API

This Document contains the types introduced by the Loki Operator to be consumed by users.

This page is automatically generated with gen-crd-api-reference-docs.

loki.grafana.com/v1

Package v1 contains API Schema definitions for the loki v1 API group

Resource Types:

AuthenticationSpec

(Appears on:TenantsSpec)

AuthenticationSpec defines the oidc configuration per tenant for lokiStack Gateway component.

Field Description
tenantName
string

TenantName defines the name of the tenant.

tenantId
string

TenantID defines the id of the tenant.

oidc
OIDCSpec

OIDC defines the spec for the OIDC tenant’s authentication.

AuthorizationSpec

(Appears on:TenantsSpec)

AuthorizationSpec defines the opa, role bindings and roles configuration per tenant for lokiStack Gateway component.

Field Description
opa
OPASpec
(Optional)

OPA defines the spec for the third-party endpoint for tenant’s authorization.

roles
[]RoleSpec
(Optional)

Roles defines a set of permissions to interact with a tenant.

roleBindings
[]RoleBindingsSpec
(Optional)

RoleBindings defines configuration to bind a set of roles to a set of subjects.

ClusterProxy

(Appears on:LokiStackSpec)

ClusterProxy is the Proxy configuration when the cluster is behind a Proxy.

Field Description
httpProxy
string
(Optional)

HTTPProxy configures the HTTP_PROXY/http_proxy env variable.

httpsProxy
string
(Optional)

HTTPSProxy configures the HTTPS_PROXY/https_proxy env variable.

noProxy
string
(Optional)

NoProxy configures the NO_PROXY/no_proxy env variable.

IngestionLimitSpec

(Appears on:LimitsTemplateSpec)

IngestionLimitSpec defines the limits applied at the ingestion path.

Field Description
ingestionRate
int32
(Optional)

IngestionRate defines the sample size per second. Units MB.

ingestionBurstSize
int32
(Optional)

IngestionBurstSize defines the local rate-limited sample size per distributor replica. It should be set to the set at least to the maximum logs size expected in a single push request.

maxLabelNameLength
int32
(Optional)

MaxLabelNameLength defines the maximum number of characters allowed for label keys in log streams.

maxLabelValueLength
int32
(Optional)

MaxLabelValueLength defines the maximum number of characters allowed for label values in log streams.

maxLabelNamesPerSeries
int32
(Optional)

MaxLabelNamesPerSeries defines the maximum number of label names per series in each log stream.

maxGlobalStreamsPerTenant
int32
(Optional)

MaxGlobalStreamsPerTenant defines the maximum number of active streams per tenant, across the cluster.

maxLineSize
int32
(Optional)

MaxLineSize defines the maximum line size on ingestion path. Units in Bytes.

LimitsSpec

(Appears on:LokiStackSpec)

LimitsSpec defines the spec for limits applied at ingestion or query path across the cluster or per tenant.

Field Description
global
LimitsTemplateSpec
(Optional)

Global defines the limits applied globally across the cluster.

tenants
map[string]github.com/grafana/loki/operator/apis/loki/v1.LimitsTemplateSpec
(Optional)

Tenants defines the limits applied per tenant.

LimitsTemplateSpec

(Appears on:LimitsSpec)

LimitsTemplateSpec defines the limits applied at ingestion or query path.

Field Description
ingestion
IngestionLimitSpec
(Optional)

IngestionLimits defines the limits applied on ingested log streams.

queries
QueryLimitSpec
(Optional)

QueryLimits defines the limit applied on querying log streams.

retention
RetentionLimitSpec
(Optional)

Retention defines how long logs are kept in storage.

LokiComponentSpec

(Appears on:LokiTemplateSpec)

LokiComponentSpec defines the requirements to configure scheduling of each loki component individually.

Field Description
replicas
int32
(Optional)

Replicas defines the number of replica pods of the component.

nodeSelector
map[string]string
(Optional)

NodeSelector defines the labels required by a node to schedule the component onto it.

tolerations
[]Kubernetes core/v1.Toleration
(Optional)

Tolerations defines the tolerations required by a node to schedule the component onto it.

LokiStack

LokiStack is the Schema for the lokistacks API

Field Description
spec
LokiStackSpec

LokiStack CR spec field.

status
LokiStackStatus

LokiStack CR spec Status.

metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.

LokiStackComponentStatus

(Appears on:LokiStackStatus)

LokiStackComponentStatus defines the map of per pod status per LokiStack component. Each component is represented by a separate map of v1.Phase to a list of pods.

Field Description
compactor
PodStatusMap
(Optional)

Compactor is a map to the pod status of the compactor pod.

distributor
PodStatusMap
(Optional)

Distributor is a map to the per pod status of the distributor deployment

indexGateway
PodStatusMap
(Optional)

IndexGateway is a map to the per pod status of the index gateway statefulset

ingester
PodStatusMap
(Optional)

Ingester is a map to the per pod status of the ingester statefulset

querier
PodStatusMap
(Optional)

Querier is a map to the per pod status of the querier deployment

queryFrontend
PodStatusMap
(Optional)

QueryFrontend is a map to the per pod status of the query frontend deployment

gateway
PodStatusMap
(Optional)

Gateway is a map to the per pod status of the lokistack gateway deployment.

ruler
PodStatusMap
(Optional)

Ruler is a map to the per pod status of the lokistack ruler statefulset.

LokiStackConditionReason

(string alias)

LokiStackConditionReason defines the type for valid reasons of a Loki deployment conditions.

Value Description

"FailedCertificateRotation"

ReasonFailedCertificateRotation when the reconciler cannot rotate any of the required TLS certificates.

"FailedComponents"

ReasonFailedComponents when all/some LokiStack components fail to roll out.

"InvalidGatewayTenantSecret"

ReasonInvalidGatewayTenantSecret when the format of the secret is invalid.

"InvalidObjectStorageCAConfigMap"

ReasonInvalidObjectStorageCAConfigMap when the format of the CA configmap is invalid.

"InvalidObjectStorageSchema"

ReasonInvalidObjectStorageSchema when the spec contains an invalid schema(s).

"InvalidObjectStorageSecret"

ReasonInvalidObjectStorageSecret when the format of the secret is invalid.

"InvalidReplicationConfiguration"

ReasonInvalidReplicationConfiguration when the configurated replication factor is not valid with the select cluster size.

"InvalidRulerSecret"

ReasonInvalidRulerSecret when the format of the ruler remote write authorization secret is invalid.

"InvalidTenantsConfiguration"

ReasonInvalidTenantsConfiguration when the tenant configuration provided is invalid.

"MissingGatewayOpenShiftBaseDomain"

ReasonMissingGatewayOpenShiftBaseDomain when the reconciler cannot lookup the OpenShift DNS base domain.

"MissingGatewayTenantSecret"

ReasonMissingGatewayTenantSecret when the required tenant secret for authentication is missing.

"MissingObjectStorageCAConfigMap"

ReasonMissingObjectStorageCAConfigMap when the required configmap to verify object storage certificates is missing.

"MissingObjectStorageSecret"

ReasonMissingObjectStorageSecret when the required secret to store logs to object storage is missing.

"MissingRulerSecret"

ReasonMissingRulerSecret when the required secret to authorization remote write connections for the ruler is missing.

"PendingComponents"

ReasonPendingComponents when all/some LokiStack components pending dependencies

"ReadyComponents"

ReasonReadyComponents when all LokiStack components are ready to serve traffic.

LokiStackConditionType

(string alias)

LokiStackConditionType deifnes the type of condition types of a Loki deployment.

Value Description

"Degraded"

ConditionDegraded defines the condition that some or all components in the Loki deployment are degraded or the cluster cannot connect to object storage.

"Failed"

ConditionFailed defines the condition that components in the Loki deployment failed to roll out.

"Pending"

ConditionPending defines the condition that some or all components are in pending state.

"Ready"

ConditionReady defines the condition that all components in the Loki deployment are ready.

LokiStackSizeType

(string alias)

(Appears on:LokiStackSpec)

LokiStackSizeType declares the type for loki cluster scale outs.

Value Description

"1x.extra-small"

SizeOneXExtraSmall defines the size of a single Loki deployment with extra small resources/limits requirements and without HA support. This size is ultimately dedicated for development and demo purposes. DO NOT USE THIS IN PRODUCTION!

FIXME: Add clear description of ingestion/query performance expectations.

"1x.medium"

SizeOneXMedium defines the size of a single Loki deployment with small resources/limits requirements and HA support for all Loki components. This size is dedicated for setup with the requirement for single replication factor and auto-compaction.

FIXME: Add clear description of ingestion/query performance expectations.

"1x.small"

SizeOneXSmall defines the size of a single Loki deployment with small resources/limits requirements and HA support for all Loki components. This size is dedicated for setup without the requirement for single replication factor and auto-compaction.

FIXME: Add clear description of ingestion/query performance expectations.

LokiStackSpec

(Appears on:LokiStack)

LokiStackSpec defines the desired state of LokiStack

Field Description
managementState
ManagementStateType

ManagementState defines if the CR should be managed by the operator or not. Default is managed.

size
LokiStackSizeType

Size defines one of the support Loki deployment scale out sizes.

storage
ObjectStorageSpec

Storage defines the spec for the object storage endpoint to store logs.

storageClassName
string

Storage class name defines the storage class for ingester/querier PVCs.

proxy
ClusterProxy
(Optional)

Proxy defines the spec for the object proxy to configure cluster proxy information.

replicationFactor
int32
(Optional)

ReplicationFactor defines the policy for log stream replication.

rules
RulesSpec
(Optional)

Rules defines the spec for the ruler component

limits
LimitsSpec
(Optional)

Limits defines the limits to be applied to log stream processing.

template
LokiTemplateSpec
(Optional)

Template defines the resource/limits/tolerations/nodeselectors per component

tenants
TenantsSpec
(Optional)

Tenants defines the per-tenant authentication and authorization spec for the lokistack-gateway component.

LokiStackStatus

(Appears on:LokiStack)

LokiStackStatus defines the observed state of LokiStack

Field Description
components
LokiStackComponentStatus
(Optional)

Components provides summary of all Loki pod status grouped per component.

storage
LokiStackStorageStatus
(Optional)

Storage provides summary of all changes that have occurred to the storage configuration.

conditions
[]Kubernetes meta/v1.Condition
(Optional)

Conditions of the Loki deployment health.

LokiStackStorageStatus

(Appears on:LokiStackStatus)

LokiStackStorageStatus defines the observed state of the Loki storage configuration.

Field Description
schemas
[]ObjectStorageSchema
(Optional)

Schemas is a list of schemas which have been applied to the LokiStack.

LokiTemplateSpec

(Appears on:LokiStackSpec)

LokiTemplateSpec defines the template of all requirements to configure scheduling of all Loki components to be deployed.

Field Description
compactor
LokiComponentSpec
(Optional)

Compactor defines the compaction component spec.

distributor
LokiComponentSpec
(Optional)

Distributor defines the distributor component spec.

ingester
LokiComponentSpec
(Optional)

Ingester defines the ingester component spec.

querier
LokiComponentSpec
(Optional)

Querier defines the querier component spec.

queryFrontend
LokiComponentSpec
(Optional)

QueryFrontend defines the query frontend component spec.

gateway
LokiComponentSpec
(Optional)

Gateway defines the lokistack gateway component spec.

indexGateway
LokiComponentSpec
(Optional)

IndexGateway defines the index gateway component spec.

ruler
LokiComponentSpec
(Optional)

Ruler defines the ruler component spec.

ManagementStateType

(string alias)

(Appears on:LokiStackSpec)

ManagementStateType defines the type for CR management states.

Value Description

"Managed"

ManagementStateManaged when the LokiStack custom resource should be reconciled by the operator.

"Unmanaged"

ManagementStateUnmanaged when the LokiStack custom resource should not be reconciled by the operator.

ModeType

(string alias)

(Appears on:TenantsSpec)

ModeType is the authentication/authorization mode in which LokiStack Gateway will be configured.

Value Description

"dynamic"

Dynamic mode delegates the authorization to a third-party OPA-compatible endpoint.

"openshift-logging"

OpenshiftLogging mode provides fully automatic OpenShift in-cluster authentication and authorization support for application, infrastructure and audit logs.

"openshift-network"

OpenshiftNetwork mode provides fully automatic OpenShift in-cluster authentication and authorization support for network logs only.

"static"

Static mode asserts the Authorization Spec’s Roles and RoleBindings using an in-process OpenPolicyAgent Rego authorizer.

OIDCSpec

(Appears on:AuthenticationSpec)

OIDCSpec defines the oidc configuration spec for lokiStack Gateway component.

Field Description
secret
TenantSecretSpec

Secret defines the spec for the clientID, clientSecret and issuerCAPath for tenant’s authentication.

issuerURL
string

IssuerURL defines the URL for issuer.

redirectURL
string
(Optional)

RedirectURL defines the URL for redirect.

groupClaim
string
(Optional)

Group claim field from ID Token

usernameClaim
string
(Optional)

User claim field from ID Token

OPASpec

(Appears on:AuthorizationSpec)

OPASpec defines the opa configuration spec for lokiStack Gateway component.

Field Description
url
string

URL defines the third-party endpoint for authorization.

ObjectStorageSchema

(Appears on:LokiStackStorageStatus, ObjectStorageSpec)

ObjectStorageSchema defines the requirements needed to configure a new storage schema.

Field Description
version
ObjectStorageSchemaVersion

Version for writing and reading logs.

effectiveDate
StorageSchemaEffectiveDate

EffectiveDate is the date in UTC that the schema will be applied on. To ensure readibility of logs, this date should be before the current date in UTC.

ObjectStorageSchemaVersion

(string alias)

(Appears on:ObjectStorageSchema)

ObjectStorageSchemaVersion defines the storage schema version which will be used with the Loki cluster.

Value Description

"v11"

ObjectStorageSchemaV11 when using v11 for the storage schema

"v12"

ObjectStorageSchemaV12 when using v12 for the storage schema

ObjectStorageSecretSpec

(Appears on:ObjectStorageSpec)

ObjectStorageSecretSpec is a secret reference containing name only, no namespace.

Field Description
type
ObjectStorageSecretType

Type of object storage that should be used

name
string

Name of a secret in the namespace configured for object storage secrets.

ObjectStorageSecretType

(string alias)

(Appears on:ObjectStorageSecretSpec)

ObjectStorageSecretType defines the type of storage which can be used with the Loki cluster.

Value Description

"azure"

ObjectStorageSecretAzure when using Azure for Loki storage

"gcs"

ObjectStorageSecretGCS when using GCS for Loki storage

"s3"

ObjectStorageSecretS3 when using S3 for Loki storage

"swift"

ObjectStorageSecretSwift when using Swift for Loki storage

ObjectStorageSpec

(Appears on:LokiStackSpec)

ObjectStorageSpec defines the requirements to access the object storage bucket to persist logs by the ingester component.

Field Description
schemas
[]ObjectStorageSchema
(Optional)

Schemas for reading and writing logs.

secret
ObjectStorageSecretSpec

Secret for object storage authentication. Name of a secret in the same namespace as the LokiStack custom resource.

tls
ObjectStorageTLSSpec
(Optional)

TLS configuration for reaching the object storage endpoint.

ObjectStorageTLSSpec

(Appears on:ObjectStorageSpec)

ObjectStorageTLSSpec is the TLS configuration for reaching the object storage endpoint.

Field Description
caKey
string
(Optional)

Key is the data key of a ConfigMap containing a CA certificate. It needs to be in the same namespace as the LokiStack custom resource. If empty, it defaults to “service-ca.crt”.

caName
string

CA is the name of a ConfigMap containing a CA certificate. It needs to be in the same namespace as the LokiStack custom resource.

PermissionType

(string alias)

(Appears on:RoleSpec)

PermissionType is a LokiStack Gateway RBAC permission.

Value Description

"read"

Read gives access to read data from a tenant.

"write"

Write gives access to write data to a tenant.

PodStatusMap

(map[k8s.io/api/core/v1.PodPhase][]string alias)

(Appears on:LokiStackComponentStatus)

PodStatusMap defines the type for mapping pod status to pod name.

QueryLimitSpec

(Appears on:LimitsTemplateSpec)

QueryLimitSpec defines the limits applies at the query path.

Field Description
maxEntriesLimitPerQuery
int32
(Optional)

MaxEntriesLimitsPerQuery defines the maximum number of log entries that will be returned for a query.

maxChunksPerQuery
int32
(Optional)

MaxChunksPerQuery defines the maximum number of chunks that can be fetched by a single query.

maxQuerySeries
int32

MaxQuerySeries defines the the maximum of unique series that is returned by a metric query.

queryTimeout
string
(Optional)

Timeout when querying ingesters or storage during the execution of a query request.

RetentionLimitSpec

(Appears on:LimitsTemplateSpec)

RetentionLimitSpec controls how long logs will be kept in storage.

Field Description
days
uint

Days contains the number of days logs are kept.

streams
[]*RetentionStreamSpec
(Optional)

Stream defines the log stream.

RetentionStreamSpec

(Appears on:RetentionLimitSpec)

RetentionStreamSpec defines a log stream with separate retention time.

Field Description
days
uint

Days contains the number of days logs are kept.

priority
uint32
(Optional)

Priority defines the priority of this selector compared to other retention rules.

selector
string

Selector contains the LogQL query used to define the log stream.

RoleBindingsSpec

(Appears on:AuthorizationSpec)

RoleBindingsSpec binds a set of roles to a set of subjects.

Field Description
name
string
subjects
[]Subject
roles
[]string

RoleSpec

(Appears on:AuthorizationSpec)

RoleSpec describes a set of permissions to interact with a tenant.

Field Description
name
string
resources
[]string
tenants
[]string
permissions
[]PermissionType

RulesSpec

(Appears on:LokiStackSpec)

RulesSpec defines the spec for the ruler component.

Field Description
enabled
bool

Enabled defines a flag to enable/disable the ruler component

selector
Kubernetes meta/v1.LabelSelector
(Optional)

A selector to select which LokiRules to mount for loading alerting/recording rules from.

namespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the LokiStack object is in is used.

StorageSchemaEffectiveDate

(string alias)

(Appears on:ObjectStorageSchema)

StorageSchemaEffectiveDate defines the type for the Storage Schema Effect Date

Subject

(Appears on:RoleBindingsSpec)

Subject represents a subject that has been bound to a role.

Field Description
name
string
kind
SubjectKind

SubjectKind

(string alias)

(Appears on:Subject)

SubjectKind is a kind of LokiStack Gateway RBAC subject.

Value Description

"group"

Group represents a subject that is a group.

"user"

User represents a subject that is a user.

TenantSecretSpec

(Appears on:OIDCSpec)

TenantSecretSpec is a secret reference containing name only for a secret living in the same namespace as the LokiStack custom resource.

Field Description
name
string

Name of a secret in the namespace configured for tenant secrets.

TenantsSpec

(Appears on:LokiStackSpec)

TenantsSpec defines the mode, authentication and authorization configuration of the lokiStack gateway component.

Field Description
mode
ModeType

Mode defines the mode in which lokistack-gateway component will be configured.

authentication
[]AuthenticationSpec
(Optional)

Authentication defines the lokistack-gateway component authentication configuration spec per tenant.

authorization
AuthorizationSpec
(Optional)

Authorization defines the lokistack-gateway component authorization configuration spec per tenant.


loki.grafana.com/v1beta1

Package v1beta1 contains API Schema definitions for the loki v1beta1 API group

Resource Types:

AlertManagerClientBasicAuth

(Appears on:AlertManagerClientConfig)

AlertManagerClientBasicAuth defines the basic authentication configuration for reaching alertmanager endpoints.

Field Description
username
string
(Optional)

The subject’s username for the basic authentication configuration.

password
string
(Optional)

The subject’s password for the basic authentication configuration.

AlertManagerClientConfig

(Appears on:AlertManagerSpec)

AlertManagerClientConfig defines the client configuration for reaching alertmanager endpoints.

Field Description
tls
AlertManagerClientTLSConfig
(Optional)

TLS configuration for reaching the alertmanager endpoints.

headerAuth
AlertManagerClientHeaderAuth
(Optional)

Header authentication configuration for reaching the alertmanager endpoints.

basicAuth
AlertManagerClientBasicAuth
(Optional)

Basic authentication configuration for reaching the alertmanager endpoints.

AlertManagerClientHeaderAuth

(Appears on:AlertManagerClientConfig)

AlertManagerClientHeaderAuth defines the header configuration reaching alertmanager endpoints.

Field Description
type
string
(Optional)

The authentication type for the header authentication configuration.

credentials
string
(Optional)

The credentials for the header authentication configuration.

credentialsFile
string
(Optional)

The credentials file for the Header authentication configuration. It is mutually exclusive with credentials.

AlertManagerClientTLSConfig

(Appears on:AlertManagerClientConfig)

AlertManagerClientTLSConfig defines the TLS configuration for reaching alertmanager endpoints.

Field Description
caPath
string
(Optional)

The CA certificate file path for the TLS configuration.

serverName
string
(Optional)

The server name to validate in the alertmanager server certificates.

certPath
string
(Optional)

The client-side certificate file path for the TLS configuration.

keyPath
string
(Optional)

The client-side key file path for the TLS configuration.

AlertManagerDiscoverySpec

(Appears on:AlertManagerSpec)

AlertManagerDiscoverySpec defines the configuration to use DNS resolution for AlertManager hosts.

Field Description
enableSRV
bool
(Optional)

Use DNS SRV records to discover Alertmanager hosts.

refreshInterval
PrometheusDuration
(Optional)

How long to wait between refreshing DNS resolutions of Alertmanager hosts.

AlertManagerNotificationQueueSpec

(Appears on:AlertManagerSpec)

AlertManagerNotificationQueueSpec defines the configuration for AlertManager notification settings.

Field Description
capacity
int32
(Optional)

Capacity of the queue for notifications to be sent to the Alertmanager.

timeout
PrometheusDuration
(Optional)

HTTP timeout duration when sending notifications to the Alertmanager.

forOutageTolerance
PrometheusDuration
(Optional)

Max time to tolerate outage for restoring “for” state of alert.

forGracePeriod
PrometheusDuration
(Optional)

Minimum duration between alert and restored “for” state. This is maintained only for alerts with configured “for” time greater than the grace period.

resendDelay
PrometheusDuration
(Optional)

Minimum amount of time to wait before resending an alert to Alertmanager.

AlertManagerSpec

(Appears on:RulerConfigSpec, RulerOverrides)

AlertManagerSpec defines the configuration for ruler’s alertmanager connectivity.

Field Description
externalUrl
string
(Optional)

URL for alerts return path.

externalLabels
map[string]string
(Optional)

Additional labels to add to all alerts.

enableV2
bool
(Optional)

If enabled, then requests to Alertmanager use the v2 API.

endpoints
[]string

List of AlertManager URLs to send notifications to. Each Alertmanager URL is treated as a separate group in the configuration. Multiple Alertmanagers in HA per group can be supported by using DNS resolution (See EnableDNSDiscovery).

discovery
AlertManagerDiscoverySpec
(Optional)

Defines the configuration for DNS-based discovery of AlertManager hosts.

notificationQueue
AlertManagerNotificationQueueSpec
(Optional)

Defines the configuration for the notification queue to AlertManager hosts.

relabelConfigs
[]RelabelConfig
(Optional)

List of alert relabel configurations.

client
AlertManagerClientConfig
(Optional)

Client configuration for reaching the alertmanager endpoint.

AlertingRule

AlertingRule is the Schema for the alertingrules API

Field Description
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
AlertingRuleSpec
status
AlertingRuleStatus

AlertingRuleGroup

(Appears on:AlertingRuleSpec)

AlertingRuleGroup defines a group of Loki alerting rules.

Field Description
name
string

Name of the alerting rule group. Must be unique within all alerting rules.

interval
PrometheusDuration
(Optional)

Interval defines the time interval between evaluation of the given alerting rule.

limit
int32
(Optional)

Limit defines the number of alerts an alerting rule can produce. 0 is no limit.

rules
[]*AlertingRuleGroupSpec

Rules defines a list of alerting rules

AlertingRuleGroupSpec

(Appears on:AlertingRuleGroup)

AlertingRuleGroupSpec defines the spec for a Loki alerting rule.

Field Description
alert
string
(Optional)

The name of the alert. Must be a valid label value.

expr
string

The LogQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending/firing alerts.

for
PrometheusDuration
(Optional)

Alerts are considered firing once they have been returned for this long. Alerts which have not yet fired for long enough are considered pending.

annotations
map[string]string
(Optional)

Annotations to add to each alert.

labels
map[string]string
(Optional)

Labels to add to each alert.

AlertingRuleSpec

(Appears on:AlertingRule)

AlertingRuleSpec defines the desired state of AlertingRule

Field Description
tenantID
string

TenantID of tenant where the alerting rules are evaluated in.

groups
[]*AlertingRuleGroup
(Optional)

List of groups for alerting rules.

AlertingRuleStatus

(Appears on:AlertingRule)

AlertingRuleStatus defines the observed state of AlertingRule

Field Description
conditions
[]Kubernetes meta/v1.Condition
(Optional)

Conditions of the AlertingRule generation health.

AuthenticationSpec

(Appears on:TenantsSpec)

AuthenticationSpec defines the oidc configuration per tenant for lokiStack Gateway component.

Field Description
tenantName
string

TenantName defines the name of the tenant.

tenantId
string

TenantID defines the id of the tenant.

oidc
OIDCSpec

OIDC defines the spec for the OIDC tenant’s authentication.

AuthorizationSpec

(Appears on:TenantsSpec)

AuthorizationSpec defines the opa, role bindings and roles configuration per tenant for lokiStack Gateway component.

Field Description
opa
OPASpec
(Optional)

OPA defines the spec for the third-party endpoint for tenant’s authorization.

roles
[]RoleSpec
(Optional)

Roles defines a set of permissions to interact with a tenant.

roleBindings
[]RoleBindingsSpec
(Optional)

RoleBindings defines configuration to bind a set of roles to a set of subjects.

IngestionLimitSpec

(Appears on:LimitsTemplateSpec)

IngestionLimitSpec defines the limits applied at the ingestion path.

Field Description
ingestionRate
int32
(Optional)

IngestionRate defines the sample size per second. Units MB.

ingestionBurstSize
int32
(Optional)

IngestionBurstSize defines the local rate-limited sample size per distributor replica. It should be set to the set at least to the maximum logs size expected in a single push request.

maxLabelNameLength
int32
(Optional)

MaxLabelNameLength defines the maximum number of characters allowed for label keys in log streams.

maxLabelValueLength
int32
(Optional)

MaxLabelValueLength defines the maximum number of characters allowed for label values in log streams.

maxLabelNamesPerSeries
int32
(Optional)

MaxLabelNamesPerSeries defines the maximum number of label names per series in each log stream.

maxGlobalStreamsPerTenant
int32
(Optional)

MaxGlobalStreamsPerTenant defines the maximum number of active streams per tenant, across the cluster.

maxLineSize
int32
(Optional)

MaxLineSize defines the maximum line size on ingestion path. Units in Bytes.

LimitsSpec

(Appears on:LokiStackSpec)

LimitsSpec defines the spec for limits applied at ingestion or query path across the cluster or per tenant. It also defines the per-tenant configuration overrides.

Field Description
global
LimitsTemplateSpec
(Optional)

Global defines the limits applied globally across the cluster.

tenants
map[string]github.com/grafana/loki/operator/apis/loki/v1beta1.LimitsTemplateSpec
(Optional)

Tenants defines the limits and overrides applied per tenant.

LimitsTemplateSpec

(Appears on:LimitsSpec)

LimitsTemplateSpec defines the limits and overrides applied per-tenant.

Field Description
ingestion
IngestionLimitSpec
(Optional)

IngestionLimits defines the limits applied on ingested log streams.

queries
QueryLimitSpec
(Optional)

QueryLimits defines the limit applied on querying log streams.

LokiComponentSpec

(Appears on:LokiTemplateSpec)

LokiComponentSpec defines the requirements to configure scheduling of each loki component individually.

Field Description
replicas
int32
(Optional)

Replicas defines the number of replica pods of the component.

nodeSelector
map[string]string
(Optional)

NodeSelector defines the labels required by a node to schedule the component onto it.

tolerations
[]Kubernetes core/v1.Toleration
(Optional)

Tolerations defines the tolerations required by a node to schedule the component onto it.

LokiStack

LokiStack is the Schema for the lokistacks API

Field Description
spec
LokiStackSpec
status
LokiStackStatus
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.

LokiStackComponentStatus

(Appears on:LokiStackStatus)

LokiStackComponentStatus defines the map of per pod status per LokiStack component. Each component is represented by a separate map of v1.Phase to a list of pods.

Field Description
compactor
PodStatusMap
(Optional)

Compactor is a map to the pod status of the compactor pod.

distributor
PodStatusMap
(Optional)

Distributor is a map to the per pod status of the distributor deployment

indexGateway
PodStatusMap
(Optional)

IndexGateway is a map to the per pod status of the index gateway statefulset

ingester
PodStatusMap
(Optional)

Ingester is a map to the per pod status of the ingester statefulset

querier
PodStatusMap
(Optional)

Querier is a map to the per pod status of the querier deployment

queryFrontend
PodStatusMap
(Optional)

QueryFrontend is a map to the per pod status of the query frontend deployment

gateway
PodStatusMap
(Optional)

Gateway is a map to the per pod status of the lokistack gateway deployment.

ruler
PodStatusMap
(Optional)

Ruler is a map to the per pod status of the lokistack ruler statefulset.

LokiStackConditionReason

(string alias)

LokiStackConditionReason defines the type for valid reasons of a Loki deployment conditions.

Value Description

"FailedComponents"

ReasonFailedComponents when all/some LokiStack components fail to roll out.

"InvalidGatewayTenantSecret"

ReasonInvalidGatewayTenantSecret when the format of the secret is invalid.

"InvalidObjectStorageCAConfigMap"

ReasonInvalidObjectStorageCAConfigMap when the format of the CA configmap is invalid.

"InvalidObjectStorageSchema"

ReasonInvalidObjectStorageSchema when the spec contains an invalid schema(s).

"InvalidObjectStorageSecret"

ReasonInvalidObjectStorageSecret when the format of the secret is invalid.

"InvalidReplicationConfiguration"

ReasonInvalidReplicationConfiguration when the configurated replication factor is not valid with the select cluster size.

"InvalidRulerSecret"

ReasonInvalidRulerSecret when the format of the ruler remote write authorization secret is invalid.

"InvalidTenantsConfiguration"

ReasonInvalidTenantsConfiguration when the tenant configuration provided is invalid.

"MissingGatewayOpenShiftBaseDomain"

ReasonMissingGatewayOpenShiftBaseDomain when the reconciler cannot lookup the OpenShift DNS base domain.

"MissingGatewayTenantSecret"

ReasonMissingGatewayTenantSecret when the required tenant secret for authentication is missing.

"MissingObjectStorageCAConfigMap"

ReasonMissingObjectStorageCAConfigMap when the required configmap to verify object storage certificates is missing.

"MissingObjectStorageSecret"

ReasonMissingObjectStorageSecret when the required secret to store logs to object storage is missing.

"MissingRulerSecret"

ReasonMissingRulerSecret when the required secret to authorization remote write connections for the ruler is missing.

"PendingComponents"

ReasonPendingComponents when all/some LokiStack components pending dependencies

"ReadyComponents"

ReasonReadyComponents when all LokiStack components are ready to serve traffic.

LokiStackConditionType

(string alias)

LokiStackConditionType deifnes the type of condition types of a Loki deployment.

Value Description

"Degraded"

ConditionDegraded defines the condition that some or all components in the Loki deployment are degraded or the cluster cannot connect to object storage.

"Failed"

ConditionFailed defines the condition that components in the Loki deployment failed to roll out.

"Pending"

ConditionPending defines the conditioin that some or all components are in pending state.

"Ready"

ConditionReady defines the condition that all components in the Loki deployment are ready.

LokiStackSizeType

(string alias)

(Appears on:LokiStackSpec)

LokiStackSizeType declares the type for loki cluster scale outs.

Value Description

"1x.extra-small"

SizeOneXExtraSmall defines the size of a single Loki deployment with extra small resources/limits requirements and without HA support. This size is ultimately dedicated for development and demo purposes. DO NOT USE THIS IN PRODUCTION!

FIXME: Add clear description of ingestion/query performance expectations.

"1x.medium"

SizeOneXMedium defines the size of a single Loki deployment with small resources/limits requirements and HA support for all Loki components. This size is dedicated for setup with the requirement for single replication factor and auto-compaction.

FIXME: Add clear description of ingestion/query performance expectations.

"1x.small"

SizeOneXSmall defines the size of a single Loki deployment with small resources/limits requirements and HA support for all Loki components. This size is dedicated for setup without the requirement for single replication factor and auto-compaction.

FIXME: Add clear description of ingestion/query performance expectations.

LokiStackSpec

(Appears on:LokiStack)

LokiStackSpec defines the desired state of LokiStack

Field Description
managementState
ManagementStateType

ManagementState defines if the CR should be managed by the operator or not. Default is managed.

size
LokiStackSizeType

Size defines one of the support Loki deployment scale out sizes.

storage
ObjectStorageSpec

Storage defines the spec for the object storage endpoint to store logs.

storageClassName
string

Storage class name defines the storage class for ingester/querier PVCs.

replicationFactor
int32
(Optional)

ReplicationFactor defines the policy for log stream replication.

rules
RulesSpec
(Optional)

Rules defines the spec for the ruler component

limits
LimitsSpec
(Optional)

Limits defines the per-tenant limits to be applied to log stream processing and the per-tenant the config overrides.

template
LokiTemplateSpec
(Optional)

Template defines the resource/limits/tolerations/nodeselectors per component

tenants
TenantsSpec
(Optional)

Tenants defines the per-tenant authentication and authorization spec for the lokistack-gateway component.

LokiStackStatus

(Appears on:LokiStack)

LokiStackStatus defines the observed state of LokiStack

Field Description
components
LokiStackComponentStatus
(Optional)

Components provides summary of all Loki pod status grouped per component.

storage
LokiStackStorageStatus
(Optional)

Storage provides summary of all changes that have occurred to the storage configuration.

conditions
[]Kubernetes meta/v1.Condition
(Optional)

Conditions of the Loki deployment health.

LokiStackStorageStatus

(Appears on:LokiStackStatus)

LokiStackStorageStatus defines the observed state of the Loki storage configuration.

Field Description
schemas
[]ObjectStorageSchema
(Optional)

Schemas is a list of schemas which have been applied to the LokiStack.

LokiTemplateSpec

(Appears on:LokiStackSpec)

LokiTemplateSpec defines the template of all requirements to configure scheduling of all Loki components to be deployed.

Field Description
compactor
LokiComponentSpec
(Optional)

Compactor defines the compaction component spec.

distributor
LokiComponentSpec
(Optional)

Distributor defines the distributor component spec.

ingester
LokiComponentSpec
(Optional)

Ingester defines the ingester component spec.

querier
LokiComponentSpec
(Optional)

Querier defines the querier component spec.

queryFrontend
LokiComponentSpec
(Optional)

QueryFrontend defines the query frontend component spec.

gateway
LokiComponentSpec
(Optional)

Gateway defines the lokistack gateway component spec.

indexGateway
LokiComponentSpec
(Optional)

IndexGateway defines the index gateway component spec.

ruler
LokiComponentSpec
(Optional)

Ruler defines the ruler component spec.

ManagementStateType

(string alias)

(Appears on:LokiStackSpec)

ManagementStateType defines the type for CR management states.

Value Description

"Managed"

ManagementStateManaged when the LokiStack custom resource should be reconciled by the operator.

"Unmanaged"

ManagementStateUnmanaged when the LokiStack custom resource should not be reconciled by the operator.

ModeType

(string alias)

(Appears on:TenantsSpec)

ModeType is the authentication/authorization mode in which LokiStack Gateway will be configured.

Value Description

"dynamic"

Dynamic mode delegates the authorization to a third-party OPA-compatible endpoint.

"openshift-logging"

OpenshiftLogging mode provides fully automatic OpenShift in-cluster authentication and authorization support.

"static"

Static mode asserts the Authorization Spec’s Roles and RoleBindings using an in-process OpenPolicyAgent Rego authorizer.

OIDCSpec

(Appears on:AuthenticationSpec)

OIDCSpec defines the oidc configuration spec for lokiStack Gateway component.

Field Description
secret
TenantSecretSpec

Secret defines the spec for the clientID, clientSecret and issuerCAPath for tenant’s authentication.

issuerURL
string

IssuerURL defines the URL for issuer.

redirectURL
string
(Optional)

RedirectURL defines the URL for redirect.

groupClaim
string
(Optional)

Group claim field from ID Token

usernameClaim
string
(Optional)

User claim field from ID Token

OPASpec

(Appears on:AuthorizationSpec)

OPASpec defines the opa configuration spec for lokiStack Gateway component.

Field Description
url
string

URL defines the third-party endpoint for authorization.

ObjectStorageSchema

(Appears on:LokiStackStorageStatus, ObjectStorageSpec)

ObjectStorageSchema defines the requirements needed to configure a new storage schema.

Field Description
version
ObjectStorageSchemaVersion

Version for writing and reading logs.

effectiveDate
StorageSchemaEffectiveDate

EffectiveDate is the date in UTC that the schema will be applied on. To ensure readibility of logs, this date should be before the current date in UTC.

ObjectStorageSchemaVersion

(string alias)

(Appears on:ObjectStorageSchema)

ObjectStorageSchemaVersion defines the storage schema version which will be used with the Loki cluster.

Value Description

"v11"

ObjectStorageSchemaV11 when using v11 for the storage schema

"v12"

ObjectStorageSchemaV12 when using v12 for the storage schema

ObjectStorageSecretSpec

(Appears on:ObjectStorageSpec)

ObjectStorageSecretSpec is a secret reference containing name only, no namespace.

Field Description
type
ObjectStorageSecretType

Type of object storage that should be used

name
string

Name of a secret in the namespace configured for object storage secrets.

ObjectStorageSecretType

(string alias)

(Appears on:ObjectStorageSecretSpec)

ObjectStorageSecretType defines the type of storage which can be used with the Loki cluster.

Value Description

"azure"

ObjectStorageSecretAzure when using Azure for Loki storage

"gcs"

ObjectStorageSecretGCS when using GCS for Loki storage

"s3"

ObjectStorageSecretS3 when using S3 for Loki storage

"swift"

ObjectStorageSecretSwift when using Swift for Loki storage

ObjectStorageSpec

(Appears on:LokiStackSpec)

ObjectStorageSpec defines the requirements to access the object storage bucket to persist logs by the ingester component.

Field Description
schemas
[]ObjectStorageSchema
(Optional)

Schemas for reading and writing logs.

secret
ObjectStorageSecretSpec

Secret for object storage authentication. Name of a secret in the same namespace as the LokiStack custom resource.

tls
ObjectStorageTLSSpec
(Optional)

TLS configuration for reaching the object storage endpoint.

ObjectStorageTLSSpec

(Appears on:ObjectStorageSpec)

ObjectStorageTLSSpec is the TLS configuration for reaching the object storage endpoint.

Field Description
caName
string
(Optional)

CA is the name of a ConfigMap containing a CA certificate. It needs to be in the same namespace as the LokiStack custom resource.

PermissionType

(string alias)

(Appears on:RoleSpec)

PermissionType is a LokiStack Gateway RBAC permission.

Value Description

"read"

Read gives access to read data from a tenant.

"write"

Write gives access to write data to a tenant.

PodStatusMap

(map[k8s.io/api/core/v1.PodPhase][]string alias)

(Appears on:LokiStackComponentStatus)

PodStatusMap defines the type for mapping pod status to pod name.

PrometheusDuration

(string alias)

(Appears on:AlertManagerDiscoverySpec, AlertManagerNotificationQueueSpec, AlertingRuleGroup, AlertingRuleGroupSpec, RecordingRuleGroup, RemoteWriteClientQueueSpec, RemoteWriteClientSpec, RemoteWriteSpec, RulerConfigSpec)

PrometheusDuration defines the type for Prometheus durations.

QueryLimitSpec

(Appears on:LimitsTemplateSpec)

QueryLimitSpec defines the limits applies at the query path.

Field Description
maxEntriesLimitPerQuery
int32
(Optional)

MaxEntriesLimitsPerQuery defines the maximum number of log entries that will be returned for a query.

maxChunksPerQuery
int32
(Optional)

MaxChunksPerQuery defines the maximum number of chunks that can be fetched by a single query.

maxQuerySeries
int32

MaxQuerySeries defines the the maximum of unique series that is returned by a metric query.

RecordingRule

RecordingRule is the Schema for the recordingrules API

Field Description
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
RecordingRuleSpec
status
RecordingRuleStatus

RecordingRuleGroup

(Appears on:RecordingRuleSpec)

RecordingRuleGroup defines a group of Loki recording rules.

Field Description
name
string

Name of the recording rule group. Must be unique within all recording rules.

interval
PrometheusDuration
(Optional)

Interval defines the time interval between evaluation of the given recoding rule.

limit
int32
(Optional)

Limit defines the number of series a recording rule can produce. 0 is no limit.

rules
[]*RecordingRuleGroupSpec

Rules defines a list of recording rules

RecordingRuleGroupSpec

(Appears on:RecordingRuleGroup)

RecordingRuleGroupSpec defines the spec for a Loki recording rule.

Field Description
record
string
(Optional)

The name of the time series to output to. Must be a valid metric name.

expr
string

The LogQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending/firing alerts.

RecordingRuleSpec

(Appears on:RecordingRule)

RecordingRuleSpec defines the desired state of RecordingRule

Field Description
tenantID
string

TenantID of tenant where the recording rules are evaluated in.

groups
[]*RecordingRuleGroup
(Optional)

List of groups for recording rules.

RecordingRuleStatus

(Appears on:RecordingRule)

RecordingRuleStatus defines the observed state of RecordingRule

Field Description
conditions
[]Kubernetes meta/v1.Condition
(Optional)

Conditions of the RecordingRule generation health.

RelabelActionType

(string alias)

(Appears on:RelabelConfig)

RelabelActionType defines the enumeration type for RelabelConfig actions.

RelabelConfig

(Appears on:AlertManagerSpec, RemoteWriteClientSpec)

RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines <metric_relabel_configs> and <alert_relabel_configs> sections of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs

Field Description
sourceLabels
[]string

The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.

separator
string
(Optional)

Separator placed between concatenated source label values. default is ‘;’.

targetLabel
string
(Optional)

Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.

regex
string
(Optional)

Regular expression against which the extracted value is matched. Default is ‘(.*)’

modulus
uint64
(Optional)

Modulus to take of the hash of the source label values.

replacement
string
(Optional)

Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is ‘$1’

action
RelabelActionType
(Optional)

Action to perform based on regex matching. Default is ‘replace’

RemoteWriteAuthType

(string alias)

(Appears on:RemoteWriteClientSpec)

RemoteWriteAuthType defines the type of authorization to use to access the remote write endpoint.

Value Description

"basic"

BasicAuthorization defines the remote write client to use HTTP basic authorization.

"bearer"

BearerAuthorization defines the remote write client to use HTTP bearer authorization.

RemoteWriteClientQueueSpec

(Appears on:RemoteWriteSpec)

RemoteWriteClientQueueSpec defines the configuration of the remote write client queue.

Field Description
capacity
int32
(Optional)

Number of samples to buffer per shard before we block reading of more

maxShards
int32
(Optional)

Maximum number of shards, i.e. amount of concurrency.

minShards
int32
(Optional)

Minimum number of shards, i.e. amount of concurrency.

maxSamplesPerSend
int32
(Optional)

Maximum number of samples per send.

batchSendDeadline
PrometheusDuration
(Optional)

Maximum time a sample will wait in buffer.

minBackOffPeriod
PrometheusDuration
(Optional)

Initial retry delay. Gets doubled for every retry.

maxBackOffPeriod
PrometheusDuration
(Optional)

Maximum retry delay.

RemoteWriteClientSpec

(Appears on:RemoteWriteSpec)

RemoteWriteClientSpec defines the configuration of the remote write client.

Field Description
name
string

Name of the remote write config, which if specified must be unique among remote write configs.

url
string

The URL of the endpoint to send samples to.

timeout
PrometheusDuration
(Optional)

Timeout for requests to the remote write endpoint.

authorization
RemoteWriteAuthType

Type of authorzation to use to access the remote write endpoint

authorizationSecretName
string

Name of a secret in the namespace configured for authorization secrets.

additionalHeaders
map[string]string
(Optional)

Additional HTTP headers to be sent along with each remote write request.

relabelConfigs
[]RelabelConfig
(Optional)

List of remote write relabel configurations.

proxyUrl
string
(Optional)

Optional proxy URL.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

RemoteWriteSpec

(Appears on:RulerConfigSpec)

RemoteWriteSpec defines the configuration for ruler’s remote_write connectivity.

Field Description
enabled
bool
(Optional)

Enable remote-write functionality.

refreshPeriod
PrometheusDuration
(Optional)

Minimum period to wait between refreshing remote-write reconfigurations.

client
RemoteWriteClientSpec
(Optional)

Defines the configuration for remote write client.

queue
RemoteWriteClientQueueSpec
(Optional)

Defines the configuration for remote write client queue.

RoleBindingsSpec

(Appears on:AuthorizationSpec)

RoleBindingsSpec binds a set of roles to a set of subjects.

Field Description
name
string
subjects
[]Subject
roles
[]string

RoleSpec

(Appears on:AuthorizationSpec)

RoleSpec describes a set of permissions to interact with a tenant.

Field Description
name
string
resources
[]string
tenants
[]string
permissions
[]PermissionType

RulerConfig

RulerConfig is the Schema for the rulerconfigs API

Field Description
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
RulerConfigSpec
status
RulerConfigStatus

RulerConfigSpec

(Appears on:RulerConfig)

RulerConfigSpec defines the desired state of Ruler

Field Description
evaluationInterval
PrometheusDuration
(Optional)

Interval on how frequently to evaluate rules.

pollInterval
PrometheusDuration
(Optional)

Interval on how frequently to poll for new rule definitions.

alertmanager
AlertManagerSpec
(Optional)

Defines alert manager configuration to notify on firing alerts.

remoteWrite
RemoteWriteSpec
(Optional)

Defines a remote write endpoint to write recording rule metrics.

overrides
map[string]github.com/grafana/loki/operator/apis/loki/v1beta1.RulerOverrides
(Optional)

Overrides defines the config overrides to be applied per-tenant.

RulerConfigStatus

(Appears on:RulerConfig)

RulerConfigStatus defines the observed state of RulerConfig

Field Description
conditions
[]Kubernetes meta/v1.Condition
(Optional)

Conditions of the RulerConfig health.

RulerOverrides

(Appears on:RulerConfigSpec)

RulerOverrides defines the overrides applied per-tenant.

Field Description
alertmanager
AlertManagerSpec
(Optional)

AlertManagerOverrides defines the overrides to apply to the alertmanager config.

RulesSpec

(Appears on:LokiStackSpec)

RulesSpec deifnes the spec for the ruler component.

Field Description
enabled
bool

Enabled defines a flag to enable/disable the ruler component

selector
Kubernetes meta/v1.LabelSelector
(Optional)

A selector to select which LokiRules to mount for loading alerting/recording rules from.

namespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the LokiStack object is in is used.

StorageSchemaEffectiveDate

(string alias)

(Appears on:ObjectStorageSchema)

StorageSchemaEffectiveDate defines the type for the Storage Schema Effect Date

Subject

(Appears on:RoleBindingsSpec)

Subject represents a subject that has been bound to a role.

Field Description
name
string
kind
SubjectKind

SubjectKind

(string alias)

(Appears on:Subject)

SubjectKind is a kind of LokiStack Gateway RBAC subject.

Value Description

"group"

Group represents a subject that is a group.

"user"

User represents a subject that is a user.

TenantSecretSpec

(Appears on:OIDCSpec)

TenantSecretSpec is a secret reference containing name only for a secret living in the same namespace as the LokiStack custom resource.

Field Description
name
string

Name of a secret in the namespace configured for tenant secrets.

TenantsSpec

(Appears on:LokiStackSpec)

TenantsSpec defines the mode, authentication and authorization configuration of the lokiStack gateway component.

Field Description
mode
ModeType

Mode defines the mode in which lokistack-gateway component will be configured.

authentication
[]AuthenticationSpec
(Optional)

Authentication defines the lokistack-gateway component authentication configuration spec per tenant.

authorization
AuthorizationSpec
(Optional)

Authorization defines the lokistack-gateway component authorization configuration spec per tenant.