Merge review feedback completed.

Author: libander

logging/cluster-logging-loki.adoc

@@ -26,6 +26,20 @@ include::modules/logging-loki-cli-install.adoc[leveloffset=+1]
 
 include::modules/logging-clo-cli-install.adoc[leveloffset=+1]
 
+include::modules/logging-loki-storage.adoc[leveloffset=+1]
+
+include::modules/logging-loki-storage-aws.adoc[leveloffset=+2]
+
+include::modules/logging-loki-storage-azure.adoc[leveloffset=+2]
+
+include::modules/logging-loki-storage-gcp.adoc[leveloffset=+2]
+
+include::modules/logging-loki-storage-minio.adoc[leveloffset=+2]
+
+include::modules/logging-loki-storage-odf.adoc[leveloffset=+2]
+
+include::modules/logging-loki-storage-swift.adoc[leveloffset=+2]
+
 include::modules/logging-loki-restart-hardening.adoc[leveloffset=+1]
 
 [role="_additional-resources"]

modules/logging-loki-storage-aws.adoc

@@ -0,0 +1,24 @@
+// Module is included in the following assemblies:
+// logging/cluster-logging-loki.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-aws_{context}"]
+= AWS storage
+
+.Prerequisites
+* You have deployed Loki Operator.
+* You have created a link:https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html[bucket] on AWS.
+* You have created an link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_resource-based[AWS IAM Policy and IAM User].
+
+.Procedure
+* Create an object storage secret with the name `logging-loki-aws` by running the following command:
+
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-aws \
+  --from-literal=bucketnames="<bucket_name>" \
+  --from-literal=endpoint="<aws_bucket_endpoint>" \
+  --from-literal=access_key_id="<aws_access_key_id>" \
+  --from-literal=access_key_secret="<aws_access_key_secret>" \
+  --from-literal=region="<aws_region_of_your_bucket>"
+----

modules/logging-loki-storage-azure.adoc

@@ -0,0 +1,23 @@
+// Module is included in the following assemblies:
+// logging/cluster-logging-loki.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-azure_{context}"]
+= Azure storage
+
+.Prerequisites
+* You have deployed Loki Operator.
+* You have created a link:https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction[bucket] on Azure.
+
+.Procedure
+* Create an object storage secret with the name `logging-loki-azure` by running the following command:
+
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-azure \
+  --from-literal=container="<azure_container_name>" \
+  --from-literal=environment="<azure_environment>" \ # <1>
+  --from-literal=account_name="<azure_account_name>" \
+  --from-literal=account_key="<azure_account_key>"
+----
+<1> Supported environment values are: `AzureGlobal`, `AzureChinaCloud`, `AzureGermanCloud`, `AzureUSGovernment`.

modules/logging-loki-storage-gcp.adoc

@@ -0,0 +1,30 @@
+// Module is included in the following assemblies:
+// logging/cluster-logging-loki.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-gcp_{context}"]
+= GCP storage
+
+.Prerequisites
+
+* You have deployed Loki Operator.
+
+* You have created a link:https://cloud.google.com/resource-manager/docs/creating-managing-projects[project] on Google Cloud Platform.
+
+* You have created a link:https://cloud.google.com/storage/docs/creating-buckets[bucket] in the same project.
+
+* You have created a link:https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account[service account] in the same project for GCP authentication.
+
+.Procedure
+
+. Copy the service account credentials received from GCP into a file called `key.json`.
+
+. Create an object storage secret with the name `logging-loki-gcs` by running the following command:
+
++
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-gcs \
+  --from-literal=bucketname="<bucket_name>" \
+  --from-file=key.json="<path/to/key.json>"
+----

modules/logging-loki-storage-minio.adoc

@@ -0,0 +1,27 @@
+// Module is included in the following assemblies:
+// logging/cluster-logging-loki.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-minio_{context}"]
+= Minio storage
+
+.Prerequisites
+
+* You have deployed Loki Operator.
+
+* You have link:https://operator.min.io/[Minio] deployed on your Cluster.
+
+* You have created a link:https://docs.min.io/docs/minio-client-complete-guide.html[bucket] on Minio.
+
+.Procedure
+
+* Create an object storage secret with the name `logging-loki-minio` by running the following command:
+
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-minio \
+  --from-literal=bucketnames="<bucket_name>" \
+  --from-literal=endpoint="<minio_bucket_endpoint>" \
+  --from-literal=access_key_id="<minio_access_key_id>" \
+  --from-literal=access_key_secret="<minio_access_key_secret>"
+----

modules/logging-loki-storage-odf.adoc

@@ -0,0 +1,59 @@
+// Module is included in the following assemblies:
+// logging/cluster-logging-loki.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-odf_{context}"]
+
+= ODF storage
+
+.Prerequisites
+
+* You have deployed Loki Operator.
+
+* You have deployed link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/[OpenShift Data Foundation].
+
+* You have configured your OpenShift Data Foundation cluster https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.14/html/managing_and_allocating_storage_resources/adding-file-and-object-storage-to-an-existing-external-ocs-cluster[for object storage].
+
+.Procedure
+
+. Create an `ObjectBucketClaim` custom resource in the `openshift-logging` namespace:
++
+[source,yaml]
+----
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: loki-bucket-odf
+  namespace: openshift-logging
+spec:
+  generateBucketName: loki-bucket-odf
+  storageClassName: openshift-storage.noobaa.io
+----
+
+. Get bucket properties from the associated `ConfigMap` object by running the following command:
++
+[source,terminal]
+----
+BUCKET_HOST=$(oc get -n openshift-logging configmap loki-bucket-odf -o jsonpath='{.data.BUCKET_HOST}')
+BUCKET_NAME=$(oc get -n openshift-logging configmap loki-bucket-odf -o jsonpath='{.data.BUCKET_NAME}')
+BUCKET_PORT=$(oc get -n openshift-logging configmap loki-bucket-odf -o jsonpath='{.data.BUCKET_PORT}')
+----
+
+. Get bucket access key from the associated secret by running the following command:
++
+[source,terminal]
+----
+ACCESS_KEY_ID=$(oc get -n openshift-logging secret loki-bucket-odf -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 -d)
+SECRET_ACCESS_KEY=$(oc get -n openshift-logging secret loki-bucket-odf -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 -d)
+----
+
+.. Create an object storage secret with the name `logging-loki-odf` by running the following command:
++
+[source,terminal,subs="+quotes"]
+----
+$ oc create -n openshift-logging secret generic logging-loki-odf \
+--from-literal=access_key_id="<access_key_id>" \
+--from-literal=access_key_secret="<secret_access_key>" \
+--from-literal=bucketnames="<bucket_name>" \
+--from-literal=endpoint="https://<bucket_host>:<bucket_port>"
+----

modules/logging-loki-storage-swift.adoc

@@ -0,0 +1,52 @@
+// Module is included in the following assemblies:
+// logging/cluster-logging-loki.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-swift_{context}"]
+= Swift storage
+
+
+.Prerequisites
+
+* You have deployed Loki Operator.
+
+* You have created a https://docs.openstack.org/newton/user-guide/cli-swift-create-containers.html[bucket] on Swift.
+
+.Procedure
+
+* Create an object storage secret with the name `logging-loki-swift` by running the following command:
+
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-swift \
+  --from-literal=auth_url="<swift_auth_url>" \
+  --from-literal=username="<swift_usernameclaim>" \
+  --from-literal=user_domain_name="<swift_user_domain_name>" \
+  --from-literal=user_domain_id="<swift_user_domain_id>" \
+  --from-literal=user_id="<swift_user_id>" \
+  --from-literal=password="<swift_password>" \
+  --from-literal=domain_id="<swift_domain_id>" \
+  --from-literal=domain_name="<swift_domain_name>" \
+  --from-literal=container_name="<swift_container_name>"
+----
+
+* You can optionally provide project-specific data, region, or both by running the following command:
+
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-swift \
+  --from-literal=auth_url="<swift_auth_url>" \
+  --from-literal=username="<swift_usernameclaim>" \
+  --from-literal=user_domain_name="<swift_user_domain_name>" \
+  --from-literal=user_domain_id="<swift_user_domain_id>" \
+  --from-literal=user_id="<swift_user_id>" \
+  --from-literal=password="<swift_password>" \
+  --from-literal=domain_id="<swift_domain_id>" \
+  --from-literal=domain_name="<swift_domain_name>" \
+  --from-literal=container_name="<swift_container_name>" \
+  --from-literal=project_id="<swift_project_id>" \
+  --from-literal=project_name="<swift_project_name>" \
+  --from-literal=project_domain_id="<swift_project_domain_id>" \
+  --from-literal=project_domain_name="<swift_project_domain_name>" \
+  --from-literal=region="<swift_region>"
+----

modules/logging-loki-storage.adoc

@@ -0,0 +1,48 @@
+// Module is included in the following assemblies:
+// logging/cluster-logging-loki.adoc
+//
+:_mod-docs-content-type: CONCEPT
+[id="logging-loki-storage_{context}"]
+= Loki object storage
+
+The Loki Operator supports link:https://aws.amazon.com/[AWS S3], as well as other S3 compatible object stores such as link:https://min.io/[Minio] and link:https://www.redhat.com/en/technologies/cloud-computing/openshift-data-foundation[OpenShift Data Foundation]. link:https://azure.microsoft.com[Azure], link:https://cloud.google.com/[GCS], and link:https://docs.openstack.org/swift/latest/[Swift] are also supported.
+
+The recommended nomenclature for Loki storage is `logging-loki-_<your_storage_provider>_`.
+
+You can create a secret in the directory that contains your certificate and key files by using the following command:
+
+[source,terminal]
+----
+$ oc create secret generic -n openshift-logging <your_secret_name> \
+ --from-file=tls.key=<your_key_file>
+ --from-file=tls.crt=<your_crt_file>
+ --from-file=ca-bundle.crt=<your_bundle_file>
+ --from-literal=username=<your_username>
+ --from-literal=password=<your_password>
+----
+
+[NOTE]
+====
+Use generic or opaque secrets for best results.
+====
+
+You can verify a secret has been created by running the following command:
+
+[source,terminal]
+----
+$ oc get secrets
+----
+
+The following table shows the `type` values within the `LokiStack` custom resource (CR) for each storage provider. For more information, see the section on your storage provider.
+
+[options="header"]
+.Secret type quick reference
+|===
+| Storage provider          | Secret `type` value
+| AWS                       | s3
+| Azure                     | azure
+| Google Cloud              | gcs
+| Minio                     | s3
+| OpenShift Data Foundation | s3
+| Swift                     | swift
+|===