears on:LokiStackStorageStatus, ObjectStorageSpec)
ObjectStorageSchema defines the requirements needed to configure a new storage schema.
Field | Description |
---|---|
version ObjectStorageSchemaVersion |
Version for writing and reading logs. |
effectiveDate StorageSchemaEffectiveDate |
EffectiveDate is the date in UTC that the schema will be applied on. To ensure readibility of logs, this date should be before the current date in UTC. |
ObjectStorageSchemaVersion
(string
alias)
(Appears on:ObjectStorageSchema)
ObjectStorageSchemaVersion defines the storage schema version which will be used with the Loki cluster.
Value | Description |
---|---|
"v11" |
ObjectStorageSchemaV11 when using v11 for the storage schema |
"v12" |
ObjectStorageSchemaV12 when using v12 for the storage schema |
ObjectStorageSecretSpec
(Appears on:ObjectStorageSpec)
ObjectStorageSecretSpec is a secret reference containing name only, no namespace.
Field | Description |
---|---|
type ObjectStorageSecretType |
Type of object storage that should be used |
name string |
Name of a secret in the namespace configured for object storage secrets. |
ObjectStorageSecretType
(string
alias)
(Appears on:ObjectStorageSecretSpec)
ObjectStorageSecretType defines the type of storage which can be used with the Loki cluster.
Value | Description |
---|---|
"azure" |
ObjectStorageSecretAzure when using Azure for Loki storage |
"gcs" |
ObjectStorageSecretGCS when using GCS for Loki storage |
"s3" |
ObjectStorageSecretS3 when using S3 for Loki storage |
"swift" |
ObjectStorageSecretSwift when using Swift for Loki storage |
ObjectStorageSpec
(Appears on:LokiStackSpec)
ObjectStorageSpec defines the requirements to access the object storage bucket to persist logs by the ingester component.
Field | Description |
---|---|
schemas []ObjectStorageSchema |
(Optional)
Schemas for reading and writing logs. |
secret ObjectStorageSecretSpec |
Secret for object storage authentication. Name of a secret in the same namespace as the LokiStack custom resource. |
tls ObjectStorageTLSSpec |
(Optional)
TLS configuration for reaching the object storage endpoint. |
ObjectStorageTLSSpec
(Appears on:ObjectStorageSpec)
ObjectStorageTLSSpec is the TLS configuration for reaching the object storage endpoint.
Field | Description |
---|---|
caName string |
(Optional)
CA is the name of a ConfigMap containing a CA certificate. It needs to be in the same namespace as the LokiStack custom resource. |
PermissionType
(string
alias)
(Appears on:RoleSpec)
PermissionType is a LokiStack Gateway RBAC permission.
Value | Description |
---|---|
"read" |
Read gives access to read data from a tenant. |
"write" |
Write gives access to write data to a tenant. |
PodStatusMap
(map[k8s.io/api/core/v1.PodPhase][]string
alias)
(Appears on:LokiStackComponentStatus)
PodStatusMap defines the type for mapping pod status to pod name.
PrometheusDuration
(string
alias)
(Appears on:AlertManagerDiscoverySpec, AlertManagerNotificationQueueSpec, AlertingRuleGroup, AlertingRuleGroupSpec, RecordingRuleGroup, RemoteWriteClientQueueSpec, RemoteWriteClientSpec, RemoteWriteSpec, RulerConfigSpec)
PrometheusDuration defines the type for Prometheus durations.
QueryLimitSpec
(Appears on:LimitsTemplateSpec)
QueryLimitSpec defines the limits applies at the query path.
Field | Description |
---|---|
maxEntriesLimitPerQuery int32 |
(Optional)
MaxEntriesLimitsPerQuery defines the maximum number of log entries that will be returned for a query. |
maxChunksPerQuery int32 |
(Optional)
MaxChunksPerQuery defines the maximum number of chunks that can be fetched by a single query. |
maxQuerySeries int32 |
MaxQuerySeries defines the maximum of unique series that is returned by a metric query. |
RecordingRule
RecordingRule is the Schema for the recordingrules API
Field | Description |
---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
spec RecordingRuleSpec |
|
status RecordingRuleStatus |
RecordingRuleGroup
(Appears on:RecordingRuleSpec)
RecordingRuleGroup defines a group of Loki recording rules.
Field | Description |
---|---|
name string |
Name of the recording rule group. Must be unique within all recording rules. |
interval PrometheusDuration |
(Optional)
Interval defines the time interval between evaluation of the given recoding rule. |
limit int32 |
(Optional)
Limit defines the number of series a recording rule can produce. 0 is no limit. |
rules []*RecordingRuleGroupSpec |
Rules defines a list of recording rules |
RecordingRuleGroupSpec
(Appears on:RecordingRuleGroup)
RecordingRuleGroupSpec defines the spec for a Loki recording rule.
Field | Description |
---|---|
record string |
(Optional)
The name of the time series to output to. Must be a valid metric name. |
expr string |
The LogQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending/firing alerts. |
RecordingRuleSpec
(Appears on:RecordingRule)
RecordingRuleSpec defines the desired state of RecordingRule
Field | Description |
---|---|
tenantID string |
TenantID of tenant where the recording rules are evaluated in. |
groups []*RecordingRuleGroup |
(Optional)
List of groups for recording rules. |
RecordingRuleStatus
(Appears on:RecordingRule)
RecordingRuleStatus defines the observed state of RecordingRule
Field | Description |
---|---|
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions of the RecordingRule generation health. |
RelabelActionType
(string
alias)
(Appears on:RelabelConfig)
RelabelActionType defines the enumeration type for RelabelConfig actions.
RelabelConfig
(Appears on:AlertManagerSpec, RemoteWriteClientSpec)
RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion.
It defines <metric_relabel_configs>
and <alert_relabel_configs>
sections of Prometheus configuration.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
Field | Description |
---|---|
sourceLabels []string |
The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. |
separator string |
(Optional)
Separator placed between concatenated source label values. default is ‘;’. |
targetLabel string |
(Optional)
Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. |
regex string |
(Optional)
Regular expression against which the extracted value is matched. Default is ‘(.*)’ |
modulus uint64 |
(Optional)
Modulus to take of the hash of the source label values. |
replacement string |
(Optional)
Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is ‘$1’ |
action RelabelActionType |
(Optional)
Action to perform based on regex matching. Default is ‘replace’ |
RemoteWriteAuthType
(string
alias)
(Appears on:RemoteWriteClientSpec)
RemoteWriteAuthType defines the type of authorization to use to access the remote write endpoint.
Value | Description |
---|---|
"basic" |
BasicAuthorization defines the remote write client to use HTTP basic authorization. |
"bearer" |
BearerAuthorization defines the remote write client to use HTTP bearer authorization. |
RemoteWriteClientQueueSpec
(Appears on:RemoteWriteSpec)
RemoteWriteClientQueueSpec defines the configuration of the remote write client queue.
Field | Description |
---|---|
capacity int32 |
(Optional)
Number of samples to buffer per shard before we block reading of more |
maxShards int32 |
(Optional)
Maximum number of shards, i.e. amount of concurrency. |
minShards int32 |
(Optional)
Minimum number of shards, i.e. amount of concurrency. |
maxSamplesPerSend int32 |
(Optional)
Maximum number of samples per send. |
batchSendDeadline PrometheusDuration |
(Optional)
Maximum time a sample will wait in buffer. |
minBackOffPeriod PrometheusDuration |
(Optional)
Initial retry delay. Gets doubled for every retry. |
maxBackOffPeriod PrometheusDuration |
(Optional)
Maximum retry delay. |
RemoteWriteClientSpec
(Appears on:RemoteWriteSpec)
RemoteWriteClientSpec defines the configuration of the remote write client.
Field | Description |
---|---|
name string |
Name of the remote write config, which if specified must be unique among remote write configs. |
url string |
The URL of the endpoint to send samples to. |
timeout PrometheusDuration |
(Optional)
Timeout for requests to the remote write endpoint. |
authorization RemoteWriteAuthType |
Type of authorzation to use to access the remote write endpoint |
authorizationSecretName string |
Name of a secret in the namespace configured for authorization secrets. |
additionalHeaders map[string]string |
(Optional)
Additional HTTP headers to be sent along with each remote write request. |
relabelConfigs []RelabelConfig |
(Optional)
List of remote write relabel configurations. |
proxyUrl string |
(Optional)
Optional proxy URL. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
RemoteWriteSpec
(Appears on:RulerConfigSpec)
RemoteWriteSpec defines the configuration for ruler’s remote_write connectivity.
Field | Description |
---|---|
enabled bool |
(Optional)
Enable remote-write functionality. |
refreshPeriod PrometheusDuration |
(Optional)
Minimum period to wait between refreshing remote-write reconfigurations. |
client RemoteWriteClientSpec |
(Optional)
Defines the configuration for remote write client. |
queue RemoteWriteClientQueueSpec |
(Optional)
Defines the configuration for remote write client queue. |
RoleBindingsSpec
(Appears on:AuthorizationSpec)
RoleBindingsSpec binds a set of roles to a set of subjects.
Field | Description |
---|---|
name string |
|
subjects []Subject |
|
roles []string |
RoleSpec
(Appears on:AuthorizationSpec)
RoleSpec describes a set of permissions to interact with a tenant.
Field | Description |
---|---|
name string |
|
resources []string |
|
tenants []string |
|
permissions []PermissionType |
RulerConfig
RulerConfig is the Schema for the rulerconfigs API
Field | Description |
---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
spec RulerConfigSpec |
|
status RulerConfigStatus |
RulerConfigSpec
(Appears on:RulerConfig)
RulerConfigSpec defines the desired state of Ruler
Field | Description |
---|---|
evaluationInterval PrometheusDuration |
(Optional)
Interval on how frequently to evaluate rules. |
pollInterval PrometheusDuration |
(Optional)
Interval on how frequently to poll for new rule definitions. |
alertmanager AlertManagerSpec |
(Optional)
Defines alert manager configuration to notify on firing alerts. |
remoteWrite RemoteWriteSpec |
(Optional)
Defines a remote write endpoint to write recording rule metrics. |
overrides map[string]github.com/grafana/loki/operator/api/loki/v1beta1.RulerOverrides |
(Optional)
Overrides defines the config overrides to be applied per-tenant. |
RulerConfigStatus
(Appears on:RulerConfig)
RulerConfigStatus defines the observed state of RulerConfig
Field | Description |
---|---|
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions of the RulerConfig health. |
RulerOverrides
(Appears on:RulerConfigSpec)
RulerOverrides defines the overrides applied per-tenant.
Field | Description |
---|---|
alertmanager AlertManagerSpec |
(Optional)
AlertManagerOverrides defines the overrides to apply to the alertmanager config. |
RulesSpec
(Appears on:LokiStackSpec)
RulesSpec deifnes the spec for the ruler component.
Field | Description |
---|---|
enabled bool |
Enabled defines a flag to enable/disable the ruler component |
selector Kubernetes meta/v1.LabelSelector |
(Optional)
A selector to select which LokiRules to mount for loading alerting/recording rules from. |
namespaceSelector Kubernetes meta/v1.LabelSelector |
(Optional)
Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the LokiStack object is in is used. |
StorageSchemaEffectiveDate
(string
alias)
(Appears on:ObjectStorageSchema)
StorageSchemaEffectiveDate defines the type for the Storage Schema Effect Date
Subject
(Appears on:RoleBindingsSpec)
Subject represents a subject that has been bound to a role.
Field | Description |
---|---|
name string |
|
kind SubjectKind |
SubjectKind
(string
alias)
(Appears on:Subject)
SubjectKind is a kind of LokiStack Gateway RBAC subject.
Value | Description |
---|---|
"group" |
Group represents a subject that is a group. |
"user" |
User represents a subject that is a user. |
TenantSecretSpec
(Appears on:OIDCSpec)
TenantSecretSpec is a secret reference containing name only for a secret living in the same namespace as the LokiStack custom resource.
Field | Description |
---|---|
name string |
Name of a secret in the namespace configured for tenant secrets. |
TenantsSpec
(Appears on:LokiStackSpec)
TenantsSpec defines the mode, authentication and authorization configuration of the lokiStack gateway component.
Field | Description |
---|---|
mode ModeType |
Mode defines the mode in which lokistack-gateway component will be configured. |
authentication []AuthenticationSpec |
(Optional)
Authentication defines the lokistack-gateway component authentication configuration spec per tenant. |
authorization AuthorizationSpec |
(Optional)
Authorization defines the lokistack-gateway component authorization configuration spec per tenant. |