From 706c22e9e40b0156031f214b63dc6ed4e210abc1 Mon Sep 17 00:00:00 2001 From: Jasper <44026484+jasperjonker@users.noreply.github.com> Date: Thu, 10 Nov 2022 15:09:30 +0100 Subject: [PATCH 1/6] Loki: Add querier config to loki helm (#7627) add the ability to update querier config using `values.yaml` file --- docs/sources/installation/helm/reference.md | 9 +++++++++ production/helm/loki/Chart.yaml | 2 +- production/helm/loki/README.md | 2 +- production/helm/loki/values.yaml | 8 ++++++++ 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/docs/sources/installation/helm/reference.md b/docs/sources/installation/helm/reference.md index d8710129b6d3..0c64710293a9 100644 --- a/docs/sources/installation/helm/reference.md +++ b/docs/sources/installation/helm/reference.md @@ -1312,6 +1312,15 @@ null "runAsUser": 10001 } + + + + loki.querier + object + Optional querier configuration + 
+{}
+
diff --git a/production/helm/loki/Chart.yaml b/production/helm/loki/Chart.yaml index ba474e79ac67..48b1d58113a7 100644 --- a/production/helm/loki/Chart.yaml +++ b/production/helm/loki/Chart.yaml @@ -4,7 +4,7 @@ name: loki description: Helm chart for Grafana Loki in simple, scalable mode type: application appVersion: 2.6.1 -version: 3.3.3 +version: 3.3.4 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/production/helm/loki/README.md b/production/helm/loki/README.md index 910dfa49e6a5..e0cfe25733ca 100644 --- a/production/helm/loki/README.md +++ b/production/helm/loki/README.md @@ -1,6 +1,6 @@ # loki -![Version: 3.3.3](https://img.shields.io/badge/Version-3.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.6.1](https://img.shields.io/badge/AppVersion-2.6.1-informational?style=flat-square) +![Version: 3.3.4](https://img.shields.io/badge/Version-3.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.6.1](https://img.shields.io/badge/AppVersion-2.6.1-informational?style=flat-square) Helm chart for Grafana Loki in simple, scalable mode diff --git a/production/helm/loki/values.yaml b/production/helm/loki/values.yaml index 18f95051a645..2dbfb65308ac 100644 --- a/production/helm/loki/values.yaml +++ b/production/helm/loki/values.yaml @@ -173,6 +173,11 @@ loki: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} + {{- with .Values.loki.querier }} + querier: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + # Should authentication be enabled auth_enabled: true @@ -259,6 +264,9 @@ loki: # -- Optional analytics configuration analytics: {} + # -- Optional querier configuration + querier: {} + enterprise: # Enable enterprise features, license must be provided enabled: false From 04c7fbb531581b9ee4856a17394d5593243030c4 Mon Sep 17 00:00:00 2001 From: Trevor Whitney Date: Thu, 10 Nov 2022 16:30:11 -0700 Subject: [PATCH 2/6] Add config changes to upgrade guide (#7662) **What this PR does / why we need it**: This add config differences I noticed when running the config diff tool between 2.6 and 2.7 Co-authored-by: JordanRushing --- CHANGELOG.md | 6 +++--- docs/sources/upgrading/_index.md | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c47a36d3acf0..849bf54a7693 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -38,7 +38,7 @@ Check the history of the branch FIXME. ### Dependencies -* Go Version: FIXME +* Go Version: 1.19 ## 2.7.0 @@ -126,9 +126,9 @@ Check the history of the branch FIXME. ### Notes -This release was created from a branch starting at commit FIXME but it may also contain backported changes from main. +This release was created from a branch starting at commit `706c22e9e40b0156031f214b63dc6ed4e210abc1` but it may also contain backported changes from main. -Check the history of the branch FIXME. +Check the history of the branch `release-2.7.x`. ### Dependencies diff --git a/docs/sources/upgrading/_index.md b/docs/sources/upgrading/_index.md index bbf2a1f0ed56..c1013dd29e04 100644 --- a/docs/sources/upgrading/_index.md +++ b/docs/sources/upgrading/_index.md @@ -116,6 +116,26 @@ The global `deletion_mode` option in the compactor configuration moved to runtim The name of this metric was changed to `loki_internal_log_messages_total` to reduce ambiguity. The previous name is still present but is deprecated. +#### Usage Report / Telemetry config has changed named + +The configuration for anonymous usage statistics reporting to Grafana has changed from `usage_report` to `analytics`. + +#### TLS `cipher_suites` and `tls_min_version` have moved + +These were previously configurable under `server.http_tls_config` and `server.grpc_tls_config` separately. They are now under `server.tls_cipher_suites` and `server.tls_min_version`. These values are also now configurable for individual clients, for example: `distributor.ring.etcd` or `querier.ingester_client.grpc_client_config`. + +#### Querier `query_timeout` default changed + +The previous default value for `querier.query_timeout` of `1m` has changed to `0s`. + +#### `ruler.storage.configdb` has been removed + +ConfigDB was disallowed as a Ruler storage option back in 2.0. The config struct has finally been removed. + +#### `ruler.remote_write.client` has been removed + +Can no longer specify a remote write client for the ruler. + ### Promtail #### `gcp_push_target_parsing_errors_total` has a new `reason` label From ed5ecd2bdfe09cd574184342fa1936691019c887 Mon Sep 17 00:00:00 2001 From: Trevor Whitney Date: Thu, 10 Nov 2022 16:30:22 -0700 Subject: [PATCH 3/6] Add 2.7 release notes (#7661) **What this PR does / why we need it**: Adds 2.7 release notes Co-authored-by: JordanRushing --- docs/sources/release-notes/_index.md | 1 + docs/sources/release-notes/v2-7.md | 34 ++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 docs/sources/release-notes/v2-7.md diff --git a/docs/sources/release-notes/_index.md b/docs/sources/release-notes/_index.md index 96207dad6472..ce91be7610a9 100644 --- a/docs/sources/release-notes/_index.md +++ b/docs/sources/release-notes/_index.md @@ -7,6 +7,7 @@ weight: 100 Release notes for Loki are in the CHANGELOG for the release and listed here by version number. +- [V2.7 release notes](../release-notes/v2-7/) - [V2.6 release notes](../release-notes/v2-6/) - [V2.5 release notes](../release-notes/v2-5/) - [V2.4 release notes](../release-notes/v2-4/) diff --git a/docs/sources/release-notes/v2-7.md b/docs/sources/release-notes/v2-7.md new file mode 100644 index 000000000000..61d9d37a0c71 --- /dev/null +++ b/docs/sources/release-notes/v2-7.md @@ -0,0 +1,34 @@ +--- +title: V2.7 +weight: 66 +--- + +# Version 2.7 release notes + +Grafana Labs is excited to announce the release of Loki 2.7. Here's a summary of new enhancements and important fixes: + +## Features and enhancements + +- **New Internal Server and TLS** TLS can now be configured everywhere and there is an internal server to allow ring, memberlist, and readiness handlers to continue to work without TLS. +- **Better Support for Azure Blob Storage** thanks to the ability to use Azure's Service Principal Credentials. +- **Logs can now be pushed from the Loki canary** so you don't have to rely on a scraping service to use the canary. +- **Additional `label_format` fields** `__timestamp__` and `__line__`. +- **New embedded cache** which is an in-process cache system that runs loki without the need for an external cache (like memcached, redis, etc). +- **New HTTP endpoint for Ingester shutdown** that will also delete the ring token. +- **Faster label queries** thanks to new parallization. +- **Introducing Stream Sharding** an experimental new feature to help deal with very large streams. +- **Promtail** + - support for max stream limit + - config reload endpoint / signal + - compressed file support + - `lambda-promtail` now supports Kinesis data stream events + - matches for the journal reader + - basic tracing support + +For a full list of all changes please look at the [CHANGELOG](https://github.com/grafana/loki/blob/main/CHANGELOG.md). + +## Upgrade Considerations + +As always, please read the [upgrade guide](../../upgrading/#260) before upgrading Loki. + +## Bug fixes From 705acd3462da42d8d57e17ae7de4c6da248eca19 Mon Sep 17 00:00:00 2001 From: Dan Poltawski Date: Fri, 11 Nov 2022 12:30:16 +0000 Subject: [PATCH 4/6] docs/upgrading: Add a note about windows event log fix (#7668) **What this PR does / why we need it**: Add note to upgrade guide for a bug fix with log query impact **Which issue(s) this PR fixes**: Fixes #7667 --- docs/sources/upgrading/_index.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/sources/upgrading/_index.md b/docs/sources/upgrading/_index.md index c1013dd29e04..3daec94f1b98 100644 --- a/docs/sources/upgrading/_index.md +++ b/docs/sources/upgrading/_index.md @@ -142,6 +142,10 @@ Can no longer specify a remote write client for the ruler. The `gcp_push_target_parsing_errors_total` GCP Push Target metrics has been added a new label named `reason`. This includes detail on what might have caused the parsing to fail. +#### Windows event logs: now correctly includes `user_data` + +The contents of the `user_data` field was erroneously set to the same value as `event_data` in previous versions. This was fixed in [#7461](https://github.com/grafana/loki/pull/7461) and log queries relying on this broken behaviour may be impacted. + ## 2.6.0 ### Loki From 3039ca06f4d0fe964943bebcc29d9a4991143635 Mon Sep 17 00:00:00 2001 From: Dominik Philp Date: Fri, 11 Nov 2022 15:28:14 +0100 Subject: [PATCH 5/6] Docs: Fix typo in helm scalable installation documentation, object storage section (#7676) **What this PR does / why we need it**: fixes a small typo in the helm install documentation regarding object storage. In a reference to more documentation it says 'otehr' instead of 'other' **Which issue(s) this PR fixes**: n/a **Special notes for your reviewer**: n/a **Checklist** - [x] Reviewed the `CONTRIBUTING.md` guide - [x] Documentation added - [x] Tests updated - [x] `CHANGELOG.md` updated - [x] Changes that require user attention or interaction to upgrade are documented in `docs/sources/upgrading/_index.md` --- docs/sources/installation/helm/install-scalable/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/installation/helm/install-scalable/index.md b/docs/sources/installation/helm/install-scalable/index.md index 3cc348520c14..e9c95b164e31 100644 --- a/docs/sources/installation/helm/install-scalable/index.md +++ b/docs/sources/installation/helm/install-scalable/index.md @@ -62,7 +62,7 @@ It is not possible to run the scalable mode with the `filesystem` storage. insecure: false ``` - Consult the [Reference](../reference) for configuring otehr storage providers. + Consult the [Reference](../reference) for configuring other storage providers. - Define the AWS S3 credentials in the file. From 1f7fabfbb986ef126875173b0b5d9376cf288cbe Mon Sep 17 00:00:00 2001 From: Shweta Padubidri Date: Sat, 12 Nov 2022 04:40:39 -0500 Subject: [PATCH 6/6] operator: Add provision for the user to set proxy env variables in the loki pods (#7384) --- .../apis/config/v1/projectconfig_types.go | 4 ++ operator/apis/loki/v1/lokistack_types.go | 36 ++++++++++++ .../apis/loki/v1/zz_generated.deepcopy.go | 20 +++++++ ...-operator-manager-config_v1_configmap.yaml | 1 + .../loki-operator.clusterserviceversion.yaml | 20 +++++++ .../loki.grafana.com_lokistacks.yaml | 21 +++++++ .../bases/loki.grafana.com_lokistacks.yaml | 21 +++++++ .../loki-operator.clusterserviceversion.yaml | 19 +++++++ .../openshift/controller_manager_config.yaml | 1 + operator/config/rbac/role.yaml | 1 + .../controllers/loki/lokistack_controller.go | 6 +- .../loki/lokistack_controller_test.go | 11 ++++ operator/docs/operator/feature-gates.md | 10 ++++ operator/go.mod | 1 + operator/go.sum | 2 + operator/internal/manifests/compactor.go | 2 + operator/internal/manifests/indexgateway.go | 2 + operator/internal/manifests/ingester.go | 2 + operator/internal/manifests/querier.go | 2 + operator/internal/manifests/var.go | 55 +++++++++++++++++++ 20 files changed, 236 insertions(+), 1 deletion(-) diff --git a/operator/apis/config/v1/projectconfig_types.go b/operator/apis/config/v1/projectconfig_types.go index cc13f80fc448..8348c23c6861 100644 --- a/operator/apis/config/v1/projectconfig_types.go +++ b/operator/apis/config/v1/projectconfig_types.go @@ -46,6 +46,10 @@ type OpenShiftFeatureGates struct { // ClusterTLSPolicy enables usage of TLS policies set in the API Server. // More details: https://docs.openshift.com/container-platform/4.11/security/tls-security-profiles.html ClusterTLSPolicy bool `json:"clusterTLSPolicy,omitempty"` + + // ClusterProxy enables usage of the proxy variables set in the proxy resource. + // More details: https://docs.openshift.com/container-platform/4.11/networking/enable-cluster-wide-proxy.html#enable-cluster-wide-proxy + ClusterProxy bool `json:"clusterProxy,omitempty"` } // FeatureGates is the supported set of all operator feature gates. diff --git a/operator/apis/loki/v1/lokistack_types.go b/operator/apis/loki/v1/lokistack_types.go index 8995b582e985..2dd07aac8978 100644 --- a/operator/apis/loki/v1/lokistack_types.go +++ b/operator/apis/loki/v1/lokistack_types.go @@ -323,6 +323,35 @@ type LokiTemplateSpec struct { Ruler *LokiComponentSpec `json:"ruler,omitempty"` } +// ClusterProxy is the Proxy configuration when the cluster is behind a Proxy. +type ClusterProxy struct { + // HTTPProxy configures the HTTP_PROXY/http_proxy env variable. + // + // +optional + // +kubebuilder:validation:optional + // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="HTTPProxy" + HTTPProxy string `json:"httpProxy,omitempty"` + // HTTPSProxy configures the HTTPS_PROXY/https_proxy env variable. + // + // +optional + // +kubebuilder:validation:optional + // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="HTTPSProxy" + HTTPSProxy string `json:"httpsProxy,omitempty"` + // NoProxy configures the NO_PROXY/no_proxy env variable. + // + // +optional + // +kubebuilder:validation:optional + // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="NoProxy" + NoProxy string `json:"noProxy,omitempty"` + // ReadVarsFromEnv defines a flag to use Operator-lib provides a helper function + // + // +optional + // +kubebuilder:validation:optional + // +kubebuilder:default:=false + // +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:com.tectonic.ui:booleanSwitch",displayName="ReadVarsFromEnv" + ReadVarsFromEnv bool `json:"readVarsFromEnv,omitempty"` +} + // ObjectStorageTLSSpec is the TLS configuration for reaching the object storage endpoint. type ObjectStorageTLSSpec struct { // Key is the data key of a ConfigMap containing a CA certificate. @@ -666,6 +695,13 @@ type LokiStackSpec struct { // +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:io.kubernetes:StorageClass",displayName="Storage Class Name" StorageClassName string `json:"storageClassName"` + // Proxy defines the spec for the object proxy to configure cluster proxy information. + // + // +optional + // +kubebuilder:validation:Required + // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Cluster Proxy" + Proxy *ClusterProxy `json:"proxy"` + // ReplicationFactor defines the policy for log stream replication. // // +optional diff --git a/operator/apis/loki/v1/zz_generated.deepcopy.go b/operator/apis/loki/v1/zz_generated.deepcopy.go index 0c02d0c9097b..387e495c04d2 100644 --- a/operator/apis/loki/v1/zz_generated.deepcopy.go +++ b/operator/apis/loki/v1/zz_generated.deepcopy.go @@ -65,6 +65,21 @@ func (in *AuthorizationSpec) DeepCopy() *AuthorizationSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterProxy) DeepCopyInto(out *ClusterProxy) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterProxy. +func (in *ClusterProxy) DeepCopy() *ClusterProxy { + if in == nil { + return nil + } + out := new(ClusterProxy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngestionLimitSpec) DeepCopyInto(out *IngestionLimitSpec) { *out = *in @@ -364,6 +379,11 @@ func (in *LokiStackList) DeepCopyObject() runtime.Object { func (in *LokiStackSpec) DeepCopyInto(out *LokiStackSpec) { *out = *in in.Storage.DeepCopyInto(&out.Storage) + if in.Proxy != nil { + in, out := &in.Proxy, &out.Proxy + *out = new(ClusterProxy) + **out = **in + } if in.Rules != nil { in, out := &in.Rules, &out.Rules *out = new(RulesSpec) diff --git a/operator/bundle/manifests/loki-operator-manager-config_v1_configmap.yaml b/operator/bundle/manifests/loki-operator-manager-config_v1_configmap.yaml index a5f6abe18bf5..5460d05bdcac 100644 --- a/operator/bundle/manifests/loki-operator-manager-config_v1_configmap.yaml +++ b/operator/bundle/manifests/loki-operator-manager-config_v1_configmap.yaml @@ -57,6 +57,7 @@ data: gatewayRoute: true ruleExtendedValidation: true clusterTLSPolicy: true + clusterProxy: true kind: ConfigMap metadata: labels: diff --git a/operator/bundle/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/manifests/loki-operator.clusterserviceversion.yaml index 139861adb4c5..bb972c4f6766 100644 --- a/operator/bundle/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/manifests/loki-operator.clusterserviceversion.yaml @@ -415,6 +415,25 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:select:Managed - urn:alm:descriptor:com.tectonic.ui:select:Unmanaged + - description: Proxy defines the spec for the object proxy to configure cluster + proxy information. + displayName: Cluster Proxy + path: proxy + - description: HTTPProxy configures the HTTP_PROXY/http_proxy env variable. + displayName: HTTPProxy + path: proxy.httpProxy + - description: HTTPSProxy configures the HTTPS_PROXY/https_proxy env variable. + displayName: HTTPSProxy + path: proxy.httpsProxy + - description: NoProxy configures the NO_PROXY/no_proxy env variable. + displayName: NoProxy + path: proxy.noProxy + - description: ReadVarsFromEnv defines a flag to use Operator-lib provides a + helper function + displayName: ReadVarsFromEnv + path: proxy.readVarsFromEnv + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - description: ReplicationFactor defines the policy for log stream replication. displayName: Replication Factor path: replicationFactor @@ -1029,6 +1048,7 @@ spec: resources: - apiservers - dnses + - proxy verbs: - get - list diff --git a/operator/bundle/manifests/loki.grafana.com_lokistacks.yaml b/operator/bundle/manifests/loki.grafana.com_lokistacks.yaml index 57e11f45b45c..d38be3da2a26 100644 --- a/operator/bundle/manifests/loki.grafana.com_lokistacks.yaml +++ b/operator/bundle/manifests/loki.grafana.com_lokistacks.yaml @@ -292,6 +292,27 @@ spec: - Managed - Unmanaged type: string + proxy: + description: Proxy defines the spec for the object proxy to configure + cluster proxy information. + properties: + httpProxy: + description: HTTPProxy configures the HTTP_PROXY/http_proxy env + variable. + type: string + httpsProxy: + description: HTTPSProxy configures the HTTPS_PROXY/https_proxy + env variable. + type: string + noProxy: + description: NoProxy configures the NO_PROXY/no_proxy env variable. + type: string + readVarsFromEnv: + default: false + description: ReadVarsFromEnv defines a flag to use Operator-lib + provides a helper function + type: boolean + type: object replicationFactor: default: 1 description: ReplicationFactor defines the policy for log stream replication. diff --git a/operator/config/crd/bases/loki.grafana.com_lokistacks.yaml b/operator/config/crd/bases/loki.grafana.com_lokistacks.yaml index 400129cef760..fd9444c6d52c 100644 --- a/operator/config/crd/bases/loki.grafana.com_lokistacks.yaml +++ b/operator/config/crd/bases/loki.grafana.com_lokistacks.yaml @@ -275,6 +275,27 @@ spec: - Managed - Unmanaged type: string + proxy: + description: Proxy defines the spec for the object proxy to configure + cluster proxy information. + properties: + httpProxy: + description: HTTPProxy configures the HTTP_PROXY/http_proxy env + variable. + type: string + httpsProxy: + description: HTTPSProxy configures the HTTPS_PROXY/https_proxy + env variable. + type: string + noProxy: + description: NoProxy configures the NO_PROXY/no_proxy env variable. + type: string + readVarsFromEnv: + default: false + description: ReadVarsFromEnv defines a flag to use Operator-lib + provides a helper function + type: boolean + type: object replicationFactor: default: 1 description: ReplicationFactor defines the policy for log stream replication. diff --git a/operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml b/operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml index 918c12dc2ae1..5f205e1b0071 100644 --- a/operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml +++ b/operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml @@ -270,6 +270,25 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:select:Managed - urn:alm:descriptor:com.tectonic.ui:select:Unmanaged + - description: Proxy defines the spec for the object proxy to configure cluster + proxy information. + displayName: Cluster Proxy + path: proxy + - description: HTTPProxy configures the HTTP_PROXY/http_proxy env variable. + displayName: HTTPProxy + path: proxy.httpProxy + - description: HTTPSProxy configures the HTTPS_PROXY/https_proxy env variable. + displayName: HTTPSProxy + path: proxy.httpsProxy + - description: NoProxy configures the NO_PROXY/no_proxy env variable. + displayName: NoProxy + path: proxy.noProxy + - description: ReadVarsFromEnv defines a flag to use Operator-lib provides a + helper function + displayName: ReadVarsFromEnv + path: proxy.readVarsFromEnv + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - description: ReplicationFactor defines the policy for log stream replication. displayName: Replication Factor path: replicationFactor diff --git a/operator/config/overlays/openshift/controller_manager_config.yaml b/operator/config/overlays/openshift/controller_manager_config.yaml index d1e0d52a4242..8f1fc39b812d 100644 --- a/operator/config/overlays/openshift/controller_manager_config.yaml +++ b/operator/config/overlays/openshift/controller_manager_config.yaml @@ -54,3 +54,4 @@ featureGates: gatewayRoute: true ruleExtendedValidation: true clusterTLSPolicy: true + clusterProxy: true diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml index 806d79f83850..8374c97bc548 100644 --- a/operator/config/rbac/role.yaml +++ b/operator/config/rbac/role.yaml @@ -57,6 +57,7 @@ rules: resources: - apiservers - dnses + - proxy verbs: - get - list diff --git a/operator/controllers/loki/lokistack_controller.go b/operator/controllers/loki/lokistack_controller.go index ecc98c2acc8d..201aa03db2ca 100644 --- a/operator/controllers/loki/lokistack_controller.go +++ b/operator/controllers/loki/lokistack_controller.go @@ -85,7 +85,7 @@ type LokiStackReconciler struct { // +kubebuilder:rbac:groups=monitoring.coreos.com,resources=alertmanagers,verbs=patch // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;create;update // +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update -// +kubebuilder:rbac:groups=config.openshift.io,resources=dnses;apiservers,verbs=get;list;watch +// +kubebuilder:rbac:groups=config.openshift.io,resources=dnses;apiservers;proxy,verbs=get;list;watch // +kubebuilder:rbac:groups=route.openshift.io,resources=routes,verbs=get;list;watch;create;update;delete // Reconcile is part of the main kubernetes reconciliation loop which aims to @@ -194,5 +194,9 @@ func (r *LokiStackReconciler) buildController(bld k8s.Builder) error { bld = bld.Owns(&openshiftconfigv1.APIServer{}, updateOrDeleteOnlyPred) } + if r.FeatureGates.OpenShift.ClusterProxy { + bld = bld.Owns(&openshiftconfigv1.Proxy{}, updateOrDeleteOnlyPred) + } + return bld.Complete(r) } diff --git a/operator/controllers/loki/lokistack_controller_test.go b/operator/controllers/loki/lokistack_controller_test.go index 0ff57aa4e1e5..5765e5550ef4 100644 --- a/operator/controllers/loki/lokistack_controller_test.go +++ b/operator/controllers/loki/lokistack_controller_test.go @@ -178,6 +178,17 @@ func TestLokiStackController_RegisterOwnedResourcesForUpdateOrDeleteOnly(t *test }, pred: updateOrDeleteOnlyPred, }, + { + obj: &openshiftconfigv1.Proxy{}, + index: 11, + ownCallsCount: 12, + featureGates: configv1.FeatureGates{ + OpenShift: configv1.OpenShiftFeatureGates{ + ClusterProxy: true, + }, + }, + pred: updateOrDeleteOnlyPred, + }, } for _, tst := range table { b := &k8sfakes.FakeBuilder{} diff --git a/operator/docs/operator/feature-gates.md b/operator/docs/operator/feature-gates.md index 2551a68ff647..cbdb4c49d1db 100644 --- a/operator/docs/operator/feature-gates.md +++ b/operator/docs/operator/feature-gates.md @@ -278,6 +278,16 @@ bool More details: https://docs.openshift.com/container-platform/4.11/security/tls-security-profiles.html

+ + +clusterProxy
+ +bool + + + +

ClusterProxy enables usage of the proxy variables set in the proxy resource. +More details: https://docs.openshift.com/container-platform/4.11/networking/enable-cluster-wide-proxy.html#enable-cluster-wide-proxy

diff --git a/operator/go.mod b/operator/go.mod index d9250c1988c4..cddd7bfc07d5 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -26,6 +26,7 @@ require ( github.com/google/go-cmp v0.5.8 github.com/grafana/loki v1.6.2-0.20220718071907-6bd05c9a4399 github.com/openshift/library-go v0.0.0-20220622115547-84d884f4c9f6 + github.com/operator-framework/operator-lib v0.11.0 github.com/prometheus/prometheus v1.8.2-0.20220303173753-edfe657b5405 gopkg.in/yaml.v2 v2.4.0 k8s.io/apiserver v0.25.0 diff --git a/operator/go.sum b/operator/go.sum index c21b90bfdff3..1c165fdc4629 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -1017,6 +1017,8 @@ github.com/opentracing-contrib/go-stdlib v1.0.0/go.mod h1:qtI1ogk+2JhVPIXVc6q+NH github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/operator-framework/operator-lib v0.11.0 h1:eYzqpiOfq9WBI4Trddisiq/X9BwCisZd3rIzmHRC9Z8= +github.com/operator-framework/operator-lib v0.11.0/go.mod h1:RpyKhFAoG6DmKTDIwMuO6pI3LRc8IE9rxEYWy476o6g= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/operator/internal/manifests/compactor.go b/operator/internal/manifests/compactor.go index c32a76fa6549..0eb66aea9c63 100644 --- a/operator/internal/manifests/compactor.go +++ b/operator/internal/manifests/compactor.go @@ -115,6 +115,8 @@ func NewCompactorStatefulSet(opts Options) *appsv1.StatefulSet { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } + podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) + if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/indexgateway.go b/operator/internal/manifests/indexgateway.go index 49ed7afdd7ec..53498266536a 100644 --- a/operator/internal/manifests/indexgateway.go +++ b/operator/internal/manifests/indexgateway.go @@ -115,6 +115,8 @@ func NewIndexGatewayStatefulSet(opts Options) *appsv1.StatefulSet { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } + podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) + if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/ingester.go b/operator/internal/manifests/ingester.go index 1eb5e5ec4ef9..1fdfa361bc62 100644 --- a/operator/internal/manifests/ingester.go +++ b/operator/internal/manifests/ingester.go @@ -127,6 +127,8 @@ func NewIngesterStatefulSet(opts Options) *appsv1.StatefulSet { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } + podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) + if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/querier.go b/operator/internal/manifests/querier.go index e3023d72c23e..32341a406e3f 100644 --- a/operator/internal/manifests/querier.go +++ b/operator/internal/manifests/querier.go @@ -116,6 +116,8 @@ func NewQuerierDeployment(opts Options) *appsv1.Deployment { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } + podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) + if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/var.go b/operator/internal/manifests/var.go index e6eff29f4b7b..1d8a039f9a53 100644 --- a/operator/internal/manifests/var.go +++ b/operator/internal/manifests/var.go @@ -3,8 +3,11 @@ package manifests import ( "fmt" "path" + "strings" + lokiv1 "github.com/grafana/loki/operator/apis/loki/v1" "github.com/grafana/loki/operator/internal/manifests/openshift" + "github.com/operator-framework/operator-lib/proxy" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/labels" @@ -528,3 +531,55 @@ func podSecurityContext(withSeccompProfile bool) *corev1.PodSecurityContext { return &context } + +func addProxyEnvVar(clusterProxy *lokiv1.ClusterProxy, podSpec corev1.PodSpec) corev1.PodSpec { + if clusterProxy == nil { + return podSpec + } + + podSpec = resetProxyVar(podSpec, "HTTP_PROXY") + podSpec = resetProxyVar(podSpec, "HTTPS_PROXY") + podSpec = resetProxyVar(podSpec, "NO_PROXY") + if clusterProxy.ReadVarsFromEnv { + for i, container := range podSpec.Containers { + podSpec.Containers[i].Env = append(container.Env, proxy.ReadProxyVarsFromEnv()...) + } + } else { + for i, container := range podSpec.Containers { + podSpec.Containers[i].Env = append(container.Env, + corev1.EnvVar{ + Name: "HTTP_PROXY", + Value: clusterProxy.HTTPProxy, + }, + corev1.EnvVar{ + Name: "HTTPS_PROXY", + Value: clusterProxy.HTTPSProxy, + }, + corev1.EnvVar{ + Name: "NO_PROXY", + Value: clusterProxy.NoProxy, + }) + } + } + return podSpec +} + +func resetProxyVar(podSpec corev1.PodSpec, name string) corev1.PodSpec { + for i, container := range podSpec.Containers { + found, index := getEnvVar(name, container.Env) + if found { + podSpec.Containers[i].Env = append(podSpec.Containers[i].Env[:index], podSpec.Containers[i].Env[index+1:]...) + } + } + return podSpec +} + +// getEnvVar matches the given name with the envvar name +func getEnvVar(name string, envVars []corev1.EnvVar) (bool, int) { + for i, env := range envVars { + if env.Name == name || env.Name == strings.ToLower(name) { + return true, i + } + } + return false, 0 +}