netobserv
diff --git a/‎api/flowcollector/v1beta2/helper.go‎
Lines changed: 9 additions & 0 deletions b/‎api/flowcollector/v1beta2/helper.go‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎bundle/manifests/netobserv-operator.clusterserviceversion.yaml‎
Lines changed: 12 additions & 10 deletions b/‎bundle/manifests/netobserv-operator.clusterserviceversion.yaml‎
Lines changed: 12 additions & 10 deletions
diff --git a/‎config/csv/bases/netobserv-operator.clusterserviceversion.yaml‎
Lines changed: 6 additions & 0 deletions b/‎config/csv/bases/netobserv-operator.clusterserviceversion.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎config/descriptions/upstream.md‎
Lines changed: 3 additions & 3 deletions b/‎config/descriptions/upstream.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎config/manager/kustomization.yaml‎
Lines changed: 2 additions & 2 deletions b/‎config/manager/kustomization.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎config/manager/manager.yaml‎
Lines changed: 1 addition & 1 deletion b/‎config/manager/manager.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎go.mod‎
Lines changed: 3 additions & 1 deletion b/‎go.mod‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 4 additions & 2 deletions b/‎go.sum‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎helm/crds/flows.netobserv.io_flowcollectors.yaml‎
Lines changed: 1 addition & 1 deletion b/‎helm/crds/flows.netobserv.io_flowcollectors.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎internal/controller/consoleplugin/consoleplugin_objects.go‎
Lines changed: 19 additions & 3 deletions b/‎internal/controller/consoleplugin/consoleplugin_objects.go‎
Lines changed: 19 additions & 3 deletions
@@ -192,3 +192,12 @@ func (spec *FlowCollectorSpec) HasExperimentalAlertsHealth() bool {
 	}
 	return false
 }
+
+func (spec *FlowCollectorFLP) HasExperimentalLokiGRPCClientProtocol() bool {
+	if spec.Advanced != nil {
+		env := spec.Advanced.Env["LOKI_USE_GRPC_CLIENT_PROTOCOL"]
+		useGRPC, err := strconv.ParseBool(env)
+		return err == nil && useGRPC
+	}
+	return false
+}
@@ -480,6 +480,12 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:fieldDependency:loki.enable:true
         - urn:alm:descriptor:com.tectonic.ui:advanced
+      - displayName: Keep alive
+        path: loki.grpcConfig.keepAlive
+      - displayName: Keep alive timeout
+        path: loki.grpcConfig.keepAliveTimeout
+      - displayName: Read timeout
+        path: loki.readTimeout
       - path: loki.advanced
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:hidden
@@ -596,8 +602,6 @@ spec:
         path: loki.monolithic.tenantID
       - displayName: Url
         path: loki.monolithic.url
-      - displayName: Read timeout
-        path: loki.readTimeout
       - displayName: Namespace
         path: namespace
       - displayName: Network policy
@@ -708,7 +712,7 @@ spec:
 
     ## Configuration
 
-    The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](https://github.com/netobserv/network-observability-operator/blob/1.9.2-community/docs/FlowCollector.md), and a full sample file [there](https://github.com/netobserv/network-observability-operator/blob/1.9.2-community/config/samples/flows_v1beta2_flowcollector.yaml).
+    The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](https://github.com/netobserv/network-observability-operator/blob/main/docs/FlowCollector.md), and a full sample file [there](https://github.com/netobserv/network-observability-operator/blob/main/config/samples/flows_v1beta2_flowcollector.yaml).
 
     To edit configuration in cluster, run:
 
@@ -724,7 +728,7 @@ spec:
 
     - Loki (`spec.loki`): configure here how to reach Loki. The default values match the Loki quick install paths mentioned above, but you might have to configure differently if you used another installation method. Make sure to disable it (`spec.loki.enable`) if you don't want to use Loki.
 
-    - Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/1.9.2-community/docs/QuickFilters.md).
+    - Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/main/docs/QuickFilters.md).
 
     - Kafka (`spec.deploymentModel: KAFKA` and `spec.kafka`): when enabled, integrates the flow collection pipeline with Kafka, by splitting ingestion from transformation (kube enrichment, derived metrics, ...). Kafka can provide better scalability, resiliency and high availability ([view more details](https://www.redhat.com/en/topics/integration/what-is-apache-kafka)). Assumes Kafka is already deployed and a topic is created.
 
@@ -760,7 +764,7 @@ spec:
     This documentation includes:
 
     - An [overview](https://github.com/netobserv/network-observability-operator#openshift-console) of the features, with screenshots
-    - More information on [configuring metrics](https://github.com/netobserv/network-observability-operator/blob/1.9.2-community/docs/Metrics.md).
+    - More information on [configuring metrics](https://github.com/netobserv/network-observability-operator/blob/main/docs/Metrics.md).
     - A [performance](https://github.com/netobserv/network-observability-operator#performance-fine-tuning) section, for fine-tuning
     - A [security](https://github.com/netobserv/network-observability-operator#securing-data-and-communications) section
     - An [F.A.Q.](https://github.com/netobserv/network-observability-operator#faq--troubleshooting) section
@@ -1072,15 +1076,15 @@ spec:
                 - name: RELATED_IMAGE_CONSOLE_PLUGIN
                   value: quay.io/netobserv/network-observability-console-plugin:v1.9.2-community
                 - name: RELATED_IMAGE_CONSOLE_PLUGIN_COMPAT
-                  value: quay.io/netobserv/network-observability-console-plugin-pf4:v1.8.2-community
+                  value: quay.io/netobserv/network-observability-console-plugin:v1.9.2-community
                 - name: DOWNSTREAM_DEPLOYMENT
                   value: "false"
                 - name: PROFILING_BIND_ADDRESS
                 - name: NAMESPACE
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.namespace
-                image: quay.io/netobserv/network-observability-operator:1.9.2-community
+                image: quay.io/lberetta/network-observability-operator:main
                 imagePullPolicy: Always
                 livenessProbe:
                   httpGet:
@@ -1217,9 +1221,7 @@ spec:
   - image: quay.io/netobserv/flowlogs-pipeline:v1.9.2-community
     name: flowlogs-pipeline
   - image: quay.io/netobserv/network-observability-console-plugin:v1.9.2-community
-    name: console-plugin
-  - image: quay.io/netobserv/network-observability-console-plugin-pf4:v1.8.2-community
-    name: console-plugin-compat
+    name: ""
   version: 1.9.2-community
   webhookdefinitions:
   - admissionReviewVersions:
 
@@ -216,6 +216,12 @@ spec:
           x-descriptors:
             - urn:alm:descriptor:com.tectonic.ui:fieldDependency:loki.enable:true
             - urn:alm:descriptor:com.tectonic.ui:advanced
+        - displayName: Keep alive
+          path: loki.grpcConfig.keepAlive
+        - displayName: Keep alive timeout
+          path: loki.grpcConfig.keepAliveTimeout
+        - displayName: Read timeout
+          path: loki.readTimeout
         - path: loki.advanced
           x-descriptors:
             - urn:alm:descriptor:com.tectonic.ui:hidden
 
@@ -42,7 +42,7 @@ In that case, you can still get the Prometheus metrics or export raw flows to a
 
 ## Configuration
 
-The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](https://github.com/netobserv/network-observability-operator/blob/1.9.2-community/docs/FlowCollector.md), and a full sample file [there](https://github.com/netobserv/network-observability-operator/blob/1.9.2-community/config/samples/flows_v1beta2_flowcollector.yaml).
+The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](https://github.com/netobserv/network-observability-operator/blob/main/docs/FlowCollector.md), and a full sample file [there](https://github.com/netobserv/network-observability-operator/blob/main/config/samples/flows_v1beta2_flowcollector.yaml).
 
 To edit configuration in cluster, run:
 
@@ -58,7 +58,7 @@ A couple of settings deserve special attention:
 
 - Loki (`spec.loki`): configure here how to reach Loki. The default values match the Loki quick install paths mentioned above, but you might have to configure differently if you used another installation method. Make sure to disable it (`spec.loki.enable`) if you don't want to use Loki.
 
-- Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/1.9.2-community/docs/QuickFilters.md).
+- Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/main/docs/QuickFilters.md).
 
 - Kafka (`spec.deploymentModel: KAFKA` and `spec.kafka`): when enabled, integrates the flow collection pipeline with Kafka, by splitting ingestion from transformation (kube enrichment, derived metrics, ...). Kafka can provide better scalability, resiliency and high availability ([view more details](https://www.redhat.com/en/topics/integration/what-is-apache-kafka)). Assumes Kafka is already deployed and a topic is created.
 
@@ -94,7 +94,7 @@ Please refer to the documentation on GitHub for more information.
 This documentation includes:
 
 - An [overview](https://github.com/netobserv/network-observability-operator#openshift-console) of the features, with screenshots
-- More information on [configuring metrics](https://github.com/netobserv/network-observability-operator/blob/1.9.2-community/docs/Metrics.md).
+- More information on [configuring metrics](https://github.com/netobserv/network-observability-operator/blob/main/docs/Metrics.md).
 - A [performance](https://github.com/netobserv/network-observability-operator#performance-fine-tuning) section, for fine-tuning
 - A [security](https://github.com/netobserv/network-observability-operator#securing-data-and-communications) section
 - An [F.A.Q.](https://github.com/netobserv/network-observability-operator#faq--troubleshooting) section
@@ -13,8 +13,8 @@ patches:
 - path: manager_webhook_patch.yaml
 images:
 - name: controller
-  newName: quay.io/netobserv/network-observability-operator
-  newTag: 1.9.2-community
+  newName: quay.io/lberetta/network-observability-operator
+  newTag: main
 labels:
 - includeSelectors: true
   pairs:
 
@@ -39,7 +39,7 @@ spec:
           - name: RELATED_IMAGE_CONSOLE_PLUGIN
             value: quay.io/netobserv/network-observability-console-plugin:v1.9.2-community
           - name: RELATED_IMAGE_CONSOLE_PLUGIN_COMPAT
-            value: quay.io/netobserv/network-observability-console-plugin-pf4:v1.8.2-community
+            value: quay.io/netobserv/network-observability-console-plugin:v1.9.2-community
           - name: DOWNSTREAM_DEPLOYMENT
             value: "false"
           - name: PROFILING_BIND_ADDRESS
 
@@ -75,7 +75,7 @@ require (
 	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/procfs v0.17.0 // indirect
 	github.com/spf13/cobra v1.9.1 // indirect
-	github.com/spf13/pflag v1.0.9 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/stoewer/go-strcase v1.3.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
@@ -118,3 +118,5 @@ require (
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
 )
+
+replace github.com/netobserv/flowlogs-pipeline => github.com/leandroberetta/flowlogs-pipeline v0.0.0-20250924153053-50bf1fe9ddc0
@@ -91,6 +91,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/leandroberetta/flowlogs-pipeline v0.0.0-20250924153053-50bf1fe9ddc0 h1:pJPh9PD7LWA6z/zgL9tKh6VyaIGEqvjoCnY30/lg/Sc=
+github.com/leandroberetta/flowlogs-pipeline v0.0.0-20250924153053-50bf1fe9ddc0/go.mod h1:0qYnaRptAfhKZkZslWQ7zJd3KkmwYJMJ5RK1/BlR1N8=
 github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
 github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -150,8 +152,8 @@ github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cA
 github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
 github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
 github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY=
-github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
+github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4=
 github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
 github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs=
 
@@ -3498,7 +3498,7 @@ spec:
                         such as getting per-pod information or viewing raw flows.
                         If both Prometheus and Loki are enabled, Prometheus takes precedence and Loki is used as a fallback for queries that Prometheus cannot handle.
                         If they are both disabled, the Console plugin is not deployed.
-                      type: boolean
+                      type: boolean                
                     lokiStack:
                       description: |-
                         Loki configuration for `LokiStack` mode. This is useful for an easy Loki Operator configuration.
 
@@ -347,11 +347,27 @@ func (b *builder) getLokiConfig() (cfg.LokiConfig, error) {
 	if b.desired.Loki.ReadTimeout != nil {
 		lconf.Timeout = api.Duration{Duration: b.desired.Loki.ReadTimeout.Duration}
 	}
-	if lk.TLS.Enable {
-		if lk.TLS.InsecureSkipVerify {
+	// Console plugin should always use HTTP/gateway TLS config for LokiStack mode
+	// regardless of clientType, since console plugin never uses gRPC
+	tlsConfig := &lk.TLS
+	if b.desired.Loki.Mode == flowslatest.LokiModeLokiStack && b.desired.Processor.HasExperimentalLokiGRPCClientProtocol() {
+		// Create HTTP/gateway TLS config for console plugin
+		tlsConfig = &flowslatest.ClientTLS{
+			Enable: true,
+			CACert: flowslatest.CertificateReference{
+				Type:      flowslatest.RefTypeConfigMap,
+				Name:      fmt.Sprintf("%s-gateway-ca-bundle", b.desired.Loki.LokiStack.Name),
+				Namespace: b.desired.Loki.LokiStack.Namespace,
+				CertFile:  "service-ca.crt",
+			},
+		}
+	}
+
+	if tlsConfig.Enable {
+		if tlsConfig.InsecureSkipVerify {
 			lconf.SkipTLS = true
 		} else {
-			caPath := b.volumes.AddCACertificate(&lk.TLS, "loki-certs")
+			caPath := b.volumes.AddCACertificate(tlsConfig, "loki-certs")
 			if caPath != "" {
 				lconf.CAPath = caPath
 			}
Original file line number	Diff line number	Diff line change
`@@ -192,3 +192,12 @@ func (spec *FlowCollectorSpec) HasExperimentalAlertsHealth() bool {`
`192`	`192`	`}`
`193`	`193`	`return false`
`194`	`194`	`}`
	`195`	`+`
	`196`	`+func (spec *FlowCollectorFLP) HasExperimentalLokiGRPCClientProtocol() bool {`
	`197`	`+ if spec.Advanced != nil {`
	`198`	`+ env := spec.Advanced.Env["LOKI_USE_GRPC_CLIENT_PROTOCOL"]`
	`199`	`+ useGRPC, err := strconv.ParseBool(env)`
	`200`	`+ return err == nil && useGRPC`
	`201`	`+ }`
	`202`	`+ return false`
	`203`	`+}`