feat: Upgrade monitoring stack (#1071)
diff --git a/charts/loki/Chart.lock b/charts/loki/Chart.lock
index 547f0f0..e8c779c 100644
--- a/charts/loki/Chart.lock
+++ b/charts/loki/Chart.lock
@@ -1,9 +1,9 @@
dependencies:
- name: minio
repository: https://charts.min.io/
- version: 4.0.12
+ version: 4.0.15
- name: grafana-agent-operator
repository: https://grafana.github.io/helm-charts
- version: 0.2.3
-digest: sha256:74ef214ca08874662ab403a2e5eea39df26ad690962fa19f9ff69cf551550ff2
-generated: "2022-09-14T10:22:56.1397723-06:00"
+ version: 0.3.15
+digest: sha256:b7a42cd0e56544f6168a586fde03e26c801bb20cf69bc004a8f6000d93b98100
+generated: "2024-01-27T21:57:28.190462917+05:30"
diff --git a/charts/loki/Chart.yaml b/charts/loki/Chart.yaml
index cf8817b..16de80c 100644
--- a/charts/loki/Chart.yaml
+++ b/charts/loki/Chart.yaml
@@ -1,16 +1,16 @@
apiVersion: v2
-appVersion: 2.7.3
+appVersion: 2.9.6
dependencies:
- alias: minio
condition: minio.enabled
name: minio
repository: https://charts.min.io/
- version: 4.0.12
+ version: 4.0.15
- alias: grafana-agent-operator
condition: monitoring.selfMonitoring.grafanaAgent.installOperator
name: grafana-agent-operator
repository: https://grafana.github.io/helm-charts
- version: 0.2.3
+ version: 0.3.15
description: Helm chart for Grafana Loki in simple, scalable mode
home: https://grafana.github.io/helm-charts
icon: https://grafana.com/docs/loki/latest/logo_and_name.png
@@ -23,4 +23,4 @@
- https://grafana.com/oss/loki/
- https://grafana.com/docs/loki/latest/
type: application
-version: 4.6.1
+version: 5.47.2
diff --git a/charts/loki/Makefile b/charts/loki/Makefile
new file mode 100644
index 0000000..4b56414
--- /dev/null
+++ b/charts/loki/Makefile
@@ -0,0 +1,7 @@
+.DEFAULT_GOAL := all
+.PHONY: lint lint-yaml
+
+lint: lint-yaml
+
+lint-yaml:
+ yamllint -c $(CURDIR)/src/.yamllint.yaml $(CURDIR)/src
diff --git a/charts/loki/README.md b/charts/loki/README.md
index 6f908a7..942498d 100644
--- a/charts/loki/README.md
+++ b/charts/loki/README.md
@@ -1,6 +1,6 @@
# loki
-  
+  
Helm chart for Grafana Loki in simple, scalable mode
@@ -14,7 +14,7 @@
| Repository | Name | Version |
|------------|------|---------|
-| https://charts.min.io/ | minio(minio) | 4.0.12 |
-| https://grafana.github.io/helm-charts | grafana-agent-operator(grafana-agent-operator) | 0.2.3 |
+| https://charts.min.io/ | minio(minio) | 4.0.15 |
+| https://grafana.github.io/helm-charts | grafana-agent-operator(grafana-agent-operator) | 0.3.15 |
Find more information in the Loki Helm Chart [documentation](https://grafana.com/docs/loki/next/installation/helm).
diff --git a/charts/loki/charts/grafana-agent-operator/Chart.yaml b/charts/loki/charts/grafana-agent-operator/Chart.yaml
index c302ca5..298225e 100644
--- a/charts/loki/charts/grafana-agent-operator/Chart.yaml
+++ b/charts/loki/charts/grafana-agent-operator/Chart.yaml
@@ -1,13 +1,13 @@
apiVersion: v2
-appVersion: 0.25.1
+appVersion: 0.39.1
description: A Helm chart for Grafana Agent Operator
-home: https://grafana.com/docs/agent/latest/
-icon: https://raw.githubusercontent.com/grafana/agent/v0.25.1/docs/assets/logo_and_name.png
+home: https://grafana.com/docs/agent/v0.39/
+icon: https://raw.githubusercontent.com/grafana/agent/v0.39.1/docs/sources/assets/logo_and_name.png
maintainers:
- email: grafana-agent-team@googlegroups.com
name: Grafana Agent Team
name: grafana-agent-operator
sources:
-- https://github.com/grafana/agent/tree/v0.25.1/pkg/operator
+- https://github.com/grafana/agent/tree/v0.39.1/pkg/operator
type: application
-version: 0.2.3
+version: 0.3.15
diff --git a/charts/loki/charts/grafana-agent-operator/README.md b/charts/loki/charts/grafana-agent-operator/README.md
index 5a05193..9a321ce 100644
--- a/charts/loki/charts/grafana-agent-operator/README.md
+++ b/charts/loki/charts/grafana-agent-operator/README.md
@@ -1,6 +1,6 @@
# grafana-agent-operator
-  
+  
A Helm chart for Grafana Agent Operator
@@ -8,7 +8,7 @@
## Source Code
-* <https://github.com/grafana/agent/tree/v0.25.1/pkg/operator>
+* <https://github.com/grafana/agent/tree/v0.39.1/pkg/operator>
Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources.
@@ -16,7 +16,7 @@
## CRDs
-The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/production/operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs.
+The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs.
## Get Repo Info
@@ -55,20 +55,23 @@
|-----|------|---------|-------------|
| affinity | object | `{}` | Pod affinity configuration |
| annotations | object | `{}` | Annotations for the Deployment |
+| containerSecurityContext | object | `{}` | Container security context (allowPrivilegeEscalation, etc.) |
| extraArgs | list | `[]` | List of additional cli arguments to configure agent-operator (example: `--log.level`) |
| fullnameOverride | string | `""` | Overrides the chart's computed fullname |
+| hostAliases | list | `[]` | hostAliases to add |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| image.pullSecrets | list | `[]` | Image pull secrets |
| image.registry | string | `"docker.io"` | Image registry |
| image.repository | string | `"grafana/agent-operator"` | Image repo |
-| image.tag | string | `"v0.25.1"` | Image tag |
+| image.tag | string | `"v0.39.1"` | Image tag |
| kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets |
| nameOverride | string | `""` | Overrides the chart's name |
| nodeSelector | object | `{}` | nodeSelector configuration |
| podAnnotations | object | `{}` | Annotations for the Deployment Pods |
| podLabels | object | `{}` | Annotations for the Deployment Pods |
| podSecurityContext | object | `{}` | Pod security context (runAsUser, etc.) |
-| rbac | object | `{"create":true}` | Toggle to create ClusterRole and ClusterRoleBinding |
+| rbac.create | bool | `true` | Toggle to create ClusterRole and ClusterRoleBinding |
+| rbac.podSecurityPolicyName | string | `""` | Name of a PodSecurityPolicy to use in the ClusterRole. If unset, no PodSecurityPolicy is used. |
| resources | object | `{}` | Resource limits and requests config |
| serviceAccount.create | bool | `true` | Toggle to create ServiceAccount |
| serviceAccount.name | string | `nil` | Service account name |
diff --git a/charts/loki/charts/grafana-agent-operator/README.md.gotmpl b/charts/loki/charts/grafana-agent-operator/README.md.gotmpl
index 5b08d32..3dce97a 100644
--- a/charts/loki/charts/grafana-agent-operator/README.md.gotmpl
+++ b/charts/loki/charts/grafana-agent-operator/README.md.gotmpl
@@ -16,7 +16,7 @@
## CRDs
-The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/production/operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs.
+The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs.
## Get Repo Info
diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml
index 825a2da..3e1fae0 100644
--- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml
+++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml
@@ -3,7 +3,7 @@
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.8.0
+ controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: podmonitors.monitoring.coreos.com
spec:
@@ -14,6 +14,8 @@
kind: PodMonitor
listKind: PodMonitorList
plural: podmonitors
+ shortNames:
+ - pmon
singular: podmonitor
scope: Namespaced
versions:
@@ -38,6 +40,15 @@
description: Specification of desired Pod selection for target discovery
by Prometheus.
properties:
+ attachMetadata:
+ description: Attaches node metadata to discovered targets. Requires
+ Prometheus v2.35.0 and above.
+ properties:
+ node:
+ description: When set to true, Prometheus must have permissions
+ to get Nodes.
+ type: boolean
+ type: object
jobLabel:
description: The label to use to retrieve the job name from.
type: string
@@ -100,6 +111,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type:
description: Set the authentication type. Defaults to Bearer,
Basic will cause an error
@@ -128,6 +140,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
@@ -147,6 +160,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
bearerTokenSecret:
description: Secret to mount to read bearer token for scraping
@@ -168,6 +182,14 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
+ enableHttp2:
+ description: Whether to enable HTTP2.
+ type: boolean
+ filterRunning:
+ description: 'Drop pods that are not running. (Failed, Succeeded).
+ Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase'
+ type: boolean
followRedirects:
description: FollowRedirects configures whether scrape requests
follow HTTP 3xx redirects.
@@ -181,7 +203,9 @@
the timestamps present in scraped data.
type: boolean
interval:
- description: Interval at which metrics should be scraped
+ description: Interval at which metrics should be scraped If
+ not specified Prometheus' global scrape interval is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
metricRelabelings:
description: MetricRelabelConfigs to apply to samples before
@@ -195,15 +219,31 @@
action:
default: replace
description: Action to perform based on regex matching.
- Default is 'replace'
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
enum:
- replace
+ - Replace
- keep
+ - Keep
- drop
+ - Drop
- hashmod
+ - HashMod
- labelmap
+ - LabelMap
- labeldrop
+ - LabelDrop
- labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ - keepequal
+ - KeepEqual
+ - dropequal
+ - DropEqual
type: string
modulus:
description: Modulus to take of the hash of the source
@@ -269,6 +309,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -288,6 +329,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
clientSecret:
description: The secret containing the OAuth2 client secret
@@ -307,6 +349,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
endpointParams:
additionalProperties:
type: string
@@ -334,7 +377,8 @@
description: Optional HTTP URL parameters
type: object
path:
- description: HTTP path to scrape for metrics.
+ description: HTTP path to scrape for metrics. If empty, Prometheus
+ uses the default value (e.g. `/metrics`).
type: string
port:
description: Name of the pod port this endpoint refers to. Mutually
@@ -359,15 +403,31 @@
action:
default: replace
description: Action to perform based on regex matching.
- Default is 'replace'
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
enum:
- replace
+ - Replace
- keep
+ - Keep
- drop
+ - Drop
- hashmod
+ - HashMod
- labelmap
+ - LabelMap
- labeldrop
+ - LabelDrop
- labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ - keepequal
+ - KeepEqual
+ - dropequal
+ - DropEqual
type: string
modulus:
description: Modulus to take of the hash of the source
@@ -407,10 +467,18 @@
type: object
type: array
scheme:
- description: HTTP scheme to use for scraping.
+ description: HTTP scheme to use for scraping. `http` and `https`
+ are the expected values unless you rewrite the `__scheme__`
+ label via relabeling. If empty, Prometheus uses the default
+ value `http`.
+ enum:
+ - http
+ - https
type: string
scrapeTimeout:
- description: Timeout after which the scrape is ended
+ description: Timeout after which the scrape is ended If not
+ specified, the Prometheus global scrape interval is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
targetPort:
anyOf:
@@ -422,8 +490,8 @@
description: TLS configuration to use when scraping the endpoint.
properties:
ca:
- description: Struct containing the CA cert to use for the
- targets.
+ description: Certificate authority used when verifying server
+ certificates.
properties:
configMap:
description: ConfigMap containing data to use for the
@@ -444,6 +512,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -463,10 +532,10 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
cert:
- description: Struct containing the client cert file for
- the targets.
+ description: Client certificate to present when doing client-authentication.
properties:
configMap:
description: ConfigMap containing data to use for the
@@ -487,6 +556,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -506,6 +576,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
insecureSkipVerify:
description: Disable target certificate validation.
@@ -529,6 +600,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
serverName:
description: Used to verify the hostname for the targets.
type: string
@@ -590,6 +662,7 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
targetLimit:
description: TargetLimit defines a limit on the number of scraped
targets that will be accepted.
@@ -604,9 +677,3 @@
type: object
served: true
storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml
index 259f5a4..7ece55d 100644
--- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml
+++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml
@@ -3,7 +3,7 @@
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.8.0
+ controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: probes.monitoring.coreos.com
spec:
@@ -14,6 +14,8 @@
kind: Probe
listKind: ProbeList
plural: probes
+ shortNames:
+ - prb
singular: probe
scope: Namespaced
versions:
@@ -60,6 +62,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type:
description: Set the authentication type. Defaults to Bearer,
Basic will cause an error
@@ -88,6 +91,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
username:
description: The secret in the service monitor namespace that
contains the username for authentication.
@@ -107,6 +111,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
bearerTokenSecret:
description: Secret to mount to read bearer token for scraping targets.
@@ -127,9 +132,11 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
interval:
description: Interval at which targets are probed using the configured
prober. If not specified Prometheus' global scrape interval is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
jobName:
description: The job name assigned to scraped metrics by default.
@@ -161,15 +168,31 @@
action:
default: replace
description: Action to perform based on regex matching. Default
- is 'replace'
+ is 'replace'. uppercase and lowercase actions require Prometheus
+ >= 2.36.
enum:
- replace
+ - Replace
- keep
+ - Keep
- drop
+ - Drop
- hashmod
+ - HashMod
- labelmap
+ - LabelMap
- labeldrop
+ - LabelDrop
- labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ - keepequal
+ - KeepEqual
+ - dropequal
+ - DropEqual
type: string
modulus:
description: Modulus to take of the hash of the source label
@@ -237,6 +260,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -255,6 +279,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
clientSecret:
description: The secret containing the OAuth2 client secret
@@ -274,6 +299,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
endpointParams:
additionalProperties:
type: string
@@ -299,13 +325,20 @@
left empty.
properties:
path:
+ default: /probe
description: Path to collect metrics from. Defaults to `/probe`.
type: string
proxyUrl:
description: Optional ProxyURL.
type: string
scheme:
- description: HTTP scheme to use for scraping. Defaults to `http`.
+ description: HTTP scheme to use for scraping. `http` and `https`
+ are the expected values unless you rewrite the `__scheme__`
+ label via relabeling. If empty, Prometheus uses the default
+ value `http`.
+ enum:
+ - http
+ - https
type: string
url:
description: Mandatory URL of the prober.
@@ -320,6 +353,8 @@
type: integer
scrapeTimeout:
description: Timeout for scraping metrics from the Prometheus exporter.
+ If not specified, the Prometheus global scrape timeout is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
targetLimit:
description: TargetLimit defines a limit on the number of scraped
@@ -364,15 +399,31 @@
action:
default: replace
description: Action to perform based on regex matching.
- Default is 'replace'
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
enum:
- replace
+ - Replace
- keep
+ - Keep
- drop
+ - Drop
- hashmod
+ - HashMod
- labelmap
+ - LabelMap
- labeldrop
+ - LabelDrop
- labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ - keepequal
+ - KeepEqual
+ - dropequal
+ - DropEqual
type: string
modulus:
description: Modulus to take of the hash of the source
@@ -456,6 +507,7 @@
only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
type: object
staticConfig:
description: 'staticConfig defines the static list of targets
@@ -480,15 +532,31 @@
action:
default: replace
description: Action to perform based on regex matching.
- Default is 'replace'
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
enum:
- replace
+ - Replace
- keep
+ - Keep
- drop
+ - Drop
- hashmod
+ - HashMod
- labelmap
+ - LabelMap
- labeldrop
+ - LabelDrop
- labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ - keepequal
+ - KeepEqual
+ - dropequal
+ - DropEqual
type: string
modulus:
description: Modulus to take of the hash of the source
@@ -538,7 +606,8 @@
description: TLS configuration to use when scraping the endpoint.
properties:
ca:
- description: Struct containing the CA cert to use for the targets.
+ description: Certificate authority used when verifying server
+ certificates.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
@@ -557,6 +626,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -575,9 +645,10 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
cert:
- description: Struct containing the client cert file for the targets.
+ description: Client certificate to present when doing client-authentication.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
@@ -596,6 +667,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -614,6 +686,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
insecureSkipVerify:
description: Disable target certificate validation.
@@ -636,6 +709,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
serverName:
description: Used to verify the hostname for the targets.
type: string
@@ -646,9 +720,3 @@
type: object
served: true
storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml
index 8f8f8ae..5d66118 100644
--- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml
+++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml
@@ -3,7 +3,7 @@
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.8.0
+ controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: servicemonitors.monitoring.coreos.com
spec:
@@ -14,6 +14,8 @@
kind: ServiceMonitor
listKind: ServiceMonitorList
plural: servicemonitors
+ shortNames:
+ - smon
singular: servicemonitor
scope: Namespaced
versions:
@@ -38,6 +40,15 @@
description: Specification of desired Service selection for target discovery
by Prometheus.
properties:
+ attachMetadata:
+ description: Attaches node metadata to discovered targets. Requires
+ Prometheus v2.37.0 and above.
+ properties:
+ node:
+ description: When set to true, Prometheus must have permissions
+ to get Nodes.
+ type: boolean
+ type: object
endpoints:
description: A list of endpoints allowed as part of this ServiceMonitor.
items:
@@ -66,6 +77,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type:
description: Set the authentication type. Defaults to Bearer,
Basic will cause an error
@@ -94,6 +106,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
@@ -113,6 +126,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
bearerTokenFile:
description: File to read bearer token for scraping targets.
@@ -137,6 +151,14 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
+ enableHttp2:
+ description: Whether to enable HTTP2.
+ type: boolean
+ filterRunning:
+ description: 'Drop pods that are not running. (Failed, Succeeded).
+ Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase'
+ type: boolean
followRedirects:
description: FollowRedirects configures whether scrape requests
follow HTTP 3xx redirects.
@@ -150,7 +172,9 @@
the timestamps present in scraped data.
type: boolean
interval:
- description: Interval at which metrics should be scraped
+ description: Interval at which metrics should be scraped If
+ not specified Prometheus' global scrape interval is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
metricRelabelings:
description: MetricRelabelConfigs to apply to samples before
@@ -164,15 +188,31 @@
action:
default: replace
description: Action to perform based on regex matching.
- Default is 'replace'
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
enum:
- replace
+ - Replace
- keep
+ - Keep
- drop
+ - Drop
- hashmod
+ - HashMod
- labelmap
+ - LabelMap
- labeldrop
+ - LabelDrop
- labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ - keepequal
+ - KeepEqual
+ - dropequal
+ - DropEqual
type: string
modulus:
description: Modulus to take of the hash of the source
@@ -238,6 +278,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -257,6 +298,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
clientSecret:
description: The secret containing the OAuth2 client secret
@@ -276,6 +318,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
endpointParams:
additionalProperties:
type: string
@@ -303,7 +346,8 @@
description: Optional HTTP URL parameters
type: object
path:
- description: HTTP path to scrape for metrics.
+ description: HTTP path to scrape for metrics. If empty, Prometheus
+ uses the default value (e.g. `/metrics`).
type: string
port:
description: Name of the service port this endpoint refers to.
@@ -328,15 +372,31 @@
action:
default: replace
description: Action to perform based on regex matching.
- Default is 'replace'
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
enum:
- replace
+ - Replace
- keep
+ - Keep
- drop
+ - Drop
- hashmod
+ - HashMod
- labelmap
+ - LabelMap
- labeldrop
+ - LabelDrop
- labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ - keepequal
+ - KeepEqual
+ - dropequal
+ - DropEqual
type: string
modulus:
description: Modulus to take of the hash of the source
@@ -376,10 +436,19 @@
type: object
type: array
scheme:
- description: HTTP scheme to use for scraping.
+ description: HTTP scheme to use for scraping. `http` and `https`
+ are the expected values unless you rewrite the `__scheme__`
+ label via relabeling. If empty, Prometheus uses the default
+ value `http`.
+ enum:
+ - http
+ - https
type: string
scrapeTimeout:
- description: Timeout after which the scrape is ended
+ description: Timeout after which the scrape is ended If not
+ specified, the Prometheus global scrape timeout is used unless
+ it is less than `Interval` in which the latter is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
targetPort:
anyOf:
@@ -393,8 +462,8 @@
description: TLS configuration to use when scraping the endpoint
properties:
ca:
- description: Struct containing the CA cert to use for the
- targets.
+ description: Certificate authority used when verifying server
+ certificates.
properties:
configMap:
description: ConfigMap containing data to use for the
@@ -415,6 +484,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -434,14 +504,14 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
- description: Struct containing the client cert file for
- the targets.
+ description: Client certificate to present when doing client-authentication.
properties:
configMap:
description: ConfigMap containing data to use for the
@@ -462,6 +532,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -481,6 +552,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
certFile:
description: Path to the client cert file in the Prometheus
@@ -512,6 +584,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
serverName:
description: Used to verify the hostname for the targets.
type: string
@@ -519,10 +592,13 @@
type: object
type: array
jobLabel:
- description: "Chooses the label of the Kubernetes `Endpoints`. Its
- value will be used for the `job`-label's value of the created metrics.
- \n Default & fallback value: the name of the respective Kubernetes
- `Endpoint`."
+ description: "JobLabel selects the label from the associated Kubernetes
+ service which will be used as the `job` label for all metrics. \n
+ For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo:
+ bar`, then the `job=\"bar\"` label is added to all metrics. \n If
+ the value of this field is empty or if the label doesn't exist for
+ the given Service, the `job` label of the metrics defaults to the
+ name of the Kubernetes Service."
type: string
labelLimit:
description: Per-scrape limit on number of labels that will be accepted
@@ -610,6 +686,7 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
targetLabels:
description: TargetLabels transfers labels from the Kubernetes `Service`
onto the created metrics.
@@ -630,9 +707,3 @@
type: object
served: true
storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml
index 69a5abc..fab68b1 100644
--- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml
+++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml
@@ -3,7 +3,7 @@
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.8.0
+ controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: grafanaagents.monitoring.grafana.com
spec:
@@ -140,6 +140,7 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching the corresponding
nodeSelectorTerm, in the range 1-100.
@@ -240,10 +241,12 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
+ x-kubernetes-map-type: atomic
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g. co-locate
@@ -320,6 +323,7 @@
The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
@@ -327,9 +331,7 @@
field and the ones listed in the namespaces field.
null selector and null or empty namespaces list
means "this pod's namespace". An empty selector
- ({}) matches all namespaces. This field is beta-level
- and is only honored when PodAffinityNamespaceSelector
- feature is enabled.
+ ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
@@ -378,13 +380,14 @@
The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to. The
term is applied to the union of the namespaces
listed in this field and the ones selected by
namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace"
+ and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -476,6 +479,7 @@
requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied to the
@@ -483,8 +487,6 @@
the ones listed in the namespaces field. null selector
and null or empty namespaces list means "this pod's
namespace". An empty selector ({}) matches all namespaces.
- This field is beta-level and is only honored when
- PodAffinityNamespaceSelector feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
@@ -529,13 +531,14 @@
requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static list of namespace
names that the term applies to. The term is applied
to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or
empty namespaces list and null namespaceSelector means
- "this pod's namespace"
+ "this pod's namespace".
items:
type: string
type: array
@@ -629,6 +632,7 @@
The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
@@ -636,9 +640,7 @@
field and the ones listed in the namespaces field.
null selector and null or empty namespaces list
means "this pod's namespace". An empty selector
- ({}) matches all namespaces. This field is beta-level
- and is only honored when PodAffinityNamespaceSelector
- feature is enabled.
+ ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
@@ -687,13 +689,14 @@
The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to. The
term is applied to the union of the namespaces
listed in this field and the ones selected by
namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace"
+ and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -785,6 +788,7 @@
requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied to the
@@ -792,8 +796,6 @@
the ones listed in the namespaces field. null selector
and null or empty namespaces list means "this pod's
namespace". An empty selector ({}) matches all namespaces.
- This field is beta-level and is only honored when
- PodAffinityNamespaceSelector feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
@@ -838,13 +840,14 @@
requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static list of namespace
names that the term applies to. The term is applied
to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or
empty namespaces list and null namespaceSelector means
- "this pod's namespace"
+ "this pod's namespace".
items:
type: string
type: array
@@ -864,11 +867,11 @@
type: object
type: object
apiServer:
- description: APIServerConfig allows specifying a host and auth methods
- to access the Kubernetes API server. If left empty, the Agent will
- assume that it is running inside of the cluster and will discover
- API servers automatically and use the pod's CA certificate and bearer
- token file at /var/run/secrets/kubernetes.io/serviceaccount.
+ description: APIServerConfig lets you specify a host and auth methods
+ to access the Kubernetes API server. If left empty, the Agent assumes
+ that it is running inside of the cluster and will discover API servers
+ automatically and use the pod's CA certificate and bearer token
+ file at /var/run/secrets/kubernetes.io/serviceaccount.
properties:
authorization:
description: Authorization section for accessing apiserver
@@ -892,6 +895,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
credentialsFile:
description: File to read a secret from, mutually exclusive
with Credentials (from SafeAuthorization)
@@ -924,6 +928,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
username:
description: The secret in the service monitor namespace that
contains the username for authentication.
@@ -943,6 +948,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
bearerToken:
description: Bearer token for accessing apiserver.
@@ -958,8 +964,8 @@
description: TLS Config to use for accessing apiserver.
properties:
ca:
- description: Struct containing the CA cert to use for the
- targets.
+ description: Certificate authority used when verifying server
+ certificates.
properties:
configMap:
description: ConfigMap containing data to use for the
@@ -980,6 +986,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -999,14 +1006,14 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
- description: Struct containing the client cert file for the
- targets.
+ description: Client certificate to present when doing client-authentication.
properties:
configMap:
description: ConfigMap containing data to use for the
@@ -1027,6 +1034,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -1046,6 +1054,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
certFile:
description: Path to the client cert file in the Prometheus
@@ -1077,6 +1086,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
serverName:
description: Used to verify the hostname for the targets.
type: string
@@ -1085,29 +1095,38 @@
- host
type: object
configMaps:
- description: ConfigMaps is a liset of config maps in the same namespace
+ description: ConfigMaps is a list of config maps in the same namespace
as the GrafanaAgent object which will be mounted into each running
- Grafana Agent pod. The ConfigMaps are mounted into /etc/grafana-agent/extra-configmaps/<configmap-name>.
+ Grafana Agent pod. The ConfigMaps are mounted into /var/lib/grafana-agent/extra-configmaps/<configmap-name>.
items:
type: string
type: array
+ configReloaderImage:
+ description: Image, when specified, overrides the image used to run
+ Config Reloader. Specify the image along with a tag. You still need
+ to set the version to ensure Grafana Agent Operator knows which
+ version of Grafana Agent is being configured.
+ type: string
+ configReloaderVersion:
+ description: Version of Config Reloader to be deployed.
+ type: string
containers:
- description: 'Containers allows injecting additional containers or
- modifying operator generated containers. This can be used to allow
- adding an authentication proxy to a Grafana Agent pod or to change
- the behavior of an operator-generated container. Containers described
- here modify an operator generated container if they share the same
- name and modifications are done via a strategic merge patch. The
- current container names are: `grafana-agent` and `config-reloader`.
- Overriding containers is entirely outside the scope of what the
- Grafana Agent team will support and by doing so, you accept that
- this behavior may break at any time without notice.'
+ description: 'Containers lets you inject additional containers or
+ modify operator-generated containers. This can be used to add an
+ authentication proxy to a Grafana Agent pod or to change the behavior
+ of an operator-generated container. Containers described here modify
+ an operator-generated container if they share the same name and
+ if modifications are done via a strategic merge patch. The current
+ container names are: `grafana-agent` and `config-reloader`. Overriding
+ containers is entirely outside the scope of what the Grafana Agent
+ team supports and by doing so, you accept that this behavior may
+ break at any time without notice.'
items:
description: A single application container that you want to run
within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The docker image''s
+ description: 'Arguments to the entrypoint. The container image''s
CMD is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If a variable
cannot be resolved, the reference in the input string will
@@ -1121,7 +1140,7 @@
type: array
command:
description: 'Entrypoint array. Not executed within a shell.
- The docker image''s ENTRYPOINT is used if this is not provided.
+ The container image''s ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the reference
in the input string will be unchanged. Double $$ are reduced
@@ -1179,6 +1198,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
@@ -1197,6 +1217,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -1222,6 +1243,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
@@ -1243,6 +1265,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -1273,6 +1296,7 @@
defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend to each
key in the ConfigMap. Must be a C_IDENTIFIER.
@@ -1289,10 +1313,11 @@
description: Specify whether the Secret must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management
to default or override container images in workload controllers
like Deployments and StatefulSets.'
@@ -1346,7 +1371,9 @@
to be used in HTTP probes
properties:
name:
- description: The header field name
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
type: string
value:
description: The header field value
@@ -1442,7 +1469,9 @@
to be used in HTTP probes
properties:
name:
- description: The header field name
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
type: string
value:
description: The header field value
@@ -1522,8 +1551,6 @@
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
- This is an alpha field and requires enabling GRPCContainerProbe
- feature gate.
properties:
port:
description: Port number of the gRPC service. Number
@@ -1555,7 +1582,9 @@
to be used in HTTP probes
properties:
name:
- description: The header field name
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
type: string
value:
description: The header field value
@@ -1650,13 +1679,13 @@
Cannot be updated.
type: string
ports:
- description: List of ports to expose from the container. Exposing
- a port here gives the system additional information about
- the network connections a container uses, but is primarily
- informational. Not specifying a port here DOES NOT prevent
- that port from being exposed. Any port which is listening
- on the default "0.0.0.0" address inside a container will be
- accessible from the network. Cannot be updated.
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
items:
description: ContainerPort represents a network port in a
single container.
@@ -1724,8 +1753,6 @@
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
- This is an alpha field and requires enabling GRPCContainerProbe
- feature gate.
properties:
port:
description: Port number of the gRPC service. Number
@@ -1757,7 +1784,9 @@
to be used in HTTP probes
properties:
name:
- description: The header field name
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
type: string
value:
description: The header field value
@@ -1846,10 +1875,52 @@
format: int32
type: integer
type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource resize
+ policy for the container.
+ properties:
+ resourceName:
+ description: 'Name of the resource to which this resource
+ resize policy applies. Supported values: cpu, memory.'
+ type: string
+ restartPolicy:
+ description: Restart policy to apply when specified resource
+ is resized. If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only
+ be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -1870,10 +1941,29 @@
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
+ restartPolicy:
+ description: 'RestartPolicy defines the restart behavior of
+ individual containers in a pod. This field may only be set
+ for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod''s restart policy
+ and the container type. Setting the RestartPolicy as "Always"
+ for the init container will have the following effect: this
+ init container will be continually restarted on exit until
+ all regular containers have terminated. Once all regular containers
+ have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init
+ containers and is often referred to as a "sidecar" container.
+ Although this init container still starts in the init container
+ sequence, it does not wait for the container to complete before
+ proceeding to the next init container. Instead, the next init
+ container starts immediately after this init container is
+ started, or after any startupProbe has successfully completed.'
+ type: string
securityContext:
description: 'SecurityContext defines the security options the
container should be run with. If set, the fields of SecurityContext
@@ -1995,8 +2085,8 @@
in a file on the node should be used. The profile
must be preconfigured on the node to work. Must be
a descending path, relative to the kubelet's configured
- seccomp profile location. Must only be set if type
- is "Localhost".
+ seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
type: string
type:
description: "type indicates which kind of seccomp profile
@@ -2029,16 +2119,12 @@
type: string
hostProcess:
description: HostProcess determines if a container should
- be run as a 'Host Process' container. This field is
- alpha-level and will only be honored by components
- that enable the WindowsHostProcessContainers feature
- flag. Setting this field without the feature flag
- will result in errors when validating the Pod. All
- of a Pod's containers must have the same effective
- HostProcess value (it is not allowed to have a mix
- of HostProcess containers and non-HostProcess containers). In
- addition, if HostProcess is true then HostNetwork
- must also be set to true.
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also
+ be set to true.
type: boolean
runAsUserName:
description: The UserName in Windows to run the entrypoint
@@ -2084,8 +2170,6 @@
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
- This is an alpha field and requires enabling GRPCContainerProbe
- feature gate.
properties:
port:
description: Port number of the gRPC service. Number
@@ -2117,7 +2201,9 @@
to be used in HTTP probes
properties:
name:
- description: The header field name
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
type: string
value:
description: The header field value
@@ -2317,21 +2403,31 @@
- name
type: object
type: array
+ disableReporting:
+ default: false
+ description: disableReporting disables reporting of enabled feature
+ flags to Grafana.
+ type: boolean
+ disableSupportBundle:
+ default: false
+ description: disableSupportBundle disables the generation of support
+ bundles.
+ type: boolean
enableConfigReadAPI:
default: false
description: enableConfigReadAPI enables the read API for viewing
- currently running config port 8080 on the agent.
+ the currently running config port 8080 on the agent.
type: boolean
image:
description: Image, when specified, overrides the image used to run
- the Agent. It should be specified along with a tag. Version must
- still be set to ensure the Grafana Agent Operator knows which version
+ Agent. Specify the image along with a tag. You still need to set
+ the version to ensure Grafana Agent Operator knows which version
of Grafana Agent is being configured.
type: string
imagePullSecrets:
description: 'ImagePullSecrets holds an optional list of references
- to secrets within the same namespace to use for pulling the Grafana
- Agent image from registries. More info: https://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod'
+ to Secrets within the same namespace used for pulling the Grafana
+ Agent image from registries. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
items:
description: LocalObjectReference contains enough information to
let you locate the referenced object inside the same namespace.
@@ -2341,23 +2437,24 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
type: array
initContainers:
- description: 'InitContainers allows adding initContainers to the pod
+ description: 'InitContainers let you add initContainers to the pod
definition. These can be used to, for example, fetch secrets for
injection into the Grafana Agent configuration from external sources.
- Any errors during the execution of an initContainer will lead to
- a restart of the pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ Errors during the execution of an initContainer cause the pod to
+ restart. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Using initContainers for any use case other than secret fetching
is entirely outside the scope of what the Grafana Agent maintainers
- will support and by doing so, you accept that this behavior may
- break at any time without notice.'
+ support and by doing so, you accept that this behavior may break
+ at any time without notice.'
items:
description: A single application container that you want to run
within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The docker image''s
+ description: 'Arguments to the entrypoint. The container image''s
CMD is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If a variable
cannot be resolved, the reference in the input string will
@@ -2371,7 +2468,7 @@
type: array
command:
description: 'Entrypoint array. Not executed within a shell.
- The docker image''s ENTRYPOINT is used if this is not provided.
+ The container image''s ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the reference
in the input string will be unchanged. Double $$ are reduced
@@ -2429,6 +2526,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
@@ -2447,6 +2545,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -2472,6 +2571,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
@@ -2493,6 +2593,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -2523,6 +2624,7 @@
defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend to each
key in the ConfigMap. Must be a C_IDENTIFIER.
@@ -2539,10 +2641,11 @@
description: Specify whether the Secret must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management
to default or override container images in workload controllers
like Deployments and StatefulSets.'
@@ -2596,7 +2699,9 @@
to be used in HTTP probes
properties:
name:
- description: The header field name
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
type: string
value:
description: The header field value
@@ -2692,7 +2797,9 @@
to be used in HTTP probes
properties:
name:
- description: The header field name
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
type: string
value:
description: The header field value
@@ -2772,8 +2879,6 @@
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
- This is an alpha field and requires enabling GRPCContainerProbe
- feature gate.
properties:
port:
description: Port number of the gRPC service. Number
@@ -2805,7 +2910,9 @@
to be used in HTTP probes
properties:
name:
- description: The header field name
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
type: string
value:
description: The header field value
@@ -2900,13 +3007,13 @@
Cannot be updated.
type: string
ports:
- description: List of ports to expose from the container. Exposing
- a port here gives the system additional information about
- the network connections a container uses, but is primarily
- informational. Not specifying a port here DOES NOT prevent
- that port from being exposed. Any port which is listening
- on the default "0.0.0.0" address inside a container will be
- accessible from the network. Cannot be updated.
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
items:
description: ContainerPort represents a network port in a
single container.
@@ -2974,8 +3081,6 @@
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
- This is an alpha field and requires enabling GRPCContainerProbe
- feature gate.
properties:
port:
description: Port number of the gRPC service. Number
@@ -3007,7 +3112,9 @@
to be used in HTTP probes
properties:
name:
- description: The header field name
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
type: string
value:
description: The header field value
@@ -3096,10 +3203,52 @@
format: int32
type: integer
type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource resize
+ policy for the container.
+ properties:
+ resourceName:
+ description: 'Name of the resource to which this resource
+ resize policy applies. Supported values: cpu, memory.'
+ type: string
+ restartPolicy:
+ description: Restart policy to apply when specified resource
+ is resized. If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only
+ be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -3120,10 +3269,29 @@
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
+ restartPolicy:
+ description: 'RestartPolicy defines the restart behavior of
+ individual containers in a pod. This field may only be set
+ for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod''s restart policy
+ and the container type. Setting the RestartPolicy as "Always"
+ for the init container will have the following effect: this
+ init container will be continually restarted on exit until
+ all regular containers have terminated. Once all regular containers
+ have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init
+ containers and is often referred to as a "sidecar" container.
+ Although this init container still starts in the init container
+ sequence, it does not wait for the container to complete before
+ proceeding to the next init container. Instead, the next init
+ container starts immediately after this init container is
+ started, or after any startupProbe has successfully completed.'
+ type: string
securityContext:
description: 'SecurityContext defines the security options the
container should be run with. If set, the fields of SecurityContext
@@ -3245,8 +3413,8 @@
in a file on the node should be used. The profile
must be preconfigured on the node to work. Must be
a descending path, relative to the kubelet's configured
- seccomp profile location. Must only be set if type
- is "Localhost".
+ seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
type: string
type:
description: "type indicates which kind of seccomp profile
@@ -3279,16 +3447,12 @@
type: string
hostProcess:
description: HostProcess determines if a container should
- be run as a 'Host Process' container. This field is
- alpha-level and will only be honored by components
- that enable the WindowsHostProcessContainers feature
- flag. Setting this field without the feature flag
- will result in errors when validating the Pod. All
- of a Pod's containers must have the same effective
- HostProcess value (it is not allowed to have a mix
- of HostProcess containers and non-HostProcess containers). In
- addition, if HostProcess is true then HostNetwork
- must also be set to true.
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also
+ be set to true.
type: boolean
runAsUserName:
description: The UserName in Windows to run the entrypoint
@@ -3334,8 +3498,6 @@
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
- This is an alpha field and requires enabling GRPCContainerProbe
- feature gate.
properties:
port:
description: Port number of the gRPC service. Number
@@ -3367,7 +3529,9 @@
to be used in HTTP probes
properties:
name:
- description: The header field name
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
type: string
value:
description: The header field value
@@ -3569,8 +3733,7 @@
type: array
integrations:
description: Integrations controls the integration subsystem of the
- Agent and settings unique to integration-specific pods that are
- deployed.
+ Agent and settings unique to deployed integration-specific pods.
properties:
namespaceSelector:
description: "Label selector for namespaces to search when discovering
@@ -3619,6 +3782,7 @@
"value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
selector:
description: Label selector to find Integration resources to run.
When nil, no integration resources will be defined.
@@ -3664,6 +3828,7 @@
"value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
type: object
logFormat:
description: LogFormat controls the logging format of the generated
@@ -3678,8 +3843,8 @@
settings unique to logging-specific pods that are deployed.
properties:
clients:
- description: Global set of clients to use when a discovered LogsInstance
- does not have any clients defined.
+ description: A global set of clients to use when a discovered
+ LogsInstance does not have any clients defined.
items:
description: LogsClientSpec defines the client integration for
logs, indicating which Loki server to send logs to.
@@ -3724,6 +3889,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
@@ -3744,6 +3910,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
batchSize:
description: Maximum batch size (in bytes) of logs to accumulate
@@ -3765,6 +3932,97 @@
description: ExternalLabels are labels to add to any time
series when sending data to Loki.
type: object
+ oauth2:
+ description: Oauth2 for URL
+ properties:
+ clientId:
+ description: The secret or configmap containing the
+ OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for
+ the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2 client
+ secret
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
proxyUrl:
description: ProxyURL to proxy requests through. Optional.
type: string
@@ -3783,8 +4041,8 @@
when the protocol of the URL is https.
properties:
ca:
- description: Struct containing the CA cert to use for
- the targets.
+ description: Certificate authority used when verifying
+ server certificates.
properties:
configMap:
description: ConfigMap containing data to use for
@@ -3806,6 +4064,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the
targets.
@@ -3827,14 +4086,15 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
- description: Struct containing the client cert file
- for the targets.
+ description: Client certificate to present when doing
+ client-authentication.
properties:
configMap:
description: ConfigMap containing data to use for
@@ -3856,6 +4116,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the
targets.
@@ -3877,6 +4138,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
certFile:
description: Path to the client cert file in the Prometheus
@@ -3909,6 +4171,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
serverName:
description: Used to verify the hostname for the targets.
type: string
@@ -3979,6 +4242,7 @@
"value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
instanceSelector:
description: InstanceSelector determines which LogInstances should
be selected for running. Each instance runs its own set of Prometheus
@@ -4025,6 +4289,7 @@
"value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
logsExternalLabelName:
description: LogsExternalLabelName is the name of the external
label used to denote Grafana Agent cluster. Defaults to "cluster."
@@ -4039,7 +4304,7 @@
arbitraryFSAccessThroughSMs:
description: ArbitraryFSAccessThroughSMs configures whether configuration
based on a ServiceMonitor can access arbitrary files on the
- file system of the Grafana Agent container e.g. bearer token
+ file system of the Grafana Agent container, e.g., bearer token
files.
properties:
deny:
@@ -4048,17 +4313,16 @@
enforcedNamespaceLabel:
description: EnforcedNamespaceLabel enforces adding a namespace
label of origin for each metric that is user-created. The label
- value will always be the namespace of the object that is being
- created.
+ value is always the namespace of the object that is being created.
type: string
enforcedSampleLimit:
- description: EnforcedSampleLimit defines global limit on the number
- of scraped samples that will be accepted. This overrides any
- SampleLimit set per ServiceMonitor and/or PodMonitor. It is
- meant to be used by admins to enforce the SampleLimit to keep
- the overall number of samples and series under the desired limit.
- Note that if a SampleLimit from a ServiceMonitor or PodMonitor
- is lower, that value will be used instead.
+ description: EnforcedSampleLimit defines a global limit on the
+ number of scraped samples that are accepted. This overrides
+ any SampleLimit set per ServiceMonitor and/or PodMonitor. It
+ is meant to be used by admins to enforce the SampleLimit to
+ keep the overall number of samples and series under the desired
+ limit. Note that if a SampleLimit from a ServiceMonitor or PodMonitor
+ is lower, that value is used instead.
format: int64
type: integer
enforcedTargetLimit:
@@ -4067,8 +4331,8 @@
per ServiceMonitor and/or PodMonitor. It is meant to be used
by admins to enforce the TargetLimit to keep the overall number
of targets under the desired limit. Note that if a TargetLimit
- from a ServiceMonitor or PodMonitor is higher, that value will
- be used instead.
+ from a ServiceMonitor or PodMonitor is higher, that value is
+ used instead.
format: int64
type: integer
externalLabels:
@@ -4078,14 +4342,14 @@
when sending data over remote_write.
type: object
ignoreNamespaceSelectors:
- description: IgnoreNamespaceSelectors, if true, will ignore NamespaceSelector
- settings from the PodMonitor and ServiceMonitor configs, and
- they will only discover endpoints within their current namespace.
+ description: IgnoreNamespaceSelectors, if true, ignores NamespaceSelector
+ settings from the PodMonitor and ServiceMonitor configs, so
+ that they only discover endpoints within their current namespace.
type: boolean
instanceNamespaceSelector:
- description: InstanceNamespaceSelector are the set of labels to
- determine which namespaces to watch for MetricsInstances. If
- not provided, only checks own namespace.
+ description: InstanceNamespaceSelector is the set of labels that
+ determines which namespaces to watch for MetricsInstances. If
+ not provided, it only checks its own namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
@@ -4128,6 +4392,7 @@
"value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
instanceSelector:
description: InstanceSelector determines which MetricsInstances
should be selected for running. Each instance runs its own set
@@ -4175,23 +4440,25 @@
"value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
metricsExternalLabelName:
description: MetricsExternalLabelName is the name of the external
label used to denote Grafana Agent cluster. Defaults to "cluster."
- External label will _not_ be added when value is set to the
+ The external label is _not_ added when the value is set to the
empty string.
type: string
overrideHonorLabels:
description: OverrideHonorLabels, if true, overrides all configured
- honor_labels read from ServiceMonitor or PodMonitor to false.
+ honor_labels read from ServiceMonitor or PodMonitor and sets
+ them to false.
type: boolean
overrideHonorTimestamps:
- description: OverrideHonorTimestamps allows to globally enforce
- honoring timestamps in all scrape configs.
+ description: OverrideHonorTimestamps allows global enforcement
+ for honoring timestamps in all scrape configs.
type: boolean
remoteWrite:
description: RemoteWrite controls default remote_write settings
- for all instances. If an instance does not provide its own remoteWrite
+ for all instances. If an instance does not provide its own RemoteWrite
settings, these will be used instead.
items:
description: RemoteWriteSpec defines the remote_write configuration
@@ -4220,6 +4487,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
@@ -4240,6 +4508,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
bearerToken:
description: BearerToken used for remote_write.
@@ -4273,6 +4542,97 @@
if specified. The name is used in metrics and logging
in order to differentiate queues.
type: string
+ oauth2:
+ description: Oauth2 for URL
+ properties:
+ clientId:
+ description: The secret or configmap containing the
+ OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for
+ the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2 client
+ secret
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
proxyUrl:
description: ProxyURL to proxy requests through. Optional.
type: string
@@ -4282,11 +4642,11 @@
properties:
batchSendDeadline:
description: BatchSendDeadline is the maximum time a
- sample will wait in buffer.
+ sample will wait in the buffer.
type: string
capacity:
description: Capacity is the number of samples to buffer
- per shard before we start dropping them.
+ per shard before samples start being dropped.
type: integer
maxBackoff:
description: MaxBackoff is the maximum retry delay.
@@ -4301,15 +4661,15 @@
type: integer
maxShards:
description: MaxShards is the maximum number of shards,
- i.e. amount of concurrency.
+ i.e., the amount of concurrency.
type: integer
minBackoff:
description: MinBackoff is the initial retry delay.
- Gets doubled for every retry.
+ MinBackoff is doubled for every retry.
type: string
minShards:
description: MinShards is the minimum number of shards,
- i.e. amount of concurrency.
+ i.e., the amount of concurrency.
type: integer
retryOnRateLimit:
description: RetryOnRateLimit retries requests when
@@ -4322,12 +4682,12 @@
type: string
sigv4:
description: SigV4 configures SigV4-based authentication
- to the remote_write endpoint. Will be used if SigV4 is
- defined, even with an empty object.
+ to the remote_write endpoint. SigV4-based authentication
+ is used if SigV4 is defined, even with an empty object.
properties:
accessKey:
description: AccessKey holds the secret of the AWS API
- access key to use for signing. If not provided, The
+ access key to use for signing. If not provided, the
environment variable AWS_ACCESS_KEY_ID is used.
properties:
key:
@@ -4346,6 +4706,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
profile:
description: Profile is the named AWS profile to use
for authentication.
@@ -4380,13 +4741,14 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
tlsConfig:
description: TLSConfig to use for remote_write.
properties:
ca:
- description: Struct containing the CA cert to use for
- the targets.
+ description: Certificate authority used when verifying
+ server certificates.
properties:
configMap:
description: ConfigMap containing data to use for
@@ -4408,6 +4770,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the
targets.
@@ -4429,14 +4792,15 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
- description: Struct containing the client cert file
- for the targets.
+ description: Client certificate to present when doing
+ client-authentication.
properties:
configMap:
description: ConfigMap containing data to use for
@@ -4458,6 +4822,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the
targets.
@@ -4479,6 +4844,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
certFile:
description: Path to the client cert file in the Prometheus
@@ -4511,6 +4877,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
serverName:
description: Used to verify the hostname for the targets.
type: string
@@ -4531,15 +4898,31 @@
action:
default: replace
description: Action to perform based on regex matching.
- Default is 'replace'
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
enum:
- replace
+ - Replace
- keep
+ - Keep
- drop
+ - Drop
- hashmod
+ - HashMod
- labelmap
+ - LabelMap
- labeldrop
+ - LabelDrop
- labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ - keepequal
+ - KeepEqual
+ - dropequal
+ - DropEqual
type: string
modulus:
description: Modulus to take of the hash of the source
@@ -4585,9 +4968,9 @@
type: array
replicaExternalLabelName:
description: ReplicaExternalLabelName is the name of the metrics
- external label used to denote replica name. Defaults to __replica__.
- External label will _not_ be added when value is set to the
- empty string.
+ external label used to denote the replica name. Defaults to
+ __replica__. The external label is _not_ added when the value
+ is set to the empty string.
type: string
replicas:
description: Replicas of each shard to deploy for metrics pods.
@@ -4605,9 +4988,9 @@
shards:
description: Shards to distribute targets onto. Number of replicas
multiplied by the number of shards is the total number of pods
- created. Note that scaling down shards will not reshard data
- onto remaining instances, it must be manually moved. Increasing
- shards will not reshard data either but it will continue to
+ created. Note that scaling down shards does not reshard data
+ onto remaining instances; it must be manually moved. Increasing
+ shards does not reshard data either, but it will continue to
be available from the same instances. Sharding is performed
on the content of the __address__ target meta-label.
format: int32
@@ -4661,6 +5044,27 @@
resources:
description: Resources holds requests and limits for individual pods.
properties:
+ claims:
+ description: "Claims lists the names of resources, defined in
+ spec.resourceClaims, that are used by this container. \n This
+ is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only be set
+ for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -4681,13 +5085,17 @@
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
+ runtimeClassName:
+ description: RuntimeClassName is the runtime class assigned to pods.
+ type: string
secrets:
description: Secrets is a list of secrets in the same namespace as
the GrafanaAgent object which will be mounted into each running
- Grafana Agent pod. The secrets are mounted into /etc/grafana-agent/extra-secrets/<secret-name>.
+ Grafana Agent pod. The secrets are mounted into /var/lib/grafana-agent/extra-secrets/<secret-name>.
items:
type: string
type: array
@@ -4779,7 +5187,8 @@
in a file on the node should be used. The profile must be
preconfigured on the node to work. Must be a descending
path, relative to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
+ location. Must be set if type is "Localhost". Must NOT be
+ set for any other type.
type: string
type:
description: "type indicates which kind of seccomp profile
@@ -4793,9 +5202,14 @@
type: object
supplementalGroups:
description: A list of groups applied to the first process run
- in each container, in addition to the container's primary GID. If
- unspecified, no groups will be added to any container. Note
- that this field cannot be set when spec.os.name is windows.
+ in each container, in addition to the container's primary GID,
+ the fsGroup (if specified), and group memberships defined in
+ the container image for the uid of the container process. If
+ unspecified, no additional groups are added to any container.
+ Note that group memberships defined in the container image for
+ the uid of the container process are still effective, even if
+ they are not included in this list. Note that this field cannot
+ be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -4838,14 +5252,11 @@
type: string
hostProcess:
description: HostProcess determines if a container should
- be run as a 'Host Process' container. This field is alpha-level
- and will only be honored by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the feature flag
- will result in errors when validating the Pod. All of a
- Pod's containers must have the same effective HostProcess
- value (it is not allowed to have a mix of HostProcess containers
- and non-HostProcess containers). In addition, if HostProcess
- is true then HostNetwork must also be set to true.
+ be run as a 'Host Process' container. All of a Pod's containers
+ must have the same effective HostProcess value (it is not
+ allowed to have a mix of HostProcess containers and non-HostProcess
+ containers). In addition, if HostProcess is true then HostNetwork
+ must also be set to true.
type: boolean
runAsUserName:
description: The UserName in Windows to run the entrypoint
@@ -4864,38 +5275,37 @@
description: Storage spec to specify how storage will be used.
properties:
disableMountSubPath:
- description: 'Deprecated: subPath usage will be disabled by default
- in a future release, this option will become unnecessary. DisableMountSubPath
- allows to remove any subPath usage in volume mounts.'
+ description: '*Deprecated: subPath usage will be removed in a
+ future release.*'
type: boolean
emptyDir:
- description: 'EmptyDirVolumeSource to be used by the Prometheus
- StatefulSets. If specified, used in place of any volumeClaimTemplate.
+ description: 'EmptyDirVolumeSource to be used by the StatefulSet.
+ If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.
More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
properties:
medium:
- description: 'What type of storage medium should back this
- directory. The default is "" which means to use the node''s
- default medium. Must be an empty string (default) or Memory.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage required for this
- EmptyDir volume. The size limit is also applicable for memory
- medium. The maximum usage on memory medium EmptyDir would
- be the minimum value between the SizeLimit specified here
- and the sum of memory limits of all containers in a pod.
- The default is nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that the limit
+ is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
- description: 'EphemeralVolumeSource to be used by the Prometheus
- StatefulSets. This is a beta field in k8s 1.21, for lower versions,
+ description: 'EphemeralVolumeSource to be used by the StatefulSet.
+ This is a beta field in k8s 1.21 and GA in 1.15. For lower versions,
starting with k8s 1.19, it requires enabling the GenericEphemeralVolume
feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes'
properties:
@@ -4931,21 +5341,24 @@
as in a PersistentVolumeClaim are also valid here.
properties:
accessModes:
- description: 'AccessModes contains the desired access
+ description: 'accessModes contains the desired access
modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used to specify either:
- * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim) If the
provisioner or an external controller can support
the specified data source, it will create a new
volume based on the contents of the specified data
- source. If the AnyVolumeDataSource feature gate
- is enabled, this field will always have the same
- contents as the DataSourceRef field.'
+ source. When the AnyVolumeDataSource feature gate
+ is enabled, dataSource contents will be copied to
+ dataSourceRef, and dataSourceRef contents will be
+ copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -4966,29 +5379,37 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'Specifies the object from which to populate
- the volume with data, if a non-empty volume is desired.
- This may be any local object from a non-empty API
- group (non core object) or a PersistentVolumeClaim
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a
+ non-empty API group (non core object) or a PersistentVolumeClaim
object. When this field is specified, volume binding
will only succeed if the type of the specified object
matches some installed volume populator or dynamic
provisioner. This field will replace the functionality
- of the DataSource field and as such if both fields
+ of the dataSource field and as such if both fields
are non-empty, they must have the same value. For
- backwards compatibility, both fields (DataSource
- and DataSourceRef) will be set to the same value
- automatically if one of them is empty and the other
- is non-empty. There are two important differences
- between DataSource and DataSourceRef: * While DataSource
- only allows two specific types of objects, DataSourceRef
- allows any non-core object, as well as PersistentVolumeClaim
- objects. * While DataSource ignores disallowed values
- (dropping them), DataSourceRef preserves all values,
+ backwards compatibility, when namespace isn''t specified
+ in dataSourceRef, both fields (dataSource and dataSourceRef)
+ will be set to the same value automatically if one
+ of them is empty and the other is non-empty. When
+ namespace is specified in dataSourceRef, dataSource
+ isn''t set to the same value and must be empty.
+ There are three important differences between dataSource
+ and dataSourceRef: * While dataSource only allows
+ two specific types of objects, dataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores disallowed values
+ (dropping them), dataSourceRef preserves all values,
and generates an error if a disallowed value is
- specified. (Alpha) Using this field requires the
- AnyVolumeDataSource feature gate to be enabled.'
+ specified. * While dataSource only allows local
+ objects, dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the namespace
+ field of dataSourceRef requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -5005,18 +5426,53 @@
description: Name is the name of resource being
referenced
type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept the
+ reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
required:
- kind
- name
type: object
resources:
- description: 'Resources represents the minimum resources
+ description: 'resources represents the minimum resources
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify
resource requirements that are lower than previous
value but must still be higher than capacity recorded
in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It
+ can only be set for containers."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of
+ one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes
+ that resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -5038,13 +5494,13 @@
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
- an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ an implementation-defined value. Requests cannot
+ exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes to consider
- for binding.
+ description: selector is a label query over volumes
+ to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list of label
@@ -5090,9 +5546,10 @@
The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass required by
- the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume
@@ -5100,7 +5557,7 @@
implied when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding reference to
+ description: volumeName is the binding reference to
the PersistentVolume backing this claim.
type: string
type: object
@@ -5109,7 +5566,10 @@
type: object
type: object
volumeClaimTemplate:
- description: A PVC spec to be used by the Prometheus StatefulSets.
+ description: Defines the PVC spec to be used by the Prometheus
+ StatefulSets. The easiest way to use a volume that cannot be
+ automatically provisioned is to use a label selector alongside
+ manually created PersistentVolumes.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
@@ -5154,24 +5614,27 @@
type: string
type: object
spec:
- description: 'Spec defines the desired characteristics of
- a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ description: 'Defines the desired characteristics of a volume
+ requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
accessModes:
- description: 'AccessModes contains the desired access
+ description: 'accessModes contains the desired access
modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used to specify either:
- * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim) If the provisioner
or an external controller can support the specified
data source, it will create a new volume based on the
- contents of the specified data source. If the AnyVolumeDataSource
- feature gate is enabled, this field will always have
- the same contents as the DataSourceRef field.'
+ contents of the specified data source. When the AnyVolumeDataSource
+ feature gate is enabled, dataSource contents will be
+ copied to dataSourceRef, and dataSourceRef contents
+ will be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified, then
+ dataSourceRef will not be copied to dataSource.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -5189,28 +5652,36 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'Specifies the object from which to populate
- the volume with data, if a non-empty volume is desired.
- This may be any local object from a non-empty API group
- (non core object) or a PersistentVolumeClaim object.
- When this field is specified, volume binding will only
- succeed if the type of the specified object matches
- some installed volume populator or dynamic provisioner.
- This field will replace the functionality of the DataSource
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty
+ API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified, volume binding
+ will only succeed if the type of the specified object
+ matches some installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the dataSource
field and as such if both fields are non-empty, they
must have the same value. For backwards compatibility,
- both fields (DataSource and DataSourceRef) will be set
- to the same value automatically if one of them is empty
- and the other is non-empty. There are two important
- differences between DataSource and DataSourceRef: *
- While DataSource only allows two specific types of objects,
- DataSourceRef allows any non-core object, as well as
- PersistentVolumeClaim objects. * While DataSource ignores
- disallowed values (dropping them), DataSourceRef preserves
- all values, and generates an error if a disallowed value
- is specified. (Alpha) Using this field requires the
- AnyVolumeDataSource feature gate to be enabled.'
+ when namespace isn''t specified in dataSourceRef, both
+ fields (dataSource and dataSourceRef) will be set to
+ the same value automatically if one of them is empty
+ and the other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the same
+ value and must be empty. There are three important differences
+ between dataSource and dataSourceRef: * While dataSource
+ only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores disallowed values
+ (dropping them), dataSourceRef preserves all values,
+ and generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects, dataSourceRef
+ allows objects in any namespaces. (Beta) Using this
+ field requires the AnyVolumeDataSource feature gate
+ to be enabled. (Alpha) Using the namespace field of
+ dataSourceRef requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -5224,18 +5695,52 @@
name:
description: Name is the name of resource being referenced
type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant object
+ is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the
+ ReferenceGrant documentation for details. (Alpha)
+ This field requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
required:
- kind
- name
type: object
resources:
- description: 'Resources represents the minimum resources
+ description: 'resources represents the minimum resources
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify resource
requirements that are lower than previous value but
must still be higher than capacity recorded in the status
field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used by
+ this container. \n This is an alpha field and requires
+ enabling the DynamicResourceAllocation feature gate.
+ \n This field is immutable. It can only be set for
+ containers."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one
+ entry in pod.spec.resourceClaims of the Pod
+ where this field is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -5257,12 +5762,13 @@
of compute resources required. If Requests is omitted
for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ value. Requests cannot exceed Limits. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes to consider for
- binding.
+ description: selector is a label query over volumes to
+ consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
@@ -5306,9 +5812,10 @@
contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass required by the
- claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume is
@@ -5316,20 +5823,64 @@
when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding reference to the
+ description: volumeName is the binding reference to the
PersistentVolume backing this claim.
type: string
type: object
status:
- description: 'Status represents the current information/status
- of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ description: '*Deprecated: this field is never set.*'
properties:
accessModes:
- description: 'AccessModes contains the actual access modes
+ description: 'accessModes contains the actual access modes
the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
+ allocatedResourceStatuses:
+ additionalProperties:
+ description: When a controller receives persistentvolume
+ claim update with ClaimResourceStatus for a resource
+ that it does not recognizes, then it should ignore
+ that update and let other controllers handle it.
+ type: string
+ description: "allocatedResourceStatuses stores status
+ of resource being resized for the given PVC. Key names
+ follow standard Kubernetes label syntax. Valid values
+ are either: * Un-prefixed keys: - storage - the capacity
+ of the volume. * Custom resources must use implementation-defined
+ prefixed names such as \"example.com/my-custom-resource\"
+ Apart from above values - keys that are unprefixed or
+ have kubernetes.io prefix are considered reserved and
+ hence may not be used. \n ClaimResourceStatus can be
+ in any of following states: - ControllerResizeInProgress:
+ State set when resize controller starts resizing the
+ volume in control-plane. - ControllerResizeFailed: State
+ set when resize has failed in resize controller with
+ a terminal error. - NodeResizePending: State set when
+ resize controller has finished resizing the volume but
+ further resizing of volume is needed on the node. -
+ NodeResizeInProgress: State set when kubelet starts
+ resizing the volume. - NodeResizeFailed: State set when
+ resizing has failed in kubelet with a terminal error.
+ Transient errors don't set NodeResizeFailed. For example:
+ if expanding a PVC for more capacity - this field can
+ be one of the following states: - pvc.status.allocatedResourceStatus['storage']
+ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']
+ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']
+ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']
+ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']
+ = \"NodeResizeFailed\" When this field is not set, it
+ means that no resize operation is in progress for the
+ given PVC. \n A controller that receives PVC update
+ with previously unknown resourceName or ClaimResourceStatus
+ should ignore the update for the purpose it was designed.
+ For example - a controller that only is responsible
+ for resizing capacity of the volume, should ignore PVC
+ updates that change other valid resources associated
+ with PVC. \n This is an alpha field and requires enabling
+ RecoverVolumeExpansionFailure feature."
+ type: object
+ x-kubernetes-map-type: granular
allocatedResources:
additionalProperties:
anyOf:
@@ -5337,19 +5888,31 @@
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: The storage resource within AllocatedResources
- tracks the capacity allocated to a PVC. It may be larger
- than the actual capacity when a volume expansion operation
- is requested. For storage quota, the larger value from
- allocatedResources and PVC.spec.resources is used. If
- allocatedResources is not set, PVC.spec.resources alone
- is used for quota calculation. If a volume expansion
+ description: "allocatedResources tracks the resources
+ allocated to a PVC including its capacity. Key names
+ follow standard Kubernetes label syntax. Valid values
+ are either: * Un-prefixed keys: - storage - the capacity
+ of the volume. * Custom resources must use implementation-defined
+ prefixed names such as \"example.com/my-custom-resource\"
+ Apart from above values - keys that are unprefixed or
+ have kubernetes.io prefix are considered reserved and
+ hence may not be used. \n Capacity reported here may
+ be larger than the actual capacity when a volume expansion
+ operation is requested. For storage quota, the larger
+ value from allocatedResources and PVC.spec.resources
+ is used. If allocatedResources is not set, PVC.spec.resources
+ alone is used for quota calculation. If a volume expansion
capacity request is lowered, allocatedResources is only
lowered if there are no expansion operations in progress
and if the actual volume capacity is equal or lower
- than the requested capacity. This is an alpha field
- and requires enabling RecoverVolumeExpansionFailure
- feature.
+ than the requested capacity. \n A controller that receives
+ PVC update with previously unknown resourceName should
+ ignore the update for the purpose it was designed. For
+ example - a controller that only is responsible for
+ resizing capacity of the volume, should ignore PVC updates
+ that change other valid resources associated with PVC.
+ \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure
+ feature."
type: object
capacity:
additionalProperties:
@@ -5358,36 +5921,37 @@
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: Represents the actual resources of the underlying
- volume.
+ description: capacity represents the actual resources
+ of the underlying volume.
type: object
conditions:
- description: Current Condition of persistent volume claim.
- If underlying persistent volume is being resized then
- the Condition will be set to 'ResizeStarted'.
+ description: conditions is the current Condition of persistent
+ volume claim. If underlying persistent volume is being
+ resized then the Condition will be set to 'ResizeStarted'.
items:
- description: PersistentVolumeClaimCondition contails
+ description: PersistentVolumeClaimCondition contains
details about state of pvc
properties:
lastProbeTime:
- description: Last time we probed the condition.
+ description: lastProbeTime is the time we probed
+ the condition.
format: date-time
type: string
lastTransitionTime:
- description: Last time the condition transitioned
- from one status to another.
+ description: lastTransitionTime is the time the
+ condition transitioned from one status to another.
format: date-time
type: string
message:
- description: Human-readable message indicating details
- about last transition.
+ description: message is the human-readable message
+ indicating details about last transition.
type: string
reason:
- description: Unique, this should be a short, machine
- understandable string that gives the reason for
- condition's last transition. If it reports "ResizeStarted"
- that means the underlying persistent volume is
- being resized.
+ description: reason is a unique, this should be
+ a short, machine understandable string that gives
+ the reason for condition's last transition. If
+ it reports "ResizeStarted" that means the underlying
+ persistent volume is being resized.
type: string
status:
type: string
@@ -5401,14 +5965,7 @@
type: object
type: array
phase:
- description: Phase represents the current phase of PersistentVolumeClaim.
- type: string
- resizeStatus:
- description: ResizeStatus stores status of resize operation.
- ResizeStatus is not set by default but when expansion
- is complete resizeStatus is set to empty string by resize
- controller or kubelet. This is an alpha field and requires
- enabling RecoverVolumeExpansionFailure feature.
+ description: phase represents the current phase of PersistentVolumeClaim.
type: string
type: object
type: object
@@ -5506,16 +6063,37 @@
only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: "MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. The same key is forbidden to exist in
+ both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot
+ be set when LabelSelector isn't set. Keys that don't exist
+ in the incoming pod labels will be ignored. A null or empty
+ list means only match against labelSelector. \n This is a
+ beta field and requires the MatchLabelKeysInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
maxSkew:
description: 'MaxSkew describes the degree to which pods may
be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
it is the maximum permitted difference between the number
of matching pods in the target topology and the global minimum.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and
- pods with the same labelSelector spread as 1/1/0: | zone1
- | zone2 | zone3 | | P | P | | - if MaxSkew is
- 1, incoming pod can only be scheduled to zone3 to become 1/1/1;
- scheduling it onto zone1(zone2) would make the ActualSkew(2-0)
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
it is used to give higher precedence to topologies that satisfy
@@ -5523,12 +6101,63 @@
allowed.'
format: int32
type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
topologyKey:
description: TopologyKey is the key of node labels. Nodes that
have a label with this key and identical values are considered
to be in the same topology. We consider each <key, value>
as a "bucket", and try to put balanced number of pods into
- each bucket. It's a required field.
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal with a
@@ -5558,10 +6187,10 @@
description: Version of Grafana Agent to be deployed.
type: string
volumeMounts:
- description: VolumeMounts allows configuration of additional VolumeMounts
- on the output StatefulSet definition. VolumEMounts specified will
- be appended to other VolumeMounts in the Grafana Agent container
- that are generated as a result of StorageSpec objects.
+ description: VolumeMounts lets you configure additional VolumeMounts
+ on the output StatefulSet definition. Specified VolumeMounts are
+ appended to other VolumeMounts generated as a result of StorageSpec
+ objects in the Grafana Agent container.
items:
description: VolumeMount describes a mounting of a Volume within
a container.
@@ -5601,187 +6230,193 @@
type: array
volumes:
description: Volumes allows configuration of additional volumes on
- the output StatefulSet definition. Volumes specified will be appended
+ the output StatefulSet definition. The volumes specified are appended
to other volumes that are generated as a result of StorageSpec objects.
items:
description: Volume represents a named volume in a pod that may
be accessed by any container in the pod.
properties:
awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an AWS Disk resource
+ description: 'awsElasticBlockStore represents an AWS Disk resource
that is attached to a kubelet''s host machine and then exposed
to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
- description: 'The partition in the volume that you want
- to mount. If omitted, the default is to mount by volume
- name. Examples: For volume /dev/sda1, you specify the
- partition as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property empty).'
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
format: int32
type: integer
readOnly:
- description: 'Specify "true" to force and set the ReadOnly
- property in VolumeMounts to "true". If omitted, the default
- is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
- description: 'Unique ID of the persistent disk resource
- in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
- description: AzureDisk represents an Azure Data Disk mount on
+ description: azureDisk represents an Azure Data Disk mount on
the host and bind mount to the pod.
properties:
cachingMode:
- description: 'Host Caching mode: None, Read Only, Read Write.'
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
type: string
diskName:
- description: The Name of the data disk in the blob storage
+ description: diskName is the Name of the data disk in the
+ blob storage
type: string
diskURI:
- description: The URI the data disk in the blob storage
+ description: diskURI is the URI of data disk in the blob
+ storage
type: string
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
kind:
- description: 'Expected values Shared: multiple blob disks
- per storage account Dedicated: single blob disk per storage
- account Managed: azure managed data disk (only in managed
- availability set). defaults to shared'
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
type: boolean
required:
- diskName
- diskURI
type: object
azureFile:
- description: AzureFile represents an Azure File Service mount
+ description: azureFile represents an Azure File Service mount
on the host and bind mount to the pod.
properties:
readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretName:
- description: the name of secret that contains Azure Storage
- Account Name and Key
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
type: string
shareName:
- description: Share Name
+ description: shareName is the azure share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
- description: CephFS represents a Ceph FS mount on the host that
+ description: cephFS represents a Ceph FS mount on the host that
shares a pod's lifetime
properties:
monitors:
- description: 'Required: Monitors is a collection of Ceph
- monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
- description: 'Optional: Used as the mounted root, rather
- than the full Ceph tree, default is /'
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly is Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
- description: 'Optional: SecretFile is the path to key ring
- for User, default is /etc/ceph/user.secret More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
- description: 'Optional: SecretRef is reference to the authentication
- secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'Optional: User is the rados user name, default
- is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
- description: 'Cinder represents a cinder volume attached and
+ description: 'cinder represents a cinder volume attached and
mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
- description: 'Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
- description: 'Optional: points to a secret object containing
- parameters used to connect to OpenStack.'
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeID:
- description: 'volume id used to identify the volume in cinder.
+ description: 'volumeID used to identify the volume in cinder.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
- description: ConfigMap represents a configMap that should populate
+ description: configMap represents a configMap that should populate
this volume
properties:
defaultMode:
- description: 'Optional: mode bits used to set permissions
- on created files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON requires decimal
- values for mode bits. Defaults to 0644. Directories within
- the path are not affected by this setting. This might
- be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits
- set.'
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value pair in the
- Data field of the referenced ConfigMap will be projected
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
@@ -5793,25 +6428,25 @@
description: Maps a string key to a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to set permissions
- on this file. Must be an octal value between 0000
- and 0777 or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON requires
- decimal values for mode bits. If not specified,
- the volume defaultMode will be used. This might
- be in conflict with other options that affect the
- file mode, like fsGroup, and the result can be other
- mode bits set.'
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file to map
- the key to. May not be an absolute path. May not
- contain the path element '..'. May not start with
- the string '..'.
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -5823,28 +6458,29 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap or its keys must
- be defined
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
csi:
- description: CSI (Container Storage Interface) represents ephemeral
+ description: csi (Container Storage Interface) represents ephemeral
storage that is handled by certain external CSI drivers (Beta
feature).
properties:
driver:
- description: Driver is the name of the CSI driver that handles
+ description: driver is the name of the CSI driver that handles
this volume. Consult with your admin for the correct name
as registered in the cluster.
type: string
fsType:
- description: Filesystem type to mount. Ex. "ext4", "xfs",
- "ntfs". If not provided, the empty value is passed to
- the associated CSI driver which will determine the default
- filesystem to apply.
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
type: string
nodePublishSecretRef:
- description: NodePublishSecretRef is a reference to the
+ description: nodePublishSecretRef is a reference to the
secret object containing sensitive information to pass
to the CSI driver to complete the CSI NodePublishVolume
and NodeUnpublishVolume calls. This field is optional,
@@ -5857,14 +6493,15 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
readOnly:
- description: Specifies a read-only configuration for the
- volume. Defaults to false (read/write).
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
- description: VolumeAttributes stores driver-specific properties
+ description: volumeAttributes stores driver-specific properties
that are passed to the CSI driver. Consult your driver's
documentation for supported values.
type: object
@@ -5872,7 +6509,7 @@
- driver
type: object
downwardAPI:
- description: DownwardAPI represents downward API about the pod
+ description: downwardAPI represents downward API about the pod
that should populate this volume
properties:
defaultMode:
@@ -5910,6 +6547,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used to set permissions
on this file, must be an octal value between 0000
@@ -5953,37 +6591,38 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
emptyDir:
- description: 'EmptyDir represents a temporary directory that
+ description: 'emptyDir represents a temporary directory that
shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
- description: 'What type of storage medium should back this
- directory. The default is "" which means to use the node''s
- default medium. Must be an empty string (default) or Memory.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage required for
- this EmptyDir volume. The size limit is also applicable
- for memory medium. The maximum usage on memory medium
- EmptyDir would be the minimum value between the SizeLimit
- specified here and the sum of memory limits of all containers
- in a pod. The default is nil which means that the limit
- is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
- description: "Ephemeral represents a volume that is handled
+ description: "ephemeral represents a volume that is handled
by a cluster storage driver. The volume's lifecycle is tied
to the pod that defines it - it will be created before the
pod starts, and deleted when the pod is removed. \n Use this
@@ -6034,21 +6673,24 @@
as in a PersistentVolumeClaim are also valid here.
properties:
accessModes:
- description: 'AccessModes contains the desired access
+ description: 'accessModes contains the desired access
modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used to specify
+ description: 'dataSource field can be used to specify
either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim) If the
provisioner or an external controller can support
the specified data source, it will create a new
volume based on the contents of the specified
- data source. If the AnyVolumeDataSource feature
- gate is enabled, this field will always have the
- same contents as the DataSourceRef field.'
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -6069,31 +6711,40 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'Specifies the object from which to
- populate the volume with data, if a non-empty
- volume is desired. This may be any local object
- from a non-empty API group (non core object) or
- a PersistentVolumeClaim object. When this field
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
is specified, volume binding will only succeed
if the type of the specified object matches some
installed volume populator or dynamic provisioner.
This field will replace the functionality of the
- DataSource field and as such if both fields are
+ dataSource field and as such if both fields are
non-empty, they must have the same value. For
- backwards compatibility, both fields (DataSource
- and DataSourceRef) will be set to the same value
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
automatically if one of them is empty and the
- other is non-empty. There are two important differences
- between DataSource and DataSourceRef: * While
- DataSource only allows two specific types of objects,
- DataSourceRef allows any non-core object, as well
- as PersistentVolumeClaim objects. * While DataSource
- ignores disallowed values (dropping them), DataSourceRef
- preserves all values, and generates an error if
- a disallowed value is specified. (Alpha) Using
- this field requires the AnyVolumeDataSource feature
- gate to be enabled.'
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -6110,18 +6761,54 @@
description: Name is the name of resource being
referenced
type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
required:
- kind
- name
type: object
resources:
- description: 'Resources represents the minimum resources
+ description: 'resources represents the minimum resources
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify
resource requirements that are lower than previous
value but must still be higher than capacity recorded
in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -6143,13 +6830,13 @@
amount of compute resources required. If Requests
is omitted for a container, it defaults to
Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes to consider
- for binding.
+ description: selector is a label query over volumes
+ to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list of label
@@ -6198,9 +6885,11 @@
The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass required
- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume
@@ -6208,7 +6897,7 @@
is implied when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding reference
+ description: volumeName is the binding reference
to the PersistentVolume backing this claim.
type: string
type: object
@@ -6217,32 +6906,33 @@
type: object
type: object
fc:
- description: FC represents a Fibre Channel resource that is
+ description: fc represents a Fibre Channel resource that is
attached to a kubelet's host machine and then exposed to the
pod.
properties:
fsType:
- description: 'Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem from
- compromising the machine'
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
type: string
lun:
- description: 'Optional: FC target lun number'
+ description: 'lun is Optional: FC target lun number'
format: int32
type: integer
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly is Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
- description: 'Optional: FC target worldwide names (WWNs)'
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
items:
type: string
type: array
wwids:
- description: 'Optional: FC volume world wide identifiers
+ description: 'wwids Optional: FC volume world wide identifiers
(wwids) Either wwids or combination of targetWWNs and
lun must be set, but not both simultaneously.'
items:
@@ -6250,128 +6940,133 @@
type: array
type: object
flexVolume:
- description: FlexVolume represents a generic volume resource
+ description: flexVolume represents a generic volume resource
that is provisioned/attached using an exec based plugin.
properties:
driver:
- description: Driver is the name of the driver to use for
+ description: driver is the name of the driver to use for
this volume.
type: string
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". The default filesystem depends on FlexVolume
- script.
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
type: string
options:
additionalProperties:
type: string
- description: 'Optional: Extra command options if any.'
+ description: 'options is Optional: this field holds extra
+ command options if any.'
type: object
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly is Optional: defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
- description: 'Optional: SecretRef is reference to the secret
- object containing sensitive information to pass to the
- plugin scripts. This may be empty if no secret object
- is specified. If the secret object contains more than
- one secret, all secrets are passed to the plugin scripts.'
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
required:
- driver
type: object
flocker:
- description: Flocker represents a Flocker volume attached to
+ description: flocker represents a Flocker volume attached to
a kubelet's host machine. This depends on the Flocker control
service being running
properties:
datasetName:
- description: Name of the dataset stored as metadata -> name
- on the dataset for Flocker should be considered as deprecated
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
type: string
datasetUUID:
- description: UUID of the dataset. This is unique identifier
- of a Flocker dataset
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
type: string
type: object
gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE Disk resource
+ description: 'gcePersistentDisk represents a GCE Disk resource
that is attached to a kubelet''s host machine and then exposed
to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
- description: 'The partition in the volume that you want
- to mount. If omitted, the default is to mount by volume
- name. Examples: For volume /dev/sda1, you specify the
- partition as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property empty).
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
- description: 'Unique name of the PD resource in GCE. Used
- to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly setting
+ description: 'readOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
required:
- pdName
type: object
gitRepo:
- description: 'GitRepo represents a git repository at a particular
+ description: 'gitRepo represents a git repository at a particular
revision. DEPRECATED: GitRepo is deprecated. To provision
a container with a git repo, mount an EmptyDir into an InitContainer
that clones the repo using git, then mount the EmptyDir into
the Pod''s container.'
properties:
directory:
- description: Target directory name. Must not contain or
- start with '..'. If '.' is supplied, the volume directory
- will be the git repository. Otherwise, if specified,
- the volume will contain the git repository in the subdirectory
- with the given name.
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
type: string
repository:
- description: Repository URL
+ description: repository is the URL
type: string
revision:
- description: Commit hash for the specified revision.
+ description: revision is the commit hash for the specified
+ revision.
type: string
required:
- repository
type: object
glusterfs:
- description: 'Glusterfs represents a Glusterfs mount on the
+ description: 'glusterfs represents a Glusterfs mount on the
host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
- description: 'EndpointsName is the endpoint name that details
+ description: 'endpoints is the endpoint name that details
Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
- description: 'Path is the Glusterfs volume path. More info:
+ description: 'path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
- description: 'ReadOnly here will force the Glusterfs volume
+ description: 'readOnly here will force the Glusterfs volume
to be mounted with read-only permissions. Defaults to
false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
@@ -6380,7 +7075,7 @@
- path
type: object
hostPath:
- description: 'HostPath represents a pre-existing file or directory
+ description: 'hostPath represents a pre-existing file or directory
on the host machine that is directly exposed to the container.
This is generally used for system agents or other privileged
things that are allowed to see the host machine. Most containers
@@ -6389,78 +7084,81 @@
mounts and who can/can not mount host directories as read/write.'
properties:
path:
- description: 'Path of the directory on the host. If the
+ description: 'path of the directory on the host. If the
path is a symlink, it will follow the link to the real
path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
- description: 'Type for HostPath Volume Defaults to "" More
+ description: 'type for HostPath Volume Defaults to "" More
info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
- description: 'ISCSI represents an ISCSI Disk resource that is
+ description: 'iscsi represents an ISCSI Disk resource that is
attached to a kubelet''s host machine and then exposed to
the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
- description: whether support iSCSI Discovery CHAP authentication
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
type: boolean
chapAuthSession:
- description: whether support iSCSI Session CHAP authentication
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
type: boolean
fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
initiatorName:
- description: Custom iSCSI Initiator Name. If initiatorName
- is specified with iscsiInterface simultaneously, new iSCSI
- interface <target portal>:<volume name> will be created
- for the connection.
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
type: string
iqn:
- description: Target iSCSI Qualified Name.
+ description: iqn is the target iSCSI Qualified Name.
type: string
iscsiInterface:
- description: iSCSI Interface Name that uses an iSCSI transport.
- Defaults to 'default' (tcp).
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
type: string
lun:
- description: iSCSI Target Lun number.
+ description: lun represents iSCSI Target Lun number.
format: int32
type: integer
portals:
- description: iSCSI Target Portal List. The portal is either
- an IP or ip_addr:port if the port is other than default
- (typically TCP ports 860 and 3260).
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
items:
type: string
type: array
readOnly:
- description: ReadOnly here will force the ReadOnly setting
+ description: readOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false.
type: boolean
secretRef:
- description: CHAP Secret for iSCSI target and initiator
- authentication
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
targetPortal:
- description: iSCSI Target Portal. The Portal is either an
- IP or ip_addr:port if the port is other than default (typically
- TCP ports 860 and 3260).
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
type: string
required:
- iqn
@@ -6468,24 +7166,24 @@
- targetPortal
type: object
name:
- description: 'Volume''s name. Must be a DNS_LABEL and unique
+ description: 'name of the volume. Must be a DNS_LABEL and unique
within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
nfs:
- description: 'NFS represents an NFS mount on the host that shares
+ description: 'nfs represents an NFS mount on the host that shares
a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
- description: 'Path that is exported by the NFS server. More
+ description: 'path that is exported by the NFS server. More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
- description: 'ReadOnly here will force the NFS export to
+ description: 'readOnly here will force the NFS export to
be mounted with read-only permissions. Defaults to false.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
- description: 'Server is the hostname or IP address of the
+ description: 'server is the hostname or IP address of the
NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
@@ -6493,86 +7191,87 @@
- server
type: object
persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource represents a
+ description: 'persistentVolumeClaimVolumeSource represents a
reference to a PersistentVolumeClaim in the same namespace.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
+ description: 'claimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this volume. More
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
- description: Will force the ReadOnly setting in VolumeMounts.
- Default false.
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
+ description: photonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets host machine
properties:
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
pdID:
- description: ID that identifies Photon Controller persistent
- disk
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
type: string
required:
- pdID
type: object
portworxVolume:
- description: PortworxVolume represents a portworx volume attached
+ description: portworxVolume represents a portworx volume attached
and mounted on kubelets host machine
properties:
fsType:
- description: FSType represents the filesystem type to mount
+ description: fSType represents the filesystem type to mount
Must be a filesystem type supported by the host operating
system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
type: boolean
volumeID:
- description: VolumeID uniquely identifies a Portworx volume
+ description: volumeID uniquely identifies a Portworx volume
type: string
required:
- volumeID
type: object
projected:
- description: Items for all in one resources secrets, configmaps,
- and downward API
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
properties:
defaultMode:
- description: Mode bits used to set permissions on created
- files by default. Must be an octal value between 0000
- and 0777 or a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires decimal values
- for mode bits. Directories within the path are not affected
- by this setting. This might be in conflict with other
- options that affect the file mode, like fsGroup, and the
- result can be other mode bits set.
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
format: int32
type: integer
sources:
- description: list of volume projections
+ description: sources is the list of volume projections
items:
description: Projection that may be projected along with
other supported volume types
properties:
configMap:
- description: information about the configMap data
- to project
+ description: configMap information about the configMap
+ data to project
properties:
items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced ConfigMap
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
will be projected into the volume as a file
whose name is the key and content is the value.
If specified, the listed keys will be projected
@@ -6587,27 +7286,28 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to
- set permissions on this file. Must be
- an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML
- accepts both octal and decimal values,
- JSON requires decimal values for mode
- bits. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element
- '..'. May not start with the string '..'.
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
type: string
required:
- key
@@ -6621,13 +7321,14 @@
uid?'
type: string
optional:
- description: Specify whether the ConfigMap or
- its keys must be defined
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
downwardAPI:
- description: information about the downwardAPI data
- to project
+ description: downwardAPI information about the downwardAPI
+ data to project
properties:
items:
description: Items is a list of DownwardAPIVolume
@@ -6654,6 +7355,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used to
set permissions on this file, must be
@@ -6702,21 +7404,22 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
secret:
- description: information about the secret data to
- project
+ description: secret information about the secret data
+ to project
properties:
items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced Secret will
- be projected into the volume as a file whose
- name is the key and content is the value. If
- specified, the listed keys will be projected
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified which
is not present in the Secret, the volume setup
@@ -6728,27 +7431,28 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to
- set permissions on this file. Must be
- an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML
- accepts both octal and decimal values,
- JSON requires decimal values for mode
- bits. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element
- '..'. May not start with the string '..'.
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
type: string
required:
- key
@@ -6762,16 +7466,17 @@
uid?'
type: string
optional:
- description: Specify whether the Secret or its
- key must be defined
+ description: optional field specify whether the
+ Secret or its key must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
properties:
audience:
- description: Audience is the intended audience
+ description: audience is the intended audience
of the token. A recipient of a token must identify
itself with an identifier specified in the audience
of the token, and otherwise should reject the
@@ -6779,7 +7484,7 @@
of the apiserver.
type: string
expirationSeconds:
- description: ExpirationSeconds is the requested
+ description: expirationSeconds is the requested
duration of validity of the service account
token. As the token approaches expiration, the
kubelet volume plugin will proactively rotate
@@ -6791,7 +7496,7 @@
format: int64
type: integer
path:
- description: Path is the path relative to the
+ description: path is the path relative to the
mount point of the file to project the token
into.
type: string
@@ -6802,35 +7507,35 @@
type: array
type: object
quobyte:
- description: Quobyte represents a Quobyte mount on the host
+ description: quobyte represents a Quobyte mount on the host
that shares a pod's lifetime
properties:
group:
- description: Group to map volume access to Default is no
+ description: group to map volume access to Default is no
group
type: string
readOnly:
- description: ReadOnly here will force the Quobyte volume
+ description: readOnly here will force the Quobyte volume
to be mounted with read-only permissions. Defaults to
false.
type: boolean
registry:
- description: Registry represents a single or multiple Quobyte
+ description: registry represents a single or multiple Quobyte
Registry services specified as a string as host:port pair
(multiple entries are separated with commas) which acts
as the central registry for volumes
type: string
tenant:
- description: Tenant owning the given Quobyte volume in the
+ description: tenant owning the given Quobyte volume in the
Backend Used with dynamically provisioned Quobyte volumes,
value is set by the plugin
type: string
user:
- description: User to map volume access to Defaults to serivceaccount
+ description: user to map volume access to Defaults to serivceaccount
user
type: string
volume:
- description: Volume is a string that references an already
+ description: volume is a string that references an already
created Quobyte volume by name.
type: string
required:
@@ -6838,41 +7543,42 @@
- volume
type: object
rbd:
- description: 'RBD represents a Rados Block Device mount on the
+ description: 'rbd represents a Rados Block Device mount on the
host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
image:
- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
- description: 'Keyring is the path to key ring for RBDUser.
+ description: 'keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
- description: 'A collection of Ceph monitors. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
- description: 'The rados pool name. Default is rbd. More
- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly setting
+ description: 'readOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
- description: 'SecretRef is name of the authentication secret
+ description: 'secretRef is name of the authentication secret
for RBDUser. If provided overrides keyring. Default is
nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
@@ -6881,36 +7587,38 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'The rados user name. Default is admin. More
- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
- description: ScaleIO represents a ScaleIO persistent volume
+ description: scaleIO represents a ScaleIO persistent volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Default is "xfs".
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
type: string
gateway:
- description: The host address of the ScaleIO API Gateway.
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
type: string
protectionDomain:
- description: The name of the ScaleIO Protection Domain for
- the configured storage.
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef references to the secret for ScaleIO
+ description: secretRef references to the secret for ScaleIO
user and other sensitive information. If this is not provided,
Login operation will fail.
properties:
@@ -6919,26 +7627,28 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
sslEnabled:
- description: Flag to enable/disable SSL communication with
- Gateway, default false
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
type: boolean
storageMode:
- description: Indicates whether the storage for a volume
- should be ThickProvisioned or ThinProvisioned. Default
- is ThinProvisioned.
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
type: string
storagePool:
- description: The ScaleIO Storage Pool associated with the
- protection domain.
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
type: string
system:
- description: The name of the storage system as configured
- in ScaleIO.
+ description: system is the name of the storage system as
+ configured in ScaleIO.
type: string
volumeName:
- description: The name of a volume already created in the
- ScaleIO system that is associated with this volume source.
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
type: string
required:
- gateway
@@ -6946,24 +7656,24 @@
- system
type: object
secret:
- description: 'Secret represents a secret that should populate
+ description: 'secret represents a secret that should populate
this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
- description: 'Optional: mode bits used to set permissions
- on created files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON requires decimal
- values for mode bits. Defaults to 0644. Directories within
- the path are not affected by this setting. This might
- be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits
- set.'
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value pair in the
- Data field of the referenced Secret will be projected
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
@@ -6975,25 +7685,25 @@
description: Maps a string key to a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to set permissions
- on this file. Must be an octal value between 0000
- and 0777 or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON requires
- decimal values for mode bits. If not specified,
- the volume defaultMode will be used. This might
- be in conflict with other options that affect the
- file mode, like fsGroup, and the result can be other
- mode bits set.'
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file to map
- the key to. May not be an absolute path. May not
- contain the path element '..'. May not start with
- the string '..'.
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -7001,29 +7711,30 @@
type: object
type: array
optional:
- description: Specify whether the Secret or its keys must
- be defined
+ description: optional field specify whether the Secret or
+ its keys must be defined
type: boolean
secretName:
- description: 'Name of the secret in the pod''s namespace
- to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
- description: StorageOS represents a StorageOS volume attached
+ description: storageOS represents a StorageOS volume attached
and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef specifies the secret to use for obtaining
+ description: secretRef specifies the secret to use for obtaining
the StorageOS API credentials. If not specified, default
values will be attempted.
properties:
@@ -7032,13 +7743,14 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeName:
- description: VolumeName is the human-readable name of the
+ description: volumeName is the human-readable name of the
StorageOS volume. Volume names are only unique within
a namespace.
type: string
volumeNamespace:
- description: VolumeNamespace specifies the scope of the
+ description: volumeNamespace specifies the scope of the
volume within StorageOS. If no namespace is specified
then the Pod's namespace will be used. This allows the
Kubernetes name scoping to be mirrored within StorageOS
@@ -7049,24 +7761,26 @@
type: string
type: object
vsphereVolume:
- description: VsphereVolume represents a vSphere volume attached
+ description: vsphereVolume represents a vSphere volume attached
and mounted on kubelets host machine
properties:
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
storagePolicyID:
- description: Storage Policy Based Management (SPBM) profile
- ID associated with the StoragePolicyName.
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
type: string
storagePolicyName:
- description: Storage Policy Based Management (SPBM) profile
- name.
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
type: string
volumePath:
- description: Path that identifies vSphere volume vmdk
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
type: string
required:
- volumePath
@@ -7079,9 +7793,3 @@
type: object
served: true
storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml
index 18bd037..e786166 100644
--- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml
+++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml
@@ -3,7 +3,7 @@
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.8.0
+ controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: integrations.monitoring.grafana.com
spec:
@@ -21,10 +21,10 @@
schema:
openAPIV3Schema:
description: "Integration runs a single Grafana Agent integration. Integrations
- that generate telemetry must be configured to send that telemetry somewhere;
+ that generate telemetry must be configured to send that telemetry somewhere,
such as autoscrape for exporter-based integrations. \n Integrations have
access to the LogsInstances and MetricsInstances in the same GrafanaAgent
- resource set, referenced by the <namespace>/<name> of the *Instance resource.
+ resource set, referenced by the <namespace>/<name> of the Instance resource.
\n For example, if there is a default/production MetricsInstance, you can
configure a supported integration's autoscrape block with: \n autoscrape:
enable: true metrics_instance: default/production \n There is currently
@@ -48,14 +48,14 @@
properties:
config:
description: "The configuration for the named integration. Note that
- integrations are deployed with the integrations-next feature flag,
+ Integrations are deployed with the integrations-next feature flag,
which has different common settings: \n https://grafana.com/docs/agent/latest/configuration/integrations/integrations-next/"
type: object
x-kubernetes-preserve-unknown-fields: true
configMaps:
description: "An extra list of keys from ConfigMaps in the same namespace
as the Integration which will be mounted into the Grafana Agent
- pod running this integration. \n ConfigMaps will be mounted at /etc/grafana-agent/integrations/configMaps/<configmap_namespace>/<configmap_name>/<key>."
+ pod running this Integration. \n ConfigMaps are mounted at /etc/grafana-agent/integrations/configMaps/<configmap_namespace>/<configmap_name>/<key>."
items:
description: Selects a key from a ConfigMap.
properties:
@@ -73,6 +73,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: array
name:
description: Name of the integration to run (e.g., "node_exporter",
@@ -81,7 +82,7 @@
secrets:
description: "An extra list of keys from Secrets in the same namespace
as the Integration which will be mounted into the Grafana Agent
- pod running this integration. \n Secrets will be mounted at /etc/grafana-agent/integrations/secrets/<secret_namespace>/<secret_name>/<key>."
+ pod running this Integration. \n Secrets will be mounted at /etc/grafana-agent/integrations/secrets/<secret_namespace>/<secret_name>/<key>."
items:
description: SecretKeySelector selects a key of a Secret.
properties:
@@ -99,14 +100,15 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: array
type:
- description: Type informs Grafana Agent Operator how to manage the
- integration being configured.
+ description: Type informs Grafana Agent Operator about how to manage
+ the integration being configured.
properties:
allNodes:
description: When true, the configured integration should be run
- on every Node in the cluster. This is required for integrations
+ on every Node in the cluster. This is required for Integrations
that generate Node-specific metrics like node_exporter, otherwise
it must be false to avoid generating duplicate metrics.
type: boolean
@@ -114,16 +116,16 @@
description: Whether this integration can only be defined once
for a Grafana Agent process, such as statsd_exporter. It is
invalid for a GrafanaAgent to discover multiple unique Integrations
- with the same integration name (i.e., a single GrafanaAgent
+ with the same Integration name (i.e., a single GrafanaAgent
cannot deploy two statsd_exporters).
type: boolean
type: object
volumeMounts:
description: "An extra list of VolumeMounts to be associated with
the Grafana Agent pods running this integration. VolumeMount names
- will be mutated to be unique across all used IntegrationSpecs. \n
- Mount paths should include the namespace/name of the Integration
- CR to avoid potentially colliding with other resources."
+ are mutated to be unique across all used IntegrationSpecs. \n Mount
+ paths should include the namespace/name of the Integration CR to
+ avoid potentially colliding with other resources."
items:
description: VolumeMount describes a mounting of a Volume within
a container.
@@ -163,191 +165,197 @@
type: array
volumes:
description: "An extra list of Volumes to be associated with the Grafana
- Agent pods running this integration. Volume names will be mutated
- to be unique across all Integrations. Note that the specified volumes
+ Agent pods running this integration. Volume names are mutated to
+ be unique across all Integrations. Note that the specified volumes
should be able to tolerate existing on multiple pods at once when
- type is daemonset. \n Don't use volumes for loading secrets/configMaps
- from the same namespace as the Integration; use the secrets and
- configMaps fields instead."
+ type is daemonset. \n Don't use volumes for loading Secrets or ConfigMaps
+ from the same namespace as the Integration; use the Secrets and
+ ConfigMaps fields instead."
items:
description: Volume represents a named volume in a pod that may
be accessed by any container in the pod.
properties:
awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an AWS Disk resource
+ description: 'awsElasticBlockStore represents an AWS Disk resource
that is attached to a kubelet''s host machine and then exposed
to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
- description: 'The partition in the volume that you want
- to mount. If omitted, the default is to mount by volume
- name. Examples: For volume /dev/sda1, you specify the
- partition as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property empty).'
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
format: int32
type: integer
readOnly:
- description: 'Specify "true" to force and set the ReadOnly
- property in VolumeMounts to "true". If omitted, the default
- is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
- description: 'Unique ID of the persistent disk resource
- in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
- description: AzureDisk represents an Azure Data Disk mount on
+ description: azureDisk represents an Azure Data Disk mount on
the host and bind mount to the pod.
properties:
cachingMode:
- description: 'Host Caching mode: None, Read Only, Read Write.'
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
type: string
diskName:
- description: The Name of the data disk in the blob storage
+ description: diskName is the Name of the data disk in the
+ blob storage
type: string
diskURI:
- description: The URI the data disk in the blob storage
+ description: diskURI is the URI of data disk in the blob
+ storage
type: string
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
kind:
- description: 'Expected values Shared: multiple blob disks
- per storage account Dedicated: single blob disk per storage
- account Managed: azure managed data disk (only in managed
- availability set). defaults to shared'
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
type: boolean
required:
- diskName
- diskURI
type: object
azureFile:
- description: AzureFile represents an Azure File Service mount
+ description: azureFile represents an Azure File Service mount
on the host and bind mount to the pod.
properties:
readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretName:
- description: the name of secret that contains Azure Storage
- Account Name and Key
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
type: string
shareName:
- description: Share Name
+ description: shareName is the azure share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
- description: CephFS represents a Ceph FS mount on the host that
+ description: cephFS represents a Ceph FS mount on the host that
shares a pod's lifetime
properties:
monitors:
- description: 'Required: Monitors is a collection of Ceph
- monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
- description: 'Optional: Used as the mounted root, rather
- than the full Ceph tree, default is /'
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly is Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
- description: 'Optional: SecretFile is the path to key ring
- for User, default is /etc/ceph/user.secret More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
- description: 'Optional: SecretRef is reference to the authentication
- secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'Optional: User is the rados user name, default
- is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
- description: 'Cinder represents a cinder volume attached and
+ description: 'cinder represents a cinder volume attached and
mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
- description: 'Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
- description: 'Optional: points to a secret object containing
- parameters used to connect to OpenStack.'
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeID:
- description: 'volume id used to identify the volume in cinder.
+ description: 'volumeID used to identify the volume in cinder.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
- description: ConfigMap represents a configMap that should populate
+ description: configMap represents a configMap that should populate
this volume
properties:
defaultMode:
- description: 'Optional: mode bits used to set permissions
- on created files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON requires decimal
- values for mode bits. Defaults to 0644. Directories within
- the path are not affected by this setting. This might
- be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits
- set.'
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value pair in the
- Data field of the referenced ConfigMap will be projected
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
@@ -359,25 +367,25 @@
description: Maps a string key to a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to set permissions
- on this file. Must be an octal value between 0000
- and 0777 or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON requires
- decimal values for mode bits. If not specified,
- the volume defaultMode will be used. This might
- be in conflict with other options that affect the
- file mode, like fsGroup, and the result can be other
- mode bits set.'
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file to map
- the key to. May not be an absolute path. May not
- contain the path element '..'. May not start with
- the string '..'.
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -389,28 +397,29 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap or its keys must
- be defined
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
csi:
- description: CSI (Container Storage Interface) represents ephemeral
+ description: csi (Container Storage Interface) represents ephemeral
storage that is handled by certain external CSI drivers (Beta
feature).
properties:
driver:
- description: Driver is the name of the CSI driver that handles
+ description: driver is the name of the CSI driver that handles
this volume. Consult with your admin for the correct name
as registered in the cluster.
type: string
fsType:
- description: Filesystem type to mount. Ex. "ext4", "xfs",
- "ntfs". If not provided, the empty value is passed to
- the associated CSI driver which will determine the default
- filesystem to apply.
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
type: string
nodePublishSecretRef:
- description: NodePublishSecretRef is a reference to the
+ description: nodePublishSecretRef is a reference to the
secret object containing sensitive information to pass
to the CSI driver to complete the CSI NodePublishVolume
and NodeUnpublishVolume calls. This field is optional,
@@ -423,14 +432,15 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
readOnly:
- description: Specifies a read-only configuration for the
- volume. Defaults to false (read/write).
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
- description: VolumeAttributes stores driver-specific properties
+ description: volumeAttributes stores driver-specific properties
that are passed to the CSI driver. Consult your driver's
documentation for supported values.
type: object
@@ -438,7 +448,7 @@
- driver
type: object
downwardAPI:
- description: DownwardAPI represents downward API about the pod
+ description: downwardAPI represents downward API about the pod
that should populate this volume
properties:
defaultMode:
@@ -476,6 +486,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used to set permissions
on this file, must be an octal value between 0000
@@ -519,37 +530,38 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
emptyDir:
- description: 'EmptyDir represents a temporary directory that
+ description: 'emptyDir represents a temporary directory that
shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
- description: 'What type of storage medium should back this
- directory. The default is "" which means to use the node''s
- default medium. Must be an empty string (default) or Memory.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage required for
- this EmptyDir volume. The size limit is also applicable
- for memory medium. The maximum usage on memory medium
- EmptyDir would be the minimum value between the SizeLimit
- specified here and the sum of memory limits of all containers
- in a pod. The default is nil which means that the limit
- is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
- description: "Ephemeral represents a volume that is handled
+ description: "ephemeral represents a volume that is handled
by a cluster storage driver. The volume's lifecycle is tied
to the pod that defines it - it will be created before the
pod starts, and deleted when the pod is removed. \n Use this
@@ -600,21 +612,24 @@
as in a PersistentVolumeClaim are also valid here.
properties:
accessModes:
- description: 'AccessModes contains the desired access
+ description: 'accessModes contains the desired access
modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used to specify
+ description: 'dataSource field can be used to specify
either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim) If the
provisioner or an external controller can support
the specified data source, it will create a new
volume based on the contents of the specified
- data source. If the AnyVolumeDataSource feature
- gate is enabled, this field will always have the
- same contents as the DataSourceRef field.'
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -635,31 +650,40 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'Specifies the object from which to
- populate the volume with data, if a non-empty
- volume is desired. This may be any local object
- from a non-empty API group (non core object) or
- a PersistentVolumeClaim object. When this field
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
is specified, volume binding will only succeed
if the type of the specified object matches some
installed volume populator or dynamic provisioner.
This field will replace the functionality of the
- DataSource field and as such if both fields are
+ dataSource field and as such if both fields are
non-empty, they must have the same value. For
- backwards compatibility, both fields (DataSource
- and DataSourceRef) will be set to the same value
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
automatically if one of them is empty and the
- other is non-empty. There are two important differences
- between DataSource and DataSourceRef: * While
- DataSource only allows two specific types of objects,
- DataSourceRef allows any non-core object, as well
- as PersistentVolumeClaim objects. * While DataSource
- ignores disallowed values (dropping them), DataSourceRef
- preserves all values, and generates an error if
- a disallowed value is specified. (Alpha) Using
- this field requires the AnyVolumeDataSource feature
- gate to be enabled.'
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -676,18 +700,54 @@
description: Name is the name of resource being
referenced
type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
required:
- kind
- name
type: object
resources:
- description: 'Resources represents the minimum resources
+ description: 'resources represents the minimum resources
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify
resource requirements that are lower than previous
value but must still be higher than capacity recorded
in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -709,13 +769,13 @@
amount of compute resources required. If Requests
is omitted for a container, it defaults to
Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes to consider
- for binding.
+ description: selector is a label query over volumes
+ to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list of label
@@ -764,9 +824,11 @@
The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass required
- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume
@@ -774,7 +836,7 @@
is implied when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding reference
+ description: volumeName is the binding reference
to the PersistentVolume backing this claim.
type: string
type: object
@@ -783,32 +845,33 @@
type: object
type: object
fc:
- description: FC represents a Fibre Channel resource that is
+ description: fc represents a Fibre Channel resource that is
attached to a kubelet's host machine and then exposed to the
pod.
properties:
fsType:
- description: 'Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem from
- compromising the machine'
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
type: string
lun:
- description: 'Optional: FC target lun number'
+ description: 'lun is Optional: FC target lun number'
format: int32
type: integer
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly is Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
- description: 'Optional: FC target worldwide names (WWNs)'
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
items:
type: string
type: array
wwids:
- description: 'Optional: FC volume world wide identifiers
+ description: 'wwids Optional: FC volume world wide identifiers
(wwids) Either wwids or combination of targetWWNs and
lun must be set, but not both simultaneously.'
items:
@@ -816,128 +879,133 @@
type: array
type: object
flexVolume:
- description: FlexVolume represents a generic volume resource
+ description: flexVolume represents a generic volume resource
that is provisioned/attached using an exec based plugin.
properties:
driver:
- description: Driver is the name of the driver to use for
+ description: driver is the name of the driver to use for
this volume.
type: string
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". The default filesystem depends on FlexVolume
- script.
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
type: string
options:
additionalProperties:
type: string
- description: 'Optional: Extra command options if any.'
+ description: 'options is Optional: this field holds extra
+ command options if any.'
type: object
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly is Optional: defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
- description: 'Optional: SecretRef is reference to the secret
- object containing sensitive information to pass to the
- plugin scripts. This may be empty if no secret object
- is specified. If the secret object contains more than
- one secret, all secrets are passed to the plugin scripts.'
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
required:
- driver
type: object
flocker:
- description: Flocker represents a Flocker volume attached to
+ description: flocker represents a Flocker volume attached to
a kubelet's host machine. This depends on the Flocker control
service being running
properties:
datasetName:
- description: Name of the dataset stored as metadata -> name
- on the dataset for Flocker should be considered as deprecated
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
type: string
datasetUUID:
- description: UUID of the dataset. This is unique identifier
- of a Flocker dataset
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
type: string
type: object
gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE Disk resource
+ description: 'gcePersistentDisk represents a GCE Disk resource
that is attached to a kubelet''s host machine and then exposed
to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
- description: 'The partition in the volume that you want
- to mount. If omitted, the default is to mount by volume
- name. Examples: For volume /dev/sda1, you specify the
- partition as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property empty).
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
- description: 'Unique name of the PD resource in GCE. Used
- to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly setting
+ description: 'readOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
required:
- pdName
type: object
gitRepo:
- description: 'GitRepo represents a git repository at a particular
+ description: 'gitRepo represents a git repository at a particular
revision. DEPRECATED: GitRepo is deprecated. To provision
a container with a git repo, mount an EmptyDir into an InitContainer
that clones the repo using git, then mount the EmptyDir into
the Pod''s container.'
properties:
directory:
- description: Target directory name. Must not contain or
- start with '..'. If '.' is supplied, the volume directory
- will be the git repository. Otherwise, if specified,
- the volume will contain the git repository in the subdirectory
- with the given name.
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
type: string
repository:
- description: Repository URL
+ description: repository is the URL
type: string
revision:
- description: Commit hash for the specified revision.
+ description: revision is the commit hash for the specified
+ revision.
type: string
required:
- repository
type: object
glusterfs:
- description: 'Glusterfs represents a Glusterfs mount on the
+ description: 'glusterfs represents a Glusterfs mount on the
host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
- description: 'EndpointsName is the endpoint name that details
+ description: 'endpoints is the endpoint name that details
Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
- description: 'Path is the Glusterfs volume path. More info:
+ description: 'path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
- description: 'ReadOnly here will force the Glusterfs volume
+ description: 'readOnly here will force the Glusterfs volume
to be mounted with read-only permissions. Defaults to
false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
@@ -946,7 +1014,7 @@
- path
type: object
hostPath:
- description: 'HostPath represents a pre-existing file or directory
+ description: 'hostPath represents a pre-existing file or directory
on the host machine that is directly exposed to the container.
This is generally used for system agents or other privileged
things that are allowed to see the host machine. Most containers
@@ -955,78 +1023,81 @@
mounts and who can/can not mount host directories as read/write.'
properties:
path:
- description: 'Path of the directory on the host. If the
+ description: 'path of the directory on the host. If the
path is a symlink, it will follow the link to the real
path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
- description: 'Type for HostPath Volume Defaults to "" More
+ description: 'type for HostPath Volume Defaults to "" More
info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
- description: 'ISCSI represents an ISCSI Disk resource that is
+ description: 'iscsi represents an ISCSI Disk resource that is
attached to a kubelet''s host machine and then exposed to
the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
- description: whether support iSCSI Discovery CHAP authentication
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
type: boolean
chapAuthSession:
- description: whether support iSCSI Session CHAP authentication
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
type: boolean
fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
initiatorName:
- description: Custom iSCSI Initiator Name. If initiatorName
- is specified with iscsiInterface simultaneously, new iSCSI
- interface <target portal>:<volume name> will be created
- for the connection.
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
type: string
iqn:
- description: Target iSCSI Qualified Name.
+ description: iqn is the target iSCSI Qualified Name.
type: string
iscsiInterface:
- description: iSCSI Interface Name that uses an iSCSI transport.
- Defaults to 'default' (tcp).
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
type: string
lun:
- description: iSCSI Target Lun number.
+ description: lun represents iSCSI Target Lun number.
format: int32
type: integer
portals:
- description: iSCSI Target Portal List. The portal is either
- an IP or ip_addr:port if the port is other than default
- (typically TCP ports 860 and 3260).
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
items:
type: string
type: array
readOnly:
- description: ReadOnly here will force the ReadOnly setting
+ description: readOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false.
type: boolean
secretRef:
- description: CHAP Secret for iSCSI target and initiator
- authentication
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
targetPortal:
- description: iSCSI Target Portal. The Portal is either an
- IP or ip_addr:port if the port is other than default (typically
- TCP ports 860 and 3260).
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
type: string
required:
- iqn
@@ -1034,24 +1105,24 @@
- targetPortal
type: object
name:
- description: 'Volume''s name. Must be a DNS_LABEL and unique
+ description: 'name of the volume. Must be a DNS_LABEL and unique
within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
nfs:
- description: 'NFS represents an NFS mount on the host that shares
+ description: 'nfs represents an NFS mount on the host that shares
a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
- description: 'Path that is exported by the NFS server. More
+ description: 'path that is exported by the NFS server. More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
- description: 'ReadOnly here will force the NFS export to
+ description: 'readOnly here will force the NFS export to
be mounted with read-only permissions. Defaults to false.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
- description: 'Server is the hostname or IP address of the
+ description: 'server is the hostname or IP address of the
NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
@@ -1059,86 +1130,87 @@
- server
type: object
persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource represents a
+ description: 'persistentVolumeClaimVolumeSource represents a
reference to a PersistentVolumeClaim in the same namespace.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
+ description: 'claimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this volume. More
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
- description: Will force the ReadOnly setting in VolumeMounts.
- Default false.
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
+ description: photonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets host machine
properties:
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
pdID:
- description: ID that identifies Photon Controller persistent
- disk
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
type: string
required:
- pdID
type: object
portworxVolume:
- description: PortworxVolume represents a portworx volume attached
+ description: portworxVolume represents a portworx volume attached
and mounted on kubelets host machine
properties:
fsType:
- description: FSType represents the filesystem type to mount
+ description: fSType represents the filesystem type to mount
Must be a filesystem type supported by the host operating
system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
type: boolean
volumeID:
- description: VolumeID uniquely identifies a Portworx volume
+ description: volumeID uniquely identifies a Portworx volume
type: string
required:
- volumeID
type: object
projected:
- description: Items for all in one resources secrets, configmaps,
- and downward API
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
properties:
defaultMode:
- description: Mode bits used to set permissions on created
- files by default. Must be an octal value between 0000
- and 0777 or a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires decimal values
- for mode bits. Directories within the path are not affected
- by this setting. This might be in conflict with other
- options that affect the file mode, like fsGroup, and the
- result can be other mode bits set.
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
format: int32
type: integer
sources:
- description: list of volume projections
+ description: sources is the list of volume projections
items:
description: Projection that may be projected along with
other supported volume types
properties:
configMap:
- description: information about the configMap data
- to project
+ description: configMap information about the configMap
+ data to project
properties:
items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced ConfigMap
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
will be projected into the volume as a file
whose name is the key and content is the value.
If specified, the listed keys will be projected
@@ -1153,27 +1225,28 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to
- set permissions on this file. Must be
- an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML
- accepts both octal and decimal values,
- JSON requires decimal values for mode
- bits. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element
- '..'. May not start with the string '..'.
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
type: string
required:
- key
@@ -1187,13 +1260,14 @@
uid?'
type: string
optional:
- description: Specify whether the ConfigMap or
- its keys must be defined
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
downwardAPI:
- description: information about the downwardAPI data
- to project
+ description: downwardAPI information about the downwardAPI
+ data to project
properties:
items:
description: Items is a list of DownwardAPIVolume
@@ -1220,6 +1294,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used to
set permissions on this file, must be
@@ -1268,21 +1343,22 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
secret:
- description: information about the secret data to
- project
+ description: secret information about the secret data
+ to project
properties:
items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced Secret will
- be projected into the volume as a file whose
- name is the key and content is the value. If
- specified, the listed keys will be projected
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified which
is not present in the Secret, the volume setup
@@ -1294,27 +1370,28 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to
- set permissions on this file. Must be
- an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML
- accepts both octal and decimal values,
- JSON requires decimal values for mode
- bits. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element
- '..'. May not start with the string '..'.
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
type: string
required:
- key
@@ -1328,16 +1405,17 @@
uid?'
type: string
optional:
- description: Specify whether the Secret or its
- key must be defined
+ description: optional field specify whether the
+ Secret or its key must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
properties:
audience:
- description: Audience is the intended audience
+ description: audience is the intended audience
of the token. A recipient of a token must identify
itself with an identifier specified in the audience
of the token, and otherwise should reject the
@@ -1345,7 +1423,7 @@
of the apiserver.
type: string
expirationSeconds:
- description: ExpirationSeconds is the requested
+ description: expirationSeconds is the requested
duration of validity of the service account
token. As the token approaches expiration, the
kubelet volume plugin will proactively rotate
@@ -1357,7 +1435,7 @@
format: int64
type: integer
path:
- description: Path is the path relative to the
+ description: path is the path relative to the
mount point of the file to project the token
into.
type: string
@@ -1368,35 +1446,35 @@
type: array
type: object
quobyte:
- description: Quobyte represents a Quobyte mount on the host
+ description: quobyte represents a Quobyte mount on the host
that shares a pod's lifetime
properties:
group:
- description: Group to map volume access to Default is no
+ description: group to map volume access to Default is no
group
type: string
readOnly:
- description: ReadOnly here will force the Quobyte volume
+ description: readOnly here will force the Quobyte volume
to be mounted with read-only permissions. Defaults to
false.
type: boolean
registry:
- description: Registry represents a single or multiple Quobyte
+ description: registry represents a single or multiple Quobyte
Registry services specified as a string as host:port pair
(multiple entries are separated with commas) which acts
as the central registry for volumes
type: string
tenant:
- description: Tenant owning the given Quobyte volume in the
+ description: tenant owning the given Quobyte volume in the
Backend Used with dynamically provisioned Quobyte volumes,
value is set by the plugin
type: string
user:
- description: User to map volume access to Defaults to serivceaccount
+ description: user to map volume access to Defaults to serivceaccount
user
type: string
volume:
- description: Volume is a string that references an already
+ description: volume is a string that references an already
created Quobyte volume by name.
type: string
required:
@@ -1404,41 +1482,42 @@
- volume
type: object
rbd:
- description: 'RBD represents a Rados Block Device mount on the
+ description: 'rbd represents a Rados Block Device mount on the
host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
image:
- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
- description: 'Keyring is the path to key ring for RBDUser.
+ description: 'keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
- description: 'A collection of Ceph monitors. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
- description: 'The rados pool name. Default is rbd. More
- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly setting
+ description: 'readOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
- description: 'SecretRef is name of the authentication secret
+ description: 'secretRef is name of the authentication secret
for RBDUser. If provided overrides keyring. Default is
nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
@@ -1447,36 +1526,38 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'The rados user name. Default is admin. More
- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
- description: ScaleIO represents a ScaleIO persistent volume
+ description: scaleIO represents a ScaleIO persistent volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Default is "xfs".
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
type: string
gateway:
- description: The host address of the ScaleIO API Gateway.
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
type: string
protectionDomain:
- description: The name of the ScaleIO Protection Domain for
- the configured storage.
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef references to the secret for ScaleIO
+ description: secretRef references to the secret for ScaleIO
user and other sensitive information. If this is not provided,
Login operation will fail.
properties:
@@ -1485,26 +1566,28 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
sslEnabled:
- description: Flag to enable/disable SSL communication with
- Gateway, default false
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
type: boolean
storageMode:
- description: Indicates whether the storage for a volume
- should be ThickProvisioned or ThinProvisioned. Default
- is ThinProvisioned.
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
type: string
storagePool:
- description: The ScaleIO Storage Pool associated with the
- protection domain.
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
type: string
system:
- description: The name of the storage system as configured
- in ScaleIO.
+ description: system is the name of the storage system as
+ configured in ScaleIO.
type: string
volumeName:
- description: The name of a volume already created in the
- ScaleIO system that is associated with this volume source.
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
type: string
required:
- gateway
@@ -1512,24 +1595,24 @@
- system
type: object
secret:
- description: 'Secret represents a secret that should populate
+ description: 'secret represents a secret that should populate
this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
- description: 'Optional: mode bits used to set permissions
- on created files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON requires decimal
- values for mode bits. Defaults to 0644. Directories within
- the path are not affected by this setting. This might
- be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits
- set.'
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value pair in the
- Data field of the referenced Secret will be projected
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
@@ -1541,25 +1624,25 @@
description: Maps a string key to a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to set permissions
- on this file. Must be an octal value between 0000
- and 0777 or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON requires
- decimal values for mode bits. If not specified,
- the volume defaultMode will be used. This might
- be in conflict with other options that affect the
- file mode, like fsGroup, and the result can be other
- mode bits set.'
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file to map
- the key to. May not be an absolute path. May not
- contain the path element '..'. May not start with
- the string '..'.
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -1567,29 +1650,30 @@
type: object
type: array
optional:
- description: Specify whether the Secret or its keys must
- be defined
+ description: optional field specify whether the Secret or
+ its keys must be defined
type: boolean
secretName:
- description: 'Name of the secret in the pod''s namespace
- to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
- description: StorageOS represents a StorageOS volume attached
+ description: storageOS represents a StorageOS volume attached
and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef specifies the secret to use for obtaining
+ description: secretRef specifies the secret to use for obtaining
the StorageOS API credentials. If not specified, default
values will be attempted.
properties:
@@ -1598,13 +1682,14 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeName:
- description: VolumeName is the human-readable name of the
+ description: volumeName is the human-readable name of the
StorageOS volume. Volume names are only unique within
a namespace.
type: string
volumeNamespace:
- description: VolumeNamespace specifies the scope of the
+ description: volumeNamespace specifies the scope of the
volume within StorageOS. If no namespace is specified
then the Pod's namespace will be used. This allows the
Kubernetes name scoping to be mirrored within StorageOS
@@ -1615,24 +1700,26 @@
type: string
type: object
vsphereVolume:
- description: VsphereVolume represents a vSphere volume attached
+ description: vsphereVolume represents a vSphere volume attached
and mounted on kubelets host machine
properties:
fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
storagePolicyID:
- description: Storage Policy Based Management (SPBM) profile
- ID associated with the StoragePolicyName.
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
type: string
storagePolicyName:
- description: Storage Policy Based Management (SPBM) profile
- name.
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
type: string
volumePath:
- description: Path that identifies vSphere volume vmdk
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
type: string
required:
- volumePath
@@ -1649,9 +1736,3 @@
type: object
served: true
storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml
index 0546c2a..f36440a 100644
--- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml
+++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml
@@ -3,7 +3,7 @@
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.8.0
+ controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: logsinstances.monitoring.grafana.com
spec:
@@ -66,6 +66,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
clients:
description: Clients controls where logs are written to for this instance.
items:
@@ -111,6 +112,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
@@ -130,6 +132,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
batchSize:
description: Maximum batch size (in bytes) of logs to accumulate
@@ -151,6 +154,92 @@
description: ExternalLabels are labels to add to any time series
when sending data to Loki.
type: object
+ oauth2:
+ description: Oauth2 for URL
+ properties:
+ clientId:
+ description: The secret or configmap containing the OAuth2
+ client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2 client secret
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
proxyUrl:
description: ProxyURL to proxy requests through. Optional.
type: string
@@ -169,8 +258,8 @@
the protocol of the URL is https.
properties:
ca:
- description: Struct containing the CA cert to use for the
- targets.
+ description: Certificate authority used when verifying server
+ certificates.
properties:
configMap:
description: ConfigMap containing data to use for the
@@ -191,6 +280,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -210,14 +300,14 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
- description: Struct containing the client cert file for
- the targets.
+ description: Client certificate to present when doing client-authentication.
properties:
configMap:
description: ConfigMap containing data to use for the
@@ -238,6 +328,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -257,6 +348,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
certFile:
description: Path to the client cert file in the Prometheus
@@ -288,6 +380,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
serverName:
description: Used to verify the hostname for the targets.
type: string
@@ -346,6 +439,7 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
podLogsSelector:
description: Determines which PodLogs should be selected for including
in this instance.
@@ -391,8 +485,9 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
targetConfig:
- description: Configures how tailed targets will be watched.
+ description: Configures how tailed targets are watched.
properties:
syncPeriod:
description: Period to resync directories being watched and files
@@ -403,9 +498,3 @@
type: object
served: true
storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml
index 648ae96..015c033 100644
--- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml
+++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml
@@ -3,7 +3,7 @@
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.8.0
+ controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: metricsinstances.monitoring.grafana.com
spec:
@@ -40,17 +40,17 @@
the Metrics instance.
properties:
additionalScrapeConfigs:
- description: 'AdditionalScrapeConfigs allows specifying a key of a
+ description: 'AdditionalScrapeConfigs lets you specify a key of a
Secret containing additional Grafana Agent Prometheus scrape configurations.
- SCrape configurations specified are appended to the configurations
- generated by the Grafana Agent Operator. Job configurations specified
- must have the form as specified in the official Prometheus documentation:
+ The specified scrape configurations are appended to the configurations
+ generated by Grafana Agent Operator. Specified job configurations
+ must have the form specified in the official Prometheus documentation:
https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.
- As scrape configs are appended, the user is responsible to make
- sure it is valid. Note that using this feature may expose the possibility
- to break upgrades of Grafana Agent. It is advised to review both
- Grafana Agent and Prometheus release notes to ensure that no incompatible
- scrape configs are going to break Grafana Agent after the upgrade.'
+ As scrape configs are appended, you must make sure the configuration
+ is still valid. Note that it''s possible that this feature will
+ break future upgrades of Grafana Agent. Review both Grafana Agent
+ and Prometheus release notes to ensure that no incompatible scrape
+ configs will break Grafana Agent after the upgrade.'
properties:
key:
description: The key of the secret to select from. Must be a
@@ -66,18 +66,19 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
maxWALTime:
- description: MaxWALTime is the maximum amount of time series and asmples
- may exist in the WAL before being forcibly deleted.
+ description: MaxWALTime is the maximum amount of time that series
+ and samples can exist in the WAL before being forcibly deleted.
type: string
minWALTime:
- description: MinWALTime is the minimum amount of time series and samples
- may exist in the WAL before being considered for deletion.
+ description: MinWALTime is the minimum amount of time that series
+ and samples can exist in the WAL before being considered for deletion.
type: string
podMonitorNamespaceSelector:
description: PodMonitorNamespaceSelector are the set of labels to
determine which namespaces to watch for PodMonitor discovery. If
- nil, only checks own namespace.
+ nil, it only checks its own namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@@ -120,9 +121,10 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
podMonitorSelector:
- description: PodMonitorSelector determines which PodMonitors should
- be selected for target discovery. Experimental.
+ description: PodMonitorSelector determines which PodMonitors to selected
+ for target discovery. Experimental.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@@ -165,9 +167,10 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
probeNamespaceSelector:
- description: ProbeNamespaceSelector are the set of labels to determine
- which namespaces to watch for Probe discovery. If nil, only checks
+ description: ProbeNamespaceSelector is the set of labels that determines
+ which namespaces to watch for Probe discovery. If nil, it only checks
own namespace.
properties:
matchExpressions:
@@ -211,9 +214,10 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
probeSelector:
- description: ProbeSelector determines which Probes should be selected
- for target discovery.
+ description: ProbeSelector determines which Probes to select for target
+ discovery.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@@ -256,6 +260,7 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
remoteFlushDeadline:
description: RemoteFlushDeadline is the deadline for flushing data
when an instance shuts down.
@@ -288,6 +293,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
@@ -307,6 +313,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
bearerToken:
description: BearerToken used for remote_write.
@@ -339,6 +346,92 @@
if specified. The name is used in metrics and logging in order
to differentiate queues.
type: string
+ oauth2:
+ description: Oauth2 for URL
+ properties:
+ clientId:
+ description: The secret or configmap containing the OAuth2
+ client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2 client secret
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
proxyUrl:
description: ProxyURL to proxy requests through. Optional.
type: string
@@ -348,11 +441,11 @@
properties:
batchSendDeadline:
description: BatchSendDeadline is the maximum time a sample
- will wait in buffer.
+ will wait in the buffer.
type: string
capacity:
description: Capacity is the number of samples to buffer
- per shard before we start dropping them.
+ per shard before samples start being dropped.
type: integer
maxBackoff:
description: MaxBackoff is the maximum retry delay.
@@ -367,15 +460,15 @@
type: integer
maxShards:
description: MaxShards is the maximum number of shards,
- i.e. amount of concurrency.
+ i.e., the amount of concurrency.
type: integer
minBackoff:
- description: MinBackoff is the initial retry delay. Gets
- doubled for every retry.
+ description: MinBackoff is the initial retry delay. MinBackoff
+ is doubled for every retry.
type: string
minShards:
description: MinShards is the minimum number of shards,
- i.e. amount of concurrency.
+ i.e., the amount of concurrency.
type: integer
retryOnRateLimit:
description: RetryOnRateLimit retries requests when encountering
@@ -388,12 +481,12 @@
type: string
sigv4:
description: SigV4 configures SigV4-based authentication to
- the remote_write endpoint. Will be used if SigV4 is defined,
- even with an empty object.
+ the remote_write endpoint. SigV4-based authentication is used
+ if SigV4 is defined, even with an empty object.
properties:
accessKey:
description: AccessKey holds the secret of the AWS API access
- key to use for signing. If not provided, The environment
+ key to use for signing. If not provided, the environment
variable AWS_ACCESS_KEY_ID is used.
properties:
key:
@@ -411,6 +504,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
profile:
description: Profile is the named AWS profile to use for
authentication.
@@ -443,13 +537,14 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
tlsConfig:
description: TLSConfig to use for remote_write.
properties:
ca:
- description: Struct containing the CA cert to use for the
- targets.
+ description: Certificate authority used when verifying server
+ certificates.
properties:
configMap:
description: ConfigMap containing data to use for the
@@ -470,6 +565,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -489,14 +585,14 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
- description: Struct containing the client cert file for
- the targets.
+ description: Client certificate to present when doing client-authentication.
properties:
configMap:
description: ConfigMap containing data to use for the
@@ -517,6 +613,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
@@ -536,6 +633,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
certFile:
description: Path to the client cert file in the Prometheus
@@ -567,6 +665,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
serverName:
description: Used to verify the hostname for the targets.
type: string
@@ -586,15 +685,31 @@
action:
default: replace
description: Action to perform based on regex matching.
- Default is 'replace'
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
enum:
- replace
+ - Replace
- keep
+ - Keep
- drop
+ - Drop
- hashmod
+ - HashMod
- labelmap
+ - LabelMap
- labeldrop
+ - LabelDrop
- labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ - keepequal
+ - KeepEqual
+ - dropequal
+ - DropEqual
type: string
modulus:
description: Modulus to take of the hash of the source
@@ -638,9 +753,9 @@
type: object
type: array
serviceMonitorNamespaceSelector:
- description: ServiceMonitorNamespaceSelector are the set of labels
- to determine which namespaces to watch for ServiceMonitor discovery.
- If nil, only checks own namespace.
+ description: ServiceMonitorNamespaceSelector is the set of labels
+ that determine which namespaces to watch for ServiceMonitor discovery.
+ If nil, it only checks its own namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@@ -683,9 +798,10 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
serviceMonitorSelector:
description: ServiceMonitorSelector determines which ServiceMonitors
- should be selected for target discovery.
+ to select for target discovery.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@@ -728,12 +844,12 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
walTruncateFrequency:
- description: WALTruncateFrequency specifies how frequently the WAL
- truncation process should run. Higher values causes the WAL to increase
- and for old series to stay in the WAL for longer, but reduces the
- chances of data loss when remote_write is failing for longer than
- the given frequency.
+ description: WALTruncateFrequency specifies how frequently to run
+ the WAL truncation process. Higher values cause the WAL to increase
+ and for old series to stay in the WAL longer, but reduces the chance
+ of data loss when remote_write fails for longer than the given frequency.
type: string
writeStaleOnShutdown:
description: WriteStaleOnShutdown writes staleness markers on shutdown
@@ -743,9 +859,3 @@
type: object
served: true
storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml
index 533e336..ff6531f 100644
--- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml
+++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml
@@ -3,7 +3,7 @@
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.8.0
+ controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: podlogs.monitoring.grafana.com
spec:
@@ -56,7 +56,7 @@
type: array
type: object
pipelineStages:
- description: Pipeline stages for this pod. Pipeline stages allow for
+ description: Pipeline stages for this pod. Pipeline stages support
transforming and filtering log lines.
items:
description: "PipelineStageSpec defines an individual pipeline stage.
@@ -78,17 +78,17 @@
logs.
properties:
dropCounterReason:
- description: Every time a log line is dropped the metric
- logentry_dropped_lines_total will be incremented. A "reason"
+ description: Every time a log line is dropped, the metric
+ logentry_dropped_lines_total is incremented. A "reason"
label is added, and can be customized by providing a custom
- value here. Defaults to "drop_stage."
+ value here. Defaults to "drop_stage".
type: string
expression:
- description: "RE2 regular exprssion. \n If source is provided,
- the regex will attempt to match the source. \n If no source
- is provided, then the regex will attempt to attach the
- log line. \n If the provided regex matches the log line
- or a provided source, the line will be dropped."
+ description: "RE2 regular expression. \n If source is provided,
+ the regex attempts to match the source. \n If no source
+ is provided, then the regex attempts to attach the log
+ line. \n If the provided regex matches the log line or
+ a provided source, the line is dropped."
type: string
longerThan:
description: LongerThan will drop a log line if it its content
@@ -98,7 +98,7 @@
olderThan:
description: OlderThan will be parsed as a Go duration.
If the log line's timestamp is older than the current
- time minus the provided duration it will be dropped.
+ time minus the provided duration, it will be dropped.
type: string
source:
description: Name from the extract data to parse. If empty,
@@ -122,10 +122,10 @@
description: "Set of the key/value pairs of JMESPath expressions.
The key will be the key in the extracted data while the
expression will be the value, evaluated as a JMESPath
- from the source data. \n Literal JMESPath exprssions can
- be done by wrapping a key in double quotes, which then
- must be wrapped again in single quotes in YAML so they
- get passed to the JMESPath parser."
+ from the source data. \n Literal JMESPath expressions
+ can be used by wrapping a key in double quotes, which
+ then must be wrapped again in single quotes in YAML so
+ they get passed to the JMESPath parser."
type: object
source:
description: Name from the extracted data to parse as JSON.
@@ -156,6 +156,25 @@
of the label. If the value is not provided, it defaults to
match the key."
type: object
+ limit:
+ description: Limit is a rate-limiting stage that throttles logs
+ based on several options.
+ properties:
+ burst:
+ description: The cap in the quantity of burst lines that
+ Promtail will push to Loki.
+ type: integer
+ drop:
+ description: "When drop is true, log lines that exceed the
+ current rate limit are discarded. When drop is false,
+ log lines that exceed the current rate limit wait to enter
+ the back pressure mode. \n Defaults to false."
+ type: boolean
+ rate:
+ description: The rate limit in lines per second that Promtail
+ will push to Loki.
+ type: integer
+ type: object
match:
description: Match is a filtering stage that conditionally applies
a set of stages or drop entries when a log entry matches a
@@ -164,13 +183,13 @@
action:
description: Determines what action is taken when the selector
matches the log line. Can be keep or drop. Defaults to
- keep. When set to drop, entries will be dropped and no
- later metrics will be recorded. Stages must be empty when
- dropping metrics.
+ keep. When set to drop, entries are dropped and no later
+ metrics are recorded. Stages must be empty when dropping
+ metrics.
type: string
dropCounterReason:
- description: Every time a log line is dropped the metric
- logentry_dropped_lines_total will be incremented. A "reason"
+ description: Every time a log line is dropped, the metric
+ logentry_dropped_lines_total is incremented. A "reason"
label is added, and can be customized by providing a custom
value here. Defaults to "match_stage."
type: string
@@ -186,7 +205,7 @@
type: string
stages:
description: "Nested set of pipeline stages to execute when
- action: keep and the log line matches selector. \n An
+ action is keep and the log line matches selector. \n An
example value for stages may be: \n stages: | - json:
{} - labelAllow: [foo, bar] \n Note that stages is a string
because SIG API Machinery does not support recursive types,
@@ -223,7 +242,7 @@
type: string
type: array
countEntryBytes:
- description: "If true all log line bytes will be counted.
+ description: "If true all log line bytes are counted.
Can only be set with matchAll: true and action: add.
\n Only valid for type: counter."
type: boolean
@@ -231,7 +250,7 @@
description: Sets the description for the created metric.
type: string
matchAll:
- description: "If true all log lines will be counted without
+ description: "If true, all log lines are counted without
attempting to match the source to the extracted map.
Mutually exclusive with value. \n Only valid for type:
counter."
@@ -240,8 +259,8 @@
description: "Label values on metrics are dynamic which
can cause exported metrics to go stale. To prevent unbounded
cardinality, any metrics not updated within MaxIdleDuration
- will be removed. \n Must be greater or equal to 1s.
- Defaults to 5m."
+ are removed. \n Must be greater or equal to 1s. Defaults
+ to 5m."
type: string
prefix:
description: Sets the custom prefix name for the metric.
@@ -257,14 +276,14 @@
type: string
value:
description: Filters down source data and only changes
- the metric if the targeted value exactly matches the
- provided string. If not present, all data will match.
+ the metric if the targeted value matches the provided
+ string exactly. If not present, all data matches.
type: string
required:
- action
- type
type: object
- description: Metrics is an action stage that allows for defining
+ description: Metrics is an action stage that supports defining
and updating metrics based on data from the extracted map.
Created metrics are not pushed to Loki or Prometheus and are
instead exposed via the /metrics endpoint of the Grafana Agent
@@ -317,7 +336,7 @@
containers to avoid out of order errors.
type: boolean
labels:
- description: Name from extracted data or line labels. Requiried.
+ description: Name from extracted data or line labels. Required.
Labels provided here are automatically removed from output
labels.
items:
@@ -371,7 +390,7 @@
If empty, defaults to using the log message.
type: string
template:
- description: Go template string to use. Required. In additional
+ description: Go template string to use. Required. In addition
to normal template functions, ToLower, ToUpper, Replace,
Trim, TrimLeft, TrimRight, TrimPrefix, and TrimSpace are
also available.
@@ -386,14 +405,18 @@
data map. If the field is missing, the default LogsClientSpec.tenantId
will be used.
properties:
+ label:
+ description: Name from labels whose value should be set
+ as tenant ID. Mutually exclusive with source and value.
+ type: string
source:
description: Name from extracted data to use as the tenant
- ID. Mutually exclusive with value.
+ ID. Mutually exclusive with label and value.
type: string
value:
description: Value to use for the template ID. Useful when
this stage is used within a conditional pipeline such
- as match. Mutually exclusive with source.
+ as match. Mutually exclusive with label and source.
type: string
type: object
timestamp:
@@ -450,15 +473,31 @@
action:
default: replace
description: Action to perform based on regex matching. Default
- is 'replace'
+ is 'replace'. uppercase and lowercase actions require Prometheus
+ >= 2.36.
enum:
- replace
+ - Replace
- keep
+ - Keep
- drop
+ - Drop
- hashmod
+ - HashMod
- labelmap
+ - LabelMap
- labeldrop
+ - LabelDrop
- labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ - keepequal
+ - KeepEqual
+ - dropequal
+ - DropEqual
type: string
modulus:
description: Modulus to take of the hash of the source label
@@ -540,15 +579,10 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
required:
- selector
type: object
type: object
served: true
storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/charts/loki/charts/grafana-agent-operator/templates/operator-clusterrole.yaml b/charts/loki/charts/grafana-agent-operator/templates/operator-clusterrole.yaml
index aad0c89..08ad58c 100644
--- a/charts/loki/charts/grafana-agent-operator/templates/operator-clusterrole.yaml
+++ b/charts/loki/charts/grafana-agent-operator/templates/operator-clusterrole.yaml
@@ -52,4 +52,11 @@
- daemonsets
- deployments
verbs: [get, list, watch, create, update, patch, delete]
+{{- with .Values.rbac.podSecurityPolicyName }}
+- apiGroups: [policy]
+ resources:
+ - podsecuritypolicies
+ verbs: [use]
+ resourceNames: [ {{ . }} ]
+{{- end -}}
{{- end -}}
diff --git a/charts/loki/charts/grafana-agent-operator/templates/operator-deployment.yaml b/charts/loki/charts/grafana-agent-operator/templates/operator-deployment.yaml
index d83087c..e2c741e 100644
--- a/charts/loki/charts/grafana-agent-operator/templates/operator-deployment.yaml
+++ b/charts/loki/charts/grafana-agent-operator/templates/operator-deployment.yaml
@@ -25,6 +25,9 @@
{{ toYaml . | indent 8 }}
{{- end }}
spec:
+ {{- with .Values.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
serviceAccountName: {{ template "ga-operator.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
@@ -34,6 +37,10 @@
- name: {{ include "ga-operator.name" . }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- with .Values.containerSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 10 }}
@@ -53,6 +60,10 @@
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.hostAliases }}
+ hostAliases:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
diff --git a/charts/loki/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml b/charts/loki/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml
index f8125e8..1f9b207 100644
--- a/charts/loki/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml
+++ b/charts/loki/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml
@@ -3,6 +3,7 @@
kind: ServiceAccount
metadata:
name: {{ template "ga-operator.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
labels:
{{ include "ga-operator.labels" . | indent 4 }}
{{- end -}}
diff --git a/charts/loki/charts/grafana-agent-operator/values.yaml b/charts/loki/charts/grafana-agent-operator/values.yaml
index 3d69c60..4df2427 100644
--- a/charts/loki/charts/grafana-agent-operator/values.yaml
+++ b/charts/loki/charts/grafana-agent-operator/values.yaml
@@ -16,9 +16,14 @@
# -- Pod security context (runAsUser, etc.)
podSecurityContext: {}
-# -- Toggle to create ClusterRole and ClusterRoleBinding
+# -- Container security context (allowPrivilegeEscalation, etc.)
+containerSecurityContext: {}
+
rbac:
+ # -- Toggle to create ClusterRole and ClusterRoleBinding
create: true
+ # -- Name of a PodSecurityPolicy to use in the ClusterRole. If unset, no PodSecurityPolicy is used.
+ podSecurityPolicyName: ''
serviceAccount:
# -- Toggle to create ServiceAccount
@@ -32,12 +37,18 @@
# -- Image repo
repository: grafana/agent-operator
# -- Image tag
- tag: v0.25.1
+ tag: v0.39.1
# -- Image pull policy
pullPolicy: IfNotPresent
# -- Image pull secrets
pullSecrets: []
+# -- hostAliases to add
+hostAliases: []
+# - ip: 1.2.3.4
+# hostnames:
+# - domain.tld
+
# -- If both are set, Agent Operator will create and maintain a service for scraping kubelets
# https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets
kubeletService:
diff --git a/charts/loki/charts/minio/Chart.yaml b/charts/loki/charts/minio/Chart.yaml
index 67824a4..a917341 100644
--- a/charts/loki/charts/minio/Chart.yaml
+++ b/charts/loki/charts/minio/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: RELEASE.2022-08-13T21-54-44Z
+appVersion: RELEASE.2022-09-17T00-09-45Z
description: Multi-Cloud Object Storage
home: https://min.io
icon: https://min.io/resources/img/logo/MINIO_wordmark.png
@@ -15,4 +15,4 @@
name: minio
sources:
- https://github.com/minio/minio
-version: 4.0.12
+version: 4.0.15
diff --git a/charts/loki/charts/minio/templates/_helper_policy.tpl b/charts/loki/charts/minio/templates/_helper_policy.tpl
index 83a2e15..f215053 100644
--- a/charts/loki/charts/minio/templates/_helper_policy.tpl
+++ b/charts/loki/charts/minio/templates/_helper_policy.tpl
@@ -12,6 +12,16 @@
"Resource": [
"{{ $statement.resources | join "\",\n\"" }}"
]{{ end }}
+{{- if $statement.conditions }}
+{{- $condition_len := len $statement.conditions }}
+{{- $condition_len := sub $condition_len 1 }}
+ ,
+ "Condition": {
+ {{- range $k,$v := $statement.conditions }}
+ {{- range $operator,$object := $v }}
+ "{{ $operator }}": { {{ $object }} }{{- if lt $k $condition_len }},{{- end }}
+ {{- end }}{{- end }}
+ }{{- end }}
}{{ if lt $i $statements_length }},{{end }}
{{- end }}
]
diff --git a/charts/loki/charts/minio/templates/deployment.yaml b/charts/loki/charts/minio/templates/deployment.yaml
index 062d141..692f86e 100644
--- a/charts/loki/charts/minio/templates/deployment.yaml
+++ b/charts/loki/charts/minio/templates/deployment.yaml
@@ -82,18 +82,19 @@
- name: minio-user
mountPath: "/tmp/credentials"
readOnly: true
- {{- if .Values.persistence.enabled }}
- name: export
mountPath: {{ .Values.mountPath }}
- {{- if .Values.persistence.subPath }}
+ {{- if and .Values.persistence.enabled .Values.persistence.subPath }}
subPath: "{{ .Values.persistence.subPath }}"
{{- end }}
- {{- end }}
{{- if .Values.extraSecret }}
- name: extra-secret
mountPath: "/tmp/minio-config-env"
{{- end }}
{{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
ports:
- name: {{ $scheme }}
containerPort: {{ .Values.minioAPIPort }}
@@ -123,7 +124,7 @@
value: {{ .Values.oidc.configUrl }}
- name: MINIO_IDENTITY_OPENID_CLIENT_ID
value: {{ .Values.oidc.clientId }}
- - name: MINIO_IDENTITY_OPENID_CLIENTs_SECRET
+ - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
value: {{ .Values.oidc.clientSecret }}
- name: MINIO_IDENTITY_OPENID_CLAIM_NAME
value: {{ .Values.oidc.claimName }}
@@ -192,4 +193,7 @@
secret:
secretName: {{ template "minio.secretName" . }}
{{- include "minio.tlsKeysVolume" . | indent 8 }}
+ {{- if .Values.extraVolumes }}
+ {{ toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
{{- end }}
diff --git a/charts/loki/charts/minio/templates/post-install-create-bucket-job.yaml b/charts/loki/charts/minio/templates/post-install-create-bucket-job.yaml
index 37d4f6b..643313d 100644
--- a/charts/loki/charts/minio/templates/post-install-create-bucket-job.yaml
+++ b/charts/loki/charts/minio/templates/post-install-create-bucket-job.yaml
@@ -65,6 +65,12 @@
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
+ {{- if .Values.makeBucketJob.extraVolumes }}
+ {{- toYaml .Values.makeBucketJob.extraVolumes | nindent 8 }}
+ {{- end }}
+{{ if .Values.serviceAccount.create }}
+ serviceAccountName: {{ .Values.serviceAccount.name }}
+{{- end }}
containers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
@@ -87,6 +93,9 @@
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
+ {{- if .Values.makeBucketJob.extraVolumeMounts }}
+ {{- toYaml .Values.makeBucketJob.extraVolumeMounts | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.makeBucketJob.resources | indent 10 }}
{{- end }}
diff --git a/charts/loki/charts/minio/templates/post-install-create-policy-job.yaml b/charts/loki/charts/minio/templates/post-install-create-policy-job.yaml
index cf3c660..288bf75 100644
--- a/charts/loki/charts/minio/templates/post-install-create-policy-job.yaml
+++ b/charts/loki/charts/minio/templates/post-install-create-policy-job.yaml
@@ -65,6 +65,12 @@
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
+ {{- if .Values.makePolicyJob.extraVolumes }}
+ {{- toYaml .Values.makePolicyJob.extraVolumes | nindent 8 }}
+ {{- end }}
+{{ if .Values.serviceAccount.create }}
+ serviceAccountName: {{ .Values.serviceAccount.name }}
+{{- end }}
containers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
@@ -87,6 +93,9 @@
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
+ {{- if .Values.makePolicyJob.extraVolumeMounts }}
+ {{- toYaml .Values.makePolicyJob.extraVolumeMounts | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.makePolicyJob.resources | indent 10 }}
{{- end }}
diff --git a/charts/loki/charts/minio/templates/post-install-create-user-job.yaml b/charts/loki/charts/minio/templates/post-install-create-user-job.yaml
index 7d7f6dd..8ccc6c0 100644
--- a/charts/loki/charts/minio/templates/post-install-create-user-job.yaml
+++ b/charts/loki/charts/minio/templates/post-install-create-user-job.yaml
@@ -75,6 +75,12 @@
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
+ {{- if .Values.makeUserJob.extraVolumes }}
+ {{- toYaml .Values.makeUserJob.extraVolumes | nindent 8 }}
+ {{- end }}
+{{ if .Values.serviceAccount.create }}
+ serviceAccountName: {{ .Values.serviceAccount.name }}
+{{- end }}
containers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
@@ -97,6 +103,9 @@
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
+ {{- if .Values.makeUserJob.extraVolumeMounts }}
+ {{- toYaml .Values.makeUserJob.extraVolumeMounts | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.makeUserJob.resources | indent 10 }}
{{- end }}
diff --git a/charts/loki/charts/minio/templates/servicemonitor.yaml b/charts/loki/charts/minio/templates/servicemonitor.yaml
index d3fb629..fe14b1f 100644
--- a/charts/loki/charts/minio/templates/servicemonitor.yaml
+++ b/charts/loki/charts/minio/templates/servicemonitor.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.metrics.serviceMonitor.enabled }}
+{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.includeNode}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
@@ -35,7 +35,7 @@
- port: http
scheme: http
{{- end }}
- path: /minio/v2/metrics/cluster
+ path: /minio/v2/metrics/node
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
@@ -59,3 +59,57 @@
release: {{ .Release.Name }}
monitoring: "true"
{{- end }}
+{{- if .Values.metrics.serviceMonitor.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: Probe
+metadata:
+ name: {{ template "minio.fullname" . }}-cluster
+ {{- if .Values.metrics.serviceMonitor.namespace }}
+ namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+ {{ else }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- end }}
+ labels:
+ app: {{ template "minio.name" . }}
+ chart: {{ template "minio.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.metrics.serviceMonitor.additionalLabels }}
+{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }}
+ {{- end }}
+spec:
+ jobName: {{ template "minio.fullname" . }}
+ prober:
+ url: {{ template "minio.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}
+ path: /minio/v2/metrics/cluster
+ {{- if .Values.tls.enabled }}
+ scheme: https
+ tlsConfig:
+ ca:
+ secret:
+ name: {{ .Values.tls.certSecret }}
+ key: {{ .Values.tls.publicCrt }}
+ serverName: {{ template "minio.fullname" . }}
+ {{ else }}
+ scheme: http
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.relabelConfigsCluster }}
+{{ toYaml .Values.metrics.serviceMonitor.relabelConfigsCluster | indent 2 }}
+ {{- end }}
+ targets:
+ staticConfig:
+ static:
+ - {{ template "minio.fullname" . }}.{{ .Release.Namespace }}
+ {{- if not .Values.metrics.serviceMonitor.public }}
+ {{- if .Values.metrics.serviceMonitor.interval }}
+ interval: {{ .Values.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ bearerTokenSecret:
+ name: {{ template "minio.fullname" . }}-prometheus
+ key: token
+ {{- end }}
+{{- end }}
diff --git a/charts/loki/charts/minio/templates/statefulset.yaml b/charts/loki/charts/minio/templates/statefulset.yaml
index 6d695dd..490de91 100644
--- a/charts/loki/charts/minio/templates/statefulset.yaml
+++ b/charts/loki/charts/minio/templates/statefulset.yaml
@@ -130,6 +130,9 @@
mountPath: "/tmp/minio-config-env"
{{- end }}
{{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
ports:
- name: {{ $scheme }}
containerPort: {{ .Values.minioAPIPort }}
@@ -207,6 +210,9 @@
secretName: {{ .Values.extraSecret }}
{{- end }}
{{- include "minio.tlsKeysVolume" . | indent 8 }}
+ {{- if .Values.extraVolumes }}
+ {{ toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
{{- if gt $drivesPerNode 1 }}
diff --git a/charts/loki/charts/minio/values.yaml b/charts/loki/charts/minio/values.yaml
index 457d647..865edf0 100644
--- a/charts/loki/charts/minio/values.yaml
+++ b/charts/loki/charts/minio/values.yaml
@@ -14,7 +14,7 @@
##
image:
repository: quay.io/minio/minio
- tag: RELEASE.2022-08-13T21-54-44Z
+ tag: RELEASE.2022-09-17T00-09-45Z
pullPolicy: IfNotPresent
imagePullSecrets: []
@@ -25,17 +25,17 @@
##
mcImage:
repository: quay.io/minio/mc
- tag: RELEASE.2022-08-11T00-30-48Z
+ tag: RELEASE.2022-09-16T09-16-47Z
pullPolicy: IfNotPresent
## minio mode, i.e. standalone or distributed or gateway.
mode: distributed ## other supported values are "standalone", "gateway"
## Additional labels to include with deployment or statefulset
-additionalLabels: []
+additionalLabels: {}
## Additional annotations to include with deployment or statefulset
-additionalAnnotations: []
+additionalAnnotations: {}
## Typically the deployment/statefulset includes checksums of secrets/config,
## So that when these change on a subsequent helm install, the deployment/statefulset
@@ -46,6 +46,12 @@
## Additional arguments to pass to minio binary
extraArgs: []
+## Additional volumes to minio container
+extraVolumes: []
+
+## Additional volumeMounts to minio container
+extraVolumeMounts: []
+
## Internal port number for MinIO S3 API container
## Change service.port to change external port number
minioAPIPort: "9000"
@@ -295,10 +301,25 @@
# - "s3:GetBucketLocation"
# - "s3:ListBucket"
# - "s3:ListBucketMultipartUploads"
+## conditionsexample policy creates all access to example bucket with aws:username="johndoe" and source ip range 10.0.0.0/8 and 192.168.0.0/24 only
+# - name: conditionsexample
+# statements:
+# - resources:
+# - 'arn:aws:s3:::example/*'
+# actions:
+# - 's3:*'
+# conditions:
+# - StringEquals: '"aws:username": "johndoe"'
+# - IpAddress: |
+# "aws:SourceIp": [
+# "10.0.0.0/8",
+# "192.168.0.0/24"
+# ]
+#
## Additional Annotations for the Kubernetes Job makePolicyJob
makePolicyJob:
- podAnnotations:
- annotations:
+ podAnnotations: {}
+ annotations: {}
securityContext:
enabled: false
runAsUser: 1000
@@ -310,6 +331,8 @@
nodeSelector: {}
tolerations: []
affinity: {}
+ extraVolumes: []
+ extraVolumeMounts: []
# Command to run after the main command on exit
exitCommand: ""
@@ -333,8 +356,8 @@
## Additional Annotations for the Kubernetes Job makeUserJob
makeUserJob:
- podAnnotations:
- annotations:
+ podAnnotations: {}
+ annotations: {}
securityContext:
enabled: false
runAsUser: 1000
@@ -346,6 +369,8 @@
nodeSelector: {}
tolerations: []
affinity: {}
+ extraVolumes: []
+ extraVolumeMounts: []
# Command to run after the main command on exit
exitCommand: ""
@@ -375,8 +400,8 @@
## Additional Annotations for the Kubernetes Job makeBucketJob
makeBucketJob:
- podAnnotations:
- annotations:
+ podAnnotations: {}
+ annotations: {}
securityContext:
enabled: false
runAsUser: 1000
@@ -388,6 +413,8 @@
nodeSelector: {}
tolerations: []
affinity: {}
+ extraVolumes: []
+ extraVolumeMounts: []
# Command to run after the main command on exit
exitCommand: ""
@@ -398,8 +425,8 @@
## Additional Annotations for the Kubernetes Job customCommandJob
customCommandJob:
- podAnnotations:
- annotations:
+ podAnnotations: {}
+ annotations: {}
securityContext:
enabled: false
runAsUser: 1000
@@ -464,10 +491,17 @@
metrics:
serviceMonitor:
enabled: false
+ # scrape each node/pod individually for additional metrics
+ includeNode: false
public: true
additionalLabels: {}
- annotations: {}
+ # for node metrics
relabelConfigs: {}
+ # for cluster metrics
+ relabelConfigsCluster: {}
+ # metricRelabelings:
+ # - regex: (server|pod)
+ # action: labeldrop
# namespace: monitoring
# interval: 30s
# scrapeTimeout: 10s
diff --git a/charts/loki/docs/examples/enterprise/README.md b/charts/loki/docs/examples/enterprise/README.md
index 42004f1..d28b48e 100644
--- a/charts/loki/docs/examples/enterprise/README.md
+++ b/charts/loki/docs/examples/enterprise/README.md
@@ -1,20 +1,20 @@
## Introduction
-This example gives you an example or getting started overrides value file for deploying Loki (Enterprise Licensed) using the Simple Scalable architecture in GKE and using GCS
+This example gives you an example or getting started overrides value file for deploying Loki (Enterprise Licensed) using the Simple Scalable architecture in GKE and using GCS.
## Installation of Helm Chart
-These instructions assume you have already have access to a Kubernetes cluster, GCS Bucket and GCP Service Account which has read/write permissions to that GCS Bucket.
+These instructions assume you already have access to a Kubernetes cluster, GCS Bucket and GCP Service Account which has read/write permissions to that GCS Bucket.
### Populate Secret Values
-Populate the examples/enterprise-secrets.yaml so that:
-- The gcp_service_account.json secret has the contents of your GCP Service Account JSON key
-- The gel-license.jwt secret has the contents of your Grafana Enterprise Logs license key given to your by Grafana Labs
+Populate the [enterprise-secrets.yaml](./enterprise-secrets.yaml) so that:
+- The `gcp_service_account.json` secret has the contents of your GCP Service Account JSON key.
+- The `license.jwt` secret has the contents of your Grafana Enterprise Logs license key given to your by Grafana Labs.
-Deploy the secrets file to your k8s cluster.
+Deploy the secrets file to your k8s cluster with the command:
`kubectl apply -f enterprise-secrets.yaml`
### Configure the Helm Chart
-Open examples/overides-enterprise-gcs.yaml and replace `{YOUR_GCS_BUCKET}` with the name of your GCS bucket. If there are other things you'd like to configure, view the core [Values.yaml file](https://github.com/grafana/helm-charts/blob/main/charts/loki-simple-scalable/values.yaml) and override anything else you need to within the overrides-enterprise-gcs.yaml file.
+Open [overrides-enterprise-gcs.yaml](./overrides-enterprise-gcs.yaml) and replace `{YOUR_GCS_BUCKET}` with the name of your GCS bucket. If there are other things you'd like to configure, view the core [Values.yaml file](https://github.com/grafana/helm-charts/blob/main/charts/loki-simple-scalable/values.yaml) and override anything else you need to within the overrides-enterprise-gcs.yaml file.
### Install the Helm chart
@@ -25,5 +25,4 @@
`kubectl --namespace {KUBERNETES_NAMESPACE} logs $POD_NAME loki | grep Token`
-Take note of this token, you will need it when connecting Grafana Enterprise Logs to Grafana
-
+Take note of this token, you will need it when connecting Grafana Enterprise Logs to Grafana.
diff --git a/charts/loki/docs/examples/enterprise/enterprise-secrets.yaml b/charts/loki/docs/examples/enterprise/enterprise-secrets.yaml
index 77266fa..698e94b 100644
--- a/charts/loki/docs/examples/enterprise/enterprise-secrets.yaml
+++ b/charts/loki/docs/examples/enterprise/enterprise-secrets.yaml
@@ -9,4 +9,4 @@
GCP_SERVICE_ACCOUNT_JSON_HERE
}
- gel-license.jwt: LICENSE_HERE
\ No newline at end of file
+ license.jwt: LICENSE_HERE
diff --git a/charts/loki/docs/examples/enterprise/overrides-enterprise-gcs.yaml b/charts/loki/docs/examples/enterprise/overrides-enterprise-gcs.yaml
index 348b8b7..01210d3 100644
--- a/charts/loki/docs/examples/enterprise/overrides-enterprise-gcs.yaml
+++ b/charts/loki/docs/examples/enterprise/overrides-enterprise-gcs.yaml
@@ -14,7 +14,7 @@
secret:
secretName: gel-secrets
items:
- - key: gel-license.jwt
+ - key: license.jwt
path: license.jwt
- key: gcp_service_account.json
path: gcp_service_account.json
@@ -43,7 +43,7 @@
secret:
secretName: gel-secrets
items:
- - key: gel-license.jwt
+ - key: license.jwt
path: license.jwt
- key: gcp_service_account.json
path: gcp_service_account.json
@@ -60,7 +60,7 @@
secret:
secretName: gel-secrets
items:
- - key: gel-license.jwt
+ - key: license.jwt
path: license.jwt
- key: gcp_service_account.json
path: gcp_service_account.json
@@ -77,7 +77,7 @@
secret:
secretName: gel-secrets
items:
- - key: gel-license.jwt
+ - key: license.jwt
path: license.jwt
- key: gcp_service_account.json
path: gcp_service_account.json
diff --git a/charts/loki/reference.md.gotmpl b/charts/loki/reference.md.gotmpl
index 9636b1e..0efc492 100644
--- a/charts/loki/reference.md.gotmpl
+++ b/charts/loki/reference.md.gotmpl
@@ -1,8 +1,10 @@
---
title: Helm Chart Values
-menuTitle: Helm Chart Values
+menuTitle: Helm chart values
description: Reference for Helm Chart values.
-weight: 100
+aliases:
+ - ../../../installation/helm/reference/
+weight: 500
keywords: []
---
diff --git a/charts/loki/src/.yamllint.yaml b/charts/loki/src/.yamllint.yaml
new file mode 100644
index 0000000..19e5933
--- /dev/null
+++ b/charts/loki/src/.yamllint.yaml
@@ -0,0 +1,4 @@
+---
+rules:
+ quoted-strings:
+ required: true
diff --git a/charts/loki/src/alerts.yaml b/charts/loki/src/alerts.yaml
deleted file mode 100644
index b1e9687..0000000
--- a/charts/loki/src/alerts.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-groups:
-- name: loki_alerts
- rules:
- - alert: LokiRequestErrors
- annotations:
- message: |
- {{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}% errors.
- expr: |
- 100 * sum(rate(loki_request_duration_seconds_count{status_code=~"5.."}[2m])) by (namespace, job, route)
- /
- sum(rate(loki_request_duration_seconds_count[2m])) by (namespace, job, route)
- > 10
- for: 15m
- labels:
- severity: critical
- - alert: LokiRequestPanics
- annotations:
- message: |
- {{ $labels.job }} is experiencing {{ printf "%.2f" $value }}% increase of panics.
- expr: |
- sum(increase(loki_panic_total[10m])) by (namespace, job) > 0
- labels:
- severity: critical
- - alert: LokiRequestLatency
- annotations:
- message: |
- {{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}s 99th percentile latency.
- expr: |
- namespace_job_route:loki_request_duration_seconds:99quantile{route!~"(?i).*tail.*"} > 1
- for: 15m
- labels:
- severity: critical
- - alert: LokiTooManyCompactorsRunning
- annotations:
- message: |
- {{ $labels.cluster }} {{ $labels.namespace }} has had {{ printf "%.0f" $value }} compactors running for more than 5m. Only one compactor should run at a time.
- expr: |
- sum(loki_boltdb_shipper_compactor_running) by (namespace, cluster) > 1
- for: 5m
- labels:
- severity: warning
-- name: 'loki_canaries_alerts'
- rules:
- - alert: 'LokiCanaryLatency'
- annotations:
- message: |
- {{ $labels.job }} is experiencing {{ printf "%.2f" $value }}s 99th percentile latency.
- expr: |
- histogram_quantile(0.99, sum(rate(loki_canary_response_latency_seconds_bucket[5m])) by (le, namespace, job)) > 5
- for: '15m'
- labels:
- severity: 'warning'
diff --git a/charts/loki/src/alerts.yaml.tpl b/charts/loki/src/alerts.yaml.tpl
new file mode 100644
index 0000000..144e263
--- /dev/null
+++ b/charts/loki/src/alerts.yaml.tpl
@@ -0,0 +1,78 @@
+---
+groups:
+ - name: "loki_alerts"
+ rules:
+{{- if not (.Values.monitoring.rules.disabled.LokiRequestErrors | default false) }}
+ - alert: "LokiRequestErrors"
+ annotations:
+ message: |
+ {{`{{`}} $labels.job {{`}}`}} {{`{{`}} $labels.route {{`}}`}} is experiencing {{`{{`}} printf "%.2f" $value {{`}}`}}% errors.
+ expr: |
+ 100 * sum(rate(loki_request_duration_seconds_count{status_code=~"5.."}[2m])) by (namespace, job, route)
+ /
+ sum(rate(loki_request_duration_seconds_count[2m])) by (namespace, job, route)
+ > 10
+ for: "15m"
+ labels:
+ severity: "critical"
+{{- if .Values.monitoring.rules.additionalRuleLabels }}
+{{ toYaml .Values.monitoring.rules.additionalRuleLabels | indent 10 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.monitoring.rules.disabled.LokiRequestPanics | default false) }}
+ - alert: "LokiRequestPanics"
+ annotations:
+ message: |
+ {{`{{`}} $labels.job {{`}}`}} is experiencing {{`{{`}} printf "%.2f" $value {{`}}`}}% increase of panics.
+ expr: |
+ sum(increase(loki_panic_total[10m])) by (namespace, job) > 0
+ labels:
+ severity: "critical"
+{{- if .Values.monitoring.rules.additionalRuleLabels }}
+{{ toYaml .Values.monitoring.rules.additionalRuleLabels | indent 10 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.monitoring.rules.disabled.LokiRequestLatency | default false) }}
+ - alert: "LokiRequestLatency"
+ annotations:
+ message: |
+ {{`{{`}} $labels.job {{`}}`}} {{`{{`}} $labels.route {{`}}`}} is experiencing {{`{{`}} printf "%.2f" $value {{`}}`}}s 99th percentile latency.
+ expr: |
+ namespace_job_route:loki_request_duration_seconds:99quantile{route!~"(?i).*tail.*"} > 1
+ for: "15m"
+ labels:
+ severity: "critical"
+{{- if .Values.monitoring.rules.additionalRuleLabels }}
+{{ toYaml .Values.monitoring.rules.additionalRuleLabels | indent 10 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.monitoring.rules.disabled.LokiTooManyCompactorsRunning | default false) }}
+ - alert: "LokiTooManyCompactorsRunning"
+ annotations:
+ message: |
+ {{`{{`}} $labels.cluster {{`}}`}} {{`{{`}} $labels.namespace {{`}}`}} has had {{`{{`}} printf "%.0f" $value {{`}}`}} compactors running for more than 5m. Only one compactor should run at a time.
+ expr: |
+ sum(loki_boltdb_shipper_compactor_running) by (namespace, cluster) > 1
+ for: "5m"
+ labels:
+ severity: "warning"
+{{- if .Values.monitoring.rules.additionalRuleLabels }}
+{{ toYaml .Values.monitoring.rules.additionalRuleLabels | indent 10 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.monitoring.rules.disabled.LokiCanaryLatency | default false) }}
+ - name: "loki_canaries_alerts"
+ rules:
+ - alert: "LokiCanaryLatency"
+ annotations:
+ message: |
+ {{`{{`}} $labels.job {{`}}`}} is experiencing {{`{{`}} printf "%.2f" $value {{`}}`}}s 99th percentile latency.
+ expr: |
+ histogram_quantile(0.99, sum(rate(loki_canary_response_latency_seconds_bucket[5m])) by (le, namespace, job)) > 5
+ for: "15m"
+ labels:
+ severity: "warning"
+{{- if .Values.monitoring.rules.additionalRuleLabels }}
+{{ toYaml .Values.monitoring.rules.additionalRuleLabels | indent 10 }}
+{{- end }}
+{{- end }}
diff --git a/charts/loki/src/dashboards/loki-chunks.json b/charts/loki/src/dashboards/loki-chunks.json
index 8f30328..bec1997 100644
--- a/charts/loki/src/dashboards/loki-chunks.json
+++ b/charts/loki/src/dashboards/loki-chunks.json
@@ -598,7 +598,7 @@
"steppedLine": false,
"targets": [
{
- "expr": "cortex_ingester_flush_queue_length{cluster=\"$cluster\", job=~\"$namespace/(loki|enterprise-logs)-write\"}",
+ "expr": "loki_ingester_flush_queue_length{cluster=\"$cluster\", job=~\"$namespace/(loki|enterprise-logs)-write\"} or cortex_ingester_flush_queue_length{cluster=\"$cluster\", job=~\"$namespace/(loki|enterprise-logs)-write\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{pod}}",
diff --git a/charts/loki/src/dashboards/loki-logs.json b/charts/loki/src/dashboards/loki-logs.json
index c09d154..0f113cf 100644
--- a/charts/loki/src/dashboards/loki-logs.json
+++ b/charts/loki/src/dashboards/loki-logs.json
@@ -78,7 +78,7 @@
"sort": 0,
"value_type": "individual"
},
- "type": "graph",
+ "type": "timeseries",
"xaxis": {
"buckets": null,
"mode": "time",
@@ -165,7 +165,7 @@
"sort": 0,
"value_type": "individual"
},
- "type": "graph",
+ "type": "timeseries",
"xaxis": {
"buckets": null,
"mode": "time",
@@ -251,7 +251,7 @@
"sort": 0,
"value_type": "individual"
},
- "type": "graph",
+ "type": "timeseries",
"xaxis": {
"buckets": null,
"mode": "time",
@@ -337,7 +337,7 @@
"sort": 0,
"value_type": "individual"
},
- "type": "graph",
+ "type": "timeseries",
"xaxis": {
"buckets": null,
"mode": "time",
@@ -423,7 +423,7 @@
"sort": 0,
"value_type": "individual"
},
- "type": "graph",
+ "type": "timeseries",
"xaxis": {
"buckets": null,
"mode": "time",
@@ -509,7 +509,7 @@
"sort": 0,
"value_type": "individual"
},
- "type": "graph",
+ "type": "timeseries",
"xaxis": {
"buckets": null,
"mode": "time",
@@ -596,7 +596,7 @@
"sort": 0,
"value_type": "individual"
},
- "type": "graph",
+ "type": "timeseries",
"xaxis": {
"buckets": null,
"mode": "time",
@@ -683,7 +683,7 @@
"sort": 0,
"value_type": "individual"
},
- "type": "graph",
+ "type": "timeseries",
"xaxis": {
"buckets": null,
"mode": "time",
@@ -772,7 +772,7 @@
"steppedLine": false,
"targets": [
{
- "expr": "sum(rate({cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$deployment.*\", pod=~\"$pod\", container=~\"$container\" } |logfmt| level=\"$level\" |= \"$filter\" [5m])) by (level)",
+ "expr": "sum(rate({cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$deployment.*\", pod=~\"$pod\", container=~\"$container\" } |logfmt| level=~\"$level\" |= \"$filter\" [5m])) by (level)",
"intervalFactor": 3,
"legendFormat": "{{level}}",
"refId": "A"
@@ -788,7 +788,7 @@
"sort": 2,
"value_type": "individual"
},
- "type": "graph",
+ "type": "timeseries",
"xaxis": {
"buckets": null,
"mode": "time",
@@ -837,7 +837,7 @@
},
"targets": [
{
- "expr": "{cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$deployment.*\", pod=~\"$pod\", container=~\"$container\"} | logfmt | level=\"$level\" |= \"$filter\"",
+ "expr": "{cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$deployment.*\", pod=~\"$pod\", container=~\"$container\"} | logfmt | level=~\"$level\" |= \"$filter\"",
"refId": "A"
}
],
diff --git a/charts/loki/src/helm-test/Dockerfile b/charts/loki/src/helm-test/Dockerfile
index 5ffb228..cf4420a 100644
--- a/charts/loki/src/helm-test/Dockerfile
+++ b/charts/loki/src/helm-test/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.18.5 as build
+FROM golang:1.21.3 as build
# build via Makefile target helm-test-image in root
# Makefile. Building from this directory will not be
@@ -7,7 +7,7 @@
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false helm-test
-FROM alpine:3.16.2
-RUN apk add --update --no-cache ca-certificates=20220614-r0
+FROM alpine:3.18.5
+RUN apk add --update --no-cache ca-certificates=20230506-r0
COPY --from=build /src/loki/production/helm/loki/src/helm-test/helm-test /usr/bin/helm-test
ENTRYPOINT [ "/usr/bin/helm-test" ]
diff --git a/charts/loki/src/helm-test/default.nix b/charts/loki/src/helm-test/default.nix
index 5ebfa3e..a129b23 100644
--- a/charts/loki/src/helm-test/default.nix
+++ b/charts/loki/src/helm-test/default.nix
@@ -5,7 +5,7 @@
version = "0.1.0";
src = ./../../../../..;
- vendorSha256 = null;
+ vendorHash = null;
buildPhase = ''
runHook preBuild
diff --git a/charts/loki/src/rules.yaml.tpl b/charts/loki/src/rules.yaml.tpl
index 72bf907..840401d 100644
--- a/charts/loki/src/rules.yaml.tpl
+++ b/charts/loki/src/rules.yaml.tpl
@@ -6,81 +6,81 @@
by (le, job))
record: job:loki_request_duration_seconds:99quantile
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m]))
by (le, job))
record: job:loki_request_duration_seconds:50quantile
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job) / sum(rate(loki_request_duration_seconds_count[1m]))
by (job)
record: job:loki_request_duration_seconds:avg
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job)
record: job:loki_request_duration_seconds_bucket:sum_rate
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job)
record: job:loki_request_duration_seconds_sum:sum_rate
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_count[1m])) by (job)
record: job:loki_request_duration_seconds_count:sum_rate
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket[1m]))
by (le, job, route))
record: job_route:loki_request_duration_seconds:99quantile
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m]))
by (le, job, route))
record: job_route:loki_request_duration_seconds:50quantile
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job, route) / sum(rate(loki_request_duration_seconds_count[1m]))
by (job, route)
record: job_route:loki_request_duration_seconds:avg
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route)
record: job_route:loki_request_duration_seconds_bucket:sum_rate
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job, route)
record: job_route:loki_request_duration_seconds_sum:sum_rate
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_count[1m])) by (job, route)
record: job_route:loki_request_duration_seconds_count:sum_rate
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket[1m]))
by (le, namespace, job, route))
record: namespace_job_route:loki_request_duration_seconds:99quantile
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m]))
by (le, namespace, job, route))
record: namespace_job_route:loki_request_duration_seconds:50quantile
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (namespace, job, route)
/ sum(rate(loki_request_duration_seconds_count[1m])) by (namespace, job, route)
record: namespace_job_route:loki_request_duration_seconds:avg
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, namespace, job,
route)
record: namespace_job_route:loki_request_duration_seconds_bucket:sum_rate
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (namespace, job, route)
record: namespace_job_route:loki_request_duration_seconds_sum:sum_rate
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
- expr: sum(rate(loki_request_duration_seconds_count[1m])) by (namespace, job, route)
record: namespace_job_route:loki_request_duration_seconds_count:sum_rate
labels:
- cluster: "{{ include "loki.fullname" $ }}"
+ cluster: "{{ include "loki.clusterLabel" $ }}"
diff --git a/charts/loki/templates/_helpers.tpl b/charts/loki/templates/_helpers.tpl
index 2f837ad..14fe800 100644
--- a/charts/loki/templates/_helpers.tpl
+++ b/charts/loki/templates/_helpers.tpl
@@ -79,6 +79,26 @@
{{- end }}
{{- end }}
+{{/*
+Cluster label for rules and alerts.
+*/}}
+{{- define "loki.clusterLabel" -}}
+{{- if .Values.clusterLabelOverride }}
+{{- .Values.clusterLabelOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := include "loki.name" . }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+
{{/* Create a default storage config that uses filesystem storage
This is required for CI, but Loki will not be queryable with this default
applied, thus it is encouraged that users override this.
@@ -135,11 +155,11 @@
{{- define "loki.baseImage" }}
{{- $registry := .global.registry | default .service.registry | default "" -}}
{{- $repository := .service.repository | default "" -}}
-{{- $tag := .service.tag | default .defaultVersion | toString -}}
+{{- $ref := ternary (printf ":%s" (.service.tag | default .defaultVersion | toString)) (printf "@%s" .service.digest) (empty .service.digest) -}}
{{- if and $registry $repository -}}
- {{- printf "%s/%s:%s" $registry $repository $tag -}}
+ {{- printf "%s/%s%s" $registry $repository $ref -}}
{{- else -}}
- {{- printf "%s%s:%s" $registry $repository $tag -}}
+ {{- printf "%s%s%s" $registry $repository $ref -}}
{{- end -}}
{{- end -}}
@@ -205,6 +225,9 @@
{{- with .accessKeyId }}
access_key_id: {{ . }}
{{- end }}
+ {{- with .signatureVersion }}
+ signature_version: {{ . }}
+ {{- end }}
s3forcepathstyle: {{ .s3ForcePathStyle }}
insecure: {{ .insecure }}
{{- with .http_config}}
@@ -222,7 +245,20 @@
ca_file: {{ . }}
{{- end}}
{{- end }}
+ {{- with .backoff_config}}
+ backoff_config:
+ {{- with .min_period }}
+ min_period: {{ . }}
+ {{- end}}
+ {{- with .max_period }}
+ max_period: {{ . }}
+ {{- end}}
+ {{- with .max_retries }}
+ max_retries: {{ . }}
+ {{- end}}
+ {{- end }}
{{- end -}}
+
{{- else if eq .Values.loki.storage.type "gcs" -}}
{{- with .Values.loki.storage.gcs }}
gcs:
@@ -238,14 +274,54 @@
{{- with .accountKey }}
account_key: {{ . }}
{{- end }}
+ {{- with .connectionString }}
+ connection_string: {{ . }}
+ {{- end }}
container_name: {{ $.Values.loki.storage.bucketNames.chunks }}
use_managed_identity: {{ .useManagedIdentity }}
+ use_federated_token: {{ .useFederatedToken }}
{{- with .userAssignedId }}
user_assigned_id: {{ . }}
{{- end }}
{{- with .requestTimeout }}
request_timeout: {{ . }}
{{- end }}
+ {{- with .endpointSuffix }}
+ endpoint_suffix: {{ . }}
+ {{- end }}
+{{- end -}}
+{{- else if eq .Values.loki.storage.type "swift" -}}
+{{- with .Values.loki.storage.swift }}
+swift:
+ {{- with .auth_version }}
+ auth_version: {{ . }}
+ {{- end }}
+ auth_url: {{ .auth_url }}
+ {{- with .internal }}
+ internal: {{ . }}
+ {{- end }}
+ username: {{ .username }}
+ user_domain_name: {{ .user_domain_name }}
+ {{- with .user_domain_id }}
+ user_domain_id: {{ . }}
+ {{- end }}
+ {{- with .user_id }}
+ user_id: {{ . }}
+ {{- end }}
+ password: {{ .password }}
+ {{- with .domain_id }}
+ domain_id: {{ . }}
+ {{- end }}
+ domain_name: {{ .domain_name }}
+ project_id: {{ .project_id }}
+ project_name: {{ .project_name }}
+ project_domain_id: {{ .project_domain_id }}
+ project_domain_name: {{ .project_domain_name }}
+ region_name: {{ .region_name }}
+ container_name: {{ .container_name }}
+ max_retries: {{ .max_retries | default 3 }}
+ connect_timeout: {{ .connect_timeout | default "10s" }}
+ request_timeout: {{ .request_timeout | default "5s" }}
{{- end -}}
{{- else -}}
{{- with .Values.loki.storage.filesystem }}
@@ -286,6 +362,9 @@
{{- end }}
s3forcepathstyle: {{ .s3ForcePathStyle }}
insecure: {{ .insecure }}
+ {{- with .http_config }}
+ http_config: {{ toYaml . | nindent 6 }}
+ {{- end }}
{{- end -}}
{{- else if eq .Values.loki.storage.type "gcs" -}}
{{- with .Values.loki.storage.gcs }}
@@ -304,14 +383,54 @@
{{- with .accountKey }}
account_key: {{ . }}
{{- end }}
+ {{- with .connectionString }}
+ connection_string: {{ . }}
+ {{- end }}
container_name: {{ $.Values.loki.storage.bucketNames.ruler }}
use_managed_identity: {{ .useManagedIdentity }}
+ use_federated_token: {{ .useFederatedToken }}
{{- with .userAssignedId }}
user_assigned_id: {{ . }}
{{- end }}
{{- with .requestTimeout }}
request_timeout: {{ . }}
{{- end }}
+ {{- with .endpointSuffix }}
+ endpoint_suffix: {{ . }}
+ {{- end }}
+{{- end -}}
+{{- else if eq .Values.loki.storage.type "swift" -}}
+{{- with .Values.loki.storage.swift }}
+swift:
+ {{- with .auth_version }}
+ auth_version: {{ . }}
+ {{- end }}
+ auth_url: {{ .auth_url }}
+ {{- with .internal }}
+ internal: {{ . }}
+ {{- end }}
+ username: {{ .username }}
+ user_domain_name: {{ .user_domain_name }}
+ {{- with .user_domain_id }}
+ user_domain_id: {{ . }}
+ {{- end }}
+ {{- with .user_id }}
+ user_id: {{ . }}
+ {{- end }}
+ password: {{ .password }}
+ {{- with .domain_id }}
+ domain_id: {{ . }}
+ {{- end }}
+ domain_name: {{ .domain_name }}
+ project_id: {{ .project_id }}
+ project_name: {{ .project_name }}
+ project_domain_id: {{ .project_domain_id }}
+ project_domain_name: {{ .project_domain_name }}
+ region_name: {{ .region_name }}
+ container_name: {{ .container_name }}
+ max_retries: {{ .max_retries | default 3 }}
+ connect_timeout: {{ .connect_timeout | default "10s" }}
+ request_timeout: {{ .request_timeout | default "5s" }}
{{- end -}}
{{- else }}
type: "local"
@@ -329,6 +448,29 @@
{{- end }}
{{/*
+Calculate the config from structured and unstructred text input
+*/}}
+{{- define "loki.calculatedConfig" -}}
+{{ tpl (mergeOverwrite (tpl .Values.loki.config . | fromYaml) .Values.loki.structuredConfig | toYaml) . }}
+{{- end }}
+
+{{/*
+The volume to mount for loki configuration
+*/}}
+{{- define "loki.configVolume" -}}
+{{- if eq .Values.loki.configStorageType "Secret" -}}
+secret:
+ secretName: {{ tpl .Values.loki.externalConfigSecretName . }}
+{{- else if eq .Values.loki.configStorageType "ConfigMap" -}}
+configMap:
+ name: {{ tpl .Values.loki.externalConfigSecretName . }}
+ items:
+ - key: "config.yaml"
+ path: "config.yaml"
+{{- end -}}
+{{- end -}}
+
+{{/*
Memcached Docker image
*/}}
{{- define "loki.memcachedImage" -}}
@@ -420,16 +562,16 @@
pathType: Prefix
{{- end }}
backend:
- {{- if $ingressApiIsStable }}
{{- $serviceName := include "loki.ingress.serviceName" (dict "ctx" $.ctx "svcName" $.svcName) }}
+ {{- if $ingressApiIsStable }}
service:
name: {{ $serviceName }}
port:
- number: 3100
+ number: {{ $.ctx.Values.loki.server.http_listen_port }}
{{- else }}
serviceName: {{ $serviceName }}
- servicePort: 3100
-{{- end -}}
+ servicePort: {{ $.ctx.Values.loki.server.http_listen_port }}
+ {{- end -}}
{{- end -}}
{{- end -}}
@@ -441,9 +583,9 @@
*/}}
{{- define "loki.ingress.serviceName" -}}
{{- if (eq .svcName "singleBinary") }}
-{{- printf "%s" (include "loki.fullname" .ctx) }}
+{{- printf "%s" (include "loki.singleBinaryFullname" .ctx) }}
{{- else }}
-{{- printf "%s-%s" (include "loki.fullname" .ctx) .svcName }}
+{{- printf "%s-%s" (include "loki.name" .ctx) .svcName }}
{{- end -}}
{{- end -}}
@@ -456,18 +598,9 @@
{{- end -}}
{{- end -}}
-{{/* Return the appropriate apiVersion for PodDisruptionBudget. */}}
-{{- define "loki.podDisruptionBudget.apiVersion" -}}
- {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}}
- {{- print "policy/v1" -}}
- {{- else -}}
- {{- print "policy/v1beta1" -}}
- {{- end -}}
-{{- end -}}
-
{{/* Determine if deployment is using object storage */}}
{{- define "loki.isUsingObjectStorage" -}}
-{{- or (eq .Values.loki.storage.type "gcs") (eq .Values.loki.storage.type "s3") (eq .Values.loki.storage.type "azure") -}}
+{{- or (eq .Values.loki.storage.type "gcs") (eq .Values.loki.storage.type "s3") (eq .Values.loki.storage.type "azure") (eq .Values.loki.storage.type "swift") (eq .Values.loki.storage.type "alibabacloud") -}}
{{- end -}}
{{/* Configure the correct name for the memberlist service */}}
@@ -478,9 +611,9 @@
{{/* Determine the public host for the Loki cluster */}}
{{- define "loki.host" -}}
{{- $isSingleBinary := eq (include "loki.deployment.isSingleBinary" .) "true" -}}
-{{- $url := printf "%s.%s.svc.%s." (include "loki.gatewayFullname" .) .Release.Namespace .Values.global.clusterDomain }}
+{{- $url := printf "%s.%s.svc.%s.:%s" (include "loki.gatewayFullname" .) .Release.Namespace .Values.global.clusterDomain (.Values.gateway.service.port | toString) }}
{{- if and $isSingleBinary (not .Values.gateway.enabled) }}
- {{- $url = printf "%s.%s.svc.%s.:3100" (include "loki.singleBinaryFullname" .) .Release.Namespace .Values.global.clusterDomain }}
+ {{- $url = printf "%s.%s.svc.%s.:%s" (include "loki.singleBinaryFullname" .) .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }}
{{- end }}
{{- printf "%s" $url -}}
{{- end -}}
@@ -529,9 +662,9 @@
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
- client_max_body_size 4M;
+ client_max_body_size 4M;
- proxy_read_timeout 600; ## 6 minutes
+ proxy_read_timeout 600; ## 10 minutes
proxy_send_timeout 600;
proxy_connect_timeout 600;
@@ -553,14 +686,21 @@
sendfile on;
tcp_nopush on;
+ {{- if .Values.gateway.nginxConfig.resolver }}
+ resolver {{ .Values.gateway.nginxConfig.resolver }};
+ {{- else }}
resolver {{ .Values.global.dnsService }}.{{ .Values.global.dnsNamespace }}.svc.{{ .Values.global.clusterDomain }}.;
+ {{- end }}
{{- with .Values.gateway.nginxConfig.httpSnippet }}
- {{ . | nindent 2 }}
+ {{- tpl . $ | nindent 2 }}
{{- end }}
server {
listen 8080;
+ {{- if .Values.gateway.nginxConfig.enableIPv6 }}
+ listen [::]:8080;
+ {{- end }}
{{- if .Values.gateway.basicAuth.enabled }}
auth_basic "Loki";
@@ -586,9 +726,9 @@
{{- $writeHost = include "loki.singleBinaryFullname" .}}
{{- end }}
- {{- $writeUrl := printf "http://%s.%s.svc.%s:3100" $writeHost .Release.Namespace .Values.global.clusterDomain }}
- {{- $readUrl := printf "http://%s.%s.svc.%s:3100" $readHost .Release.Namespace .Values.global.clusterDomain }}
- {{- $backendUrl := printf "http://%s.%s.svc.%s:3100" $backendHost .Release.Namespace .Values.global.clusterDomain }}
+ {{- $writeUrl := printf "http://%s.%s.svc.%s:%s" $writeHost .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }}
+ {{- $readUrl := printf "http://%s.%s.svc.%s:%s" $readHost .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }}
+ {{- $backendUrl := printf "http://%s.%s.svc.%s:%s" $backendHost .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }}
{{- if .Values.gateway.nginxConfig.customWriteUrl }}
{{- $writeUrl = .Values.gateway.nginxConfig.customWriteUrl }}
@@ -600,74 +740,124 @@
{{- $backendUrl = .Values.gateway.nginxConfig.customBackendUrl }}
{{- end }}
+
+ # Distributor
location = /api/prom/push {
proxy_pass {{ $writeUrl }}$request_uri;
}
+ location = /loki/api/v1/push {
+ proxy_pass {{ $writeUrl }}$request_uri;
+ }
+ location = /distributor/ring {
+ proxy_pass {{ $writeUrl }}$request_uri;
+ }
+ # Ingester
+ location = /flush {
+ proxy_pass {{ $writeUrl }}$request_uri;
+ }
+ location ^~ /ingester/ {
+ proxy_pass {{ $writeUrl }}$request_uri;
+ }
+ location = /ingester {
+ internal; # to suppress 301
+ }
+
+ # Ring
+ location = /ring {
+ proxy_pass {{ $writeUrl }}$request_uri;
+ }
+
+ # MemberListKV
+ location = /memberlist {
+ proxy_pass {{ $writeUrl }}$request_uri;
+ }
+
+
+ # Ruler
+ location = /ruler/ring {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+ location = /api/prom/rules {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+ location ^~ /api/prom/rules/ {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+ location = /loki/api/v1/rules {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+ location ^~ /loki/api/v1/rules/ {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+ location = /prometheus/api/v1/alerts {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+ location = /prometheus/api/v1/rules {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+
+ # Compactor
+ location = /compactor/ring {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+ location = /loki/api/v1/delete {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+ location = /loki/api/v1/cache/generation_numbers {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+
+ # IndexGateway
+ location = /indexgateway/ring {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+
+ # QueryScheduler
+ location = /scheduler/ring {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+
+ # Config
+ location = /config {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+
+ {{- if and .Values.enterprise.enabled .Values.enterprise.adminApi.enabled }}
+ # Admin API
+ location ^~ /admin/api/ {
+ proxy_pass {{ $backendUrl }}$request_uri;
+ }
+ location = /admin/api {
+ internal; # to suppress 301
+ }
+ {{- end }}
+
+
+ # QueryFrontend, Querier
location = /api/prom/tail {
proxy_pass {{ $readUrl }}$request_uri;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
-
- location ~ /api/prom/.* {
- proxy_pass {{ $readUrl }}$request_uri;
- }
-
- location ~ /prometheus/api/v1/alerts.* {
- proxy_pass {{ $backendUrl }}$request_uri;
- }
- location ~ /prometheus/api/v1/rules.* {
- proxy_pass {{ $backendUrl }}$request_uri;
- }
- location ~ /ruler/.* {
- proxy_pass {{ $backendUrl }}$request_uri;
- }
-
- location = /loki/api/v1/push {
- proxy_pass {{ $writeUrl }}$request_uri;
- }
-
location = /loki/api/v1/tail {
proxy_pass {{ $readUrl }}$request_uri;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
-
- location ~ /compactor/.* {
- proxy_pass {{ $backendUrl }}$request_uri;
- }
-
- location ~ /distributor/.* {
- proxy_pass {{ $writeUrl }}$request_uri;
- }
-
- location ~ /ring {
- proxy_pass {{ $writeUrl }}$request_uri;
- }
-
- location ~ /ingester/.* {
- proxy_pass {{ $writeUrl }}$request_uri;
- }
-
- location ~ /store-gateway/.* {
- proxy_pass {{ $backendUrl }}$request_uri;
- }
-
- location ~ /query-scheduler/.* {
- proxy_pass {{ $backendUrl }}$request_uri;
- }
- location ~ /scheduler/.* {
- proxy_pass {{ $backendUrl }}$request_uri;
- }
-
- location ~ /loki/api/.* {
+ location ^~ /api/prom/ {
proxy_pass {{ $readUrl }}$request_uri;
}
-
- location ~ /admin/api/.* {
- proxy_pass {{ $writeUrl }}$request_uri;
+ location = /api/prom {
+ internal; # to suppress 301
}
+ location ^~ /loki/api/v1/ {
+ proxy_pass {{ $readUrl }}$request_uri;
+ }
+ location = /loki/api/v1 {
+ internal; # to suppress 301
+ }
+
{{- with .Values.gateway.nginxConfig.serverSnippet }}
{{ . | nindent 4 }}
@@ -698,6 +888,15 @@
{{/* single binary */}}
{{- $compactorAddress = include "loki.singleBinaryFullname" . -}}
{{- end -}}
-{{- printf "%s" $compactorAddress }}
+{{- printf "http://%s:%s" $compactorAddress (.Values.loki.server.http_listen_port | toString) }}
{{- end }}
+{{/* Determine query-scheduler address */}}
+{{- define "loki.querySchedulerAddress" -}}
+{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
+{{- $schedulerAddress := ""}}
+{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) -}}
+{{- $schedulerAddress = printf "query-scheduler-discovery.%s.svc.%s.:%s" .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.grpc_listen_port | toString) -}}
+{{- end -}}
+{{- printf "%s" $schedulerAddress }}
+{{- end }}
diff --git a/charts/loki/templates/backend/clusterrole.yaml b/charts/loki/templates/backend/clusterrole.yaml
new file mode 100644
index 0000000..176ada0
--- /dev/null
+++ b/charts/loki/templates/backend/clusterrole.yaml
@@ -0,0 +1,20 @@
+{{- if and (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ {{- include "loki.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+ name: {{ template "loki.fullname" . }}-clusterrole
+{{- if .Values.sidecar.rules.enabled }}
+rules:
+- apiGroups: [""] # "" indicates the core API group
+ resources: ["configmaps", "secrets"]
+ verbs: ["get", "watch", "list"]
+{{- else }}
+rules: []
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/loki/templates/backend/clusterrolebinding.yaml b/charts/loki/templates/backend/clusterrolebinding.yaml
new file mode 100644
index 0000000..1021fd0
--- /dev/null
+++ b/charts/loki/templates/backend/clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{- if and (not .Values.rbac.namespaced) }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "loki.fullname" . }}-clusterrolebinding
+ labels:
+ {{- include "loki.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "loki.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+{{- if (not .Values.rbac.useExistingRole) }}
+ name: {{ template "loki.fullname" . }}-clusterrole
+{{- else }}
+ name: {{ .Values.rbac.useExistingRole }}
+{{- end }}
+ apiGroup: rbac.authorization.k8s.io
+{{- end -}}
\ No newline at end of file
diff --git a/charts/loki/templates/backend/hpa.yaml b/charts/loki/templates/backend/hpa.yaml
new file mode 100644
index 0000000..ea834d6
--- /dev/null
+++ b/charts/loki/templates/backend/hpa.yaml
@@ -0,0 +1,50 @@
+{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
+{{- $autoscalingv2 := .Capabilities.APIVersions.Has "autoscaling/v2" -}}
+{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) ( .Values.backend.autoscaling.enabled ) }}
+{{- if $autoscalingv2 }}
+apiVersion: autoscaling/v2
+{{- else }}
+apiVersion: autoscaling/v2beta1
+{{- end }}
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "loki.backendFullname" . }}
+ labels:
+ {{- include "loki.backendLabels" . | nindent 4 }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: StatefulSet
+ name: {{ include "loki.backendFullname" . }}
+ minReplicas: {{ .Values.backend.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.backend.autoscaling.maxReplicas }}
+ {{- with .Values.backend.autoscaling.behavior }}
+ behavior:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ metrics:
+ {{- with .Values.backend.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ {{- if $autoscalingv2 }}
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- else }}
+ targetAverageUtilization: {{ . }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.backend.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ {{- if $autoscalingv2 }}
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- else }}
+ targetAverageUtilization: {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/loki/templates/backend/poddisruptionbudget-backend.yaml b/charts/loki/templates/backend/poddisruptionbudget-backend.yaml
index 92c0d57..d8ce5b0 100644
--- a/charts/loki/templates/backend/poddisruptionbudget-backend.yaml
+++ b/charts/loki/templates/backend/poddisruptionbudget-backend.yaml
@@ -1,9 +1,10 @@
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- if and $isSimpleScalable (gt (int .Values.backend.replicas) 1) (not .Values.read.legacyReadTarget ) }}
-apiVersion: {{ include "loki.podDisruptionBudget.apiVersion" . }}
+apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.backendFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.backendLabels" . | nindent 4 }}
spec:
diff --git a/charts/loki/templates/backend/query-scheduler-discovery.yaml b/charts/loki/templates/backend/query-scheduler-discovery.yaml
new file mode 100644
index 0000000..527fa13
--- /dev/null
+++ b/charts/loki/templates/backend/query-scheduler-discovery.yaml
@@ -0,0 +1,27 @@
+{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
+{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: query-scheduler-discovery
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "loki.backendSelectorLabels" . | nindent 4 }}
+ prometheus.io/service-monitor: "false"
+spec:
+ type: ClusterIP
+ clusterIP: None
+ publishNotReadyAddresses: true
+ ports:
+ - name: http-metrics
+ port: {{ .Values.loki.server.http_listen_port }}
+ targetPort: http-metrics
+ protocol: TCP
+ - name: grpc
+ port: {{ .Values.loki.server.grpc_listen_port }}
+ targetPort: grpc
+ protocol: TCP
+ selector:
+ {{- include "loki.backendSelectorLabels" . | nindent 4 }}
+{{- end }}
diff --git a/charts/loki/templates/backend/service-backend-headless.yaml b/charts/loki/templates/backend/service-backend-headless.yaml
index 0445107..0755be6 100644
--- a/charts/loki/templates/backend/service-backend-headless.yaml
+++ b/charts/loki/templates/backend/service-backend-headless.yaml
@@ -5,19 +5,34 @@
kind: Service
metadata:
name: {{ include "loki.backendFullname" . }}-headless
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.backendSelectorLabels" . | nindent 4 }}
+ {{- with .Values.loki.serviceLabels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.backend.service.labels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ variant: headless
prometheus.io/service-monitor: "false"
+ annotations:
+ {{- with .Values.loki.serviceAnnotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.backend.service.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http-metrics
- port: 3100
+ port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
- name: grpc
- port: 9095
+ port: {{ .Values.loki.server.grpc_listen_port }}
targetPort: grpc
protocol: TCP
selector:
diff --git a/charts/loki/templates/backend/service-backend.yaml b/charts/loki/templates/backend/service-backend.yaml
index b42f715..cd1bd3b 100644
--- a/charts/loki/templates/backend/service-backend.yaml
+++ b/charts/loki/templates/backend/service-backend.yaml
@@ -5,20 +5,31 @@
kind: Service
metadata:
name: {{ include "loki.backendFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.backendLabels" . | nindent 4 }}
- {{- with .Values.backend.serviceLabels }}
- {{- toYaml . | nindent 4 }}
+ {{- with .Values.loki.serviceLabels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.backend.service.labels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ annotations:
+ {{- with .Values.loki.serviceAnnotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.backend.service.annotations }}
+ {{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
- port: 3100
+ port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
- name: grpc
- port: 9095
+ port: {{ .Values.loki.server.grpc_listen_port }}
targetPort: grpc
protocol: TCP
selector:
diff --git a/charts/loki/templates/backend/statefulset-backend.yaml b/charts/loki/templates/backend/statefulset-backend.yaml
index 7090b75..97e110e 100644
--- a/charts/loki/templates/backend/statefulset-backend.yaml
+++ b/charts/loki/templates/backend/statefulset-backend.yaml
@@ -5,18 +5,30 @@
kind: StatefulSet
metadata:
name: {{ include "loki.backendFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.backendLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
+ {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.backend.annotations))}}
+ annotations:
+ {{- with .Values.loki.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.backend.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
+{{- if not .Values.backend.autoscaling.enabled }}
replicas: {{ .Values.backend.replicas }}
- podManagementPolicy: Parallel
+{{- end }}
+ podManagementPolicy: {{ .Values.backend.podManagementPolicy }}
updateStrategy:
rollingUpdate:
partition: 0
serviceName: {{ include "loki.backendFullname" . }}-headless
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
- {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.backend.persistence.enableStatefulSetAutoDeletePVC) }}
+ {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.backend.persistence.enableStatefulSetAutoDeletePVC) (.Values.backend.persistence.volumeClaimsEnabled) }}
{{/*
Data on the backend nodes is easy to replace, so we want to always delete PVCs to make
operation easier, and will rely on re-fetching data when needed.
@@ -31,7 +43,7 @@
template:
metadata:
annotations:
- checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
@@ -68,6 +80,75 @@
{{- end }}
{{- end }}
containers:
+ {{- if .Values.sidecar.rules.enabled }}
+ - name: loki-sc-rules
+ {{- if .Values.sidecar.image.sha }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.sidecar.image.pullPolicy }}
+ env:
+ - name: METHOD
+ value: {{ .Values.sidecar.rules.watchMethod }}
+ - name: LABEL
+ value: "{{ .Values.sidecar.rules.label }}"
+ {{- if .Values.sidecar.rules.labelValue }}
+ - name: LABEL_VALUE
+ value: {{ quote .Values.sidecar.rules.labelValue }}
+ {{- end }}
+ - name: FOLDER
+ value: "{{ .Values.sidecar.rules.folder }}"
+ - name: RESOURCE
+ value: {{ quote .Values.sidecar.rules.resource }}
+ {{- if .Values.sidecar.enableUniqueFilenames }}
+ - name: UNIQUE_FILENAMES
+ value: "{{ .Values.sidecar.enableUniqueFilenames }}"
+ {{- end }}
+ {{- if .Values.sidecar.rules.searchNamespace }}
+ - name: NAMESPACE
+ value: "{{ .Values.sidecar.rules.searchNamespace | join "," }}"
+ {{- end }}
+ {{- if .Values.sidecar.skipTlsVerify }}
+ - name: SKIP_TLS_VERIFY
+ value: "{{ .Values.sidecar.skipTlsVerify }}"
+ {{- end }}
+ {{- if .Values.sidecar.rules.script }}
+ - name: SCRIPT
+ value: "{{ .Values.sidecar.rules.script }}"
+ {{- end }}
+ {{- if .Values.sidecar.rules.watchServerTimeout }}
+ - name: WATCH_SERVER_TIMEOUT
+ value: "{{ .Values.sidecar.rules.watchServerTimeout }}"
+ {{- end }}
+ {{- if .Values.sidecar.rules.watchClientTimeout }}
+ - name: WATCH_CLIENT_TIMEOUT
+ value: "{{ .Values.sidecar.rules.watchClientTimeout }}"
+ {{- end }}
+ {{- if .Values.sidecar.rules.logLevel }}
+ - name: LOG_LEVEL
+ value: "{{ .Values.sidecar.rules.logLevel }}"
+ {{- end }}
+ {{- if .Values.sidecar.livenessProbe }}
+ livenessProbe:
+ {{- toYaml .Values.sidecar.livenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.sidecar.readinessProbe }}
+ readinessProbe:
+ {{- toYaml .Values.sidecar.readinessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.sidecar.resources }}
+ resources:
+ {{- toYaml .Values.sidecar.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.sidecar.securityContext }}
+ securityContext:
+ {{- toYaml .Values.sidecar.securityContext | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: sc-rules-volume
+ mountPath: {{ .Values.sidecar.rules.folder | quote }}
+ {{- end}}
- name: loki
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
@@ -80,10 +161,10 @@
{{- end }}
ports:
- name: http-metrics
- containerPort: 3100
+ containerPort: {{ .Values.loki.server.http_listen_port }}
protocol: TCP
- name: grpc
- containerPort: 9095
+ containerPort: {{ .Values.loki.server.grpc_listen_port }}
protocol: TCP
- name: http-memberlist
containerPort: 7946
@@ -113,6 +194,10 @@
- name: license
mountPath: /etc/loki/license
{{- end}}
+ {{- if .Values.sidecar.rules.enabled }}
+ - name: sc-rules-volume
+ mountPath: {{ .Values.sidecar.rules.folder | quote }}
+ {{- end}}
{{- with .Values.backend.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
@@ -122,10 +207,18 @@
affinity:
{{- tpl . $ | nindent 8 }}
{{- end }}
+ {{- with .Values.backend.dnsConfig }}
+ dnsConfig:
+ {{- tpl . $ | nindent 8 }}
+ {{- end }}
{{- with .Values.backend.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.backend.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.backend.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
@@ -133,13 +226,16 @@
volumes:
- name: tmp
emptyDir: {}
+ {{- if not .Values.backend.persistence.volumeClaimsEnabled }}
+ - name: data
+ {{- toYaml .Values.backend.persistence.dataVolumeParameters | nindent 10 }}
+ {{- end}}
- name: config
{{- if .Values.loki.existingSecretForConfig }}
secret:
secretName: {{ .Values.loki.existingSecretForConfig }}
{{- else }}
- configMap:
- name: {{ include "loki.name" . }}
+ {{- include "loki.configVolume" . | nindent 10 }}
{{- end }}
- name: runtime-config
configMap:
@@ -153,11 +249,23 @@
secretName: enterprise-logs-license
{{- end }}
{{- end }}
+ {{- if .Values.sidecar.rules.enabled }}
+ - name: sc-rules-volume
+ {{- if .Values.sidecar.rules.sizeLimit }}
+ emptyDir:
+ sizeLimit: {{ .Values.sidecar.rules.sizeLimit }}
+ {{- else }}
+ emptyDir: {}
+ {{- end -}}
+ {{- end -}}
{{- with .Values.backend.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- if .Values.backend.persistence.volumeClaimsEnabled }}
volumeClaimTemplates:
- - metadata:
+ - apiVersion: v1
+ kind: PersistentVolumeClaim
+ metadata:
name: data
spec:
accessModes:
@@ -172,4 +280,5 @@
selector:
{{- toYaml . | nindent 10 }}
{{- end }}
+ {{- end }}
{{- end }}
diff --git a/charts/loki/templates/ciliumnetworkpolicy.yaml b/charts/loki/templates/ciliumnetworkpolicy.yaml
new file mode 100644
index 0000000..fbd2619
--- /dev/null
+++ b/charts/loki/templates/ciliumnetworkpolicy.yaml
@@ -0,0 +1,238 @@
+{{- if and (.Values.networkPolicy.enabled) (eq .Values.networkPolicy.flavor "cilium") }}
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+ name: {{ include "loki.name" . }}-namespace-only
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "loki.labels" . | nindent 4 }}
+spec:
+ endpointSelector: {}
+ egress:
+ - toEndpoints:
+ - {}
+ ingress:
+ - fromEndpoints:
+ - {}
+
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+ name: {{ include "loki.name" . }}-egress-dns
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "loki.labels" . | nindent 4 }}
+spec:
+ endpointSelector:
+ matchLabels:
+ {{- include "loki.selectorLabels" . | nindent 6 }}
+ egress:
+ - toPorts:
+ - ports:
+ - port: dns
+ protocol: UDP
+ toEndpoints:
+ - namespaceSelector: {}
+
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+ name: {{ include "loki.name" . }}-ingress
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "loki.labels" . | nindent 4 }}
+spec:
+ endpointSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ {{- if .Values.gateway.enabled }}
+ - gateway
+ {{- else }}
+ - read
+ - write
+ {{- end }}
+ matchLabels:
+ {{- include "loki.selectorLabels" . | nindent 6 }}
+ ingress:
+ - toPorts:
+ - ports:
+ - port: http
+ protocol: TCP
+ {{- if .Values.networkPolicy.ingress.namespaceSelector }}
+ fromEndpoints:
+ - matchLabels:
+ {{- toYaml .Values.networkPolicy.ingress.namespaceSelector | nindent 8 }}
+ {{- if .Values.networkPolicy.ingress.podSelector }}
+ {{- toYaml .Values.networkPolicy.ingress.podSelector | nindent 8 }}
+ {{- end }}
+ {{- end }}
+
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+ name: {{ include "loki.name" . }}-ingress-metrics
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "loki.labels" . | nindent 4 }}
+spec:
+ endpointSelector:
+ matchLabels:
+ {{- include "loki.selectorLabels" . | nindent 6 }}
+ ingress:
+ - toPorts:
+ - ports:
+ - port: http-metrics
+ protocol: TCP
+ {{- if .Values.networkPolicy.metrics.cidrs }}
+ {{- range $cidr := .Values.networkPolicy.metrics.cidrs }}
+ toCIDR:
+ - {{ $cidr }}
+ {{- end }}
+ {{- if .Values.networkPolicy.metrics.namespaceSelector }}
+ fromEndpoints:
+ - matchLabels:
+ {{- toYaml .Values.networkPolicy.metrics.namespaceSelector | nindent 8 }}
+ {{- if .Values.networkPolicy.metrics.podSelector }}
+ {{- toYaml .Values.networkPolicy.metrics.podSelector | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+ name: {{ include "loki.name" . }}-egress-alertmanager
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "loki.labels" . | nindent 4 }}
+spec:
+ endpointSelector:
+ matchLabels:
+ {{- include "loki.backendSelectorLabels" . | nindent 6 }}
+ egress:
+ - toPorts:
+ - ports:
+ - port: "{{ .Values.networkPolicy.alertmanager.port }}"
+ protocol: TCP
+ {{- if .Values.networkPolicy.alertmanager.namespaceSelector }}
+ toEndpoints:
+ - matchLabels:
+ {{- toYaml .Values.networkPolicy.alertmanager.namespaceSelector | nindent 8 }}
+ {{- if .Values.networkPolicy.alertmanager.podSelector }}
+ {{- toYaml .Values.networkPolicy.alertmanager.podSelector | nindent 8 }}
+ {{- end }}
+ {{- end }}
+
+{{- if .Values.networkPolicy.externalStorage.ports }}
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+ name: {{ include "loki.name" . }}-egress-external-storage
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "loki.labels" . | nindent 4 }}
+spec:
+ endpointSelector:
+ matchLabels:
+ {{- include "loki.selectorLabels" . | nindent 6 }}
+ egress:
+ - toPorts:
+ - ports:
+ {{- range $port := .Values.networkPolicy.externalStorage.ports }}
+ - port: "{{ $port }}"
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.networkPolicy.externalStorage.cidrs }}
+ {{- range $cidr := .Values.networkPolicy.externalStorage.cidrs }}
+ toCIDR:
+ - {{ $cidr }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+
+{{- if .Values.networkPolicy.egressWorld.enabled }}
+{{- $global := . }}
+{{- $componentsList := list "read" "write" "backend" }}
+{{- if .Values.tableManager.enabled }}
+{{- $componentsList = append $componentsList "table-manager" }}
+{{- end }}
+{{- range $component := $componentsList }}
+{{- with $global }}
+---
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+ name: {{ include "loki.name" . }}-{{ $component }}-world-egress
+ namespace: {{ .Release.Namespace }}
+spec:
+ endpointSelector:
+ matchLabels:
+ {{- if eq $component "read" }}
+ {{- include "loki.readSelectorLabels" . | nindent 6 }}
+ {{- else if eq $component "write" }}
+ {{- include "loki.writeSelectorLabels" . | nindent 6 }}
+ {{- else if eq $component "table-manager" }}
+ {{- include "loki.tableManagerSelectorLabels" . | nindent 6 }}
+ {{- else }}
+ {{- include "loki.backendSelectorLabels" . | nindent 6 }}
+ {{- end }}
+ egress:
+ - toEntities:
+ - world
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.networkPolicy.egressKubeApiserver.enabled }}
+---
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+ name: {{ include "loki.name" . }}-backend-kubeapiserver-egress
+ namespace: {{ .Release.Namespace }}
+spec:
+ endpointSelector:
+ matchLabels:
+ {{- include "loki.backendSelectorLabels" . | nindent 6 }}
+ egress:
+ - toEntities:
+ - kube-apiserver
+{{- end }}
+
+{{- end }}
+
+{{- if and .Values.networkPolicy.discovery.port (eq .Values.networkPolicy.flavor "cilium") }}
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+ name: {{ include "loki.name" . }}-egress-discovery
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "loki.labels" . | nindent 4 }}
+spec:
+ endpointSelector:
+ matchLabels:
+ {{- include "loki.selectorLabels" . | nindent 6 }}
+ egress:
+ - toPorts:
+ - ports:
+ - port: "{{ .Values.networkPolicy.discovery.port }}"
+ protocol: TCP
+ {{- if .Values.networkPolicy.discovery.namespaceSelector }}
+ toEndpoints:
+ - matchLabels:
+ {{- toYaml .Values.networkPolicy.discovery.namespaceSelector | nindent 8 }}
+ {{- if .Values.networkPolicy.discovery.podSelector }}
+ {{- toYaml .Values.networkPolicy.discovery.podSelector | nindent 8 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/loki/templates/config.yaml b/charts/loki/templates/config.yaml
new file mode 100644
index 0000000..101abc3
--- /dev/null
+++ b/charts/loki/templates/config.yaml
@@ -0,0 +1,21 @@
+{{- if not .Values.loki.existingSecretForConfig -}}
+apiVersion: v1
+{{- if eq .Values.loki.configStorageType "Secret" }}
+kind: Secret
+{{- else }}
+kind: ConfigMap
+{{- end }}
+metadata:
+ name: {{ tpl .Values.loki.externalConfigSecretName . }}
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "loki.labels" . | nindent 4 }}
+{{- if eq .Values.loki.configStorageType "Secret" }}
+data:
+ config.yaml: {{ include "loki.calculatedConfig" . | b64enc }}
+{{- else }}
+data:
+ config.yaml: |
+ {{ include "loki.calculatedConfig" . | nindent 4 }}
+{{- end -}}
+{{- end }}
diff --git a/charts/loki/templates/configmap.yaml b/charts/loki/templates/configmap.yaml
deleted file mode 100644
index 8cfb80b..0000000
--- a/charts/loki/templates/configmap.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-{{- if not .Values.loki.existingSecretForConfig -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "loki.name" . }}
- labels:
- {{- include "loki.labels" . | nindent 4 }}
-data:
- config.yaml: |
- {{- tpl (mergeOverwrite (tpl .Values.loki.config . | fromYaml) .Values.loki.structuredConfig | toYaml) . | nindent 4 }}
-{{- end -}}
diff --git a/charts/loki/templates/gateway/configmap-gateway.yaml b/charts/loki/templates/gateway/configmap-gateway.yaml
index dcb379b..fe98c73 100644
--- a/charts/loki/templates/gateway/configmap-gateway.yaml
+++ b/charts/loki/templates/gateway/configmap-gateway.yaml
@@ -3,6 +3,7 @@
kind: ConfigMap
metadata:
name: {{ include "loki.gatewayFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
data:
diff --git a/charts/loki/templates/gateway/deployment-gateway.yaml b/charts/loki/templates/gateway/deployment-gateway.yaml
index ff8e645..4ffa0c9 100644
--- a/charts/loki/templates/gateway/deployment-gateway.yaml
+++ b/charts/loki/templates/gateway/deployment-gateway.yaml
@@ -3,8 +3,18 @@
kind: Deployment
metadata:
name: {{ include "loki.gatewayFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
+ {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.backend.annotations))}}
+ annotations:
+ {{- with .Values.loki.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.gateway.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- if not .Values.gateway.autoscaling.enabled }}
replicas: {{ .Values.gateway.replicas }}
@@ -86,14 +96,25 @@
{{- end }}
resources:
{{- toYaml .Values.gateway.resources | nindent 12 }}
+ {{- if .Values.gateway.extraContainers }}
+ {{- toYaml .Values.gateway.extraContainers | nindent 8}}
+ {{- end }}
{{- with .Values.gateway.affinity }}
affinity:
{{- tpl . $ | nindent 8 }}
{{- end }}
+ {{- with .Values.gateway.dnsConfig }}
+ dnsConfig:
+ {{- tpl . $ | nindent 8 }}
+ {{- end }}
{{- with .Values.gateway.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.gateway.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.gateway.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
diff --git a/charts/loki/templates/gateway/hpa.yaml b/charts/loki/templates/gateway/hpa.yaml
index e23c221..3541ec6 100644
--- a/charts/loki/templates/gateway/hpa.yaml
+++ b/charts/loki/templates/gateway/hpa.yaml
@@ -8,6 +8,7 @@
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "loki.gatewayFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
spec:
@@ -17,6 +18,10 @@
name: {{ include "loki.gatewayFullname" . }}
minReplicas: {{ .Values.gateway.autoscaling.minReplicas }}
maxReplicas: {{ .Values.gateway.autoscaling.maxReplicas }}
+ {{- with .Values.gateway.autoscaling.behavior }}
+ behavior:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
metrics:
{{- with .Values.gateway.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
diff --git a/charts/loki/templates/gateway/ingress-gateway.yaml b/charts/loki/templates/gateway/ingress-gateway.yaml
index 5c1106c..6f18e33 100644
--- a/charts/loki/templates/gateway/ingress-gateway.yaml
+++ b/charts/loki/templates/gateway/ingress-gateway.yaml
@@ -7,8 +7,12 @@
kind: Ingress
metadata:
name: {{ include "loki.gatewayFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
+ {{- range $labelKey, $labelValue := .Values.gateway.ingress.labels }}
+ {{ $labelKey }}: {{ $labelValue | toYaml }}
+ {{- end }}
{{- with .Values.gateway.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
@@ -22,7 +26,7 @@
{{- range .Values.gateway.ingress.tls }}
- hosts:
{{- range .hosts }}
- - {{ . | quote }}
+ - {{ tpl . $ | quote }}
{{- end }}
{{- with .secretName }}
secretName: {{ . }}
@@ -31,7 +35,7 @@
{{- end }}
rules:
{{- range .Values.gateway.ingress.hosts }}
- - host: {{ .host | quote }}
+ - host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
diff --git a/charts/loki/templates/gateway/poddisruptionbudget-gateway.yaml b/charts/loki/templates/gateway/poddisruptionbudget-gateway.yaml
index 734906d..0057c56 100644
--- a/charts/loki/templates/gateway/poddisruptionbudget-gateway.yaml
+++ b/charts/loki/templates/gateway/poddisruptionbudget-gateway.yaml
@@ -1,9 +1,13 @@
{{- if and .Values.gateway.enabled }}
-{{- if gt (int .Values.gateway.replicas) 1 }}
-apiVersion: {{ include "loki.podDisruptionBudget.apiVersion" . }}
+{{- if or
+ (and (not .Values.gateway.autoscaling.enabled) (gt (int .Values.gateway.replicas) 1))
+ (and .Values.gateway.autoscaling.enabled (gt (int .Values.gateway.autoscaling.minReplicas) 1))
+}}
+apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.gatewayFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
spec:
diff --git a/charts/loki/templates/gateway/secret-gateway.yaml b/charts/loki/templates/gateway/secret-gateway.yaml
index f7cc8a6..c3c5e9a 100644
--- a/charts/loki/templates/gateway/secret-gateway.yaml
+++ b/charts/loki/templates/gateway/secret-gateway.yaml
@@ -4,6 +4,7 @@
kind: Secret
metadata:
name: {{ include "loki.gatewayFullname" $ }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" $ | nindent 4 }}
stringData:
diff --git a/charts/loki/templates/gateway/service-gateway.yaml b/charts/loki/templates/gateway/service-gateway.yaml
index 8e7b6c0..5cb7a55 100644
--- a/charts/loki/templates/gateway/service-gateway.yaml
+++ b/charts/loki/templates/gateway/service-gateway.yaml
@@ -3,15 +3,22 @@
kind: Service
metadata:
name: {{ include "loki.gatewayFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
- {{- with .Values.gateway.service.labels }}
- {{- toYaml . | nindent 4 }}
+ {{- with .Values.loki.serviceLabels }}
+ {{- toYaml . | nindent 4}}
{{- end }}
- {{- with .Values.gateway.service.annotations }}
+ {{- with .Values.gateway.service.labels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
annotations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
+ {{- with .Values.loki.serviceAnnotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.gateway.service.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
spec:
type: {{ .Values.gateway.service.type }}
{{- with .Values.gateway.service.clusterIP }}
diff --git a/charts/loki/templates/ingress.yaml b/charts/loki/templates/ingress.yaml
index 49e3911..ddbcf7f 100644
--- a/charts/loki/templates/ingress.yaml
+++ b/charts/loki/templates/ingress.yaml
@@ -4,8 +4,12 @@
kind: Ingress
metadata:
name: {{ include "loki.fullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
+ {{- with .Values.ingress.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
@@ -19,7 +23,7 @@
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- - {{ . | quote }}
+ - {{ tpl . $ | quote }}
{{- end }}
{{- with .secretName }}
secretName: {{ . }}
@@ -28,7 +32,7 @@
{{- end }}
rules:
{{- range $.Values.ingress.hosts }}
- - host: {{ . | quote }}
+ - host: {{ tpl . $ | quote }}
http:
paths:
{{- include "loki.ingress.servicePaths" $ | indent 10}}
diff --git a/charts/loki/templates/loki-canary/_helpers.tpl b/charts/loki/templates/loki-canary/_helpers.tpl
index 28ce60d..2ea8dd7 100644
--- a/charts/loki/templates/loki-canary/_helpers.tpl
+++ b/charts/loki/templates/loki-canary/_helpers.tpl
@@ -30,10 +30,10 @@
{{- end -}}
{{/*
-canry priority class name
+canary priority class name
*/}}
{{- define "loki-canary.priorityClassName" -}}
-{{- $pcn := coalesce .Values.global.priorityClassName .Values.read.priorityClassName -}}
+{{- $pcn := coalesce .Values.global.priorityClassName .Values.monitoring.lokiCanary.priorityClassName .Values.read.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
diff --git a/charts/loki/templates/loki-canary/daemonset.yaml b/charts/loki/templates/loki-canary/daemonset.yaml
index 7b5d9c0..250d1a8 100644
--- a/charts/loki/templates/loki-canary/daemonset.yaml
+++ b/charts/loki/templates/loki-canary/daemonset.yaml
@@ -5,20 +5,28 @@
kind: DaemonSet
metadata:
name: {{ include "loki-canary.fullname" $ }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki-canary.labels" $ | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "loki-canary.selectorLabels" $ | nindent 6 }}
+ {{- with .updateStrategy }}
+ updateStrategy:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
template:
metadata:
+ {{- with .annotations }}
annotations:
- {{- with .annotations }}
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
labels:
{{- include "loki-canary.selectorLabels" $ | nindent 8 }}
+ {{- with .podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
serviceAccountName: {{ include "loki-canary.fullname" $ }}
{{- with $.Values.imagePullSecrets }}
@@ -34,7 +42,7 @@
imagePullPolicy: {{ $.Values.loki.image.pullPolicy }}
args:
- -addr={{- include "loki.host" $ }}
- - -labelname=pod
+ - -labelname={{ .labelname }}
- -labelvalue=$(POD_NAME)
{{- if $.Values.enterprise.enabled }}
- -user=$(USER)
@@ -87,6 +95,10 @@
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
+ {{- with .dnsConfig }}
+ dnsConfig:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
diff --git a/charts/loki/templates/loki-canary/service.yaml b/charts/loki/templates/loki-canary/service.yaml
index 6d7ace5..d0fb34e 100644
--- a/charts/loki/templates/loki-canary/service.yaml
+++ b/charts/loki/templates/loki-canary/service.yaml
@@ -5,8 +5,22 @@
kind: Service
metadata:
name: {{ include "loki-canary.fullname" $ }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki-canary.labels" $ | nindent 4 }}
+ {{- with $.Values.loki.serviceLabels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .service.labels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ annotations:
+ {{- with $.Values.loki.serviceAnnotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .service.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
spec:
type: ClusterIP
ports:
diff --git a/charts/loki/templates/loki-canary/serviceaccount.yaml b/charts/loki/templates/loki-canary/serviceaccount.yaml
index 2794942..dbcd2b3 100644
--- a/charts/loki/templates/loki-canary/serviceaccount.yaml
+++ b/charts/loki/templates/loki-canary/serviceaccount.yaml
@@ -5,10 +5,11 @@
kind: ServiceAccount
metadata:
name: {{ include "loki-canary.fullname" $ }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki-canary.labels" $ | nindent 4 }}
- annotations:
{{- with .annotations }}
+ annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ $.Values.serviceAccount.automountServiceAccountToken }}
diff --git a/charts/loki/templates/monitoring/_helpers-monitoring.tpl b/charts/loki/templates/monitoring/_helpers-monitoring.tpl
index 342fd2b..cb693e4 100644
--- a/charts/loki/templates/monitoring/_helpers-monitoring.tpl
+++ b/charts/loki/templates/monitoring/_helpers-monitoring.tpl
@@ -3,15 +3,15 @@
*/}}
{{- define "loki.logsInstanceClient" -}}
{{- $isSingleBinary := eq (include "loki.deployment.isSingleBinary" .) "true" -}}
-{{- $url := printf "http://%s.%s.svc.%s:3100/loki/api/v1/push" (include "loki.writeFullname" .) .Release.Namespace .Values.global.clusterDomain }}
+{{- $url := printf "http://%s.%s.svc.%s:%s/loki/api/v1/push" (include "loki.writeFullname" .) .Release.Namespace .Values.global.clusterDomain ( .Values.loki.server.http_listen_port | toString ) }}
{{- if $isSingleBinary }}
- {{- $url = printf "http://%s.%s.svc.%s:3100/loki/api/v1/push" (include "loki.singleBinaryFullname" .) .Release.Namespace .Values.global.clusterDomain }}
+ {{- $url = printf "http://%s.%s.svc.%s:%s/loki/api/v1/push" (include "loki.singleBinaryFullname" .) .Release.Namespace .Values.global.clusterDomain ( .Values.loki.server.http_listen_port | toString ) }}
{{- else if .Values.gateway.enabled -}}
{{- $url = printf "http://%s.%s.svc.%s/loki/api/v1/push" (include "loki.gatewayFullname" .) .Release.Namespace .Values.global.clusterDomain }}
{{- end -}}
- url: {{ $url }}
externalLabels:
- cluster: {{ include "loki.fullname" . }}
+ cluster: {{ include "loki.clusterLabel" . }}
{{- if .Values.enterprise.enabled }}
basicAuth:
username:
@@ -21,7 +21,7 @@
name: {{ include "enterprise-logs.selfMonitoringTenantSecret" . }}
key: password
{{- else if .Values.loki.auth_enabled }}
- tenantId: {{ .Values.monitoring.selfMonitoring.tenant.name }}
+ tenantId: {{ .Values.monitoring.selfMonitoring.tenant.name | quote }}
{{- end }}
{{- end -}}
@@ -35,3 +35,13 @@
{{- toYaml .rules | nindent 4 }}
{{- end }}
{{- end }}
+
+{{/*
+GrafanaAgent priority class name
+*/}}
+{{- define "grafana-agent.priorityClassName" -}}
+{{- $pcn := coalesce .Values.global.priorityClassName .Values.monitoring.selfMonitoring.grafanaAgent.priorityClassName -}}
+{{- if $pcn }}
+priorityClassName: {{ $pcn }}
+{{- end }}
+{{- end }}
diff --git a/charts/loki/templates/monitoring/dashboards/configmap-1.yaml b/charts/loki/templates/monitoring/dashboards/configmap-1.yaml
index 6447a49..6352f25 100644
--- a/charts/loki/templates/monitoring/dashboards/configmap-1.yaml
+++ b/charts/loki/templates/monitoring/dashboards/configmap-1.yaml
@@ -1,6 +1,5 @@
-{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- with .Values.monitoring.dashboards }}
-{{- if and $isSimpleScalable .enabled }}
+{{- if .enabled }}
---
apiVersion: v1
kind: ConfigMap
diff --git a/charts/loki/templates/monitoring/dashboards/configmap-2.yaml b/charts/loki/templates/monitoring/dashboards/configmap-2.yaml
index 6c66d15..67d3cf4 100644
--- a/charts/loki/templates/monitoring/dashboards/configmap-2.yaml
+++ b/charts/loki/templates/monitoring/dashboards/configmap-2.yaml
@@ -1,6 +1,5 @@
-{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- with .Values.monitoring.dashboards }}
-{{- if and $isSimpleScalable .enabled }}
+{{- if .enabled }}
---
apiVersion: v1
kind: ConfigMap
diff --git a/charts/loki/templates/monitoring/grafana-agent.yaml b/charts/loki/templates/monitoring/grafana-agent.yaml
index 0ac0f6c..a047e5f 100644
--- a/charts/loki/templates/monitoring/grafana-agent.yaml
+++ b/charts/loki/templates/monitoring/grafana-agent.yaml
@@ -4,6 +4,7 @@
kind: GrafanaAgent
metadata:
name: {{ include "loki.fullname" $ }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" $ | nindent 4 }}
{{- with .labels }}
@@ -16,6 +17,7 @@
spec:
serviceAccountName: {{ include "loki.fullname" $ }}-grafana-agent
enableConfigReadAPI: {{ .enableConfigReadAPI }}
+ {{- include "grafana-agent.priorityClassName" $ | nindent 2 }}
logs:
instanceSelector:
matchLabels:
@@ -28,6 +30,14 @@
{{- include "loki.selectorLabels" $ | nindent 8 }}
{{- end }}
{{- end }}
+ {{- with .resources }}
+ resources:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
---
diff --git a/charts/loki/templates/monitoring/logs-instance.yaml b/charts/loki/templates/monitoring/logs-instance.yaml
index 34ab6e9..58d5fb0 100644
--- a/charts/loki/templates/monitoring/logs-instance.yaml
+++ b/charts/loki/templates/monitoring/logs-instance.yaml
@@ -4,6 +4,7 @@
kind: LogsInstance
metadata:
name: {{ include "loki.fullname" $ }}
+ namespace: {{ $.Release.Namespace }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/loki/templates/monitoring/loki-alerts.yaml b/charts/loki/templates/monitoring/loki-alerts.yaml
index c473ed5..f3333df 100644
--- a/charts/loki/templates/monitoring/loki-alerts.yaml
+++ b/charts/loki/templates/monitoring/loki-alerts.yaml
@@ -17,6 +17,6 @@
namespace: {{ .namespace | default $.Release.Namespace }}
spec:
groups:
- {{- include "loki.ruleGroupToYaml" ($.Files.Get "src/alerts.yaml" | fromYaml).groups | indent 4 }}
+ {{- include "loki.ruleGroupToYaml" (tpl ($.Files.Get "src/alerts.yaml.tpl") $ | fromYaml).groups | indent 4 }}
{{- end }}
{{- end }}
diff --git a/charts/loki/templates/monitoring/pod-logs.yaml b/charts/loki/templates/monitoring/pod-logs.yaml
index e9d66d6..317339d 100644
--- a/charts/loki/templates/monitoring/pod-logs.yaml
+++ b/charts/loki/templates/monitoring/pod-logs.yaml
@@ -1,10 +1,11 @@
---
{{- if .Values.monitoring.selfMonitoring.enabled }}
{{- with .Values.monitoring.selfMonitoring.podLogs }}
-apiVersion: monitoring.grafana.com/v1alpha1
+apiVersion: {{ .apiVersion }}
kind: PodLogs
metadata:
name: {{ include "loki.fullname" $ }}
+ namespace: {{ $.Release.Namespace }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
@@ -17,8 +18,12 @@
spec:
pipelineStages:
- cri: { }
+ {{- with .additionalPipelineStages }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
relabelings:
- - sourceLabels:
+ - action: replace
+ sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: __host__
- action: labelmap
@@ -41,7 +46,8 @@
sourceLabels:
- __meta_kubernetes_pod_container_name
targetLabel: container
- - replacement: "{{ include "loki.fullname" $ }}"
+ - action: replace
+ replacement: "{{ include "loki.clusterLabel" $ }}"
targetLabel: cluster
{{- with .relabelings }}
{{- toYaml . | nindent 4 }}
diff --git a/charts/loki/templates/monitoring/servicemonitor.yaml b/charts/loki/templates/monitoring/servicemonitor.yaml
index c5dca1f..856cee8 100644
--- a/charts/loki/templates/monitoring/servicemonitor.yaml
+++ b/charts/loki/templates/monitoring/servicemonitor.yaml
@@ -5,6 +5,7 @@
kind: ServiceMonitor
metadata:
name: {{ include "loki.fullname" $ }}
+ namespace: {{ $.Release.Namespace }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
@@ -38,13 +39,19 @@
{{- end }}
relabelings:
- sourceLabels: [job]
+ action: replace
replacement: "{{ $.Release.Namespace }}/$1"
targetLabel: job
- - replacement: "{{ include "loki.fullname" $ }}"
+ - action: replace
+ replacement: "{{ include "loki.clusterLabel" $ }}"
targetLabel: cluster
{{- with .relabelings }}
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .metricRelabelings }}
+ metricRelabelings:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .scheme }}
scheme: {{ . }}
{{- end }}
diff --git a/charts/loki/templates/networkpolicy.yaml b/charts/loki/templates/networkpolicy.yaml
index a7de14b..5052e81 100644
--- a/charts/loki/templates/networkpolicy.yaml
+++ b/charts/loki/templates/networkpolicy.yaml
@@ -1,9 +1,10 @@
-{{- if .Values.networkPolicy.enabled }}
+{{- if and (.Values.networkPolicy.enabled) (eq .Values.networkPolicy.flavor "kubernetes") }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-namespace-only
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
@@ -23,6 +24,7 @@
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-dns
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
@@ -33,7 +35,7 @@
{{- include "loki.selectorLabels" . | nindent 6 }}
egress:
- ports:
- - port: 53
+ - port: dns
protocol: UDP
to:
- namespaceSelector: {}
@@ -43,6 +45,7 @@
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-ingress
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
@@ -80,6 +83,7 @@
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-ingress-metrics
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
@@ -108,12 +112,12 @@
{{- end }}
{{- end }}
-{{- if .Values.ruler.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-alertmanager
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
@@ -121,7 +125,7 @@
- Egress
podSelector:
matchLabels:
- {{- include "loki.rulerSelectorLabels" . | nindent 6 }}
+ {{- include "loki.backendSelectorLabels" . | nindent 6 }}
egress:
- ports:
- port: {{ .Values.networkPolicy.alertmanager.port }}
@@ -135,7 +139,6 @@
{{- toYaml .Values.networkPolicy.alertmanager.podSelector | nindent 12 }}
{{- end }}
{{- end }}
-{{- end }}
{{- if .Values.networkPolicy.externalStorage.ports }}
---
@@ -143,6 +146,7 @@
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-external-storage
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
@@ -168,12 +172,13 @@
{{- end }}
-{{- if .Values.networkPolicy.discovery.port }}
+{{- if and .Values.networkPolicy.discovery.port (eq .Values.networkPolicy.flavor "kubernetes") }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-discovery
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
diff --git a/charts/loki/templates/podsecuritypolicy.yaml b/charts/loki/templates/podsecuritypolicy.yaml
index 9833d0c..05470d9 100644
--- a/charts/loki/templates/podsecuritypolicy.yaml
+++ b/charts/loki/templates/podsecuritypolicy.yaml
@@ -5,6 +5,10 @@
name: {{ include "loki.name" . }}
labels:
{{- include "loki.labels" . | nindent 4 }}
+{{- if .Values.rbac.pspAnnotations }}
+ annotations:
+{{ toYaml .Values.rbac.pspAnnotations | indent 4 }}
+{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
@@ -13,6 +17,7 @@
- 'emptyDir'
- 'persistentVolumeClaim'
- 'secret'
+ - 'projected'
hostNetwork: false
hostIPC: false
hostPID: false
diff --git a/charts/loki/templates/provisioner/job-provisioner.yaml b/charts/loki/templates/provisioner/job-provisioner.yaml
index 0845009..deb6e73 100644
--- a/charts/loki/templates/provisioner/job-provisioner.yaml
+++ b/charts/loki/templates/provisioner/job-provisioner.yaml
@@ -4,6 +4,7 @@
kind: Job
metadata:
name: {{ template "enterprise-logs.provisionerFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
{{- with .Values.enterprise.provisioner.labels }}
@@ -92,21 +93,30 @@
- /bin/bash
- -exuc
- |
+ # In case, the admin resources have already been created, the provisioner job
+ # does not write the token files to the bootstrap mount.
+ # Therefore, secrets are only created if the respective token files exist.
+ # Note: the following bash commands should always return a success status code.
+ # Therefore, in case the token file does not exist, the first clause of the
+ # or-operation is successful.
{{- range .Values.enterprise.provisioner.additionalTenants }}
- kubectl --namespace "{{ .secretNamespace }}" create secret generic "{{ include "enterprise-logs.provisionedSecretPrefix" $ }}-{{ .name }}" \
- --from-literal=token-write="$(cat /bootstrap/token-write-{{ .name }})" \
- --from-literal=token-read="$(cat /bootstrap/token-read-{{ .name }})"
+ ! test -s /bootstrap/token-write-{{ .name }} || \
+ kubectl --namespace "{{ .secretNamespace }}" create secret generic "{{ include "enterprise-logs.provisionedSecretPrefix" $ }}-{{ .name }}" \
+ --from-literal=token-write="$(cat /bootstrap/token-write-{{ .name }})" \
+ --from-literal=token-read="$(cat /bootstrap/token-read-{{ .name }})"
{{- end }}
{{- $namespace := $.Release.Namespace }}
{{- with .Values.monitoring.selfMonitoring.tenant }}
{{- $secretNamespace := tpl .secretNamespace $ }}
- kubectl --namespace "{{ $namespace }}" create secret generic "{{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}" \
- --from-literal=username="{{ .name }}" \
- --from-literal=password="$(cat /bootstrap/token-self-monitoring)"
+ ! test -s /bootstrap/token-self-monitoring || \
+ kubectl --namespace "{{ $namespace }}" create secret generic "{{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}" \
+ --from-literal=username="{{ .name }}" \
+ --from-literal=password="$(cat /bootstrap/token-self-monitoring)"
{{- if not (eq $secretNamespace $namespace) }}
- kubectl --namespace "{{ $secretNamespace }}" create secret generic "{{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}" \
- --from-literal=username="{{ .name }}" \
- --from-literal=password="$(cat /bootstrap/token-self-monitoring)"
+ ! test -s /bootstrap/token-self-monitoring || \
+ kubectl --namespace "{{ $secretNamespace }}" create secret generic "{{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}" \
+ --from-literal=username="{{ .name }}" \
+ --from-literal=password="$(cat /bootstrap/token-self-monitoring)"
{{- end }}
{{- end }}
volumeMounts:
diff --git a/charts/loki/templates/provisioner/role-provisioner.yaml b/charts/loki/templates/provisioner/role-provisioner.yaml
index a8da599..e1a636e 100644
--- a/charts/loki/templates/provisioner/role-provisioner.yaml
+++ b/charts/loki/templates/provisioner/role-provisioner.yaml
@@ -3,6 +3,7 @@
kind: ClusterRole
metadata:
name: {{ template "enterprise-logs.provisionerFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
{{- with .Values.enterprise.provisioner.labels }}
diff --git a/charts/loki/templates/provisioner/rolebinding-provisioner.yaml b/charts/loki/templates/provisioner/rolebinding-provisioner.yaml
index 0fc46f4..e681e97 100644
--- a/charts/loki/templates/provisioner/rolebinding-provisioner.yaml
+++ b/charts/loki/templates/provisioner/rolebinding-provisioner.yaml
@@ -4,6 +4,7 @@
kind: ClusterRoleBinding
metadata:
name: {{ template "enterprise-logs.provisionerFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
{{- with .Values.enterprise.provisioner.labels }}
@@ -21,5 +22,5 @@
subjects:
- kind: ServiceAccount
name: {{ template "enterprise-logs.provisionerFullname" . }}
- namespace: {{ .Release.Namespace }}
+ namespace: {{ $.Release.Namespace }}
{{- end }}
diff --git a/charts/loki/templates/provisioner/serviceaccount-provisioner.yaml b/charts/loki/templates/provisioner/serviceaccount-provisioner.yaml
index 2dc67d2..81e92e9 100644
--- a/charts/loki/templates/provisioner/serviceaccount-provisioner.yaml
+++ b/charts/loki/templates/provisioner/serviceaccount-provisioner.yaml
@@ -4,7 +4,7 @@
kind: ServiceAccount
metadata:
name: {{ template "enterprise-logs.provisionerFullname" . }}
- namespace: {{ .Release.Namespace }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
{{- with .Values.enterprise.provisioner.labels }}
diff --git a/charts/loki/templates/read/deployment-read.yaml b/charts/loki/templates/read/deployment-read.yaml
index 9e9c26d..ee9a151 100644
--- a/charts/loki/templates/read/deployment-read.yaml
+++ b/charts/loki/templates/read/deployment-read.yaml
@@ -5,9 +5,19 @@
kind: Deployment
metadata:
name: {{ include "loki.readFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
app.kubernetes.io/part-of: memberlist
{{- include "loki.readLabels" . | nindent 4 }}
+ {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.backend.annotations))}}
+ annotations:
+ {{- with .Values.loki.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.read.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- if not .Values.read.autoscaling.enabled }}
replicas: {{ .Values.read.replicas }}
@@ -23,7 +33,7 @@
template:
metadata:
annotations:
- checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
@@ -61,16 +71,16 @@
- -config.file=/etc/loki/config/config.yaml
- -target={{ .Values.read.targetModule }}
- -legacy-read-mode=false
- - -common.compactor-grpc-address={{ include "loki.backendFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:9095
+ - -common.compactor-grpc-address={{ include "loki.backendFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:{{ .Values.loki.server.grpc_listen_port }}
{{- with .Values.read.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
- containerPort: 3100
+ containerPort: {{ .Values.loki.server.http_listen_port }}
protocol: TCP
- name: grpc
- containerPort: 9095
+ containerPort: {{ .Values.loki.server.grpc_listen_port }}
protocol: TCP
- name: http-memberlist
containerPort: 7946
@@ -105,14 +115,25 @@
{{- end }}
resources:
{{- toYaml .Values.read.resources | nindent 12 }}
+ {{- with .Values.read.extraContainers }}
+ {{- toYaml . | nindent 8}}
+ {{- end }}
{{- with .Values.read.affinity }}
affinity:
{{- tpl . $ | nindent 8 }}
{{- end }}
+ {{- with .Values.read.dnsConfig }}
+ dnsConfig:
+ {{- tpl . $ | nindent 8 }}
+ {{- end }}
{{- with .Values.read.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.read.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.read.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
@@ -127,8 +148,7 @@
secret:
secretName: {{ .Values.loki.existingSecretForConfig }}
{{- else }}
- configMap:
- name: {{ include "loki.name" . }}
+ {{- include "loki.configVolume" . | nindent 10 }}
{{- end }}
- name: runtime-config
configMap:
diff --git a/charts/loki/templates/read/hpa.yaml b/charts/loki/templates/read/hpa.yaml
new file mode 100644
index 0000000..5515ecb
--- /dev/null
+++ b/charts/loki/templates/read/hpa.yaml
@@ -0,0 +1,55 @@
+{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
+{{- $autoscalingv2 := .Capabilities.APIVersions.Has "autoscaling/v2" -}}
+{{- if and $isSimpleScalable ( .Values.read.autoscaling.enabled ) }}
+{{- if $autoscalingv2 }}
+apiVersion: autoscaling/v2
+{{- else }}
+apiVersion: autoscaling/v2beta1
+{{- end }}
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "loki.readFullname" . }}
+ labels:
+ {{- include "loki.readLabels" . | nindent 4 }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) }}
+ kind: Deployment
+ name: {{ include "loki.readFullname" . }}
+{{- else }}
+ kind: StatefulSet
+ name: {{ include "loki.readFullname" . }}
+{{- end }}
+ minReplicas: {{ .Values.read.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.read.autoscaling.maxReplicas }}
+ {{- with .Values.read.autoscaling.behavior }}
+ behavior:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ metrics:
+ {{- with .Values.read.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ {{- if $autoscalingv2 }}
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- else }}
+ targetAverageUtilization: {{ . }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.read.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ {{- if $autoscalingv2 }}
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- else }}
+ targetAverageUtilization: {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/loki/templates/read/poddisruptionbudget-read.yaml b/charts/loki/templates/read/poddisruptionbudget-read.yaml
index 3f2f5cd..af4fcbf 100644
--- a/charts/loki/templates/read/poddisruptionbudget-read.yaml
+++ b/charts/loki/templates/read/poddisruptionbudget-read.yaml
@@ -1,9 +1,10 @@
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- if and $isSimpleScalable (gt (int .Values.read.replicas) 1) }}
-apiVersion: {{ include "loki.podDisruptionBudget.apiVersion" . }}
+apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.readFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.readLabels" . | nindent 4 }}
spec:
diff --git a/charts/loki/templates/read/service-read-headless.yaml b/charts/loki/templates/read/service-read-headless.yaml
index ec2d57a..14ba0f6 100644
--- a/charts/loki/templates/read/service-read-headless.yaml
+++ b/charts/loki/templates/read/service-read-headless.yaml
@@ -5,19 +5,34 @@
kind: Service
metadata:
name: {{ include "loki.readFullname" . }}-headless
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.readSelectorLabels" . | nindent 4 }}
+ {{- with .Values.loki.serviceLabels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.read.service.labels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ variant: headless
prometheus.io/service-monitor: "false"
+ annotations:
+ {{- with .Values.loki.serviceAnnotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.read.service.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http-metrics
- port: 3100
+ port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
- name: grpc
- port: 9095
+ port: {{ .Values.loki.server.grpc_listen_port }}
targetPort: grpc
protocol: TCP
appProtocol: tcp
diff --git a/charts/loki/templates/read/service-read.yaml b/charts/loki/templates/read/service-read.yaml
index 5512bce..f4000fd 100644
--- a/charts/loki/templates/read/service-read.yaml
+++ b/charts/loki/templates/read/service-read.yaml
@@ -5,20 +5,31 @@
kind: Service
metadata:
name: {{ include "loki.readFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.readLabels" . | nindent 4 }}
- {{- with .Values.read.serviceLabels }}
- {{- toYaml . | nindent 4 }}
+ {{- with .Values.loki.serviceLabels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.read.service.labels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ annotations:
+ {{- with .Values.loki.serviceAnnotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.read.service.annotations }}
+ {{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
- port: 3100
+ port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
- name: grpc
- port: 9095
+ port: {{ .Values.loki.server.grpc_listen_port }}
targetPort: grpc
protocol: TCP
selector:
diff --git a/charts/loki/templates/read/statefulset-read.yaml b/charts/loki/templates/read/statefulset-read.yaml
index 066620b..6efa0ad 100644
--- a/charts/loki/templates/read/statefulset-read.yaml
+++ b/charts/loki/templates/read/statefulset-read.yaml
@@ -5,12 +5,24 @@
kind: StatefulSet
metadata:
name: {{ include "loki.readFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
app.kubernetes.io/part-of: memberlist
{{- include "loki.readLabels" . | nindent 4 }}
+ {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.read.annotations))}}
+ annotations:
+ {{- with .Values.loki.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.read.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
+{{- if not .Values.read.autoscaling.enabled }}
replicas: {{ .Values.read.replicas }}
- podManagementPolicy: Parallel
+{{- end }}
+ podManagementPolicy: {{ .Values.read.podManagementPolicy }}
updateStrategy:
rollingUpdate:
partition: 0
@@ -31,7 +43,7 @@
template:
metadata:
annotations:
- checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
@@ -74,10 +86,10 @@
{{- end }}
ports:
- name: http-metrics
- containerPort: 3100
+ containerPort: {{ .Values.loki.server.http_listen_port }}
protocol: TCP
- name: grpc
- containerPort: 9095
+ containerPort: {{ .Values.loki.server.grpc_listen_port }}
protocol: TCP
- name: http-memberlist
containerPort: 7946
@@ -116,14 +128,25 @@
{{- end }}
resources:
{{- toYaml .Values.read.resources | nindent 12 }}
+ {{- with .Values.read.extraContainers }}
+ {{- toYaml . | nindent 8}}
+ {{- end }}
{{- with .Values.read.affinity }}
affinity:
{{- tpl . $ | nindent 8 }}
{{- end }}
+ {{- with .Values.read.dnsConfig }}
+ dnsConfig:
+ {{- tpl . $ | nindent 8 }}
+ {{- end }}
{{- with .Values.read.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.read.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.read.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
@@ -155,7 +178,9 @@
{{- toYaml . | nindent 8 }}
{{- end }}
volumeClaimTemplates:
- - metadata:
+ - apiVersion: v1
+ kind: PersistentVolumeClaim
+ metadata:
name: data
spec:
accessModes:
diff --git a/charts/loki/templates/role.yaml b/charts/loki/templates/role.yaml
index 768dd39..1e714b6 100644
--- a/charts/loki/templates/role.yaml
+++ b/charts/loki/templates/role.yaml
@@ -3,7 +3,7 @@
kind: Role
metadata:
name: {{ include "loki.name" . }}
- namespace: {{ .Release.Namespace }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
{{- if .Values.rbac.pspEnabled }}
@@ -15,7 +15,7 @@
verbs:
- use
resourceNames:
- - {{ include "loki.fullname" . }}
+ - {{ include "loki.name" . }}
{{- end }}
{{- if .Values.rbac.sccEnabled }}
rules:
@@ -26,6 +26,11 @@
verbs:
- use
resourceNames:
- - {{ include "loki.fullname" . }}
+ - {{ include "loki.name" . }}
+ {{- if and .Values.rbac.namespaced .Values.sidecar.rules.enabled }}
+ - apiGroups: [""] # "" indicates the core API group
+ resources: ["configmaps", "secrets"]
+ verbs: ["get", "watch", "list"]
+ {{- end }}
{{- end }}
{{- end }}
diff --git a/charts/loki/templates/rolebinding.yaml b/charts/loki/templates/rolebinding.yaml
index 71f9e8f..cc0dfd2 100644
--- a/charts/loki/templates/rolebinding.yaml
+++ b/charts/loki/templates/rolebinding.yaml
@@ -3,6 +3,7 @@
kind: RoleBinding
metadata:
name: {{ include "loki.name" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
roleRef:
@@ -12,5 +13,5 @@
subjects:
- kind: ServiceAccount
name: {{ include "loki.serviceAccountName" . }}
- namespace: {{ .Release.Namespace }}
+ namespace: {{ $.Release.Namespace }}
{{- end }}
diff --git a/charts/loki/templates/runtime-configmap.yaml b/charts/loki/templates/runtime-configmap.yaml
index a8a1344..2f38193 100644
--- a/charts/loki/templates/runtime-configmap.yaml
+++ b/charts/loki/templates/runtime-configmap.yaml
@@ -2,8 +2,9 @@
kind: ConfigMap
metadata:
name: {{ include "loki.name" . }}-runtime
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
data:
runtime-config.yaml: |
- {{ tpl (toYaml .Values.loki.runtimeConfig) . | nindent 4 }}
+ {{- tpl (toYaml .Values.loki.runtimeConfig) . | nindent 4 }}
diff --git a/charts/loki/templates/secret-license.yaml b/charts/loki/templates/secret-license.yaml
index 31af72e..eaa519f 100644
--- a/charts/loki/templates/secret-license.yaml
+++ b/charts/loki/templates/secret-license.yaml
@@ -3,6 +3,7 @@
kind: Secret
metadata:
name: enterprise-logs-license
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
data:
diff --git a/charts/loki/templates/service-memberlist.yaml b/charts/loki/templates/service-memberlist.yaml
index ca10485..cacb5b1 100644
--- a/charts/loki/templates/service-memberlist.yaml
+++ b/charts/loki/templates/service-memberlist.yaml
@@ -3,6 +3,7 @@
kind: Service
metadata:
name: {{ include "loki.memberlist" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
diff --git a/charts/loki/templates/serviceaccount.yaml b/charts/loki/templates/serviceaccount.yaml
index 5734c01..dd89141 100644
--- a/charts/loki/templates/serviceaccount.yaml
+++ b/charts/loki/templates/serviceaccount.yaml
@@ -3,6 +3,7 @@
kind: ServiceAccount
metadata:
name: {{ include "loki.serviceAccountName" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.labels }}
diff --git a/charts/loki/templates/single-binary/hpa.yaml b/charts/loki/templates/single-binary/hpa.yaml
new file mode 100644
index 0000000..c529f18
--- /dev/null
+++ b/charts/loki/templates/single-binary/hpa.yaml
@@ -0,0 +1,51 @@
+{{- $isSingleBinary := eq (include "loki.deployment.isSingleBinary" .) "true" -}}
+{{- $usingObjectStorage := eq (include "loki.isUsingObjectStorage" .) "true" }}
+{{- $autoscalingv2 := .Capabilities.APIVersions.Has "autoscaling/v2" -}}
+{{- if and $isSingleBinary $usingObjectStorage ( .Values.singleBinary.autoscaling.enabled ) }}
+{{- if $autoscalingv2 }}
+apiVersion: autoscaling/v2
+{{- else }}
+apiVersion: autoscaling/v2beta1
+{{- end }}
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "loki.singleBinaryFullname" . }}
+ labels:
+ {{- include "loki.singleBinaryLabels" . | nindent 4 }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: StatefulSet
+ name: {{ include "loki.singleBinaryFullname" . }}
+ minReplicas: {{ .Values.singleBinary.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.singleBinary.autoscaling.maxReplicas }}
+ {{- with .Values.singleBinary.autoscaling.behavior }}
+ behavior:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ metrics:
+ {{- with .Values.singleBinary.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ {{- if $autoscalingv2 }}
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- else }}
+ targetAverageUtilization: {{ . }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.singleBinary.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ {{- if $autoscalingv2 }}
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- else }}
+ targetAverageUtilization: {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/loki/templates/single-binary/pdb.yaml b/charts/loki/templates/single-binary/pdb.yaml
index 65bc53d..bb1e1cc 100644
--- a/charts/loki/templates/single-binary/pdb.yaml
+++ b/charts/loki/templates/single-binary/pdb.yaml
@@ -1,11 +1,11 @@
{{- $isSingleBinary := eq (include "loki.deployment.isSingleBinary" .) "true" -}}
{{- if and .Values.podDisruptionBudget $isSingleBinary -}}
---
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "loki.fullname" . }}
- namespace: {{ .Release.Namespace }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
diff --git a/charts/loki/templates/single-binary/service-headless.yaml b/charts/loki/templates/single-binary/service-headless.yaml
index 9d4d85e..7522240 100644
--- a/charts/loki/templates/single-binary/service-headless.yaml
+++ b/charts/loki/templates/single-binary/service-headless.yaml
@@ -5,16 +5,29 @@
kind: Service
metadata:
name: {{ include "loki.name" . }}-headless
- namespace: {{ .Release.Namespace }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
+ {{- with .Values.loki.serviceLabels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.singleBinary.service.labels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
variant: headless
prometheus.io/service-monitor: "false"
+ annotations:
+ {{- with .Values.loki.serviceAnnotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.singleBinary.service.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
spec:
clusterIP: None
ports:
- name: http-metrics
- port: 3100
+ port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
selector:
diff --git a/charts/loki/templates/single-binary/service.yaml b/charts/loki/templates/single-binary/service.yaml
index 698438e..352fcad 100644
--- a/charts/loki/templates/single-binary/service.yaml
+++ b/charts/loki/templates/single-binary/service.yaml
@@ -5,17 +5,31 @@
kind: Service
metadata:
name: {{ include "loki.singleBinaryFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
+ {{- with .Values.loki.serviceLabels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.singleBinary.service.labels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ annotations:
+ {{- with .Values.loki.serviceAnnotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.singleBinary.service.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
- port: 3100
+ port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
- name: grpc
- port: 9095
+ port: {{ .Values.loki.server.grpc_listen_port }}
targetPort: grpc
protocol: TCP
selector:
diff --git a/charts/loki/templates/single-binary/statefulset.yaml b/charts/loki/templates/single-binary/statefulset.yaml
index ed757f8..8922c89 100644
--- a/charts/loki/templates/single-binary/statefulset.yaml
+++ b/charts/loki/templates/single-binary/statefulset.yaml
@@ -5,9 +5,19 @@
kind: StatefulSet
metadata:
name: {{ include "loki.singleBinaryFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.singleBinaryLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
+ {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.singleBinary.annotations))}}
+ annotations:
+ {{- with .Values.loki.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.singleBinary.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
replicas: {{ include "loki.singleBinaryReplicas" . }}
podManagementPolicy: Parallel
@@ -16,7 +26,7 @@
partition: 0
serviceName: {{ include "loki.singleBinaryFullname" . }}-headless
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
- {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.singleBinary.persistence.enableStatefulSetAutoDeletePVC) }}
+ {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.singleBinary.persistence.enableStatefulSetAutoDeletePVC) (.Values.singleBinary.persistence.enabled) }}
{{/*
Data on the singleBinary nodes is easy to replace, so we want to always delete PVCs to make
operation easier, and will rely on re-fetching data when needed.
@@ -31,7 +41,7 @@
template:
metadata:
annotations:
- checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
@@ -80,10 +90,10 @@
{{- end }}
ports:
- name: http-metrics
- containerPort: 3100
+ containerPort: {{ .Values.loki.server.http_listen_port }}
protocol: TCP
- name: grpc
- containerPort: 9095
+ containerPort: {{ .Values.loki.server.grpc_listen_port }}
protocol: TCP
- name: http-memberlist
containerPort: 7946
@@ -120,10 +130,17 @@
{{- end }}
resources:
{{- toYaml .Values.singleBinary.resources | nindent 12 }}
+ {{- with .Values.singleBinary.extraContainers }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.singleBinary.affinity }}
affinity:
{{- tpl . $ | nindent 8 }}
{{- end }}
+ {{- with .Values.singleBinary.dnsConfig }}
+ dnsConfig:
+ {{- tpl . $ | nindent 8 }}
+ {{- end }}
{{- with .Values.singleBinary.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@@ -140,8 +157,7 @@
secret:
secretName: {{ .Values.loki.existingSecretForConfig }}
{{- else }}
- configMap:
- name: {{ include "loki.name" . }}
+ {{- include "loki.configVolume" . | nindent 10 }}
{{- end }}
- name: runtime-config
configMap:
@@ -160,7 +176,9 @@
{{- end }}
{{- if .Values.singleBinary.persistence.enabled }}
volumeClaimTemplates:
- - metadata:
+ - apiVersion: v1
+ kind: PersistentVolumeClaim
+ metadata:
name: storage
spec:
accessModes:
diff --git a/charts/loki/templates/table-manager/deployment-table-manager.yaml b/charts/loki/templates/table-manager/deployment-table-manager.yaml
index f5529eb..aeb5b1a 100644
--- a/charts/loki/templates/table-manager/deployment-table-manager.yaml
+++ b/charts/loki/templates/table-manager/deployment-table-manager.yaml
@@ -5,10 +5,13 @@
name: {{ include "loki.tableManagerFullname" . }}
labels:
{{- include "loki.tableManagerLabels" . | nindent 4 }}
- {{- with .Values.loki.annotations }}
annotations:
+ {{- with .Values.loki.annotations }}
{{- toYaml . | nindent 4 }}
- {{- end }}
+ {{- end }}
+ {{- with .Values.tableManager.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
replicas: 1
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
@@ -18,7 +21,7 @@
template:
metadata:
annotations:
- checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
@@ -55,10 +58,10 @@
{{- end }}
ports:
- name: http-metrics
- containerPort: 3100
+ containerPort: {{ .Values.loki.server.http_listen_port }}
protocol: TCP
- name: grpc
- containerPort: 9095
+ containerPort: {{ .Values.loki.server.grpc_listen_port }}
protocol: TCP
{{- with .Values.tableManager.extraEnv }}
env:
@@ -89,6 +92,10 @@
affinity:
{{- tpl . $ | nindent 8 }}
{{- end }}
+ {{- with .Values.tableManager.dnsConfig }}
+ dnsConfig:
+ {{- tpl . $ | nindent 8 }}
+ {{- end }}
{{- with .Values.tableManager.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@@ -103,8 +110,7 @@
secret:
secretName: {{ .Values.loki.existingSecretForConfig }}
{{- else }}
- configMap:
- name: {{ include "loki.fullname" . }}
+ {{- include "loki.configVolume" . | nindent 10 }}
{{- end }}
{{- with .Values.tableManager.extraVolumes }}
{{- toYaml . | nindent 8 }}
diff --git a/charts/loki/templates/table-manager/service-table-manager.yaml b/charts/loki/templates/table-manager/service-table-manager.yaml
index 4673120..214cd36 100644
--- a/charts/loki/templates/table-manager/service-table-manager.yaml
+++ b/charts/loki/templates/table-manager/service-table-manager.yaml
@@ -5,23 +5,29 @@
name: {{ include "loki.fullname" . }}-table-manager
labels:
{{- include "loki.labels" . | nindent 4 }}
- {{- with .Values.tableManager.serviceLabels }}
- {{- toYaml . | nindent 4 }}
+ {{- with .Values.loki.serviceLabels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.tableManager.service.labels }}
+ {{- toYaml . | nindent 4}}
{{- end }}
app.kubernetes.io/component: table-manager
- {{- with .Values.loki.serviceAnnotations }}
annotations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
+ {{- with .Values.loki.serviceAnnotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.tableManager.service.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
- port: 3100
+ port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
- name: grpc
- port: 9095
+ port: {{ .Values.loki.server.grpc_listen_port }}
targetPort: grpc
protocol: TCP
selector:
diff --git a/charts/loki/templates/tests/test-canary.yaml b/charts/loki/templates/tests/test-canary.yaml
index eb41772..a4f11e2 100644
--- a/charts/loki/templates/tests/test-canary.yaml
+++ b/charts/loki/templates/tests/test-canary.yaml
@@ -5,6 +5,7 @@
kind: Pod
metadata:
name: "{{ include "loki.name" $ }}-helm-test"
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.helmTestLabels" $ | nindent 4 }}
{{- with .labels }}
diff --git a/charts/loki/templates/tokengen/clusterrole-tokengen.yaml b/charts/loki/templates/tokengen/clusterrole-tokengen.yaml
index 2ebfb14..19dad88 100644
--- a/charts/loki/templates/tokengen/clusterrole-tokengen.yaml
+++ b/charts/loki/templates/tokengen/clusterrole-tokengen.yaml
@@ -17,5 +17,5 @@
rules:
- apiGroups: [""]
resources: ["secrets"]
- verbs: ["create"]
+ verbs: ["create", "get", "patch"]
{{- end }}
diff --git a/charts/loki/templates/tokengen/clusterrolebinding-tokengen.yaml b/charts/loki/templates/tokengen/clusterrolebinding-tokengen.yaml
index 3c7fb13..248337e 100644
--- a/charts/loki/templates/tokengen/clusterrolebinding-tokengen.yaml
+++ b/charts/loki/templates/tokengen/clusterrolebinding-tokengen.yaml
@@ -21,5 +21,5 @@
subjects:
- kind: ServiceAccount
name: {{ template "enterprise-logs.tokengenFullname" . }}
- namespace: {{ .Release.Namespace }}
+ namespace: {{ $.Release.Namespace }}
{{- end }}
diff --git a/charts/loki/templates/tokengen/job-tokengen.yaml b/charts/loki/templates/tokengen/job-tokengen.yaml
index 670a812..b917395 100644
--- a/charts/loki/templates/tokengen/job-tokengen.yaml
+++ b/charts/loki/templates/tokengen/job-tokengen.yaml
@@ -4,6 +4,7 @@
kind: Job
metadata:
name: {{ template "enterprise-logs.tokengenFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "enterprise-logs.tokengenLabels" . | nindent 4 }}
{{- with .Values.enterprise.tokengen.labels }}
@@ -45,6 +46,10 @@
image: {{ template "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
args:
+ # The shared emptyDir exists only while the job is running, and is deleted once the job is completed.
+ # The tokengen generates a new admin token in case the 'token-file' file doesn't exist.
+ # As a result, subsequent executions of this tokengen job will generate new admin tokens.
+ # Note that previously generated tokens remain valid, as these remain present in the object storage.
- -config.file=/etc/loki/config/config.yaml
- -target={{ .Values.enterprise.tokengen.targetModule }}
- -tokengen.token-file=/shared/admin-token
@@ -79,10 +84,17 @@
- /bin/bash
- -euc
- |
- kubectl create secret generic "{{ include "enterprise-logs.adminTokenSecret" . }}" --from-file=token=/shared/admin-token
+ # Create or update admin token secrets generated by tokengen job
+ kubectl create secret generic "{{ include "enterprise-logs.adminTokenSecret" . }}" \
+ --from-file=token=/shared/admin-token \
+ --dry-run=client -o yaml \
+ | kubectl apply -f -
{{- with .Values.enterprise.adminToken.additionalNamespaces }}
{{- range . }}
- kubectl --namespace "{{ . }}" create secret generic "{{ include "enterprise-logs.adminTokenSecret" $ }}" --from-file=token=/shared/admin-token
+ kubectl --namespace "{{ . }}" create secret generic "{{ include "enterprise-logs.adminTokenSecret" $ }}" \
+ --from-file=token=/shared/admin-token \
+ --dry-run=client -o yaml \
+ | kubectl apply -f -
{{- end }}
{{- end }}
volumeMounts:
diff --git a/charts/loki/templates/tokengen/serviceaccount-tokengen.yaml b/charts/loki/templates/tokengen/serviceaccount-tokengen.yaml
index 25e6ca8..6f0e5a3 100644
--- a/charts/loki/templates/tokengen/serviceaccount-tokengen.yaml
+++ b/charts/loki/templates/tokengen/serviceaccount-tokengen.yaml
@@ -4,7 +4,7 @@
kind: ServiceAccount
metadata:
name: {{ template "enterprise-logs.tokengenFullname" . }}
- namespace: {{ .Release.Namespace }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "enterprise-logs.tokengenLabels" . | nindent 4 }}
{{- with .Values.enterprise.tokengen.labels }}
diff --git a/charts/loki/templates/write/hpa.yaml b/charts/loki/templates/write/hpa.yaml
new file mode 100644
index 0000000..ba88ee2
--- /dev/null
+++ b/charts/loki/templates/write/hpa.yaml
@@ -0,0 +1,51 @@
+{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
+{{- $autoscalingv2 := .Capabilities.APIVersions.Has "autoscaling/v2" -}}
+{{- if and $isSimpleScalable ( .Values.write.autoscaling.enabled ) }}
+{{- if $autoscalingv2 }}
+apiVersion: autoscaling/v2
+{{- else }}
+apiVersion: autoscaling/v2beta1
+{{- end }}
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "loki.writeFullname" . }}
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "loki.writeLabels" . | nindent 4 }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: StatefulSet
+ name: {{ include "loki.writeFullname" . }}
+ minReplicas: {{ .Values.write.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.write.autoscaling.maxReplicas }}
+ {{- with .Values.write.autoscaling.behavior }}
+ behavior:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ metrics:
+ {{- with .Values.write.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ {{- if $autoscalingv2 }}
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- else }}
+ targetAverageUtilization: {{ . }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.write.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ {{- if $autoscalingv2 }}
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- else }}
+ targetAverageUtilization: {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/loki/templates/write/poddisruptionbudget-write.yaml b/charts/loki/templates/write/poddisruptionbudget-write.yaml
index 9acfc74..24e1356 100644
--- a/charts/loki/templates/write/poddisruptionbudget-write.yaml
+++ b/charts/loki/templates/write/poddisruptionbudget-write.yaml
@@ -1,9 +1,10 @@
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- if and $isSimpleScalable (gt (int .Values.write.replicas) 1) }}
-apiVersion: {{ include "loki.podDisruptionBudget.apiVersion" . }}
+apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.writeFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.writeLabels" . | nindent 4 }}
spec:
diff --git a/charts/loki/templates/write/service-write-headless.yaml b/charts/loki/templates/write/service-write-headless.yaml
index 26f1682..84cf5d7 100644
--- a/charts/loki/templates/write/service-write-headless.yaml
+++ b/charts/loki/templates/write/service-write-headless.yaml
@@ -5,19 +5,34 @@
kind: Service
metadata:
name: {{ include "loki.writeFullname" . }}-headless
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.writeSelectorLabels" . | nindent 4 }}
+ {{- with .Values.loki.serviceLabels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.write.service.labels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ variant: headless
prometheus.io/service-monitor: "false"
+ annotations:
+ {{- with .Values.loki.serviceAnnotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.write.service.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http-metrics
- port: 3100
+ port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
- name: grpc
- port: 9095
+ port: {{ .Values.loki.server.grpc_listen_port }}
targetPort: grpc
protocol: TCP
appProtocol: tcp
diff --git a/charts/loki/templates/write/service-write.yaml b/charts/loki/templates/write/service-write.yaml
index 3afc57e..9603706 100644
--- a/charts/loki/templates/write/service-write.yaml
+++ b/charts/loki/templates/write/service-write.yaml
@@ -5,20 +5,31 @@
kind: Service
metadata:
name: {{ include "loki.writeFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.writeLabels" . | nindent 4 }}
- {{- with .Values.write.serviceLabels }}
- {{- toYaml . | nindent 4 }}
+ {{- with .Values.loki.serviceLabels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.write.service.labels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ annotations:
+ {{- with .Values.loki.serviceAnnotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ {{- with .Values.write.service.annotations }}
+ {{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
- port: 3100
+ port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
- name: grpc
- port: 9095
+ port: {{ .Values.loki.server.grpc_listen_port }}
targetPort: grpc
protocol: TCP
selector:
diff --git a/charts/loki/templates/write/statefulset-write.yaml b/charts/loki/templates/write/statefulset-write.yaml
index 702f7f9..5aa1e78 100644
--- a/charts/loki/templates/write/statefulset-write.yaml
+++ b/charts/loki/templates/write/statefulset-write.yaml
@@ -5,19 +5,30 @@
kind: StatefulSet
metadata:
name: {{ include "loki.writeFullname" . }}
+ namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.writeLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
+ {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.backend.annotations))}}
+ annotations:
+ {{- with .Values.loki.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.write.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
+{{- if not .Values.write.autoscaling.enabled }}
replicas: {{ .Values.write.replicas }}
-
- podManagementPolicy: Parallel
+{{- end }}
+ podManagementPolicy: {{ .Values.write.podManagementPolicy }}
updateStrategy:
rollingUpdate:
partition: 0
serviceName: {{ include "loki.writeFullname" . }}-headless
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
- {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.write.persistence.enableStatefulSetAutoDeletePVC) }}
+ {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.write.persistence.enableStatefulSetAutoDeletePVC) (.Values.write.persistence.volumeClaimsEnabled) }}
{{/*
Data on the write nodes is easy to replace, so we want to always delete PVCs to make
operation easier, and will rely on re-fetching data when needed.
@@ -32,7 +43,7 @@
template:
metadata:
annotations:
- checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
@@ -81,10 +92,10 @@
{{- end }}
ports:
- name: http-metrics
- containerPort: 3100
+ containerPort: {{ .Values.loki.server.http_listen_port }}
protocol: TCP
- name: grpc
- containerPort: 9095
+ containerPort: {{ .Values.loki.server.grpc_listen_port }}
protocol: TCP
- name: http-memberlist
containerPort: 7946
@@ -101,9 +112,15 @@
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
readinessProbe:
{{- toYaml .Values.loki.readinessProbe | nindent 12 }}
- {{- with .Values.write.lifecycle }}
+ {{- if .Values.write.lifecycle }}
lifecycle:
- {{- toYaml . | nindent 12 }}
+ {{- toYaml .Values.write.lifecycle | nindent 12 }}
+ {{- else if .Values.write.autoscaling.enabled }}
+ lifecycle:
+ preStop:
+ httpGet:
+ path: "/ingester/shutdown?terminate=false"
+ port: http-metrics
{{- end }}
volumeMounts:
- name: config
@@ -121,26 +138,40 @@
{{- end }}
resources:
{{- toYaml .Values.write.resources | nindent 12 }}
+ {{- with .Values.write.extraContainers }}
+ {{- toYaml . | nindent 8}}
+ {{- end }}
{{- with .Values.write.affinity }}
affinity:
{{- tpl . $ | nindent 8 }}
{{- end }}
+ {{- with .Values.write.dnsConfig }}
+ dnsConfig:
+ {{- tpl . $ | nindent 8 }}
+ {{- end }}
{{- with .Values.write.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.write.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.write.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
+ {{- if not .Values.write.persistence.volumeClaimsEnabled }}
+ - name: data
+ {{- toYaml .Values.write.persistence.dataVolumeParameters | nindent 10 }}
+ {{- end}}
- name: config
{{- if .Values.loki.existingSecretForConfig }}
secret:
secretName: {{ .Values.loki.existingSecretForConfig }}
{{- else }}
- configMap:
- name: {{ include "loki.name" . }}
+ {{- include "loki.configVolume" . | nindent 10 }}
{{- end }}
- name: runtime-config
configMap:
@@ -157,8 +188,11 @@
{{- with .Values.write.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- if .Values.write.persistence.volumeClaimsEnabled }}
volumeClaimTemplates:
- - metadata:
+ - apiVersion: v1
+ kind: PersistentVolumeClaim
+ metadata:
name: data
spec:
accessModes:
@@ -173,4 +207,8 @@
selector:
{{- toYaml . | nindent 10 }}
{{- end }}
+ {{- with .Values.write.extraVolumeClaimTemplates }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
{{- end }}
diff --git a/charts/loki/values.yaml b/charts/loki/values.yaml
index ac047d1..70d853b 100644
--- a/charts/loki/values.yaml
+++ b/charts/loki/values.yaml
@@ -1,4 +1,3 @@
----
global:
image:
# -- Overrides the Docker registry globally for all images
@@ -11,16 +10,14 @@
dnsService: "kube-dns"
# -- configures DNS service namespace
dnsNamespace: "kube-system"
-
# -- Overrides the chart's name
nameOverride: null
-
# -- Overrides the chart's computed fullname
fullnameOverride: null
-
+# -- Overrides the chart's cluster label
+clusterLabelOverride: null
# -- Image pull secrets for Docker images
imagePullSecrets: []
-
kubectlImage:
# -- The Docker registry
registry: docker.io
@@ -28,9 +25,10 @@
repository: bitnami/kubectl
# -- Overrides the image tag whose default is the chart's appVersion
tag: null
+ # -- Overrides the image tag with an image digest
+ digest: null
# -- Docker image pull policy
pullPolicy: IfNotPresent
-
loki:
# Configures the readiness probe for all of the Loki pods
readinessProbe:
@@ -48,12 +46,20 @@
# TODO: needed for 3rd target backend functionality
# revert to null or latest once this behavior is relased
tag: null
+ # -- Overrides the image tag with an image digest
+ digest: null
# -- Docker image pull policy
pullPolicy: IfNotPresent
+ # -- Common annotations for all deployments/StatefulSets
+ annotations: {}
# -- Common annotations for all pods
podAnnotations: {}
# -- Common labels for all pods
podLabels: {}
+ # -- Common annotations for all services
+ serviceAnnotations: {}
+ # -- Common labels for all services
+ serviceLabels: {}
# -- The number of old ReplicaSets to retain to allow rollback
revisionHistoryLimit: 10
# -- The SecurityContext for Loki pods
@@ -73,6 +79,12 @@
enableServiceLinks: true
# -- Specify an existing secret containing loki configuration. If non-empty, overrides `loki.config`
existingSecretForConfig: ""
+ # -- Defines what kind of object stores the configuration, a ConfigMap or a Secret.
+ # In order to move sensitive information (such as credentials) from the ConfigMap/Secret to a more secure location (e.g. vault), it is possible to use [environment variables in the configuration](https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration).
+ # Such environment variables can be then stored in a separate Secret and injected via the global.extraEnvFrom value. For details about environment injection from a Secret please see [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables).
+ configStorageType: ConfigMap
+ # -- Name of the Secret or ConfigMap that contains the configuration (used for naming even if config is internal).
+ externalConfigSecretName: '{{ include "loki.name" . }}'
# -- Config file contents for Loki
# @default -- See values.yaml
config: |
@@ -88,6 +100,12 @@
{{- end}}
memberlist:
+ {{- if .Values.loki.memberlistConfig }}
+ {{- toYaml .Values.loki.memberlistConfig | nindent 2 }}
+ {{- else }}
+ {{- if .Values.loki.extraMemberlistConfig}}
+ {{- toYaml .Values.loki.extraMemberlistConfig | nindent 2}}
+ {{- end }}
join_members:
- {{ include "loki.memberlist" . }}
{{- with .Values.migrate.fromDistributed }}
@@ -95,6 +113,7 @@
- {{ .memberlistService }}
{{- end }}
{{- end }}
+ {{- end }}
{{- with .Values.loki.ingester }}
ingester:
@@ -134,7 +153,7 @@
{{- end }}
{{- end }}
- {{- if .Values.loki.schemaConfig}}
+ {{- if .Values.loki.schemaConfig }}
schema_config:
{{- toYaml .Values.loki.schemaConfig | nindent 2}}
{{- else }}
@@ -151,9 +170,11 @@
{{ include "loki.rulerConfig" . }}
+ {{- if or .Values.tableManager.retention_deletes_enabled .Values.tableManager.retention_period }}
table_manager:
- retention_deletes_enabled: false
- retention_period: 0
+ retention_deletes_enabled: {{ .Values.tableManager.retention_deletes_enabled }}
+ retention_period: {{ .Values.tableManager.retention_period }}
+ {{- end }}
{{- with .Values.loki.memcached.results_cache }}
query_range:
@@ -200,31 +221,53 @@
{{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }}
+ {{- with .Values.loki.index_gateway }}
+ index_gateway:
+ {{- tpl (. | toYaml) $ | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.loki.frontend }}
+ frontend:
+ {{- tpl (. | toYaml) $ | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.loki.frontend_worker }}
+ frontend_worker:
+ {{- tpl (. | toYaml) $ | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.loki.distributor }}
+ distributor:
+ {{- tpl (. | toYaml) $ | nindent 4 }}
+ {{- end }}
+
+ tracing:
+ enabled: {{ .Values.loki.tracing.enabled }}
# Should authentication be enabled
auth_enabled: true
-
+ # -- memberlist configuration (overrides embedded default)
+ memberlistConfig: {}
+ # -- Extra memberlist configuration
+ extraMemberlistConfig: {}
+ # -- Tenants list to be created on nginx htpasswd file, with name and password keys
+ tenants: []
# -- Check https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration.
server:
http_listen_port: 3100
grpc_listen_port: 9095
-
# -- Limits config
limits_config:
- enforce_metric_name: false
reject_old_samples: true
reject_old_samples_max_age: 168h
max_cache_freshness_per_query: 10m
split_queries_by_interval: 15m
-
# -- Provides a reloadable runtime configuration file for some specific configuration
runtimeConfig: {}
-
# -- Check https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration
commonConfig:
path_prefix: /var/loki
replication_factor: 3
compactor_address: '{{ include "loki.compactorAddress" . }}'
-
# -- Storage config. Providing this will automatically populate all necessary storage configs in the templated config.
storage:
bucketNames:
@@ -238,9 +281,12 @@
region: null
secretAccessKey: null
accessKeyId: null
+ signatureVersion: null
s3ForcePathStyle: false
insecure: false
http_config: {}
+ # -- Check https://grafana.com/docs/loki/latest/configure/#s3_storage_config for more info on how to provide a backoff_config
+ backoff_config: {}
gcs:
chunkBufferSize: 0
requestTimeout: "0s"
@@ -248,13 +294,35 @@
azure:
accountName: null
accountKey: null
+ connectionString: null
useManagedIdentity: false
+ useFederatedToken: false
userAssignedId: null
requestTimeout: null
+ endpointSuffix: null
+ swift:
+ auth_version: null
+ auth_url: null
+ internal: null
+ username: null
+ user_domain_name: null
+ user_domain_id: null
+ user_id: null
+ password: null
+ domain_id: null
+ domain_name: null
+ project_id: null
+ project_name: null
+ project_domain_id: null
+ project_domain_name: null
+ region_name: null
+ container_name: null
+ max_retries: null
+ connect_timeout: null
+ request_timeout: null
filesystem:
chunks_directory: /var/loki/chunks
rules_directory: /var/loki/rules
-
# -- Configure memcached as an external cache for chunk and results cache. Disabled by default
# must enable and specify a host for each cache you would like to use.
memcached:
@@ -270,72 +338,66 @@
service: "memcached-client"
timeout: "500ms"
default_validity: "12h"
-
# -- Check https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas
schemaConfig: {}
-
# -- Check https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler
rulerConfig: {}
-
# -- Structured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig`
structuredConfig: {}
-
# -- Additional query scheduler config
query_scheduler: {}
-
# -- Additional storage config
storage_config:
hedging:
at: "250ms"
max_per_second: 20
up_to: 3
-
# -- Optional compactor configuration
compactor: {}
-
# -- Optional analytics configuration
analytics: {}
-
# -- Optional querier configuration
querier: {}
-
# -- Optional ingester configuration
ingester: {}
-
+ # -- Optional index gateway configuration
+ index_gateway:
+ mode: ring
+ frontend:
+ scheduler_address: '{{ include "loki.querySchedulerAddress" . }}'
+ frontend_worker:
+ scheduler_address: '{{ include "loki.querySchedulerAddress" . }}'
+ # -- Optional distributor configuration
+ distributor: {}
+ # -- Enable tracing
+ tracing:
+ enabled: false
enterprise:
# Enable enterprise features, license must be provided
enabled: false
-
# Default verion of GEL to deploy
- version: v1.6.1
-
+ version: v1.8.6
# -- Optional name of the GEL cluster, otherwise will use .Release.Name
# The cluster name must match what is in your GEL license
cluster_name: null
-
# -- Grafana Enterprise Logs license
# In order to use Grafana Enterprise Logs features, you will need to provide
# the contents of your Grafana Enterprise Logs license, either by providing the
# contents of the license.jwt, or the name Kubernetes Secret that contains your
# license.jwt.
- # To set the license contents, use the flag `--set-file 'license.contents=./license.jwt'`
+ # To set the license contents, use the flag `--set-file 'enterprise.license.contents=./license.jwt'`
license:
contents: "NOTAVALIDLICENSE"
-
# -- Set to true when providing an external license
useExternalLicense: false
-
# -- Name of external license secret to use
externalLicenseName: null
-
# -- Name of the external config secret to use
externalConfigName: ""
-
# -- If enabled, the correct admin_client storage will be configured. If disabled while running enterprise,
# make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`.
adminApi:
enabled: true
-
# enterprise specific sections of the config.yaml file
config: |
{{- if .Values.enterprise.adminApi.enabled }}
@@ -352,29 +414,25 @@
cluster_name: {{ include "loki.clusterName" . }}
license:
path: /etc/loki/license/license.jwt
-
image:
# -- The Docker registry
registry: docker.io
# -- Docker image repository
repository: grafana/enterprise-logs
# -- Docker image tag
- # TODO: needed for 3rd target backend functionality
- # revert to null or latest once this behavior is relased
- tag: main-96f32b9f
+ tag: null
+ # -- Overrides the image tag with an image digest
+ digest: null
# -- Docker image pull policy
pullPolicy: IfNotPresent
-
adminToken:
# -- Alternative name for admin token secret, needed by tokengen and provisioner jobs
secret: null
# -- Additional namespace to also create the token in. Useful if your Grafana instance
# is in a different namespace
additionalNamespaces: []
-
# -- Alternative name of the secret to store token for the canary
canarySecret: null
-
# -- Configuration for `tokengen` target
tokengen:
# -- Whether the job should be part of the deployment
@@ -405,7 +463,6 @@
extraEnvFrom: []
# -- The name of the PriorityClass for tokengen Pods
priorityClassName: ""
-
# -- Configuration for `provisioner` target
provisioner:
# -- Whether the job should be part of the deployment
@@ -441,11 +498,12 @@
repository: grafana/enterprise-logs-provisioner
# -- Overrides the image tag whose default is the chart's appVersion
tag: null
+ # -- Overrides the image tag with an image digest
+ digest: null
# -- Docker image pull policy
pullPolicy: IfNotPresent
# -- Volume mounts to add to the provisioner pods
extraVolumeMounts: []
-
# -- Options that may be necessary when performing a migration from another helm chart
migrate:
# -- When migrating from a distributed chart like loki-distributed or enterprise-logs
@@ -453,9 +511,8 @@
# -- Set to true if migrating from a distributed helm chart
enabled: false
# -- If migrating from a distributed service, provide the distributed deployment's
- # memberlist service DNS so the new deployment can join it's ring.
+ # memberlist service DNS so the new deployment can join its ring.
memberlistService: ""
-
serviceAccount:
# -- Specifies whether a ServiceAccount should be created
create: true
@@ -470,14 +527,20 @@
labels: {}
# -- Set this toggle to false to opt out of automounting API credentials for the service account
automountServiceAccountToken: true
-
# RBAC configuration
rbac:
# -- If pspEnabled true, a PodSecurityPolicy is created for K8s that use psp.
pspEnabled: false
# -- For OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints.
sccEnabled: false
-
+ # -- Specify PSP annotations
+ # Ref: https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/#podsecuritypolicy-annotations
+ pspAnnotations: {}
+ # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+ # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
+ # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
+ # -- Whether to install RBAC in the namespace only or cluster-wide. Useful if you want to watch ConfigMap globally.
+ namespaced: false
# -- Section for configuring optional Helm test
test:
enabled: true
@@ -497,9 +560,10 @@
repository: grafana/loki-helm-test
# -- Overrides the image tag whose default is the chart's appVersion
tag: null
+ # -- Overrides the image tag with an image digest
+ digest: null
# -- Docker image pull policy
pullPolicy: IfNotPresent
-
# Monitoring section determines which monitoring features to enable
monitoring:
# Dashboards for monitoring Loki
@@ -513,19 +577,26 @@
# -- Labels for the dashboards ConfigMap
labels:
grafana_dashboard: "1"
-
# Recording rules for monitoring Loki, required for some dashboards
rules:
# -- If enabled, create PrometheusRule resource with Loki recording rules
enabled: true
# -- Include alerting rules
alerting: true
+ # -- Specify which individual alerts should be disabled
+ # -- Instead of turning off each alert one by one, set the .monitoring.rules.alerting value to false instead.
+ # -- If you disable all the alerts and keep .monitoring.rules.alerting set to true, the chart will fail to render.
+ disabled: {}
+ # LokiRequestErrors: true
+ # LokiRequestPanics: true
# -- Alternative namespace to create PrometheusRule resources in
namespace: null
# -- Additional annotations for the rules PrometheusRule resource
annotations: {}
# -- Additional labels for the rules PrometheusRule resource
labels: {}
+ # -- Additional labels for PrometheusRule alerts
+ additionalRuleLabels: {}
# -- Additional groups to add to the rules file
additionalGroups: []
# - name: additional-loki-rules
@@ -536,7 +607,6 @@
# expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route)
# - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate
# expr: sum(rate(container_cpu_usage_seconds_total[1m])) by (node, namespace, pod, container)
-
# ServiceMonitor configuration
serviceMonitor:
# -- If enabled, ServiceMonitor resources for Prometheus Operator are created
@@ -548,12 +618,17 @@
# -- Additional ServiceMonitor labels
labels: {}
# -- ServiceMonitor scrape interval
- interval: null
+ # Default is 15s because included recording rules use a 1m rate, and scrape interval needs to be at
+ # least 1/4 rate interval.
+ interval: 15s
# -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s)
scrapeTimeout: null
# -- ServiceMonitor relabel configs to apply to samples before scraping
# https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
relabelings: []
+ # -- ServiceMonitor metric relabel configs to apply to samples before ingestion
+ # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
+ metricRelabelings: []
# -- ServiceMonitor will use http by default, but you can pick https as well
scheme: http
# -- ServiceMonitor will use these tlsConfig settings to make the health check requests
@@ -568,15 +643,13 @@
labels: {}
# -- If defined a MetricsInstance will be created to remote write metrics.
remoteWrite: null
-
- # Self monitoring determines whether Loki should scrape it's own logs.
+ # Self monitoring determines whether Loki should scrape its own logs.
# This feature currently relies on the Grafana Agent Operator being installed,
# which is installed by default using the grafana-agent-operator sub-chart.
# It will create custom resources for GrafanaAgent, LogsInstance, and PodLogs to configure
- # scrape configs to scrape it's own logs with the labels expected by the included dashboards.
+ # scrape configs to scrape its own logs with the labels expected by the included dashboards.
selfMonitoring:
enabled: true
-
# -- Tenant to use for self monitoring
tenant:
# -- Name of the tenant
@@ -584,7 +657,6 @@
# -- Namespace to create additional tenant token secret in. Useful if your Grafana instance
# is in a separate namespace. Token will still be created in the canary namespace.
secretNamespace: "{{ .Release.Namespace }}"
-
# Grafana Agent configuration
grafanaAgent:
# -- Controls whether to install the Grafana Agent Operator and its CRDs.
@@ -597,9 +669,21 @@
labels: {}
# -- Enable the config read api on port 8080 of the agent
enableConfigReadAPI: false
-
+ # -- The name of the PriorityClass for GrafanaAgent pods
+ priorityClassName: null
+ # -- Resource requests and limits for the grafanaAgent pods
+ resources: {}
+ # limits:
+ # memory: 200Mi
+ # requests:
+ # cpu: 50m
+ # memory: 100Mi
+ # -- Tolerations for GrafanaAgent pods
+ tolerations: []
# PodLogs configuration
podLogs:
+ # -- PodLogs version
+ apiVersion: monitoring.grafana.com/v1alpha1
# -- PodLogs annotations
annotations: {}
# -- Additional PodLogs labels
@@ -607,7 +691,9 @@
# -- PodLogs relabel configs to apply to samples before scraping
# https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
relabelings: []
-
+ # -- Additional pipeline stages to process logs after scraping
+ # https://grafana.com/docs/agent/latest/operator/api/#pipelinestagespec-a-namemonitoringgrafanacomv1alpha1pipelinestagespeca
+ additionalPipelineStages: []
# LogsInstance configuration
logsInstance:
# -- LogsInstance annotations
@@ -616,13 +702,21 @@
labels: {}
# -- Additional clients for remote write
clients: null
-
# The Loki canary pushes logs to and queries from this loki installation to test
# that it's working correctly
lokiCanary:
enabled: true
+ # -- The name of the label to look for at loki when doing the checks.
+ labelname: pod
# -- Additional annotations for the `loki-canary` Daemonset
annotations: {}
+ # -- Additional labels for each `loki-canary` pod
+ podLabels: {}
+ service:
+ # -- Annotations for loki-canary Service
+ annotations: {}
+ # -- Additional labels for loki-canary Service
+ labels: {}
# -- Additional CLI arguments for the `loki-canary' command
extraArgs: []
# -- Environment variables to add to the canary pods
@@ -631,10 +725,14 @@
extraEnvFrom: []
# -- Resource requests and limits for the canary
resources: {}
+ # -- DNS config for canary pods
+ dnsConfig: {}
# -- Node selector for canary pods
nodeSelector: {}
# -- Tolerations for canary pods
tolerations: []
+ # -- The name of the PriorityClass for loki-canary pods
+ priorityClassName: null
# -- Image to use for loki canary
image:
# -- The Docker registry
@@ -643,13 +741,44 @@
repository: grafana/loki-canary
# -- Overrides the image tag whose default is the chart's appVersion
tag: null
+ # -- Overrides the image tag with an image digest
+ digest: null
# -- Docker image pull policy
pullPolicy: IfNotPresent
-
+ # -- Update strategy for the `loki-canary` Daemonset pods
+ updateStrategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 1
# Configuration for the write pod(s)
write:
# -- Number of replicas for the write
replicas: 3
+ autoscaling:
+ # -- Enable autoscaling for the write.
+ enabled: false
+ # -- Minimum autoscaling replicas for the write.
+ minReplicas: 2
+ # -- Maximum autoscaling replicas for the write.
+ maxReplicas: 6
+ # -- Target CPU utilisation percentage for the write.
+ targetCPUUtilizationPercentage: 60
+ # -- Target memory utilization percentage for the write.
+ targetMemoryUtilizationPercentage:
+ # -- Behavior policies while scaling.
+ behavior:
+ # -- see https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown for scaledown details
+ scaleUp:
+ policies:
+ - type: Pods
+ value: 1
+ periodSeconds: 900
+ scaleDown:
+ policies:
+ - type: Pods
+ value: 1
+ periodSeconds: 1800
+ stabilizationWindowSeconds: 3600
image:
# -- The Docker registry for the write image. Overrides `loki.image.registry`
registry: null
@@ -659,14 +788,19 @@
tag: null
# -- The name of the PriorityClass for write pods
priorityClassName: null
+ # -- Annotations for write StatefulSet
+ annotations: {}
# -- Annotations for write pods
podAnnotations: {}
# -- Additional labels for each `write` pod
podLabels: {}
# -- Additional selector labels for each `write` pod
selectorLabels: {}
- # -- Labels for ingester service
- serviceLabels: {}
+ service:
+ # -- Annotations for write Service
+ annotations: {}
+ # -- Additional labels for write Service
+ labels: {}
# -- Comma-separated list of Loki modules to load for the write
targetModule: "write"
# -- Additional CLI args for the write
@@ -677,12 +811,21 @@
extraEnvFrom: []
# -- Lifecycle for the write container
lifecycle: {}
+ # -- The default /flush_shutdown preStop hook is recommended as part of the ingester
+ # scaledown process so it's added to the template by default when autoscaling is enabled,
+ # but it's disabled to optimize rolling restarts in instances that will never be scaled
+ # down or when using chunks storage with WAL disabled.
+ # https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown
# -- Init containers to add to the write pods
initContainers: []
+ # -- Containers to add to the write pods
+ extraContainers: []
# -- Volume mounts to add to the write pods
extraVolumeMounts: []
# -- Volumes to add to the write pods
extraVolumes: []
+ # -- volumeClaimTemplates to add to StatefulSet
+ extraVolumeClaimTemplates: []
# -- Resource requests and limits for the write
resources: {}
# -- Grace period to allow the write to shutdown before it is killed. Especially for the ingester,
@@ -698,11 +841,22 @@
matchLabels:
{{- include "loki.writeSelectorLabels" . | nindent 10 }}
topologyKey: kubernetes.io/hostname
+ # -- DNS config for write pods
+ dnsConfig: {}
# -- Node selector for write pods
nodeSelector: {}
+ # -- Topology Spread Constraints for write pods
+ topologySpreadConstraints: []
# -- Tolerations for write pods
tolerations: []
+ # -- The default is to deploy all pods in parallel.
+ podManagementPolicy: "Parallel"
persistence:
+ # -- Enable volume claims in pod spec
+ volumeClaimsEnabled: true
+ # -- Parameters used for the `data` volume when volumeClaimEnabled if false
+ dataVolumeParameters:
+ emptyDir: {}
# -- Enable StatefulSetAutoDeletePVC feature
enableStatefulSetAutoDeletePVC: false
# -- Size of persistent disk
@@ -715,7 +869,6 @@
storageClass: null
# -- Selector for persistent disk
selector: null
-
# Configuration for the table-manager
tableManager:
# -- Specifies whether the table-manager should be enabled
@@ -733,10 +886,15 @@
priorityClassName: null
# -- Labels for table-manager pods
podLabels: {}
+ # -- Annotations for table-manager deployment
+ annotations: {}
# -- Annotations for table-manager pods
podAnnotations: {}
- # -- Labels for table-manager service
- serviceLabels: {}
+ service:
+ # -- Annotations for table-manager Service
+ annotations: {}
+ # -- Additional labels for table-manager Service
+ labels: {}
# -- Additional CLI args for the table-manager
extraArgs: []
# -- Environment variables to add to the table-manager pods
@@ -769,11 +927,16 @@
matchLabels:
{{- include "loki.tableManagerSelectorLabels" . | nindent 12 }}
topologyKey: failure-domain.beta.kubernetes.io/zone
+ # -- DNS config table-manager pods
+ dnsConfig: {}
# -- Node selector for table-manager pods
nodeSelector: {}
# -- Tolerations for table-manager pods
tolerations: []
-
+ # -- Enable deletes by retention
+ retention_deletes_enabled: false
+ # -- Set retention period
+ retention_period: 0
# Configuration for the read pod(s)
read:
# -- Number of replicas for the read
@@ -782,13 +945,27 @@
# -- Enable autoscaling for the read, this is only used if `queryIndex.enabled: true`
enabled: false
# -- Minimum autoscaling replicas for the read
- minReplicas: 1
+ minReplicas: 2
# -- Maximum autoscaling replicas for the read
- maxReplicas: 3
+ maxReplicas: 6
# -- Target CPU utilisation percentage for the read
targetCPUUtilizationPercentage: 60
# -- Target memory utilisation percentage for the read
targetMemoryUtilizationPercentage:
+ # -- Behavior policies while scaling.
+ behavior: {}
+ # scaleUp:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 1
+ # periodSeconds: 60
+ # scaleDown:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 1
+ # periodSeconds: 180
image:
# -- The Docker registry for the read image. Overrides `loki.image.registry`
registry: null
@@ -798,22 +975,29 @@
tag: null
# -- The name of the PriorityClass for read pods
priorityClassName: null
+ # -- Annotations for read deployment
+ annotations: {}
# -- Annotations for read pods
podAnnotations: {}
# -- Additional labels for each `read` pod
podLabels: {}
# -- Additional selector labels for each `read` pod
selectorLabels: {}
- # -- Labels for read service
- serviceLabels: {}
+ service:
+ # -- Annotations for read Service
+ annotations: {}
+ # -- Additional labels for read Service
+ labels: {}
# -- Comma-separated list of Loki modules to load for the read
targetModule: "read"
# -- Whether or not to use the 2 target type simple scalable mode (read, write) or the
# 3 target type (read, write, backend). Legacy refers to the 2 target type, so true will
# run two targets, false will run 3 targets.
- legacyReadTarget: true
+ legacyReadTarget: false
# -- Additional CLI args for the read
extraArgs: []
+ # -- Containers to add to the read pods
+ extraContainers: []
# -- Environment variables to add to the read pods
extraEnv: []
# -- Environment variables from secrets or configmaps to add to the read pods
@@ -837,10 +1021,16 @@
matchLabels:
{{- include "loki.readSelectorLabels" . | nindent 10 }}
topologyKey: kubernetes.io/hostname
+ # -- DNS config for read pods
+ dnsConfig: {}
# -- Node selector for read pods
nodeSelector: {}
+ # -- Topology Spread Constraints for read pods
+ topologySpreadConstraints: []
# -- Tolerations for read pods
tolerations: []
+ # -- The default is to deploy all pods in parallel.
+ podManagementPolicy: "Parallel"
persistence:
# -- Enable StatefulSetAutoDeletePVC feature
enableStatefulSetAutoDeletePVC: true
@@ -854,11 +1044,35 @@
storageClass: null
# -- Selector for persistent disk
selector: null
-
# Configuration for the backend pod(s)
backend:
# -- Number of replicas for the backend
replicas: 3
+ autoscaling:
+ # -- Enable autoscaling for the backend.
+ enabled: false
+ # -- Minimum autoscaling replicas for the backend.
+ minReplicas: 3
+ # -- Maximum autoscaling replicas for the backend.
+ maxReplicas: 6
+ # -- Target CPU utilization percentage for the backend.
+ targetCPUUtilizationPercentage: 60
+ # -- Target memory utilization percentage for the backend.
+ targetMemoryUtilizationPercentage:
+ # -- Behavior policies while scaling.
+ behavior: {}
+ # scaleUp:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 1
+ # periodSeconds: 60
+ # scaleDown:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 1
+ # periodSeconds: 180
image:
# -- The Docker registry for the backend image. Overrides `loki.image.registry`
registry: null
@@ -868,14 +1082,19 @@
tag: null
# -- The name of the PriorityClass for backend pods
priorityClassName: null
+ # -- Annotations for backend StatefulSet
+ annotations: {}
# -- Annotations for backend pods
podAnnotations: {}
# -- Additional labels for each `backend` pod
podLabels: {}
# -- Additional selector labels for each `backend` pod
selectorLabels: {}
- # -- Labels for ingester service
- serviceLabels: {}
+ service:
+ # -- Annotations for backend Service
+ annotations: {}
+ # -- Additional labels for backend Service
+ labels: {}
# -- Comma-separated list of Loki modules to load for the read
targetModule: "backend"
# -- Additional CLI args for the backend
@@ -905,11 +1124,22 @@
matchLabels:
{{- include "loki.backendSelectorLabels" . | nindent 10 }}
topologyKey: kubernetes.io/hostname
+ # -- DNS config for backend pods
+ dnsConfig: {}
# -- Node selector for backend pods
nodeSelector: {}
+ # -- Topology Spread Constraints for backend pods
+ topologySpreadConstraints: []
# -- Tolerations for backend pods
tolerations: []
+ # -- The default is to deploy all pods in parallel.
+ podManagementPolicy: "Parallel"
persistence:
+ # -- Enable volume claims in pod spec
+ volumeClaimsEnabled: true
+ # -- Parameters used for the `data` volume when volumeClaimEnabled if false
+ dataVolumeParameters:
+ emptyDir: {}
# -- Enable StatefulSetAutoDeletePVC feature
enableStatefulSetAutoDeletePVC: true
# -- Size of persistent disk
@@ -922,13 +1152,12 @@
storageClass: null
# -- Selector for persistent disk
selector: null
-
# Configuration for the single binary node(s)
singleBinary:
# -- Number of replicas for the single binary
replicas: 0
autoscaling:
- # -- Enable autoscaling, this is only used if `queryIndex.enabled: true`
+ # -- Enable autoscaling
enabled: false
# -- Minimum autoscaling replicas for the single binary
minReplicas: 1
@@ -947,12 +1176,19 @@
tag: null
# -- The name of the PriorityClass for single binary pods
priorityClassName: null
+ # -- Annotations for single binary StatefulSet
+ annotations: {}
# -- Annotations for single binary pods
podAnnotations: {}
# -- Additional labels for each `single binary` pod
podLabels: {}
# -- Additional selector labels for each `single binary` pod
selectorLabels: {}
+ service:
+ # -- Annotations for single binary Service
+ annotations: {}
+ # -- Additional labels for single binary Service
+ labels: {}
# -- Comma-separated list of Loki modules to load for the single binary
targetModule: "all"
# -- Labels for single binary service
@@ -961,6 +1197,8 @@
extraEnv: []
# -- Environment variables from secrets or configmaps to add to the single binary pods
extraEnvFrom: []
+ # -- Extra containers to add to the single binary loki pod
+ extraContainers: []
# -- Init containers to add to the single binary pods
initContainers: []
# -- Volume mounts to add to the single binary pods
@@ -980,6 +1218,8 @@
matchLabels:
{{- include "loki.singleBinarySelectorLabels" . | nindent 10 }}
topologyKey: kubernetes.io/hostname
+ # -- DNS config for single binary pods
+ dnsConfig: {}
# -- Node selector for single binary pods
nodeSelector: {}
# -- Tolerations for single binary pods
@@ -999,7 +1239,6 @@
storageClass: null
# -- Selector for persistent disk
selector: null
-
# Use either this ingress or the gateway, but not both at once.
# If you enable this, make sure to disable the gateway.
# You'll need to supply authn configuration for your ingress controller.
@@ -1012,6 +1251,8 @@
# nginx.ingress.kubernetes.io/auth-secret-type: auth-map
# nginx.ingress.kubernetes.io/configuration-snippet: |
# proxy_set_header X-Scope-OrgID $remote_user;
+ labels: {}
+ # blackbox.monitoring.exclude: "true"
paths:
write:
- /api/prom/push
@@ -1034,9 +1275,10 @@
- /loki/api/v1/rules
- /prometheus/api/v1/rules
- /prometheus/api/v1/alerts
-
+ # -- Hosts configuration for the ingress, passed through the `tpl` function to allow templating
hosts:
- loki.example.com
+ # -- TLS configuration for the ingress. Hosts passed through the `tpl` function to allow templating
tls: []
# - hosts:
# - loki.example.com
@@ -1046,7 +1288,6 @@
memberlist:
service:
publishNotReadyAddresses: false
-
# Configuration for the gateway
gateway:
# -- Specifies whether the gateway should be enabled
@@ -1066,8 +1307,22 @@
targetCPUUtilizationPercentage: 60
# -- Target memory utilisation percentage for the gateway
targetMemoryUtilizationPercentage:
- # -- See `kubectl explain deployment.spec.strategy` for more
- # -- ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+ # -- See `kubectl explain deployment.spec.strategy` for more
+ # -- ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+ # -- Behavior policies while scaling.
+ behavior: {}
+ # scaleUp:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 1
+ # periodSeconds: 60
+ # scaleDown:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 1
+ # periodSeconds: 180
deploymentStrategy:
type: RollingUpdate
image:
@@ -1076,11 +1331,15 @@
# -- The gateway image repository
repository: nginxinc/nginx-unprivileged
# -- The gateway image tag
- tag: 1.19-alpine
+ tag: 1.24-alpine
+ # -- Overrides the gateway image tag with an image digest
+ digest: null
# -- The gateway image pull policy
pullPolicy: IfNotPresent
# -- The name of the PriorityClass for gateway pods
priorityClassName: null
+ # -- Annotations for gateway deployment
+ annotations: {}
# -- Annotations for gateway pods
podAnnotations: {}
# -- Additional labels for gateway pods
@@ -1112,6 +1371,8 @@
allowPrivilegeEscalation: false
# -- Resource requests and limits for the gateway
resources: {}
+ # -- Containers to add to the gateway pods
+ extraContainers: []
# -- Grace period to allow the gateway to shutdown before it is killed
terminationGracePeriodSeconds: 30
# -- Affinity for gateway pods. Passed through `tpl` and, thus, to be configured as string
@@ -1123,8 +1384,12 @@
matchLabels:
{{- include "loki.gatewaySelectorLabels" . | nindent 10 }}
topologyKey: kubernetes.io/hostname
+ # -- DNS config for gateway pods
+ dnsConfig: {}
# -- Node selector for gateway pods
nodeSelector: {}
+ # -- Topology Spread Constraints for gateway pods
+ topologySpreadConstraints: []
# -- Tolerations for gateway pods
tolerations: []
# Gateway service configuration
@@ -1151,14 +1416,16 @@
ingressClassName: ""
# -- Annotations for the gateway ingress
annotations: {}
- # -- Hosts configuration for the gateway ingress
+ # -- Labels for the gateway ingress
+ labels: {}
+ # -- Hosts configuration for the gateway ingress, passed through the `tpl` function to allow templating
hosts:
- host: gateway.loki.example.com
paths:
- path: /
# -- pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers
# pathType: Prefix
- # -- TLS configuration for the gateway ingress
+ # -- TLS configuration for the gateway ingress. Hosts passed through the `tpl` function to allow templating
tls:
- secretName: loki-gateway-tls
hosts:
@@ -1171,12 +1438,18 @@
username: null
# -- The basic auth password for the gateway
password: null
- # -- Uses the specified username and password to compute a htpasswd using Sprig's `htpasswd` function.
+ # -- Uses the specified users from the `loki.tenants` list to create the htpasswd file
+ # if `loki.tenants` is not set, the `gateway.basicAuth.username` and `gateway.basicAuth.password` are used
# The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes
# high CPU load.
htpasswd: >-
- {{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }}
+ {{ if .Values.loki.tenants }}
+ {{- range $t := .Values.loki.tenants }}
+ {{ htpasswd (required "All tenants must have a 'name' set" $t.name) (required "All tenants must have a 'password' set" $t.password) }}
+
+ {{- end }}
+ {{ else }} {{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }} {{ end }}
# -- Existing basic auth secret to use. Must contain '.htpasswd'
existingSecret: null
# Configures the readiness probe for the gateway
@@ -1187,6 +1460,8 @@
initialDelaySeconds: 15
timeoutSeconds: 1
nginxConfig:
+ # -- Enable listener for IPv6, disable on IPv4-only systems
+ enableIPv6: true
# -- NGINX log format
logFormat: |-
main '$remote_addr - $remote_user [$time_local] $status '
@@ -1194,14 +1469,17 @@
'"$http_user_agent" "$http_x_forwarded_for"';
# -- Allows appending custom configuration to the server block
serverSnippet: ""
- # -- Allows appending custom configuration to the http block
- httpSnippet: ""
+ # -- Allows appending custom configuration to the http block, passed through the `tpl` function to allow templating
+ httpSnippet: >-
+ {{ if .Values.loki.tenants }}proxy_set_header X-Scope-OrgID $remote_user;{{ end }}
# -- Override Read URL
customReadUrl: null
# -- Override Write URL
customWriteUrl: null
# -- Override Backend URL
customBackendUrl: null
+ # -- Allows overriding the DNS resolver address nginx will use.
+ resolver: ""
# -- Config file contents for Nginx. Passed through the `tpl` function to allow templating
# @default -- See values.yaml
file: |
@@ -1209,6 +1487,9 @@
networkPolicy:
# -- Specifies whether Network Policies should be created
enabled: false
+ # -- Specifies whether the policies created will be standard Network Policies (flavor: kubernetes)
+ # or Cilium Network Policies (flavor: cilium)
+ flavor: kubernetes
metrics:
# -- Specifies the Pods which are allowed to access the metrics port.
# As this is cross-namespace communication, you also need the namespaceSelector.
@@ -1246,10 +1527,12 @@
podSelector: {}
# -- Specifies the namespace the discovery Pods are running in
namespaceSelector: {}
-
-tracing:
- jaegerAgentHost: ""
-
+ egressWorld:
+ # -- Enable additional cilium egress rules to external world for write, read and backend.
+ enabled: false
+ egressKubeApiserver:
+ # -- Enable additional cilium egress rules to kube-apiserver for backend.
+ enabled: false
# -------------------------------------
# Configuration for `minio` child chart
# -------------------------------------
@@ -1278,7 +1561,6 @@
requests:
cpu: 100m
memory: 128Mi
-
# Create extra manifests via values. Would be passed through `tpl` for templating
extraObjects: []
# - apiVersion: v1
@@ -1299,3 +1581,62 @@
# category: logs
# annotations:
# message: "loki has encountered errors"
+
+sidecar:
+ image:
+ # -- The Docker registry and image for the k8s sidecar
+ repository: kiwigrid/k8s-sidecar
+ # -- Docker image tag
+ tag: 1.24.3
+ # -- Docker image sha. If empty, no sha will be used
+ sha: ""
+ # -- Docker image pull policy
+ pullPolicy: IfNotPresent
+ # -- Resource requests and limits for the sidecar
+ resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 100Mi
+ # requests:
+ # cpu: 50m
+ # memory: 50Mi
+ # -- The SecurityContext for the sidecar.
+ securityContext: {}
+ # -- Set to true to skip tls verification for kube api calls.
+ skipTlsVerify: false
+ # -- Ensure that rule files aren't conflicting and being overwritten by prefixing their name with the namespace they are defined in.
+ enableUniqueFilenames: false
+ # -- Readiness probe definition. Probe is disabled on the sidecar by default.
+ readinessProbe: {}
+ # -- Liveness probe definition. Probe is disabled on the sidecar by default.
+ livenessProbe: {}
+ rules:
+ # -- Whether or not to create a sidecar to ingest rule from specific ConfigMaps and/or Secrets.
+ enabled: true
+ # -- Label that the configmaps/secrets with rules will be marked with.
+ label: loki_rule
+ # -- Label value that the configmaps/secrets with rules will be set to.
+ labelValue: ""
+ # -- Folder into which the rules will be placed.
+ folder: /rules
+ # -- Comma separated list of namespaces. If specified, the sidecar will search for config-maps/secrets inside these namespaces.
+ # Otherwise the namespace in which the sidecar is running will be used.
+ # It's also possible to specify 'ALL' to search in all namespaces.
+ searchNamespace: null
+ # -- Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH request, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
+ watchMethod: WATCH
+ # -- Search in configmap, secret, or both.
+ resource: both
+ # -- Absolute path to the shell script to execute after a configmap or secret has been reloaded.
+ script: null
+ # -- WatchServerTimeout: request to the server, asking it to cleanly close the connection after that.
+ # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S.
+ watchServerTimeout: 60
+ #
+ # -- WatchClientTimeout: is a client-side timeout, configuring your local socket.
+ # If you have a network outage dropping all packets with no RST/FIN,
+ # this is how long your client waits before realizing & dropping the connection.
+ # Defaults to 66sec.
+ watchClientTimeout: 60
+ # -- Log level of the sidecar container.
+ logLevel: INFO