Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

operator: Add support for running with Azure Workload Identity #11802

Merged
merged 10 commits into from
Feb 1, 2024
Merged

operator: Add support for running with Azure Workload Identity #11802

merged 10 commits into from
Feb 1, 2024

Conversation

xperimental
Copy link
Collaborator

@xperimental xperimental commented Jan 26, 2024
edited
Loading

What this PR does / why we need it:

This PR adds support for configuring LokiStack to make use of Azure Workload Identity when communicating with the Azure Blob Storage.

Which issue(s) this PR fixes:

LOG-4546

Special notes for your reviewer:

  • I have only tested this in the AzureGlobal environment so far. It might make sense to try to run it in another Azure environment as well to see if the configuration is sufficient.
  • I have changed how "missing secret field" is reported, so that the name of the missing field is present in the error. This is currently only changed for the Azure secret but can be extended to other secrets as well.

Checklist

  • Reviewed the CONTRIBUTING.md guide (required)
  • Tests updated
  • CHANGELOG.md updated

@xperimental
operator: Add support for running with Azure Workload Identity
95ce23e 
- Add Azure WIF configuration to config file
- Configure environment and volumes for Azure WIF
- Remove region and subscription_id
- Make account_name mandatory for WIF
- Set use_federated_token
- Set path to token file in environment
- Allow overriding Loki image for debugging
- Rename client-id and tenent-id environment variables
- Use different option in configuration
- fixup env vars
- Use openshift audience
- Add region and subscription_id as environment variables
- Add label to Pod when Azure WIF is enabled
- Mount federated token to separate directory
- Revert "Use openshift audience"
@xperimental
Remove client and tenant from loki configuration file
4a261ea
@xperimental
Improve secret error reporting
ec8f164
@xperimental
Remove Pod label
2ddfa1c
@xperimental
Fix typos
cc8ed36
@xperimental
Remove region from environment
5468e63
@xperimental xperimental mentioned this pull request Jan 30, 2024
Merged
3 tasks
@xperimental xperimental marked this pull request as ready for review January 31, 2024 14:20
@xperimental xperimental requested review from periklis and a team as code owners January 31, 2024 14:20
@xperimental xperimental self-assigned this Jan 31, 2024
periklis
periklis reviewed Jan 31, 2024
View reviewed changes
Copy link
Collaborator

@periklis periklis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good to me. Will have a look on a live cluster to get a feeling about it.

@periklis periklis merged commit 009c53a into grafana:main Feb 1, 2024
14 checks passed
rhnasc pushed a commit to inloco/loki that referenced this pull request Apr 12, 2024
@xperimental @rhnasc
operator: Add support for running with Azure Workload Identity (grafa…
0e5aace 
…na#11802)
@rowanmoul rowanmoul mentioned this pull request May 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@periklis periklis periklis approved these changes

Assignees

@xperimental xperimental

Labels
sig/operator size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xperimental @periklis