Merge pull request grafana#74 from grafana/main

Update from upstream repository

CHANGELOG.md

@@ -38,7 +38,7 @@ Check the history of the branch FIXME.
 
 ### Dependencies
 
-* Go Version:     FIXME
+* Go Version: 1.19
 
 ## 2.7.0
 
@@ -126,9 +126,9 @@ Check the history of the branch FIXME.
 
 ### Notes
 
-This release was created from a branch starting at commit FIXME but it may also contain backported changes from main.
+This release was created from a branch starting at commit `706c22e9e40b0156031f214b63dc6ed4e210abc1` but it may also contain backported changes from main.
 
-Check the history of the branch FIXME.
+Check the history of the branch `release-2.7.x`.
 
 ### Dependencies
 

docs/sources/installation/helm/install-scalable/index.md

@@ -62,7 +62,7 @@ It is not possible to run the scalable mode with the `filesystem` storage.
           insecure: false
       ```
 
-      Consult the [Reference](../reference) for configuring otehr storage providers.
+      Consult the [Reference](../reference) for configuring other storage providers.
 
     - Define the AWS S3 credentials in the file.
 

docs/sources/installation/helm/reference.md

@@ -1312,6 +1312,15 @@ null
   "runAsUser": 10001
 }
 </pre>
+</td>
+		</tr>
+		<tr>
+			<td>loki.querier</td>
+			<td>object</td>
+			<td>Optional querier configuration</td>
+			<td><pre lang="json">
+{}
+</pre>
 </td>
 		</tr>
 		<tr>

docs/sources/release-notes/_index.md

@@ -7,6 +7,7 @@ weight: 100
 Release notes for Loki are in the CHANGELOG for the release and
 listed here by version number.
 
+- [V2.7 release notes](../release-notes/v2-7/)
 - [V2.6 release notes](../release-notes/v2-6/)
 - [V2.5 release notes](../release-notes/v2-5/)
 - [V2.4 release notes](../release-notes/v2-4/)

docs/sources/release-notes/v2-7.md

@@ -0,0 +1,34 @@
+---
+title: V2.7
+weight: 66
+---
+
+# Version 2.7 release notes
+
+Grafana Labs is excited to announce the release of Loki 2.7. Here's a summary of new enhancements and important fixes:
+
+## Features and enhancements
+
+- **New Internal Server and TLS** TLS can now be configured everywhere and there is an internal server to allow ring, memberlist, and readiness handlers to continue to work without TLS.
+- **Better Support for Azure Blob Storage** thanks to the ability to use Azure's Service Principal Credentials.
+- **Logs can now be pushed from the Loki canary** so you don't have to rely on a scraping service to use the canary.
+- **Additional `label_format` fields** `__timestamp__` and `__line__`.
+- **New embedded cache** which is an in-process cache system that runs loki without the need for an external cache (like memcached, redis, etc).
+- **New HTTP endpoint for Ingester shutdown** that will also delete the ring token.
+- **Faster label queries** thanks to new parallization.
+- **Introducing Stream Sharding** an experimental new feature to help deal with very large streams.
+- **Promtail**
+  - support for max stream limit
+  - config reload endpoint / signal
+  - compressed file support
+  - `lambda-promtail` now supports Kinesis data stream events
+  - matches for the journal reader
+  - basic tracing support
+
+For a full list of all changes please look at the [CHANGELOG](https://github.com/grafana/loki/blob/main/CHANGELOG.md).
+
+## Upgrade Considerations
+
+As always, please read the [upgrade guide](../../upgrading/#260) before upgrading Loki.
+
+## Bug fixes

docs/sources/upgrading/_index.md

@@ -116,12 +116,36 @@ The global `deletion_mode` option in the compactor configuration moved to runtim
 
 The name of this metric was changed to `loki_internal_log_messages_total` to reduce ambiguity. The previous name is still present but is deprecated.
 
+#### Usage Report  / Telemetry config has changed named
+
+The configuration for anonymous usage statistics reporting to Grafana has changed from `usage_report` to `analytics`.
+
+#### TLS `cipher_suites` and `tls_min_version` have moved
+
+These were previously configurable under `server.http_tls_config` and `server.grpc_tls_config` separately. They are now under `server.tls_cipher_suites` and `server.tls_min_version`. These values are also now configurable for individual clients, for example: `distributor.ring.etcd` or `querier.ingester_client.grpc_client_config`.
+
+#### Querier `query_timeout` default changed
+
+The previous default value for `querier.query_timeout` of `1m` has changed to `0s`.
+
+#### `ruler.storage.configdb` has been removed
+
+ConfigDB was disallowed as a Ruler storage option back in 2.0. The config struct has finally been removed.
+
+#### `ruler.remote_write.client` has been removed
+
+Can no longer specify a remote write client for the ruler.
+
 ### Promtail
 
 #### `gcp_push_target_parsing_errors_total` has a new `reason` label
 
 The `gcp_push_target_parsing_errors_total` GCP Push Target metrics has been added a new label named `reason`. This includes detail on what might have caused the parsing to fail.
 
+#### Windows event logs: now correctly includes `user_data`
+
+The contents of the `user_data` field was erroneously set to the same value as `event_data` in previous versions. This was fixed in [#7461](https://github.com/grafana/loki/pull/7461) and log queries relying on this broken behaviour may be impacted.
+
 ## 2.6.0
 
 ### Loki

operator/apis/config/v1/projectconfig_types.go

@@ -46,6 +46,10 @@ type OpenShiftFeatureGates struct {
 	// ClusterTLSPolicy enables usage of TLS policies set in the API Server.
 	// More details: https://docs.openshift.com/container-platform/4.11/security/tls-security-profiles.html
 	ClusterTLSPolicy bool `json:"clusterTLSPolicy,omitempty"`
+
+	// ClusterProxy enables usage of the proxy variables set in the proxy resource.
+	// More details: https://docs.openshift.com/container-platform/4.11/networking/enable-cluster-wide-proxy.html#enable-cluster-wide-proxy
+	ClusterProxy bool `json:"clusterProxy,omitempty"`
 }
 
 // FeatureGates is the supported set of all operator feature gates.

operator/apis/loki/v1/lokistack_types.go

@@ -323,6 +323,35 @@ type LokiTemplateSpec struct {
 	Ruler *LokiComponentSpec `json:"ruler,omitempty"`
 }
 
+// ClusterProxy is the Proxy configuration when the cluster is behind a Proxy.
+type ClusterProxy struct {
+	// HTTPProxy configures the HTTP_PROXY/http_proxy env variable.
+	//
+	// +optional
+	// +kubebuilder:validation:optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="HTTPProxy"
+	HTTPProxy string `json:"httpProxy,omitempty"`
+	// HTTPSProxy configures the HTTPS_PROXY/https_proxy env variable.
+	//
+	// +optional
+	// +kubebuilder:validation:optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="HTTPSProxy"
+	HTTPSProxy string `json:"httpsProxy,omitempty"`
+	// NoProxy configures the NO_PROXY/no_proxy env variable.
+	//
+	// +optional
+	// +kubebuilder:validation:optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="NoProxy"
+	NoProxy string `json:"noProxy,omitempty"`
+	// ReadVarsFromEnv defines a flag to use Operator-lib provides a helper function
+	//
+	// +optional
+	// +kubebuilder:validation:optional
+	// +kubebuilder:default:=false
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:com.tectonic.ui:booleanSwitch",displayName="ReadVarsFromEnv"
+	ReadVarsFromEnv bool `json:"readVarsFromEnv,omitempty"`
+}
+
 // ObjectStorageTLSSpec is the TLS configuration for reaching the object storage endpoint.
 type ObjectStorageTLSSpec struct {
 	// Key is the data key of a ConfigMap containing a CA certificate.
@@ -666,6 +695,13 @@ type LokiStackSpec struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:io.kubernetes:StorageClass",displayName="Storage Class Name"
 	StorageClassName string `json:"storageClassName"`
 
+	// Proxy defines the spec for the object proxy to configure cluster proxy information.
+	//
+	// +optional
+	// +kubebuilder:validation:Required
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Cluster Proxy"
+	Proxy *ClusterProxy `json:"proxy"`
+
 	// ReplicationFactor defines the policy for log stream replication.
 	//
 	// +optional

operator/bundle/manifests/loki-operator-manager-config_v1_configmap.yaml

@@ -57,6 +57,7 @@ data:
         gatewayRoute: true
         ruleExtendedValidation: true
         clusterTLSPolicy: true
+        clusterProxy: true
 kind: ConfigMap
 metadata:
   labels:

operator/bundle/manifests/loki-operator.clusterserviceversion.yaml

@@ -415,6 +415,25 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:select:Managed
         - urn:alm:descriptor:com.tectonic.ui:select:Unmanaged
+      - description: Proxy defines the spec for the object proxy to configure cluster
+          proxy information.
+        displayName: Cluster Proxy
+        path: proxy
+      - description: HTTPProxy configures the HTTP_PROXY/http_proxy env variable.
+        displayName: HTTPProxy
+        path: proxy.httpProxy
+      - description: HTTPSProxy configures the HTTPS_PROXY/https_proxy env variable.
+        displayName: HTTPSProxy
+        path: proxy.httpsProxy
+      - description: NoProxy configures the NO_PROXY/no_proxy env variable.
+        displayName: NoProxy
+        path: proxy.noProxy
+      - description: ReadVarsFromEnv defines a flag to use Operator-lib provides a
+          helper function
+        displayName: ReadVarsFromEnv
+        path: proxy.readVarsFromEnv
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
       - description: ReplicationFactor defines the policy for log stream replication.
         displayName: Replication Factor
         path: replicationFactor
@@ -1029,6 +1048,7 @@ spec:
           resources:
           - apiservers
           - dnses
+          - proxy
           verbs:
           - get
           - list

operator/bundle/manifests/loki.grafana.com_lokistacks.yaml

@@ -292,6 +292,27 @@ spec:
                 - Managed
                 - Unmanaged
                 type: string
+              proxy:
+                description: Proxy defines the spec for the object proxy to configure
+                  cluster proxy information.
+                properties:
+                  httpProxy:
+                    description: HTTPProxy configures the HTTP_PROXY/http_proxy env
+                      variable.
+                    type: string
+                  httpsProxy:
+                    description: HTTPSProxy configures the HTTPS_PROXY/https_proxy
+                      env variable.
+                    type: string
+                  noProxy:
+                    description: NoProxy configures the NO_PROXY/no_proxy env variable.
+                    type: string
+                  readVarsFromEnv:
+                    default: false
+                    description: ReadVarsFromEnv defines a flag to use Operator-lib
+                      provides a helper function
+                    type: boolean
+                type: object
               replicationFactor:
                 default: 1
                 description: ReplicationFactor defines the policy for log stream replication.

operator/config/crd/bases/loki.grafana.com_lokistacks.yaml

@@ -275,6 +275,27 @@ spec:
                 - Managed
                 - Unmanaged
                 type: string
+              proxy:
+                description: Proxy defines the spec for the object proxy to configure
+                  cluster proxy information.
+                properties:
+                  httpProxy:
+                    description: HTTPProxy configures the HTTP_PROXY/http_proxy env
+                      variable.
+                    type: string
+                  httpsProxy:
+                    description: HTTPSProxy configures the HTTPS_PROXY/https_proxy
+                      env variable.
+                    type: string
+                  noProxy:
+                    description: NoProxy configures the NO_PROXY/no_proxy env variable.
+                    type: string
+                  readVarsFromEnv:
+                    default: false
+                    description: ReadVarsFromEnv defines a flag to use Operator-lib
+                      provides a helper function
+                    type: boolean
+                type: object
               replicationFactor:
                 default: 1
                 description: ReplicationFactor defines the policy for log stream replication.

operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml

@@ -270,6 +270,25 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:select:Managed
         - urn:alm:descriptor:com.tectonic.ui:select:Unmanaged
+      - description: Proxy defines the spec for the object proxy to configure cluster
+          proxy information.
+        displayName: Cluster Proxy
+        path: proxy
+      - description: HTTPProxy configures the HTTP_PROXY/http_proxy env variable.
+        displayName: HTTPProxy
+        path: proxy.httpProxy
+      - description: HTTPSProxy configures the HTTPS_PROXY/https_proxy env variable.
+        displayName: HTTPSProxy
+        path: proxy.httpsProxy
+      - description: NoProxy configures the NO_PROXY/no_proxy env variable.
+        displayName: NoProxy
+        path: proxy.noProxy
+      - description: ReadVarsFromEnv defines a flag to use Operator-lib provides a
+          helper function
+        displayName: ReadVarsFromEnv
+        path: proxy.readVarsFromEnv
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
       - description: ReplicationFactor defines the policy for log stream replication.
         displayName: Replication Factor
         path: replicationFactor

operator/config/overlays/openshift/controller_manager_config.yaml

@@ -54,3 +54,4 @@ featureGates:
     gatewayRoute: true
     ruleExtendedValidation: true
     clusterTLSPolicy: true
+    clusterProxy: true

operator/config/rbac/role.yaml

@@ -57,6 +57,7 @@ rules:
   resources:
   - apiservers
   - dnses
+  - proxy
   verbs:
   - get
   - list

operator/controllers/loki/lokistack_controller.go

@@ -85,7 +85,7 @@ type LokiStackReconciler struct {
 // +kubebuilder:rbac:groups=monitoring.coreos.com,resources=alertmanagers,verbs=patch
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;create;update
 // +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update
-// +kubebuilder:rbac:groups=config.openshift.io,resources=dnses;apiservers,verbs=get;list;watch
+// +kubebuilder:rbac:groups=config.openshift.io,resources=dnses;apiservers;proxy,verbs=get;list;watch
 // +kubebuilder:rbac:groups=route.openshift.io,resources=routes,verbs=get;list;watch;create;update;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
@@ -194,5 +194,9 @@ func (r *LokiStackReconciler) buildController(bld k8s.Builder) error {
 		bld = bld.Owns(&openshiftconfigv1.APIServer{}, updateOrDeleteOnlyPred)
 	}
 
+	if r.FeatureGates.OpenShift.ClusterProxy {
+		bld = bld.Owns(&openshiftconfigv1.Proxy{}, updateOrDeleteOnlyPred)
+	}
+
 	return bld.Complete(r)
 }

operator/controllers/loki/lokistack_controller_test.go

@@ -178,6 +178,17 @@ func TestLokiStackController_RegisterOwnedResourcesForUpdateOrDeleteOnly(t *test
 			},
 			pred: updateOrDeleteOnlyPred,
 		},
+		{
+			obj:           &openshiftconfigv1.Proxy{},
+			index:         11,
+			ownCallsCount: 12,
+			featureGates: configv1.FeatureGates{
+				OpenShift: configv1.OpenShiftFeatureGates{
+					ClusterProxy: true,
+				},
+			},
+			pred: updateOrDeleteOnlyPred,
+		},
 	}
 	for _, tst := range table {
 		b := &k8sfakes.FakeBuilder{}