From f1276cb6d1e07fe40a3685da5727bbe6ccec4f55 Mon Sep 17 00:00:00 2001 From: Pete Wall Date: Thu, 14 Nov 2024 14:29:16 -0700 Subject: [PATCH] Add the tls block for Loki destinations (#911) Co-authored-by: ohayak@users.noreply.github.com Signed-off-by: Pete Wall --- .../examples/auth/bearer-token/alloy-logs.alloy | 3 +++ .../auth/bearer-token/alloy-receiver.alloy | 3 +++ .../docs/examples/auth/bearer-token/output.yaml | 6 ++++++ .../auth/embedded-secrets/alloy-logs.alloy | 3 +++ .../auth/embedded-secrets/alloy-receiver.alloy | 3 +++ .../examples/auth/embedded-secrets/output.yaml | 6 ++++++ .../auth/external-secrets/alloy-logs.alloy | 6 ++++++ .../auth/external-secrets/alloy-receiver.alloy | 6 ++++++ .../examples/auth/external-secrets/output.yaml | 12 ++++++++++++ .../examples/collector-storage/alloy-logs.alloy | 3 +++ .../docs/examples/collector-storage/output.yaml | 3 +++ .../docs/examples/extra-rules/alloy-logs.alloy | 3 +++ .../examples/extra-rules/alloy-singleton.alloy | 3 +++ .../docs/examples/extra-rules/output.yaml | 6 ++++++ .../default/alloy-singleton.alloy | 3 +++ .../features/cluster-events/default/output.yaml | 3 +++ .../control-plane-monitoring/alloy-logs.alloy | 3 +++ .../alloy-singleton.alloy | 3 +++ .../control-plane-monitoring/output.yaml | 6 ++++++ .../integrations/mysql/alloy-logs.alloy | 3 +++ .../features/integrations/mysql/output.yaml | 3 +++ .../features/pod-logs/default/alloy-logs.alloy | 3 +++ .../features/pod-logs/default/output.yaml | 3 +++ .../platforms/azure-aks/alloy-logs.alloy | 3 +++ .../platforms/azure-aks/alloy-singleton.alloy | 3 +++ .../examples/platforms/azure-aks/output.yaml | 6 ++++++ .../platforms/eks-fargate/alloy-logs.alloy | 3 +++ .../platforms/eks-fargate/alloy-singleton.alloy | 3 +++ .../examples/platforms/eks-fargate/output.yaml | 6 ++++++ .../platforms/gke-autopilot/alloy-logs.alloy | 3 +++ .../gke-autopilot/alloy-singleton.alloy | 3 +++ .../platforms/gke-autopilot/output.yaml | 6 ++++++ .../platforms/openshift/alloy-logs.alloy | 3 +++ .../platforms/openshift/alloy-singleton.alloy | 3 +++ .../examples/platforms/openshift/output.yaml | 6 ++++++ .../private-image-registries/alloy-logs.alloy | 3 +++ .../private-image-registries/output.yaml | 3 +++ .../docs/examples/proxies/alloy-logs.alloy | 3 +++ .../docs/examples/proxies/alloy-receiver.alloy | 3 +++ .../docs/examples/proxies/alloy-singleton.alloy | 3 +++ .../docs/examples/proxies/output.yaml | 9 +++++++++ .../destinations/_destination_loki.tpl | 17 +++++++++++++++++ .../tests/cluster_events_test.yaml | 3 +++ 43 files changed, 188 insertions(+) diff --git a/charts/k8s-monitoring/docs/examples/auth/bearer-token/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/auth/bearer-token/alloy-logs.alloy index 4e020ee5d..9783aec47 100644 --- a/charts/k8s-monitoring/docs/examples/auth/bearer-token/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/auth/bearer-token/alloy-logs.alloy @@ -7,6 +7,9 @@ loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" bearer_token = env("LOKI_BEARER_TOKEN") + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "bearer-token-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/auth/bearer-token/alloy-receiver.alloy b/charts/k8s-monitoring/docs/examples/auth/bearer-token/alloy-receiver.alloy index b156a7440..1099616cc 100644 --- a/charts/k8s-monitoring/docs/examples/auth/bearer-token/alloy-receiver.alloy +++ b/charts/k8s-monitoring/docs/examples/auth/bearer-token/alloy-receiver.alloy @@ -54,6 +54,9 @@ loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" bearer_token = env("LOKI_BEARER_TOKEN") + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "bearer-token-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml b/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml index 0840ed3d6..b992f27bd 100644 --- a/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml +++ b/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml @@ -230,6 +230,9 @@ data: endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" bearer_token = env("LOKI_BEARER_TOKEN") + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "bearer-token-example-cluster", @@ -417,6 +420,9 @@ data: endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" bearer_token = env("LOKI_BEARER_TOKEN") + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "bearer-token-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-logs.alloy index bf2b530cb..643718da8 100644 --- a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-logs.alloy @@ -7,6 +7,9 @@ loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" bearer_token = "my-bearer-token" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "embedded-secrets-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy index fffcc586d..fa183c0ff 100644 --- a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy +++ b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy @@ -52,6 +52,9 @@ loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" bearer_token = "my-bearer-token" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "embedded-secrets-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml index c7ebc211d..2f7dea37b 100644 --- a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml +++ b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml @@ -219,6 +219,9 @@ data: endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" bearer_token = "my-bearer-token" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "embedded-secrets-example-cluster", @@ -404,6 +407,9 @@ data: endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" bearer_token = "my-bearer-token" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "embedded-secrets-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/auth/external-secrets/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/auth/external-secrets/alloy-logs.alloy index afdce92b1..3659af42f 100644 --- a/charts/k8s-monitoring/docs/examples/auth/external-secrets/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/auth/external-secrets/alloy-logs.alloy @@ -11,6 +11,12 @@ loki.write "loki" { username = nonsensitive(remote.kubernetes.secret.loki.data["loki-username"]) password = remote.kubernetes.secret.loki.data["access-token"] } + tls_config { + insecure_skip_verify = false + ca_pem = nonsensitive(remote.kubernetes.secret.loki.data["ca"]) + cert_pem = nonsensitive(remote.kubernetes.secret.loki.data["cert"]) + key_pem = remote.kubernetes.secret.loki.data["key"] + } } external_labels = { cluster = "external-secrets-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/auth/external-secrets/alloy-receiver.alloy b/charts/k8s-monitoring/docs/examples/auth/external-secrets/alloy-receiver.alloy index b332b47ba..dbdee3abd 100644 --- a/charts/k8s-monitoring/docs/examples/auth/external-secrets/alloy-receiver.alloy +++ b/charts/k8s-monitoring/docs/examples/auth/external-secrets/alloy-receiver.alloy @@ -65,6 +65,12 @@ loki.write "loki" { username = nonsensitive(remote.kubernetes.secret.loki.data["loki-username"]) password = remote.kubernetes.secret.loki.data["access-token"] } + tls_config { + insecure_skip_verify = false + ca_pem = nonsensitive(remote.kubernetes.secret.loki.data["ca"]) + cert_pem = nonsensitive(remote.kubernetes.secret.loki.data["cert"]) + key_pem = remote.kubernetes.secret.loki.data["key"] + } } external_labels = { cluster = "external-secrets-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml b/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml index 4f6b8dfb4..cdc510ccf 100644 --- a/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml +++ b/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml @@ -231,6 +231,12 @@ data: username = nonsensitive(remote.kubernetes.secret.loki.data["loki-username"]) password = remote.kubernetes.secret.loki.data["access-token"] } + tls_config { + insecure_skip_verify = false + ca_pem = nonsensitive(remote.kubernetes.secret.loki.data["ca"]) + cert_pem = nonsensitive(remote.kubernetes.secret.loki.data["cert"]) + key_pem = remote.kubernetes.secret.loki.data["key"] + } } external_labels = { cluster = "external-secrets-example-cluster", @@ -434,6 +440,12 @@ data: username = nonsensitive(remote.kubernetes.secret.loki.data["loki-username"]) password = remote.kubernetes.secret.loki.data["access-token"] } + tls_config { + insecure_skip_verify = false + ca_pem = nonsensitive(remote.kubernetes.secret.loki.data["ca"]) + cert_pem = nonsensitive(remote.kubernetes.secret.loki.data["cert"]) + key_pem = remote.kubernetes.secret.loki.data["key"] + } } external_labels = { cluster = "external-secrets-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/collector-storage/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/collector-storage/alloy-logs.alloy index b15e28299..242f738e8 100644 --- a/charts/k8s-monitoring/docs/examples/collector-storage/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/collector-storage/alloy-logs.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "collector-storage-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml b/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml index 71660d49e..c5d1a2e76 100644 --- a/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml +++ b/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml @@ -443,6 +443,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "collector-storage-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/extra-rules/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/extra-rules/alloy-logs.alloy index 3d0b891ff..2a238b2df 100644 --- a/charts/k8s-monitoring/docs/examples/extra-rules/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/extra-rules/alloy-logs.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "extra-rules-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/extra-rules/alloy-singleton.alloy b/charts/k8s-monitoring/docs/examples/extra-rules/alloy-singleton.alloy index 8792d0e4e..f1cd5058d 100644 --- a/charts/k8s-monitoring/docs/examples/extra-rules/alloy-singleton.alloy +++ b/charts/k8s-monitoring/docs/examples/extra-rules/alloy-singleton.alloy @@ -55,6 +55,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "extra-rules-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml b/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml index 9f878a2ae..7b7da043d 100644 --- a/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml +++ b/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml @@ -462,6 +462,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "extra-rules-example-cluster", @@ -590,6 +593,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "extra-rules-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/features/cluster-events/default/alloy-singleton.alloy b/charts/k8s-monitoring/docs/examples/features/cluster-events/default/alloy-singleton.alloy index 868a672cf..75435bbac 100644 --- a/charts/k8s-monitoring/docs/examples/features/cluster-events/default/alloy-singleton.alloy +++ b/charts/k8s-monitoring/docs/examples/features/cluster-events/default/alloy-singleton.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/api/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "cluster-events-cluster", diff --git a/charts/k8s-monitoring/docs/examples/features/cluster-events/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/cluster-events/default/output.yaml index c0fc31104..fb2876cb9 100644 --- a/charts/k8s-monitoring/docs/examples/features/cluster-events/default/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/cluster-events/default/output.yaml @@ -31,6 +31,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/api/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "cluster-events-cluster", diff --git a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/alloy-logs.alloy index a00d4835a..9b40fe8f0 100644 --- a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/alloy-logs.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/api/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "cluster-metrics-cluster", diff --git a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/alloy-singleton.alloy b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/alloy-singleton.alloy index 8e29cfd34..a809ca5fb 100644 --- a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/alloy-singleton.alloy +++ b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/alloy-singleton.alloy @@ -46,6 +46,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/api/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "cluster-metrics-cluster", diff --git a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml index 76a3764ad..1c3666465 100644 --- a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml @@ -592,6 +592,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/api/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "cluster-metrics-cluster", @@ -690,6 +693,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/api/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "cluster-metrics-cluster", diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/alloy-logs.alloy index cc66111d7..d7a2d575d 100644 --- a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/alloy-logs.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/api/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "mysql-integration-cluster", diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml index 3ea4afd79..7df579eee 100644 --- a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml @@ -221,6 +221,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/api/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "mysql-integration-cluster", diff --git a/charts/k8s-monitoring/docs/examples/features/pod-logs/default/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/features/pod-logs/default/alloy-logs.alloy index 32c3b6940..574560816 100644 --- a/charts/k8s-monitoring/docs/examples/features/pod-logs/default/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/features/pod-logs/default/alloy-logs.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/api/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "pod-logs-cluster", diff --git a/charts/k8s-monitoring/docs/examples/features/pod-logs/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/pod-logs/default/output.yaml index ccaa0041f..fc10d5a04 100644 --- a/charts/k8s-monitoring/docs/examples/features/pod-logs/default/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/pod-logs/default/output.yaml @@ -31,6 +31,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/api/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "pod-logs-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/azure-aks/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/platforms/azure-aks/alloy-logs.alloy index accca752c..197848bd3 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/azure-aks/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/platforms/azure-aks/alloy-logs.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "azure-aks-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/azure-aks/alloy-singleton.alloy b/charts/k8s-monitoring/docs/examples/platforms/azure-aks/alloy-singleton.alloy index 83b15292b..b9ec6e83e 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/azure-aks/alloy-singleton.alloy +++ b/charts/k8s-monitoring/docs/examples/platforms/azure-aks/alloy-singleton.alloy @@ -46,6 +46,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "azure-aks-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml index dc00da750..02716a663 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml +++ b/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml @@ -444,6 +444,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "azure-aks-example-cluster", @@ -541,6 +544,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "azure-aks-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/alloy-logs.alloy index 4716b0f54..300431f94 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/alloy-logs.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "eks-fargate-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/alloy-singleton.alloy b/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/alloy-singleton.alloy index c9739b4d0..e5978c399 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/alloy-singleton.alloy +++ b/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/alloy-singleton.alloy @@ -46,6 +46,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "eks-fargate-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml index ce6c003d5..580348edf 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml +++ b/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml @@ -392,6 +392,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "eks-fargate-example-cluster", @@ -489,6 +492,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "eks-fargate-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/alloy-logs.alloy index 39323c0d7..73c0498a1 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/alloy-logs.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "gke-autopilot-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/alloy-singleton.alloy b/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/alloy-singleton.alloy index 1f271dbd8..6be5d6404 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/alloy-singleton.alloy +++ b/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/alloy-singleton.alloy @@ -46,6 +46,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "gke-autopilot-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml index 17418aa13..ec9ba17e0 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml +++ b/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml @@ -392,6 +392,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "gke-autopilot-example-cluster", @@ -489,6 +492,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "gke-autopilot-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/openshift/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/platforms/openshift/alloy-logs.alloy index 4640f9483..2b9e71872 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/openshift/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/platforms/openshift/alloy-logs.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://prometheus.prometheus.svc:9090/api/v1/write" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "openshift-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/openshift/alloy-singleton.alloy b/charts/k8s-monitoring/docs/examples/platforms/openshift/alloy-singleton.alloy index 4f29625f0..99bf2196c 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/openshift/alloy-singleton.alloy +++ b/charts/k8s-monitoring/docs/examples/platforms/openshift/alloy-singleton.alloy @@ -46,6 +46,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://prometheus.prometheus.svc:9090/api/v1/write" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "openshift-cluster", diff --git a/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml index 9d9623ccd..3d66e6f30 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml +++ b/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml @@ -498,6 +498,9 @@ data: loki.write "loki" { endpoint { url = "http://prometheus.prometheus.svc:9090/api/v1/write" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "openshift-cluster", @@ -595,6 +598,9 @@ data: loki.write "loki" { endpoint { url = "http://prometheus.prometheus.svc:9090/api/v1/write" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "openshift-cluster", diff --git a/charts/k8s-monitoring/docs/examples/private-image-registries/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/private-image-registries/alloy-logs.alloy index 3ac836d92..90bfd9d51 100644 --- a/charts/k8s-monitoring/docs/examples/private-image-registries/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/private-image-registries/alloy-logs.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "private-image-registries-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/private-image-registries/output.yaml b/charts/k8s-monitoring/docs/examples/private-image-registries/output.yaml index ff726d0e5..fb3b3aca5 100644 --- a/charts/k8s-monitoring/docs/examples/private-image-registries/output.yaml +++ b/charts/k8s-monitoring/docs/examples/private-image-registries/output.yaml @@ -449,6 +449,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "private-image-registries-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/proxies/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/proxies/alloy-logs.alloy index 4245daa88..25c2e752b 100644 --- a/charts/k8s-monitoring/docs/examples/proxies/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/proxies/alloy-logs.alloy @@ -6,6 +6,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "proxies-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/proxies/alloy-receiver.alloy b/charts/k8s-monitoring/docs/examples/proxies/alloy-receiver.alloy index 902c9c6b0..1fa157b62 100644 --- a/charts/k8s-monitoring/docs/examples/proxies/alloy-receiver.alloy +++ b/charts/k8s-monitoring/docs/examples/proxies/alloy-receiver.alloy @@ -47,6 +47,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "proxies-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/proxies/alloy-singleton.alloy b/charts/k8s-monitoring/docs/examples/proxies/alloy-singleton.alloy index 627248dd6..2a0e0927b 100644 --- a/charts/k8s-monitoring/docs/examples/proxies/alloy-singleton.alloy +++ b/charts/k8s-monitoring/docs/examples/proxies/alloy-singleton.alloy @@ -47,6 +47,9 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "proxies-example-cluster", diff --git a/charts/k8s-monitoring/docs/examples/proxies/output.yaml b/charts/k8s-monitoring/docs/examples/proxies/output.yaml index 321d383c3..915e891ef 100644 --- a/charts/k8s-monitoring/docs/examples/proxies/output.yaml +++ b/charts/k8s-monitoring/docs/examples/proxies/output.yaml @@ -478,6 +478,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "proxies-example-cluster", @@ -577,6 +580,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "proxies-example-cluster", @@ -757,6 +763,9 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "proxies-example-cluster", diff --git a/charts/k8s-monitoring/templates/destinations/_destination_loki.tpl b/charts/k8s-monitoring/templates/destinations/_destination_loki.tpl index 7ae67d96a..24d9a5a2b 100644 --- a/charts/k8s-monitoring/templates/destinations/_destination_loki.tpl +++ b/charts/k8s-monitoring/templates/destinations/_destination_loki.tpl @@ -32,6 +32,20 @@ loki.write {{ include "helper.alloy_name" .name | quote }} { } {{- else if eq (include "secrets.authType" .) "bearerToken" }} bearer_token = {{ include "secrets.read" (dict "object" . "key" "auth.bearerToken") }} +{{- end }} +{{- if .tls }} + tls_config { + insecure_skip_verify = {{ .tls.insecureSkipVerify | default false }} + {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.ca")) "true" }} + ca_pem = {{ include "secrets.read" (dict "object" . "key" "tls.ca" "nonsensitive" true) }} + {{- end }} + {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.cert")) "true" }} + cert_pem = {{ include "secrets.read" (dict "object" . "key" "tls.cert" "nonsensitive" true) }} + {{- end }} + {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.key")) "true" }} + key_pem = {{ include "secrets.read" (dict "object" . "key" "tls.key") }} + {{- end }} + } {{- end }} } external_labels = { @@ -57,6 +71,9 @@ loki.write {{ include "helper.alloy_name" .name | quote }} { - auth.username - auth.password - auth.bearerToken +- tls.ca +- tls.cert +- tls.key {{- end -}} {{- define "destinations.loki.alloy.loki.logs.target" }}loki.write.{{ include "helper.alloy_name" .name }}.receiver{{ end -}} diff --git a/charts/k8s-monitoring/tests/cluster_events_test.yaml b/charts/k8s-monitoring/tests/cluster_events_test.yaml index 21fdd9e37..532370c06 100644 --- a/charts/k8s-monitoring/tests/cluster_events_test.yaml +++ b/charts/k8s-monitoring/tests/cluster_events_test.yaml @@ -65,6 +65,9 @@ tests: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/api/push" + tls_config { + insecure_skip_verify = false + } } external_labels = { cluster = "ci-test-cluster",