From 8ef931248e2dabfaa4ac1cc5f05c515ecab01703 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 28 Feb 2025 18:17:35 -0500 Subject: [PATCH 01/35] autoscaling --- .github/workflows/terragrunt-cicd.yml | 101 ++++++++++++++++++++++++++ values/loki.yaml | 30 ++++++-- 2 files changed, 126 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/terragrunt-cicd.yml diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml new file mode 100644 index 0000000..a78523e --- /dev/null +++ b/.github/workflows/terragrunt-cicd.yml @@ -0,0 +1,101 @@ +name: 'Terraform Module CI' + +on: + push: + branches: + - main + paths: + - '**/*.hcl' + - '**/*.tf' + pull_request: + branches: + - main + paths: + - '**/*.hcl' + - '**/*.tf' + +permissions: + contents: read + pull-requests: write + +jobs: + validate: + name: 'Validate Module' + runs-on: self-hosted + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.5.0 + + - name: Terraform Init + run: | + terraform init -backend=false + + - name: Terraform Format + run: | + terraform fmt -check + + - name: Terraform Validate + run: | + terraform validate + + - name: Run tflint + uses: terraform-linters/setup-tflint@v3 + if: github.event_name == 'pull_request' + + - name: Lint Terraform + if: github.event_name == 'pull_request' + run: | + tflint --format compact + + release: + name: 'Create Release' + needs: validate + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + runs-on: self-hosted + permissions: + contents: write + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: '3.9' + + - name: Install Commitizen + run: | + pip install commitizen + + - name: Configure Git + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + + - name: Bump Version and Generate Changelog + id: cz + run: | + cz bump --yes + echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT + echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT + + - name: Create Release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: v${{ steps.cz.outputs.new_version }} + release_name: Release v${{ steps.cz.outputs.new_version }} + draft: false + prerelease: false + body: ${{ steps.cz.outputs.changelog }} diff --git a/values/loki.yaml b/values/loki.yaml index ab5e963..efdcf0f 100644 --- a/values/loki.yaml +++ b/values/loki.yaml @@ -29,6 +29,9 @@ write: requests: cpu: 100m memory: 128Mi + limits: + cpu: 200m + memory: 256Mi extraVolumesMounts: - name: data mountPath: /loki @@ -45,7 +48,9 @@ read: requests: cpu: 100m memory: 128Mi - + limits: + cpu: 200m + memory: 256Mi backend: autoscaling: enabled: true @@ -53,12 +58,18 @@ backend: requests: cpu: 100m memory: 128Mi + limits: + cpu: 200m + memory: 256Mi gateway: resources: requests: cpu: 50m memory: 64Mi + limits: + cpu: 100m + memory: 128Mi compactor: working_directory: /loki/compactor @@ -71,18 +82,27 @@ compactor: requests: cpu: 100m memory: 128Mi + limits: + cpu: 200m + memory: 256Mi sidecar: resources: requests: - cpu: 500m - memory: 512Mi + cpu: 200m + memory: 256Mi + limits: + cpu: 200m + memory: 256Mi ruler: resources: requests: - cpu: 500m - memory: 512Mi + cpu: 200m + memory: 256Mi + limits: + cpu: 200m + memory: 256Mi monitoring: dashboards: From 0a89848b2def8447b9940756a6723b2d5535bee4 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 3 Mar 2025 21:10:40 -0500 Subject: [PATCH 02/35] use bitnami image: --- README.md | 4 +--- copy_images.tf | 12 ++++++------ 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index e02ee99..58e2c92 100644 --- a/README.md +++ b/README.md @@ -25,9 +25,8 @@ to loki. | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.87.0 | +| [aws](#provider\_aws) | 5.89.0 | | [helm](#provider\_helm) | 2.17.0 | -| [kubernetes](#provider\_kubernetes) | 2.35.1 | ## Modules @@ -42,7 +41,6 @@ to loki. | Name | Type | |------|------| | [helm_release.loki](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_s3_bucket.s3_server_access_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket) | data source | diff --git a/copy_images.tf b/copy_images.tf index fa07696..887672c 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -12,8 +12,8 @@ locals { enabled = true dest_path = null name = "grafana/loki" - source_image = "grafana/loki" - source_registry = "docker.io" + source_image = "bitnami/grafana-loki" + source_registry = "public.ecr.aws" source_tag = var.loki_tag tag = var.loki_tag }, @@ -30,8 +30,8 @@ locals { enabled = true dest_path = null name = "memcached" - source_image = "memcached" - source_registry = "docker.io" + source_image = "bitnami/memcached" + source_registry = "public.ecr.aws" source_tag = var.memcached_tag tag = var.memcached_tag }, @@ -66,8 +66,8 @@ locals { enabled = true dest_path = null name = "grafana/nginx-unprivileged" - source_image = "nginxinc/nginx-unprivileged" - source_registry = "docker.io" + source_image = "nginx/nginx-unprivileged" + source_registry = "public.ecr.aws" source_tag = var.gateway_tag tag = var.gateway_tag }, From 14b68eb762aa2577a3193e1923827cd7b7094b5d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 6 Mar 2025 20:02:45 -0500 Subject: [PATCH 03/35] lower requests --- values/loki.yaml | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/values/loki.yaml b/values/loki.yaml index efdcf0f..7a4ec00 100644 --- a/values/loki.yaml +++ b/values/loki.yaml @@ -25,10 +25,11 @@ write: enabled: true autoscaling: enabled: true + minReplicas: 1 resources: requests: - cpu: 100m - memory: 128Mi + cpu: 1m + memory: 1Mi limits: cpu: 200m memory: 256Mi @@ -46,18 +47,19 @@ read: minReplicas: 1 resources: requests: - cpu: 100m - memory: 128Mi + cpu: 1m + memory: 1Mi limits: cpu: 200m memory: 256Mi backend: autoscaling: enabled: true + minReplicas: 1 resources: requests: - cpu: 100m - memory: 128Mi + cpu: 1m + memory: 1Mi limits: cpu: 200m memory: 256Mi @@ -65,8 +67,8 @@ backend: gateway: resources: requests: - cpu: 50m - memory: 64Mi + cpu: 1m + memory: 1Mi limits: cpu: 100m memory: 128Mi @@ -80,8 +82,8 @@ compactor: retention_delete_worker_count: 150 resources: requests: - cpu: 100m - memory: 128Mi + cpu: 1m + memory: 1Mi limits: cpu: 200m memory: 256Mi @@ -89,8 +91,8 @@ compactor: sidecar: resources: requests: - cpu: 200m - memory: 256Mi + cpu: 1m + memory: 1Mi limits: cpu: 200m memory: 256Mi @@ -98,8 +100,8 @@ sidecar: ruler: resources: requests: - cpu: 200m - memory: 256Mi + cpu: 1m + memory: 1Mi limits: cpu: 200m memory: 256Mi From 98921ead8aa3f9c69d59db71c06e734c29e26ac7 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 14:43:22 -0500 Subject: [PATCH 04/35] refactor chart values --- loki.values.yml | 3767 +++++++++++++++++++++++++++++++++++++++++++ main.tf | 251 +-- values/loki.yaml | 126 -- values/loki.yml.tpl | 206 +++ 4 files changed, 4102 insertions(+), 248 deletions(-) create mode 100644 loki.values.yml delete mode 100644 values/loki.yaml create mode 100644 values/loki.yml.tpl diff --git a/loki.values.yml b/loki.values.yml new file mode 100644 index 0000000..44c9283 --- /dev/null +++ b/loki.values.yml @@ -0,0 +1,3767 @@ +# -- Overrides the version used to determine compatibility of resources with the target Kubernetes cluster. +# This is useful when using `helm template`, because then helm will use the client version of kubectl as the Kubernetes version, +# which may or may not match your cluster's server version. Example: 'v1.24.4'. Set to null to use the version that helm +# devises. +kubeVersionOverride: null + +global: + image: + # -- Overrides the Docker registry globally for all images + registry: null + # -- Overrides the priorityClassName for all pods + priorityClassName: null + # -- configures cluster domain ("cluster.local" by default) + clusterDomain: "cluster.local" + # -- configures DNS service name + dnsService: "kube-dns" + # -- configures DNS service namespace + dnsNamespace: "kube-system" + # -- Common additional CLI arguments for all jobs (that is, -log.level debug, -config.expand-env=true or -log-config-reverse-order) + # scope: admin-api, backend, bloom-builder, bloom-gateway, bloom-planner, compactor, distributor, index-gateway, ingester, overrides-exporter, pattern-ingester, querier, query-frontend, query-scheduler, read, ruler, write. + extraArgs: [] + # -- Common environment variables to add to all pods directly managed by this chart. + # scope: admin-api, backend, bloom-builder, bloom-gateway, bloom-planner, compactor, distributor, index-gateway, ingester, overrides-exporter, pattern-ingester, querier, query-frontend, query-scheduler, read, ruler, write. + extraEnv: [] + # -- Common source of environment injections to add to all pods directly managed by this chart. + # scope: admin-api, backend, bloom-builder, bloom-gateway, bloom-planner, compactor, distributor, index-gateway, ingester, overrides-exporter, pattern-ingester, querier, query-frontend, query-scheduler, read, ruler, write. + # For example to inject values from a Secret, use: + # extraEnvFrom: + # - secretRef: + # name: mysecret + extraEnvFrom: [] + # -- Common volumes to add to all pods directly managed by this chart. + # scope: admin-api, backend, bloom-builder, bloom-gateway, bloom-planner, compactor, distributor, index-gateway, ingester, overrides-exporter, pattern-ingester, querier, query-frontend, query-scheduler, read, ruler, write. + extraVolumes: [] + # -- Common mount points to add to all pods directly managed by this chart. + # scope: admin-api, backend, bloom-builder, bloom-gateway, bloom-planner, compactor, distributor, index-gateway, ingester, overrides-exporter, pattern-ingester, querier, query-frontend, query-scheduler, read, ruler, write. + extraVolumeMounts: [] +# -- Overrides the chart's name +nameOverride: null +# -- Overrides the chart's computed fullname +fullnameOverride: null +# -- Overrides the chart's cluster label +clusterLabelOverride: null +# -- Image pull secrets for Docker images +imagePullSecrets: [] +# -- Deployment mode lets you specify how to deploy Loki. +# There are 3 options: +# - SingleBinary: Loki is deployed as a single binary, useful for small installs typically without HA, up to a few tens of GB/day. +# - SimpleScalable: Loki is deployed as 3 targets: read, write, and backend. Useful for medium installs easier to manage than distributed, up to a about 1TB/day. +# - Distributed: Loki is deployed as individual microservices. The most complicated but most capable, useful for large installs, typically over 1TB/day. +# There are also 2 additional modes used for migrating between deployment modes: +# - SingleBinary<->SimpleScalable: Migrate from SingleBinary to SimpleScalable (or vice versa) +# - SimpleScalable<->Distributed: Migrate from SimpleScalable to Distributed (or vice versa) +# Note: SimpleScalable and Distributed REQUIRE the use of object storage. +deploymentMode: SimpleScalable +###################################################################################################################### +# +# Base Loki Configs including kubernetes configurations and configurations for Loki itself, +# see below for more specifics on Loki's configuration. +# +###################################################################################################################### +# -- Configuration for running Loki +# @default -- See values.yaml +loki: + # Configures the readiness probe for all of the Loki pods + readinessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 30 + timeoutSeconds: 1 + image: + # -- The Docker registry + registry: docker.io + # -- Docker image repository + repository: grafana/loki + # -- Overrides the image tag whose default is the chart's appVersion + tag: 3.4.2 + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent + # -- Common annotations for all deployments/StatefulSets + annotations: {} + # -- Common annotations for all pods + podAnnotations: {} + # -- Common labels for all pods + podLabels: {} + # -- Common annotations for all services + serviceAnnotations: {} + # -- Common labels for all services + serviceLabels: {} + # -- The number of old ReplicaSets to retain to allow rollback + revisionHistoryLimit: 10 + # -- The SecurityContext for Loki pods + podSecurityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + # -- The SecurityContext for Loki containers + containerSecurityContext: + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + # -- Should enableServiceLinks be enabled. Default to enable + enableServiceLinks: true + ###################################################################################################################### + # + # Loki Configuration + # + # There are several ways to pass configuration to Loki, listing them here in order of our preference for how + # you should use this chart. + # 1. Use the templated value of loki.config below and the corresponding override sections which follow. + # This allows us to set a lot of important Loki configurations and defaults and also allows us to maintain them + # over time as Loki changes and evolves. + # 2. Use the loki.structuredConfig section. + # This will completely override the templated value of loki.config, so you MUST provide the entire Loki config + # including any configuration that we set in loki.config unless you explicitly are trying to change one of those + # values and are not able to do so with the templated sections. + # If you choose this approach the burden is on you to maintain any changes we make to the templated config. + # 3. Use an existing secret or configmap to provide the configuration. + # This option is mostly provided for folks who have external processes which provide or modify the configuration. + # When using this option you can specify a different name for loki.generatedConfigObjectName and configObjectName + # if you have a process which takes the generated config and modifies it, or you can stop the chart from generating + # a config entirely by setting loki.generatedConfigObjectName to + # + ###################################################################################################################### + + # -- Defines what kind of object stores the configuration, a ConfigMap or a Secret. + # In order to move sensitive information (such as credentials) from the ConfigMap/Secret to a more secure location (e.g. vault), it is possible to use [environment variables in the configuration](https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration). + # Such environment variables can be then stored in a separate Secret and injected via the global.extraEnvFrom value. For details about environment injection from a Secret please see [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables). + configStorageType: ConfigMap + # -- The name of the object which Loki will mount as a volume containing the config. + # If the configStorageType is Secret, this will be the name of the Secret, if it is ConfigMap, this will be the name of the ConfigMap. + # The value will be passed through tpl. + configObjectName: '{{ include "loki.name" . }}' + # -- The name of the Secret or ConfigMap that will be created by this chart. + # If empty, no configmap or secret will be created. + # The value will be passed through tpl. + generatedConfigObjectName: '{{ include "loki.name" . }}' + # -- Config file contents for Loki + # @default -- See values.yaml + config: | + {{- if .Values.enterprise.enabled}} + {{- tpl .Values.enterprise.config . }} + {{- else }} + auth_enabled: {{ .Values.loki.auth_enabled }} + {{- end }} + + {{- with .Values.loki.server }} + server: + {{- toYaml . | nindent 2}} + {{- end}} + + pattern_ingester: + enabled: {{ .Values.loki.pattern_ingester.enabled }} + + memberlist: + {{- if .Values.loki.memberlistConfig }} + {{- toYaml .Values.loki.memberlistConfig | nindent 2 }} + {{- else }} + {{- if .Values.loki.extraMemberlistConfig}} + {{- toYaml .Values.loki.extraMemberlistConfig | nindent 2}} + {{- end }} + join_members: + - {{ include "loki.memberlist" . }} + {{- with .Values.migrate.fromDistributed }} + {{- if .enabled }} + - {{ .memberlistService }} + {{- end }} + {{- end }} + {{- end }} + + {{- with .Values.loki.ingester }} + ingester: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- if .Values.loki.commonConfig}} + common: + {{- toYaml .Values.loki.commonConfig | nindent 2}} + storage: + {{- include "loki.commonStorageConfig" . | nindent 4}} + {{- end}} + + {{- with .Values.loki.limits_config }} + limits_config: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + runtime_config: + file: /etc/loki/runtime-config/runtime-config.yaml + + {{- with .Values.chunksCache }} + {{- if .enabled }} + chunk_store_config: + chunk_cache_config: + default_validity: {{ .defaultValidity }} + background: + writeback_goroutines: {{ .writebackParallelism }} + writeback_buffer: {{ .writebackBuffer }} + writeback_size_limit: {{ .writebackSizeLimit }} + memcached: + batch_size: {{ .batchSize }} + parallelism: {{ .parallelism }} + memcached_client: + addresses: dnssrvnoa+_memcached-client._tcp.{{ template "loki.fullname" $ }}-chunks-cache.{{ $.Release.Namespace }}.svc + consistent_hash: true + timeout: {{ .timeout }} + max_idle_conns: 72 + {{- end }} + {{- end }} + + {{- if .Values.loki.schemaConfig }} + schema_config: + {{- toYaml .Values.loki.schemaConfig | nindent 2}} + {{- end }} + + {{- if .Values.loki.useTestSchema }} + schema_config: + {{- toYaml .Values.loki.testSchemaConfig | nindent 2}} + {{- end }} + + {{- if .Values.ruler.enabled }} + {{ include "loki.rulerConfig" . }} + {{- end }} + + {{- if and .Values.loki.storage.use_thanos_objstore .Values.ruler.enabled}} + ruler_storage: + {{- include "loki.rulerThanosStorageConfig" . | nindent 2 }} + {{- end }} + + {{- if or .Values.tableManager.retention_deletes_enabled .Values.tableManager.retention_period }} + table_manager: + retention_deletes_enabled: {{ .Values.tableManager.retention_deletes_enabled }} + retention_period: {{ .Values.tableManager.retention_period }} + {{- end }} + + query_range: + align_queries_with_step: true + {{- with .Values.loki.query_range }} + {{- tpl (. | toYaml) $ | nindent 2 }} + {{- end }} + {{- if .Values.resultsCache.enabled }} + {{- with .Values.resultsCache }} + cache_results: true + results_cache: + cache: + default_validity: {{ .defaultValidity }} + background: + writeback_goroutines: {{ .writebackParallelism }} + writeback_buffer: {{ .writebackBuffer }} + writeback_size_limit: {{ .writebackSizeLimit }} + memcached_client: + consistent_hash: true + addresses: dnssrvnoa+_memcached-client._tcp.{{ template "loki.fullname" $ }}-results-cache.{{ $.Release.Namespace }}.svc + timeout: {{ .timeout }} + update_interval: 1m + {{- end }} + {{- end }} + + {{- with .Values.loki.storage_config }} + storage_config: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.query_scheduler }} + query_scheduler: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.compactor }} + compactor: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.analytics }} + analytics: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.querier }} + querier: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.index_gateway }} + index_gateway: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.frontend }} + frontend: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.frontend_worker }} + frontend_worker: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.distributor }} + distributor: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + tracing: + enabled: {{ .Values.loki.tracing.enabled }} + + {{- with .Values.loki.bloom_build }} + bloom_build: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.bloom_gateway }} + bloom_gateway: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + # Should authentication be enabled + auth_enabled: true + # -- memberlist configuration (overrides embedded default) + memberlistConfig: {} + # -- Extra memberlist configuration + extraMemberlistConfig: {} + # -- Tenants list to be created on nginx htpasswd file, with name and password keys + tenants: [] + # -- Check https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration. + server: + http_listen_port: 3100 + grpc_listen_port: 9095 + http_server_read_timeout: 600s + http_server_write_timeout: 600s + # -- Limits config + limits_config: + reject_old_samples: true + reject_old_samples_max_age: 168h + max_cache_freshness_per_query: 10m + split_queries_by_interval: 15m + query_timeout: 300s + volume_enabled: true + # -- Provides a reloadable runtime configuration file for some specific configuration + runtimeConfig: {} + # -- Check https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration + commonConfig: + path_prefix: /var/loki + replication_factor: 3 + compactor_address: '{{ include "loki.compactorAddress" . }}' + # -- Storage config. Providing this will automatically populate all necessary storage configs in the templated config. + # -- In case of using thanos storage, enable use_thanos_objstore and the configuration should be done inside the object_store section. + storage: + # Loki requires a bucket for chunks and the ruler. GEL requires a third bucket for the admin API. + # Please provide these values if you are using object storage. + # bucketNames: + # chunks: FIXME + # ruler: FIXME + # admin: FIXME + type: s3 + s3: + s3: null + endpoint: null + region: null + secretAccessKey: null + accessKeyId: null + signatureVersion: null + s3ForcePathStyle: false + insecure: false + http_config: {} + # -- Check https://grafana.com/docs/loki/latest/configure/#s3_storage_config for more info on how to provide a backoff_config + backoff_config: {} + disable_dualstack: false + gcs: + chunkBufferSize: 0 + requestTimeout: "0s" + enableHttp2: true + azure: + accountName: null + accountKey: null + connectionString: null + useManagedIdentity: false + useFederatedToken: false + userAssignedId: null + requestTimeout: null + endpointSuffix: null + chunkDelimiter: null + swift: + auth_version: null + auth_url: null + internal: null + username: null + user_domain_name: null + user_domain_id: null + user_id: null + password: null + domain_id: null + domain_name: null + project_id: null + project_name: null + project_domain_id: null + project_domain_name: null + region_name: null + container_name: null + max_retries: null + connect_timeout: null + request_timeout: null + filesystem: + chunks_directory: /var/loki/chunks + rules_directory: /var/loki/rules + admin_api_directory: /var/loki/admin + + # Loki now supports using thanos storage clients for connecting to object storage backend. + # This will become the default way to configure storage in a future releases. + use_thanos_objstore: false + + object_store: + # Type of object store. Valid options are: s3, gcs, azure + type: s3 + prefix: null # Optional prefix for storage keys + + # S3 configuration (when type is "s3") + s3: + endpoint: null # S3 endpoint URL + region: null # Optional region + access_key_id: null # Optional access key + secret_access_key: null # Optional secret key + insecure: false # Optional. Enable if using self-signed TLS + sse: {} # Optional server-side encryption configuration + http: {} # Optional HTTP client configuration + + # GCS configuration (when type is "gcs") + gcs: + bucket_name: null # Name of the bucket + service_account: null # Optional service account JSON + + # Azure configuration (when type is "azure") + azure: + account_name: null # Storage account name + account_key: null # Optional storage account key + + # -- Configure memcached as an external cache for chunk and results cache. Disabled by default + # must enable and specify a host for each cache you would like to use. + memcached: + chunk_cache: + enabled: false + host: "" + service: "memcached-client" + batch_size: 256 + parallelism: 10 + results_cache: + enabled: false + host: "" + service: "memcached-client" + timeout: "500ms" + default_validity: "12h" + # -- Check https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas + schemaConfig: {} + # -- a real Loki install requires a proper schemaConfig defined above this, however for testing or playing around + # you can enable useTestSchema + useTestSchema: false + testSchemaConfig: + configs: + - from: 2024-04-01 + store: tsdb + object_store: '{{ include "loki.testSchemaObjectStore" . }}' + schema: v13 + index: + prefix: index_ + period: 24h + # -- Check https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler + rulerConfig: + wal: + dir: /var/loki/ruler-wal + # -- Structured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig` + structuredConfig: {} + # -- Additional query scheduler config + query_scheduler: {} + # -- Additional storage config + storage_config: + boltdb_shipper: + index_gateway_client: + server_address: '{{ include "loki.indexGatewayAddress" . }}' + tsdb_shipper: + index_gateway_client: + server_address: '{{ include "loki.indexGatewayAddress" . }}' + bloom_shipper: + working_directory: /var/loki/data/bloomshipper + hedging: + at: "250ms" + max_per_second: 20 + up_to: 3 + # -- Optional compactor configuration + compactor: {} + # -- Optional pattern ingester configuration + pattern_ingester: + enabled: false + # -- Optional analytics configuration + analytics: {} + # -- Optional querier configuration + query_range: {} + # -- Optional querier configuration + querier: {} + # -- Optional ingester configuration + ingester: {} + # -- Optional index gateway configuration + index_gateway: + mode: simple + frontend: + scheduler_address: '{{ include "loki.querySchedulerAddress" . }}' + tail_proxy_url: '{{ include "loki.querierAddress" . }}' + frontend_worker: + scheduler_address: '{{ include "loki.querySchedulerAddress" . }}' + # -- Optional distributor configuration + distributor: {} + # -- Enable tracing + tracing: + enabled: false + bloom_build: + enabled: false + builder: + planner_address: '{{ include "loki.bloomPlannerAddress" . }}' + bloom_gateway: + enabled: false + client: + addresses: '{{ include "loki.bloomGatewayAddresses" . }}' +###################################################################################################################### +# +# Enterprise Loki Configs +# +###################################################################################################################### + +# -- Configuration for running Enterprise Loki +enterprise: + # Enable enterprise features, license must be provided + enabled: false + # Default verion of GEL to deploy + version: 3.4.0 + # -- Optional name of the GEL cluster, otherwise will use .Release.Name + # The cluster name must match what is in your GEL license + cluster_name: null + # -- Grafana Enterprise Logs license + # In order to use Grafana Enterprise Logs features, you will need to provide + # the contents of your Grafana Enterprise Logs license, either by providing the + # contents of the license.jwt, or the name Kubernetes Secret that contains your + # license.jwt. + # To set the license contents, use the flag `--set-file 'enterprise.license.contents=./license.jwt'` + license: + contents: "NOTAVALIDLICENSE" + # -- Set to true when providing an external license + useExternalLicense: false + # -- Name of external license secret to use + externalLicenseName: null + # -- Name of the external config secret to use + externalConfigName: "" + # -- Use GEL gateway, if false will use the default nginx gateway + gelGateway: true + # -- If enabled, the correct admin_client storage will be configured. If disabled while running enterprise, + # make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`. + adminApi: + enabled: true + # enterprise specific sections of the config.yaml file + config: | + {{- if .Values.enterprise.adminApi.enabled }} + admin_client: + {{ include "enterprise-logs.adminAPIStorageConfig" . | nindent 2 }} + {{ end }} + auth: + type: {{ .Values.enterprise.adminApi.enabled | ternary "enterprise" "trust" }} + auth_enabled: {{ .Values.loki.auth_enabled }} + cluster_name: {{ include "loki.clusterName" . }} + license: + path: /etc/loki/license/license.jwt + image: + # -- The Docker registry + registry: docker.io + # -- Docker image repository + repository: grafana/enterprise-logs + # -- Docker image tag + tag: 3.4.0 + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent + adminToken: + # -- Alternative name for admin token secret, needed by tokengen and provisioner jobs + secret: null + # -- Additional namespace to also create the token in. Useful if your Grafana instance + # is in a different namespace + additionalNamespaces: [] + # -- Alternative name of the secret to store token for the canary + canarySecret: null + # -- Configuration for `tokengen` target + tokengen: + # -- Whether the job should be part of the deployment + enabled: true + # -- Comma-separated list of Loki modules to load for tokengen + targetModule: "tokengen" + # -- Additional CLI arguments for the `tokengen` target + extraArgs: [] + # -- Additional Kubernetes environment + env: [] + # -- Additional labels for the `tokengen` Job + labels: {} + # -- Additional annotations for the `tokengen` Job + annotations: {} + # -- Affinity for tokengen Pods + affinity: {} + # -- Node selector for tokengen Pods + nodeSelector: {} + # -- Tolerations for tokengen Job + tolerations: [] + # -- Additional volumes for Pods + extraVolumes: [] + # -- Additional volume mounts for Pods + extraVolumeMounts: [] + # -- Run containers as user `enterprise-logs(uid=10001)` + securityContext: + runAsNonRoot: true + runAsGroup: 10001 + runAsUser: 10001 + fsGroup: 10001 + # -- Environment variables from secrets or configmaps to add to the tokengen pods + extraEnvFrom: [] + # -- The name of the PriorityClass for tokengen Pods + priorityClassName: "" + # -- Configuration for `provisioner` target + provisioner: + # -- Whether the job should be part of the deployment + enabled: true + # -- Name of the secret to store provisioned tokens in + provisionedSecretPrefix: null + # -- Hook type(s) to customize when the job runs. defaults to post-install + hookType: "post-install" + # -- Additional tenants to be created. Each tenant will get a read and write policy + # and associated token. Tenant must have a name and a namespace for the secret containting + # the token to be created in. For example + # additionalTenants: + # - name: loki + # secretNamespace: grafana + additionalTenants: [] + # -- Additional Kubernetes environment + env: [] + # -- Additional labels for the `provisioner` Job + labels: {} + # -- Additional annotations for the `provisioner` Job + annotations: {} + # -- Affinity for tokengen Pods + affinity: {} + # -- Node selector for tokengen Pods + nodeSelector: {} + # -- Tolerations for tokengen Pods + tolerations: [] + # -- The name of the PriorityClass for provisioner Job + priorityClassName: null + # -- Run containers as user `enterprise-logs(uid=10001)` + securityContext: + runAsNonRoot: true + runAsGroup: 10001 + runAsUser: 10001 + fsGroup: 10001 + # -- Provisioner image to Utilize + image: + # -- The Docker registry + registry: docker.io + # -- Docker image repository + repository: grafana/enterprise-logs-provisioner + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent + # -- Volume mounts to add to the provisioner pods + extraVolumeMounts: [] +# -- kubetclImage is used in the enterprise provisioner and tokengen jobs +kubectlImage: + # -- The Docker registry + registry: docker.io + # -- Docker image repository + repository: bitnami/kubectl + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent +###################################################################################################################### +# +# Chart Testing +# +###################################################################################################################### + +# -- Section for configuring optional Helm test +test: + enabled: true + # -- Used to directly query the metrics endpoint of the canary for testing, this approach avoids needing prometheus for testing. + # This in a newer approach to using prometheusAddress such that tests do not have a dependency on prometheus + canaryServiceAddress: "http://loki-canary:3500/metrics" + # -- Address of the prometheus server to query for the test. This overrides any value set for canaryServiceAddress. + # This is kept for backward compatibility and may be removed in future releases. Previous value was 'http://prometheus:9090' + prometheusAddress: "" + # -- Number of times to retry the test before failing + timeout: 1m + # -- Additional labels for the test pods + labels: {} + # -- Additional annotations for test pods + annotations: {} + # -- Image to use for loki canary + image: + # -- The Docker registry + registry: docker.io + # -- Docker image repository + repository: grafana/loki-helm-test + # -- Overrides the image tag whose default is the chart's appVersion + tag: "ewelch-distributed-helm-chart-17db5ee" + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent +# The Loki canary pushes logs to and queries from this loki installation to test +# that it's working correctly +lokiCanary: + enabled: true + # -- If true, the canary will send directly to Loki via the address configured for verification -- + # -- If false, it will write to stdout and an Agent will be needed to scrape and send the logs -- + push: true + # -- The name of the label to look for at loki when doing the checks. + labelname: pod + # -- Additional annotations for the `loki-canary` Daemonset + annotations: {} + # -- Additional labels for each `loki-canary` pod + podLabels: {} + service: + # -- Annotations for loki-canary Service + annotations: {} + # -- Additional labels for loki-canary Service + labels: {} + # -- Additional CLI arguments for the `loki-canary' command + extraArgs: [] + # -- Environment variables to add to the canary pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the canary pods + extraEnvFrom: [] + # -- Volume mounts to add to the canary pods + extraVolumeMounts: [] + # -- Volumes to add to the canary pods + extraVolumes: [] + # -- Resource requests and limits for the canary + resources: {} + # -- DNS config for canary pods + dnsConfig: {} + # -- Node selector for canary pods + nodeSelector: {} + # -- Tolerations for canary pods + tolerations: [] + # -- The name of the PriorityClass for loki-canary pods + priorityClassName: null + # -- Image to use for loki canary + image: + # -- The Docker registry + registry: docker.io + # -- Docker image repository + repository: grafana/loki-canary + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent + # -- Update strategy for the `loki-canary` Daemonset pods + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 +###################################################################################################################### +# +# Service Accounts and Kubernetes RBAC +# +###################################################################################################################### +serviceAccount: + # -- Specifies whether a ServiceAccount should be created + create: true + # -- The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: null + # -- Image pull secrets for the service account + imagePullSecrets: [] + # -- Annotations for the service account + annotations: {} + # -- Labels for the service account + labels: {} + # -- Set this toggle to false to opt out of automounting API credentials for the service account + automountServiceAccountToken: true +# RBAC configuration +rbac: + # -- If pspEnabled true, a PodSecurityPolicy is created for K8s that use psp. + pspEnabled: false + # -- For OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints. + sccEnabled: false + # -- Specify PSP annotations + # Ref: https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/#podsecuritypolicy-annotations + pspAnnotations: {} + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + # -- Whether to install RBAC in the namespace only or cluster-wide. Useful if you want to watch ConfigMap globally. + namespaced: false +###################################################################################################################### +# +# Network Policy configuration +# +###################################################################################################################### +networkPolicy: + # -- Specifies whether Network Policies should be created + enabled: false + # -- Specifies whether the policies created will be standard Network Policies (flavor: kubernetes) + # or Cilium Network Policies (flavor: cilium) + flavor: kubernetes + metrics: + # -- Specifies the Pods which are allowed to access the metrics port. + # As this is cross-namespace communication, you also need the namespaceSelector. + podSelector: {} + # -- Specifies the namespaces which are allowed to access the metrics port + namespaceSelector: {} + # -- Specifies specific network CIDRs which are allowed to access the metrics port. + # In case you use namespaceSelector, you also have to specify your kubelet networks here. + # The metrics ports are also used for probes. + cidrs: [] + ingress: + # -- Specifies the Pods which are allowed to access the http port. + # As this is cross-namespace communication, you also need the namespaceSelector. + podSelector: {} + # -- Specifies the namespaces which are allowed to access the http port + namespaceSelector: {} + alertmanager: + # -- Specify the alertmanager port used for alerting + port: 9093 + # -- Specifies the alertmanager Pods. + # As this is cross-namespace communication, you also need the namespaceSelector. + podSelector: {} + # -- Specifies the namespace the alertmanager is running in + namespaceSelector: {} + externalStorage: + # -- Specify the port used for external storage, e.g. AWS S3 + ports: [] + # -- Specifies specific network CIDRs you want to limit access to + cidrs: [] + discovery: + # -- (int) Specify the port used for discovery + port: null + # -- Specifies the Pods labels used for discovery. + # As this is cross-namespace communication, you also need the namespaceSelector. + podSelector: {} + # -- Specifies the namespace the discovery Pods are running in + namespaceSelector: {} + egressWorld: + # -- Enable additional cilium egress rules to external world for write, read and backend. + enabled: false + egressKubeApiserver: + # -- Enable additional cilium egress rules to kube-apiserver for backend. + enabled: false +###################################################################################################################### +# +# Global memberlist configuration +# +###################################################################################################################### + +# Configuration for the memberlist service +memberlist: + service: + publishNotReadyAddresses: false + annotations: {} +###################################################################################################################### +# +# adminAPI configuration, enterprise only. +# +###################################################################################################################### + +# -- Configuration for the `admin-api` target +adminApi: + # -- Define the amount of instances + replicas: 1 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + # -- Additional CLI arguments for the `admin-api` target + extraArgs: {} + # -- Environment variables from secrets or configmaps to add to the admin-api pods + extraEnvFrom: [] + # -- Additional labels for the `admin-api` Deployment + labels: {} + # -- Additional annotations for the `admin-api` Deployment + annotations: {} + # -- Additional labels and annotations for the `admin-api` Service + service: + labels: {} + annotations: {} + # -- Run container as user `enterprise-logs(uid=10001)` + # `fsGroup` must not be specified, because these security options are applied + # on container level not on Pod level. + podSecurityContext: + runAsNonRoot: true + runAsGroup: 10001 + runAsUser: 10001 + containerSecurityContext: + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + # -- Update strategy + strategy: + type: RollingUpdate + # -- Readiness probe + readinessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 45 + # -- Request and limit Kubernetes resources + # -- Values are defined in small.yaml and large.yaml + resources: {} + # -- Configure optional environment variables + env: [] + # -- Configure optional initContainers + initContainers: [] + # -- Conifgure optional extraContainers + extraContainers: [] + # -- Additional volumes for Pods + extraVolumes: [] + # -- Additional volume mounts for Pods + extraVolumeMounts: [] + # -- Affinity for admin-api Pods + affinity: {} + # -- Node selector for admin-api Pods + nodeSelector: {} + # -- Topology Spread Constraints for admin-api pods + topologySpreadConstraints: [] + # -- Tolerations for admin-api Pods + tolerations: [] + # -- Grace period to allow the admin-api to shutdown before it is killed + terminationGracePeriodSeconds: 60 +###################################################################################################################### +# +# Gateway and Ingress +# +# By default this chart will deploy a Nginx container to act as a gateway which handles routing of traffic +# and can also do auth. +# +# If you would prefer you can optionally disable this and enable using k8s ingress to do the incoming routing. +# +###################################################################################################################### + +# Configuration for the gateway +gateway: + # -- Specifies whether the gateway should be enabled + enabled: true + # -- Number of replicas for the gateway + replicas: 1 + # -- Default container port + containerPort: 8080 + # -- Enable logging of 2xx and 3xx HTTP requests + verboseLogging: true + autoscaling: + # -- Enable autoscaling for the gateway + enabled: false + # -- Minimum autoscaling replicas for the gateway + minReplicas: 1 + # -- Maximum autoscaling replicas for the gateway + maxReplicas: 3 + # -- Target CPU utilisation percentage for the gateway + targetCPUUtilizationPercentage: 60 + # -- Target memory utilisation percentage for the gateway + targetMemoryUtilizationPercentage: + # -- See `kubectl explain deployment.spec.strategy` for more + # -- ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + # -- Behavior policies while scaling. + behavior: {} + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 60 + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + deploymentStrategy: + type: RollingUpdate + image: + # -- The Docker registry for the gateway image + registry: docker.io + # -- The gateway image repository + repository: nginxinc/nginx-unprivileged + # -- The gateway image tag + tag: 1.27-alpine + # -- Overrides the gateway image tag with an image digest + digest: null + # -- The gateway image pull policy + pullPolicy: IfNotPresent + # -- The name of the PriorityClass for gateway pods + priorityClassName: null + # -- Annotations for gateway deployment + annotations: {} + # -- Annotations for gateway pods + podAnnotations: {} + # -- Additional labels for gateway pods + podLabels: {} + # -- Additional CLI args for the gateway + extraArgs: [] + # -- Environment variables to add to the gateway pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the gateway pods + extraEnvFrom: [] + # -- Lifecycle for the gateway container + lifecycle: {} + # -- Volumes to add to the gateway pods + extraVolumes: [] + # -- Volume mounts to add to the gateway pods + extraVolumeMounts: [] + # -- The SecurityContext for gateway containers + podSecurityContext: + fsGroup: 101 + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 101 + # -- The SecurityContext for gateway containers + containerSecurityContext: + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + # -- Resource requests and limits for the gateway + resources: {} + # -- Containers to add to the gateway pods + extraContainers: [] + # -- Grace period to allow the gateway to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Affinity for gateway pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: gateway + topologyKey: kubernetes.io/hostname + # -- DNS config for gateway pods + dnsConfig: {} + # -- Node selector for gateway pods + nodeSelector: {} + # -- Topology Spread Constraints for gateway pods + topologySpreadConstraints: [] + # -- Tolerations for gateway pods + tolerations: [] + # Gateway service configuration + service: + # -- Port of the gateway service + port: 80 + # -- Type of the gateway service + type: ClusterIP + # -- ClusterIP of the gateway service + clusterIP: null + # -- (int) Node port if service type is NodePort + nodePort: null + # -- Load balancer IPO address if service type is LoadBalancer + loadBalancerIP: null + # -- Annotations for the gateway service + annotations: {} + # -- Labels for gateway service + labels: {} + # Gateway ingress configuration + ingress: + # -- Specifies whether an ingress for the gateway should be created + enabled: false + # -- Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 + ingressClassName: "" + # -- Annotations for the gateway ingress + annotations: {} + # -- Labels for the gateway ingress + labels: {} + # -- Hosts configuration for the gateway ingress, passed through the `tpl` function to allow templating + hosts: + - host: gateway.loki.example.com + paths: + - path: / + # -- pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers + # pathType: Prefix + # -- TLS configuration for the gateway ingress. Hosts passed through the `tpl` function to allow templating + tls: + - secretName: loki-gateway-tls + hosts: + - gateway.loki.example.com + # Basic auth configuration + basicAuth: + # -- Enables basic authentication for the gateway + enabled: false + # -- The basic auth username for the gateway + username: null + # -- The basic auth password for the gateway + password: null + # -- Uses the specified users from the `loki.tenants` list to create the htpasswd file. + # if `loki.tenants` is not set, the `gateway.basicAuth.username` and `gateway.basicAuth.password` are used. + # The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes + # high CPU load. + # @default -- Either `loki.tenants` or `gateway.basicAuth.username` and `gateway.basicAuth.password`. + htpasswd: >- + {{ if .Values.loki.tenants }} + + + {{- range $t := .Values.loki.tenants }} + {{ htpasswd (required "All tenants must have a 'name' set" $t.name) (required "All tenants must have a 'password' set" $t.password) }} + + + {{- end }} + {{ else }} {{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }} {{ end }} + # -- Existing basic auth secret to use. Must contain '.htpasswd' + existingSecret: null + # Configures the readiness probe for the gateway + readinessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: 15 + timeoutSeconds: 1 + nginxConfig: + # -- Which schema to be used when building URLs. Can be 'http' or 'https'. + schema: http + # -- Enable listener for IPv6, disable on IPv4-only systems + enableIPv6: true + # -- NGINX log format + logFormat: |- + main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + # -- Allows appending custom configuration to the server block + serverSnippet: "" + # -- Allows appending custom configuration to the http block, passed through the `tpl` function to allow templating + httpSnippet: >- + {{ if .Values.loki.tenants }}proxy_set_header X-Scope-OrgID $remote_user;{{ end }} + # -- Allows customizing the `client_max_body_size` directive + clientMaxBodySize: 4M + # -- Whether ssl should be appended to the listen directive of the server block or not. + ssl: false + # -- Override Read URL + customReadUrl: null + # -- Override Write URL + customWriteUrl: null + # -- Override Backend URL + customBackendUrl: null + # -- Allows overriding the DNS resolver address nginx will use. + resolver: "" + # -- Config file contents for Nginx. Passed through the `tpl` function to allow templating + # @default -- See values.yaml + file: | + {{- include "loki.nginxFile" . | indent 2 -}} +# -- If running enterprise and using the default enterprise gateway, configs go here. +enterpriseGateway: + # -- Define the amount of instances + replicas: 1 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + # -- Additional CLI arguments for the `gateway` target + extraArgs: {} + # -- Environment variables from secrets or configmaps to add to the enterprise gateway pods + extraEnvFrom: [] + # -- Additional labels for the `gateway` Pod + labels: {} + # -- Additional annotations for the `gateway` Pod + annotations: {} + # -- Additional labels and annotations for the `gateway` Service + # -- Service overriding service type + service: + type: ClusterIP + labels: {} + annotations: {} + # -- Run container as user `enterprise-logs(uid=10001)` + podSecurityContext: + runAsNonRoot: true + runAsGroup: 10001 + runAsUser: 10001 + fsGroup: 10001 + containerSecurityContext: + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + # -- If you want to use your own proxy URLs, set this to false. + useDefaultProxyURLs: true + # -- update strategy + strategy: + type: RollingUpdate + # -- Readiness probe + readinessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 45 + # -- Request and limit Kubernetes resources + # -- Values are defined in small.yaml and large.yaml + resources: {} + # -- Configure optional environment variables + env: [] + # -- Configure optional initContainers + initContainers: [] + # -- Conifgure optional extraContainers + extraContainers: [] + # -- Additional volumes for Pods + extraVolumes: [] + # -- Additional volume mounts for Pods + extraVolumeMounts: [] + # -- Affinity for gateway Pods + affinity: {} + # -- Node selector for gateway Pods + nodeSelector: {} + # -- Topology Spread Constraints for enterprise-gateway pods + topologySpreadConstraints: [] + # -- Tolerations for gateway Pods + tolerations: [] + # -- Grace period to allow the gateway to shutdown before it is killed + terminationGracePeriodSeconds: 60 +# -- Ingress configuration Use either this ingress or the gateway, but not both at once. +# If you enable this, make sure to disable the gateway. +# You'll need to supply authn configuration for your ingress controller. +ingress: + enabled: false + ingressClassName: "" + annotations: {} + # nginx.ingress.kubernetes.io/auth-type: basic + # nginx.ingress.kubernetes.io/auth-secret: loki-distributed-basic-auth + # nginx.ingress.kubernetes.io/auth-secret-type: auth-map + # nginx.ingress.kubernetes.io/configuration-snippet: | + # proxy_set_header X-Scope-OrgID $remote_user; + labels: {} + # blackbox.monitoring.exclude: "true" + paths: + # -- Paths that are exposed by Loki Distributor. + # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.distributorFullname"}}`. + # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.writeFullname"}}`. + # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` + distributor: + - /api/prom/push + - /loki/api/v1/push + - /otlp/v1/logs + # -- Paths that are exposed by Loki Query Frontend. + # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.queryFrontendFullname"}}`. + # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.readFullname"}}`. + # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` + queryFrontend: + - /api/prom/query + # this path covers labels and labelValues endpoints + - /api/prom/label + - /api/prom/series + - /api/prom/tail + - /loki/api/v1/query + - /loki/api/v1/query_range + - /loki/api/v1/tail + # this path covers labels and labelValues endpoints + - /loki/api/v1/label + - /loki/api/v1/labels + - /loki/api/v1/series + - /loki/api/v1/index/stats + - /loki/api/v1/index/volume + - /loki/api/v1/index/volume_range + - /loki/api/v1/format_query + - /loki/api/v1/detected_field + - /loki/api/v1/detected_fields + - /loki/api/v1/detected_labels + - /loki/api/v1/patterns + # -- Paths that are exposed by Loki Ruler. + # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.rulerFullname"}}`. + # If deployment mode is SimpleScalable, the requests are forwarded to k8s service: `{{"loki.backendFullname"}}`. + # If deployment mode is SimpleScalable but `read.legacyReadTarget` is `true`, the requests are forwarded to k8s service: `{{"loki.readFullname"}}`. + # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` + ruler: + - /api/prom/rules + - /api/prom/api/v1/rules + - /api/prom/api/v1/alerts + - /loki/api/v1/rules + - /prometheus/api/v1/rules + - /prometheus/api/v1/alerts + # -- Hosts configuration for the ingress, passed through the `tpl` function to allow templating + hosts: + - loki.example.com + # -- TLS configuration for the ingress. Hosts passed through the `tpl` function to allow templating + tls: [] +# - hosts: +# - loki.example.com +# secretName: loki-distributed-tls + +###################################################################################################################### +# +# Migration +# +###################################################################################################################### + +# -- Options that may be necessary when performing a migration from another helm chart +migrate: + # -- When migrating from a distributed chart like loki-distributed or enterprise-logs + fromDistributed: + # -- Set to true if migrating from a distributed helm chart + enabled: false + # -- If migrating from a distributed service, provide the distributed deployment's + # memberlist service DNS so the new deployment can join its ring. + memberlistService: "" +###################################################################################################################### +# +# Single Binary Deployment +# +# For small Loki installations up to a few 10's of GB per day, or for testing and development. +# +###################################################################################################################### + +# Configuration for the single binary node(s) +singleBinary: + # -- Number of replicas for the single binary + replicas: 0 + autoscaling: + # -- Enable autoscaling + enabled: false + # -- Minimum autoscaling replicas for the single binary + minReplicas: 1 + # -- Maximum autoscaling replicas for the single binary + maxReplicas: 3 + # -- Target CPU utilisation percentage for the single binary + targetCPUUtilizationPercentage: 60 + # -- Target memory utilisation percentage for the single binary + targetMemoryUtilizationPercentage: + image: + # -- The Docker registry for the single binary image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the single binary image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the single binary image. Overrides `loki.image.tag` + tag: null + # -- The name of the PriorityClass for single binary pods + priorityClassName: null + # -- Annotations for single binary StatefulSet + annotations: {} + # -- Annotations for single binary pods + podAnnotations: {} + # -- Additional labels for each `single binary` pod + podLabels: {} + # -- Additional selector labels for each `single binary` pod + selectorLabels: {} + service: + # -- Annotations for single binary Service + annotations: {} + # -- Additional labels for single binary Service + labels: {} + # -- Comma-separated list of Loki modules to load for the single binary + targetModule: "all" + # -- Labels for single binary service + extraArgs: [] + # -- Environment variables to add to the single binary pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the single binary pods + extraEnvFrom: [] + # -- Extra containers to add to the single binary loki pod + extraContainers: [] + # -- Init containers to add to the single binary pods + initContainers: [] + # -- Volume mounts to add to the single binary pods + extraVolumeMounts: [] + # -- Volumes to add to the single binary pods + extraVolumes: [] + # -- Resource requests and limits for the single binary + resources: {} + # -- Grace period to allow the single binary to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Affinity for single binary pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: single-binary + topologyKey: kubernetes.io/hostname + # -- DNS config for single binary pods + dnsConfig: {} + # -- Node selector for single binary pods + nodeSelector: {} + # -- Tolerations for single binary pods + tolerations: [] + persistence: + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: true + # -- Enable persistent disk + enabled: true + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Selector for persistent disk + selector: null + # -- Annotations for volume claim + annotations: {} +###################################################################################################################### +# +# Simple Scalable Deployment (SSD) Mode +# +# +# For small to medium size Loki deployments up to around 1 TB/day, this is the default mode for this helm chart +###################################################################################################################### + +# Configuration for the write pod(s) +write: + # -- Number of replicas for the write + replicas: 3 + autoscaling: + # -- Enable autoscaling for the write. + enabled: false + # -- Minimum autoscaling replicas for the write. + minReplicas: 2 + # -- Maximum autoscaling replicas for the write. + maxReplicas: 6 + # -- Target CPU utilisation percentage for the write. + targetCPUUtilizationPercentage: 60 + # -- Target memory utilization percentage for the write. + targetMemoryUtilizationPercentage: + # -- Behavior policies while scaling. + behavior: + # -- see https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown for scaledown details + scaleUp: + policies: + - type: Pods + value: 1 + periodSeconds: 900 + scaleDown: + policies: + - type: Pods + value: 1 + periodSeconds: 1800 + stabilizationWindowSeconds: 3600 + image: + # -- The Docker registry for the write image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the write image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the write image. Overrides `loki.image.tag` + tag: null + # -- The name of the PriorityClass for write pods + priorityClassName: null + # -- Annotations for write StatefulSet + annotations: {} + # -- Annotations for write pods + podAnnotations: {} + # -- Additional labels for each `write` pod + podLabels: {} + # -- Additional selector labels for each `write` pod + selectorLabels: {} + service: + # -- Annotations for write Service + annotations: {} + # -- Additional labels for write Service + labels: {} + # -- Comma-separated list of Loki modules to load for the write + targetModule: "write" + # -- Additional CLI args for the write + extraArgs: [] + # -- Environment variables to add to the write pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the write pods + extraEnvFrom: [] + # -- Lifecycle for the write container + lifecycle: {} + # -- The default /flush_shutdown preStop hook is recommended as part of the ingester + # scaledown process so it's added to the template by default when autoscaling is enabled, + # but it's disabled to optimize rolling restarts in instances that will never be scaled + # down or when using chunks storage with WAL disabled. + # https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown + # -- Init containers to add to the write pods + initContainers: [] + # -- Containers to add to the write pods + extraContainers: [] + # -- Volume mounts to add to the write pods + extraVolumeMounts: [] + # -- Volumes to add to the write pods + extraVolumes: [] + # -- volumeClaimTemplates to add to StatefulSet + extraVolumeClaimTemplates: [] + # -- Resource requests and limits for the write + resources: {} + # -- Grace period to allow the write to shutdown before it is killed. Especially for the ingester, + # this must be increased. It must be long enough so writes can be gracefully shutdown flushing/transferring + # all data and to successfully leave the member ring on shutdown. + terminationGracePeriodSeconds: 300 + # -- Affinity for write pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: write + topologyKey: kubernetes.io/hostname + # -- DNS config for write pods + dnsConfig: {} + # -- Node selector for write pods + nodeSelector: {} + # -- Topology Spread Constraints for write pods + topologySpreadConstraints: [] + # -- Tolerations for write pods + tolerations: [] + # -- The default is to deploy all pods in parallel. + podManagementPolicy: "Parallel" + persistence: + # -- Enable volume claims in pod spec + volumeClaimsEnabled: true + # -- Parameters used for the `data` volume when volumeClaimEnabled if false + dataVolumeParameters: + emptyDir: {} + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: false + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Selector for persistent disk + selector: null + # -- Annotations for volume claim + annotations: {} +# -- Configuration for the read pod(s) +read: + # -- Number of replicas for the read + replicas: 3 + autoscaling: + # -- Enable autoscaling for the read, this is only used if `queryIndex.enabled: true` + enabled: false + # -- Minimum autoscaling replicas for the read + minReplicas: 2 + # -- Maximum autoscaling replicas for the read + maxReplicas: 6 + # -- Target CPU utilisation percentage for the read + targetCPUUtilizationPercentage: 60 + # -- Target memory utilisation percentage for the read + targetMemoryUtilizationPercentage: + # -- Behavior policies while scaling. + behavior: {} + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 60 + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + image: + # -- The Docker registry for the read image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the read image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the read image. Overrides `loki.image.tag` + tag: null + # -- The name of the PriorityClass for read pods + priorityClassName: null + # -- Annotations for read deployment + annotations: {} + # -- Annotations for read pods + podAnnotations: {} + # -- Additional labels for each `read` pod + podLabels: {} + # -- Additional selector labels for each `read` pod + selectorLabels: {} + service: + # -- Annotations for read Service + annotations: {} + # -- Additional labels for read Service + labels: {} + # -- Comma-separated list of Loki modules to load for the read + targetModule: "read" + # -- Whether or not to use the 2 target type simple scalable mode (read, write) or the + # 3 target type (read, write, backend). Legacy refers to the 2 target type, so true will + # run two targets, false will run 3 targets. + legacyReadTarget: false + # -- Additional CLI args for the read + extraArgs: [] + # -- Containers to add to the read pods + extraContainers: [] + # -- Environment variables to add to the read pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the read pods + extraEnvFrom: [] + # -- Lifecycle for the read container + lifecycle: {} + # -- Volume mounts to add to the read pods + extraVolumeMounts: [] + # -- Volumes to add to the read pods + extraVolumes: [] + # -- Resource requests and limits for the read + resources: {} + # -- Grace period to allow the read to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Affinity for read pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: read + topologyKey: kubernetes.io/hostname + # -- DNS config for read pods + dnsConfig: {} + # -- Node selector for read pods + nodeSelector: {} + # -- Topology Spread Constraints for read pods + topologySpreadConstraints: [] + # -- Tolerations for read pods + tolerations: [] + # -- The default is to deploy all pods in parallel. + podManagementPolicy: "Parallel" + # -- read.persistence is used only if legacyReadTarget is set to true + persistence: + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: true + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Selector for persistent disk + selector: null + # -- Annotations for volume claim + annotations: {} +# -- Configuration for the backend pod(s) +backend: + # -- Number of replicas for the backend + replicas: 3 + autoscaling: + # -- Enable autoscaling for the backend. + enabled: false + # -- Minimum autoscaling replicas for the backend. + minReplicas: 3 + # -- Maximum autoscaling replicas for the backend. + maxReplicas: 6 + # -- Target CPU utilization percentage for the backend. + targetCPUUtilizationPercentage: 60 + # -- Target memory utilization percentage for the backend. + targetMemoryUtilizationPercentage: + # -- Behavior policies while scaling. + behavior: {} + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 60 + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + image: + # -- The Docker registry for the backend image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the backend image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the backend image. Overrides `loki.image.tag` + tag: null + # -- The name of the PriorityClass for backend pods + priorityClassName: null + # -- Annotations for backend StatefulSet + annotations: {} + # -- Annotations for backend pods + podAnnotations: {} + # -- Additional labels for each `backend` pod + podLabels: {} + # -- Additional selector labels for each `backend` pod + selectorLabels: {} + service: + # -- Annotations for backend Service + annotations: {} + # -- Additional labels for backend Service + labels: {} + # -- Comma-separated list of Loki modules to load for the backend + targetModule: "backend" + # -- Additional CLI args for the backend + extraArgs: [] + # -- Environment variables to add to the backend pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the backend pods + extraEnvFrom: [] + # -- Init containers to add to the backend pods + initContainers: [] + # -- Volume mounts to add to the backend pods + extraVolumeMounts: [] + # -- Volumes to add to the backend pods + extraVolumes: [] + # -- Resource requests and limits for the backend + resources: {} + # -- Grace period to allow the backend to shutdown before it is killed. Especially for the ingester, + # this must be increased. It must be long enough so backends can be gracefully shutdown flushing/transferring + # all data and to successfully leave the member ring on shutdown. + terminationGracePeriodSeconds: 300 + # -- Affinity for backend pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: backend + topologyKey: kubernetes.io/hostname + # -- DNS config for backend pods + dnsConfig: {} + # -- Node selector for backend pods + nodeSelector: {} + # -- Topology Spread Constraints for backend pods + topologySpreadConstraints: [] + # -- Tolerations for backend pods + tolerations: [] + # -- The default is to deploy all pods in parallel. + podManagementPolicy: "Parallel" + persistence: + # -- Enable volume claims in pod spec + volumeClaimsEnabled: true + # -- Parameters used for the `data` volume when volumeClaimEnabled if false + dataVolumeParameters: + emptyDir: {} + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: true + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Selector for persistent disk + selector: null + # -- Annotations for volume claim + annotations: {} +###################################################################################################################### +# +# Microservices Mode +# +# For large Loki deployments ingesting more than 1 TB/day +# +###################################################################################################################### + +# -- Configuration for the ingester +ingester: + # -- Number of replicas for the ingester, when zoneAwareReplication.enabled is true, the total + # number of replicas will match this value with each zone having 1/3rd of the total replicas. + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + autoscaling: + # -- Enable autoscaling for the ingester + enabled: false + # -- Minimum autoscaling replicas for the ingester + minReplicas: 1 + # -- Maximum autoscaling replicas for the ingester + maxReplicas: 3 + # -- Target CPU utilisation percentage for the ingester + targetCPUUtilizationPercentage: 60 + # -- Target memory utilisation percentage for the ingester + targetMemoryUtilizationPercentage: null + # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) + customMetrics: [] + # - type: Pods + # pods: + # metric: + # name: loki_lines_total + # target: + # type: AverageValue + # averageValue: 10k + behavior: + # -- Enable autoscaling behaviours + enabled: false + # -- define scale down policies, must conform to HPAScalingRules + scaleDown: {} + # -- define scale up policies, must conform to HPAScalingRules + scaleUp: {} + image: + # -- The Docker registry for the ingester image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the ingester image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the ingester image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + priorityClassName: null + # -- Labels for ingester pods + podLabels: {} + # -- Annotations for ingester pods + podAnnotations: {} + # -- The name of the PriorityClass for ingester pods + # -- Labels for ingestor service + serviceLabels: {} + # -- Annotations for ingestor service + serviceAnnotations: {} + # -- Additional CLI args for the ingester + extraArgs: [] + # -- Environment variables to add to the ingester pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the ingester pods + extraEnvFrom: [] + # -- Volume mounts to add to the ingester pods + extraVolumeMounts: [] + # -- Volumes to add to the ingester pods + extraVolumes: [] + # -- Resource requests and limits for the ingester + resources: {} + # -- Containers to add to the ingester pods + extraContainers: [] + # -- Init containers to add to the ingester pods + initContainers: [] + # -- Grace period to allow the ingester to shutdown before it is killed. Especially for the ingestor, + # this must be increased. It must be long enough so ingesters can be gracefully shutdown flushing/transferring + # all data and to successfully leave the member ring on shutdown. + terminationGracePeriodSeconds: 300 + # -- Lifecycle for the ingester container + lifecycle: {} + # -- topologySpread for ingester pods. + # @default -- Defaults to allow skew no more than 1 node + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app.kubernetes.io/component: ingester + # -- Affinity for ingester pods. Ignored if zoneAwareReplication is enabled. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: ingester + topologyKey: kubernetes.io/hostname + # -- Pod Disruption Budget maxUnavailable + maxUnavailable: 1 + # -- Node selector for ingester pods + nodeSelector: {} + # -- Tolerations for ingester pods + tolerations: [] + # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` + readinessProbe: {} + # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` + livenessProbe: {} + # -- UpdateStrategy for the ingester StatefulSets. + updateStrategy: + # -- One of 'OnDelete' or 'RollingUpdate' + type: RollingUpdate + # -- Optional for updateStrategy.type=RollingUpdate. See [Partitioned rolling updates](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions) in the StatefulSet docs for details. + # rollingUpdate: + # partition: 0 + persistence: + # -- Enable creating PVCs which is required when using boltdb-shipper + enabled: false + # -- Use emptyDir with ramdisk for storage. **Please note that all data in ingester will be lost on pod restart** + inMemory: false + # -- List of the ingester PVCs + # @notationType -- list + claims: + - name: data + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # - name: wal + # size: 150Gi + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: false + whenDeleted: Retain + whenScaled: Retain + # -- Adds the appProtocol field to the ingester service. This allows ingester to work with istio protocol selection. + appProtocol: + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + grpc: "" + # -- Enabling zone awareness on ingesters will create 3 statefulests where all writes will send a replica to each zone. + # This is primarily intended to accelerate rollout operations by allowing for multiple ingesters within a single + # zone to be shutdown and restart simultaneously (the remaining 2 zones will be guaranteed to have at least one copy + # of the data). + # Note: This can be used to run Loki over multiple cloud provider availability zones however this is not currently + # recommended as Loki is not optimized for this and cross zone network traffic costs can become extremely high + # extremely quickly. Even with zone awareness enabled, it is recommended to run Loki in a single availability zone. + zoneAwareReplication: + # -- Enable zone awareness. + enabled: true + # -- The percent of replicas in each zone that will be restarted at once. In a value of 0-100 + maxUnavailablePct: 33 + # -- zoneA configuration + zoneA: + # -- optionally define a node selector for this zone + nodeSelector: null + # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host + extraAffinity: {} + # -- Specific annotations to add to zone A statefulset + annotations: {} + # -- Specific annotations to add to zone A pods + podAnnotations: {} + zoneB: + # -- optionally define a node selector for this zone + nodeSelector: null + # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host + extraAffinity: {} + # -- Specific annotations to add to zone B statefulset + annotations: {} + # -- Specific annotations to add to zone B pods + podAnnotations: {} + zoneC: + # -- optionally define a node selector for this zone + nodeSelector: null + # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host + extraAffinity: {} + # -- Specific annotations to add to zone C statefulset + annotations: {} + # -- Specific annotations to add to zone C pods + podAnnotations: {} + # -- The migration block allows migrating non zone aware ingesters to zone aware ingesters. + migration: + enabled: false + excludeDefaultZone: false + readPath: false + writePath: false + + # optionally allow adding arbitrary prefix to the ingester rollout-group label + rolloutGroupPrefix: null + # optionally allow adding 'loki-' prefix to ingester name label + addIngesterNamePrefix: false + +# -- Configuration for the distributor +distributor: + # -- Number of replicas for the distributor + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + autoscaling: + # -- Enable autoscaling for the distributor + enabled: false + # -- Minimum autoscaling replicas for the distributor + minReplicas: 1 + # -- Maximum autoscaling replicas for the distributor + maxReplicas: 3 + # -- Target CPU utilisation percentage for the distributor + targetCPUUtilizationPercentage: 60 + # -- Target memory utilisation percentage for the distributor + targetMemoryUtilizationPercentage: null + # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) + customMetrics: [] + # - type: Pods + # pods: + # metric: + # name: loki_lines_total + # target: + # type: AverageValue + # averageValue: 10k + behavior: + # -- Enable autoscaling behaviours + enabled: false + # -- define scale down policies, must conform to HPAScalingRules + scaleDown: {} + # -- define scale up policies, must conform to HPAScalingRules + scaleUp: {} + image: + # -- The Docker registry for the distributor image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the distributor image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the distributor image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + # -- The name of the PriorityClass for distributor pods + priorityClassName: null + # -- Labels for distributor pods + podLabels: {} + # -- Annotations for distributor pods + podAnnotations: {} + # -- Labels for distributor service + serviceLabels: {} + # -- Annotations for distributor service + serviceAnnotations: {} + # -- Additional CLI args for the distributor + extraArgs: [] + # -- Environment variables to add to the distributor pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the distributor pods + extraEnvFrom: [] + # -- Volume mounts to add to the distributor pods + extraVolumeMounts: [] + # -- Volumes to add to the distributor pods + extraVolumes: [] + # -- Resource requests and limits for the distributor + resources: {} + # -- Containers to add to the distributor pods + extraContainers: [] + # -- Grace period to allow the distributor to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Affinity for distributor pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: distributor + topologyKey: kubernetes.io/hostname + # -- Pod Disruption Budget maxUnavailable + maxUnavailable: null + # -- Max Surge for distributor pods + maxSurge: 0 + # -- Node selector for distributor pods + nodeSelector: {} + # -- Topology Spread Constraints for distributor pods + topologySpreadConstraints: [] + # -- Tolerations for distributor pods + tolerations: [] + # -- Adds the appProtocol field to the distributor service. This allows distributor to work with istio protocol selection. + appProtocol: + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + grpc: "" +# -- Configuration for the querier +querier: + # -- Number of replicas for the querier + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + autoscaling: + # -- Enable autoscaling for the querier, this is only used if `indexGateway.enabled: true` + enabled: false + # -- Minimum autoscaling replicas for the querier + minReplicas: 1 + # -- Maximum autoscaling replicas for the querier + maxReplicas: 3 + # -- Target CPU utilisation percentage for the querier + targetCPUUtilizationPercentage: 60 + # -- Target memory utilisation percentage for the querier + targetMemoryUtilizationPercentage: null + # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) + customMetrics: [] + # - type: External + # external: + # metric: + # name: loki_inflight_queries + # target: + # type: AverageValue + # averageValue: 12 + behavior: + # -- Enable autoscaling behaviours + enabled: false + # -- define scale down policies, must conform to HPAScalingRules + scaleDown: {} + # -- define scale up policies, must conform to HPAScalingRules + scaleUp: {} + image: + # -- The Docker registry for the querier image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the querier image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the querier image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + # -- The name of the PriorityClass for querier pods + priorityClassName: null + # -- Labels for querier pods + podLabels: {} + # -- Annotations for querier pods + podAnnotations: {} + # -- Labels for querier service + serviceLabels: {} + # -- Annotations for querier service + serviceAnnotations: {} + # -- Additional CLI args for the querier + extraArgs: [] + # -- Environment variables to add to the querier pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the querier pods + extraEnvFrom: [] + # -- Volume mounts to add to the querier pods + extraVolumeMounts: [] + # -- Volumes to add to the querier pods + extraVolumes: [] + # -- Resource requests and limits for the querier + resources: {} + # -- Containers to add to the querier pods + extraContainers: [] + # -- Init containers to add to the querier pods + initContainers: [] + # -- Grace period to allow the querier to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- topologySpread for querier pods. + # @default -- Defaults to allow skew no more then 1 node + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app.kubernetes.io/component: querier + # -- Affinity for querier pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: querier + topologyKey: kubernetes.io/hostname + # -- Pod Disruption Budget maxUnavailable + maxUnavailable: null + # -- Max Surge for querier pods + maxSurge: 0 + # -- Node selector for querier pods + nodeSelector: {} + # -- Tolerations for querier pods + tolerations: [] + # -- DNSConfig for querier pods + dnsConfig: {} + persistence: + # -- Enable creating PVCs for the querier cache + enabled: false + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Annotations for querier PVCs + annotations: {} + # -- Adds the appProtocol field to the querier service. This allows querier to work with istio protocol selection. + appProtocol: + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + grpc: "" +# -- Configuration for the query-frontend +queryFrontend: + # -- Number of replicas for the query-frontend + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + autoscaling: + # -- Enable autoscaling for the query-frontend + enabled: false + # -- Minimum autoscaling replicas for the query-frontend + minReplicas: 1 + # -- Maximum autoscaling replicas for the query-frontend + maxReplicas: 3 + # -- Target CPU utilisation percentage for the query-frontend + targetCPUUtilizationPercentage: 60 + # -- Target memory utilisation percentage for the query-frontend + targetMemoryUtilizationPercentage: null + # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) + customMetrics: [] + # - type: Pods + # pods: + # metric: + # name: loki_query_rate + # target: + # type: AverageValue + # averageValue: 100 + behavior: + # -- Enable autoscaling behaviours + enabled: false + # -- define scale down policies, must conform to HPAScalingRules + scaleDown: {} + # -- define scale up policies, must conform to HPAScalingRules + scaleUp: {} + image: + # -- The Docker registry for the query-frontend image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the query-frontend image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the query-frontend image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + # -- The name of the PriorityClass for query-frontend pods + priorityClassName: null + # -- Labels for query-frontend pods + podLabels: {} + # -- Annotations for query-frontend pods + podAnnotations: {} + # -- Labels for query-frontend service + serviceLabels: {} + # -- Annotations for query-frontend service + serviceAnnotations: {} + # -- Additional CLI args for the query-frontend + extraArgs: [] + # -- Environment variables to add to the query-frontend pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the query-frontend pods + extraEnvFrom: [] + # -- Volume mounts to add to the query-frontend pods + extraVolumeMounts: [] + # -- Volumes to add to the query-frontend pods + extraVolumes: [] + # -- Resource requests and limits for the query-frontend + resources: {} + # -- Containers to add to the query-frontend pods + extraContainers: [] + # -- Grace period to allow the query-frontend to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Affinity for query-frontend pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: query-frontend + topologyKey: kubernetes.io/hostname + # -- Pod Disruption Budget maxUnavailable + maxUnavailable: null + # -- Node selector for query-frontend pods + nodeSelector: {} + # -- Topology Spread Constraints for query-frontend pods + topologySpreadConstraints: [] + # -- Tolerations for query-frontend pods + tolerations: [] + # -- Adds the appProtocol field to the queryFrontend service. This allows queryFrontend to work with istio protocol selection. + appProtocol: + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + grpc: "" +# -- Configuration for the query-scheduler +queryScheduler: + # -- Number of replicas for the query-scheduler. + # It should be lower than `-querier.max-concurrent` to avoid generating back-pressure in queriers; + # it's also recommended that this value evenly divides the latter + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + image: + # -- The Docker registry for the query-scheduler image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the query-scheduler image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the query-scheduler image. Overrides `loki.image.tag` + tag: null + # -- The name of the PriorityClass for query-scheduler pods + priorityClassName: null + # -- Labels for query-scheduler pods + podLabels: {} + # -- Annotations for query-scheduler pods + podAnnotations: {} + # -- Labels for query-scheduler service + serviceLabels: {} + # -- Annotations for query-scheduler service + serviceAnnotations: {} + # -- Additional CLI args for the query-scheduler + extraArgs: [] + # -- Environment variables to add to the query-scheduler pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the query-scheduler pods + extraEnvFrom: [] + # -- Volume mounts to add to the query-scheduler pods + extraVolumeMounts: [] + # -- Volumes to add to the query-scheduler pods + extraVolumes: [] + # -- Resource requests and limits for the query-scheduler + resources: {} + # -- Containers to add to the query-scheduler pods + extraContainers: [] + # -- Grace period to allow the query-scheduler to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Affinity for query-scheduler pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: query-scheduler + topologyKey: kubernetes.io/hostname + # -- Pod Disruption Budget maxUnavailable + maxUnavailable: 1 + # -- Node selector for query-scheduler pods + nodeSelector: {} + # -- Topology Spread Constraints for query-scheduler pods + topologySpreadConstraints: [] + # -- Tolerations for query-scheduler pods + tolerations: [] + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + appProtocol: + grpc: "" +# -- Configuration for the index-gateway +indexGateway: + # -- Number of replicas for the index-gateway + replicas: 0 + # -- Whether the index gateway should join the memberlist hashring + joinMemberlist: true + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + image: + # -- The Docker registry for the index-gateway image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the index-gateway image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the index-gateway image. Overrides `loki.image.tag` + tag: null + # -- The name of the PriorityClass for index-gateway pods + priorityClassName: null + # -- Labels for index-gateway pods + podLabels: {} + # -- Annotations for index-gateway pods + podAnnotations: {} + # -- Labels for index-gateway service + serviceLabels: {} + # -- Annotations for index-gateway service + serviceAnnotations: {} + # -- Additional CLI args for the index-gateway + extraArgs: [] + # -- Environment variables to add to the index-gateway pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the index-gateway pods + extraEnvFrom: [] + # -- Volume mounts to add to the index-gateway pods + extraVolumeMounts: [] + # -- Volumes to add to the index-gateway pods + extraVolumes: [] + # -- Resource requests and limits for the index-gateway + resources: {} + # -- Containers to add to the index-gateway pods + extraContainers: [] + # -- Init containers to add to the index-gateway pods + initContainers: [] + # -- Grace period to allow the index-gateway to shutdown before it is killed. + terminationGracePeriodSeconds: 300 + # -- Affinity for index-gateway pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: index-gateway + topologyKey: kubernetes.io/hostname + # -- Pod Disruption Budget maxUnavailable + maxUnavailable: null + # -- Node selector for index-gateway pods + nodeSelector: {} + # -- Topology Spread Constraints for index-gateway pods + topologySpreadConstraints: [] + # -- Tolerations for index-gateway pods + tolerations: [] + persistence: + # -- Enable creating PVCs which is required when using boltdb-shipper + enabled: false + # -- Use emptyDir with ramdisk for storage. **Please note that all data in indexGateway will be lost on pod restart** + inMemory: false + # -- Size of persistent or memory disk + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Annotations for index gateway PVCs + annotations: {} + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: false + whenDeleted: Retain + whenScaled: Retain + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + appProtocol: + grpc: "" + # -- UpdateStrategy for the indexGateway StatefulSet. + updateStrategy: + # -- One of 'OnDelete' or 'RollingUpdate' + type: RollingUpdate + # -- Optional for updateStrategy.type=RollingUpdate. See [Partitioned rolling updates](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions) in the StatefulSet docs for details. + # rollingUpdate: + # partition: 0 +# -- Configuration for the compactor +compactor: + # -- Number of replicas for the compactor + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + image: + # -- The Docker registry for the compactor image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the compactor image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the compactor image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + # -- The name of the PriorityClass for compactor pods + priorityClassName: null + # -- Labels for compactor pods + podLabels: {} + # -- Annotations for compactor pods + podAnnotations: {} + # -- Affinity for compactor pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: compactor + topologyKey: kubernetes.io/hostname + # -- Labels for compactor service + serviceLabels: {} + # -- Annotations for compactor service + serviceAnnotations: {} + # -- Additional CLI args for the compactor + extraArgs: [] + # -- Environment variables to add to the compactor pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the compactor pods + extraEnvFrom: [] + # -- Volume mounts to add to the compactor pods + extraVolumeMounts: [] + # -- Volumes to add to the compactor pods + extraVolumes: [] + # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` + readinessProbe: {} + # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` + livenessProbe: {} + # -- Resource requests and limits for the compactor + resources: {} + # -- Containers to add to the compactor pods + extraContainers: [] + # -- Init containers to add to the compactor pods + initContainers: [] + # -- Grace period to allow the compactor to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Node selector for compactor pods + nodeSelector: {} + # -- Tolerations for compactor pods + tolerations: [] + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + appProtocol: + grpc: "" + persistence: + # -- Enable creating PVCs for the compactor + enabled: false + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Annotations for compactor PVCs + annotations: {} + # -- List of the compactor PVCs + # @notationType -- list + claims: + - name: data + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # - name: wal + # size: 150Gi + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: false + whenDeleted: Retain + whenScaled: Retain + serviceAccount: + create: false + # -- The name of the ServiceAccount to use for the compactor. + # If not set and create is true, a name is generated by appending + # "-compactor" to the common ServiceAccount. + name: null + # -- Image pull secrets for the compactor service account + imagePullSecrets: [] + # -- Annotations for the compactor service account + annotations: {} + # -- Set this toggle to false to opt out of automounting API credentials for the service account + automountServiceAccountToken: true +# -- Configuration for the bloom-gateway +bloomGateway: + # -- Number of replicas for the bloom-gateway + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + image: + # -- The Docker registry for the bloom-gateway image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the bloom-gateway image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the bloom-gateway image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + # -- The name of the PriorityClass for bloom-gateway pods + priorityClassName: null + # -- Labels for bloom-gateway pods + podLabels: {} + # -- Annotations for bloom-gateway pods + podAnnotations: {} + # -- Affinity for bloom-gateway pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: bloom-gateway + topologyKey: kubernetes.io/hostname + # -- Labels for bloom-gateway service + serviceLabels: {} + # -- Annotations for bloom-gateway service + serviceAnnotations: {} + # -- Additional CLI args for the bloom-gateway + extraArgs: [] + # -- Environment variables to add to the bloom-gateway pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the bloom-gateway pods + extraEnvFrom: [] + # -- Volume mounts to add to the bloom-gateway pods + extraVolumeMounts: [] + # -- Volumes to add to the bloom-gateway pods + extraVolumes: [] + # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` + readinessProbe: {} + # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` + livenessProbe: {} + # -- Resource requests and limits for the bloom-gateway + resources: {} + # -- Containers to add to the bloom-gateway pods + extraContainers: [] + # -- Init containers to add to the bloom-gateway pods + initContainers: [] + # -- Grace period to allow the bloom-gateway to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Node selector for bloom-gateway pods + nodeSelector: {} + # -- Tolerations for bloom-gateway pods + tolerations: [] + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + appProtocol: + grpc: "" + persistence: + # -- Enable creating PVCs for the bloom-gateway + enabled: false + # -- Annotations for bloom-gateway PVCs + annotations: {} + # -- List of the bloom-gateway PVCs + # @notationType -- list + claims: + - name: data + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: false + whenDeleted: Retain + whenScaled: Retain + serviceAccount: + create: false + # -- The name of the ServiceAccount to use for the bloom-gateway. + # If not set and create is true, a name is generated by appending + # "-bloom-gateway" to the common ServiceAccount. + name: null + # -- Image pull secrets for the bloom-gateway service account + imagePullSecrets: [] + # -- Annotations for the bloom-gateway service account + annotations: {} + # -- Set this toggle to false to opt out of automounting API credentials for the service account + automountServiceAccountToken: true +# -- Configuration for the bloom-planner +bloomPlanner: + # -- Number of replicas for the bloom-planner + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + image: + # -- The Docker registry for the bloom-planner image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the bloom-planner image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the bloom-planner image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + # -- The name of the PriorityClass for bloom-planner pods + priorityClassName: null + # -- Labels for bloom-planner pods + podLabels: {} + # -- Annotations for bloom-planner pods + podAnnotations: {} + # -- Affinity for bloom-planner pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: bloom-planner + topologyKey: kubernetes.io/hostname + # -- Labels for bloom-planner service + serviceLabels: {} + # -- Annotations for bloom-planner service + serviceAnnotations: {} + # -- Additional CLI args for the bloom-planner + extraArgs: [] + # -- Environment variables to add to the bloom-planner pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the bloom-planner pods + extraEnvFrom: [] + # -- Volume mounts to add to the bloom-planner pods + extraVolumeMounts: [] + # -- Volumes to add to the bloom-planner pods + extraVolumes: [] + # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` + readinessProbe: {} + # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` + livenessProbe: {} + # -- Resource requests and limits for the bloom-planner + resources: {} + # -- Containers to add to the bloom-planner pods + extraContainers: [] + # -- Init containers to add to the bloom-planner pods + initContainers: [] + # -- Grace period to allow the bloom-planner to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Node selector for bloom-planner pods + nodeSelector: {} + # -- Tolerations for bloom-planner pods + tolerations: [] + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + appProtocol: + grpc: "" + persistence: + # -- Enable creating PVCs for the bloom-planner + enabled: false + # -- Annotations for bloom-planner PVCs + annotations: {} + # -- List of the bloom-planner PVCs + # @notationType -- list + claims: + - name: data + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: false + whenDeleted: Retain + whenScaled: Retain + serviceAccount: + create: false + # -- The name of the ServiceAccount to use for the bloom-planner. + # If not set and create is true, a name is generated by appending + # "-bloom-planner" to the common ServiceAccount. + name: null + # -- Image pull secrets for the bloom-planner service account + imagePullSecrets: [] + # -- Annotations for the bloom-planner service account + annotations: {} + # -- Set this toggle to false to opt out of automounting API credentials for the service account + automountServiceAccountToken: true +# -- Configuration for the bloom-builder +bloomBuilder: + # -- Number of replicas for the bloom-builder + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + autoscaling: + # -- Enable autoscaling for the bloom-builder + enabled: false + # -- Minimum autoscaling replicas for the bloom-builder + minReplicas: 1 + # -- Maximum autoscaling replicas for the bloom-builder + maxReplicas: 3 + # -- Target CPU utilisation percentage for the bloom-builder + targetCPUUtilizationPercentage: 60 + # -- Target memory utilisation percentage for the bloom-builder + targetMemoryUtilizationPercentage: null + # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) + customMetrics: [] + # - type: Pods + # pods: + # metric: + # name: loki_query_rate + # target: + # type: AverageValue + # averageValue: 100 + behavior: + # -- Enable autoscaling behaviours + enabled: false + # -- define scale down policies, must conform to HPAScalingRules + scaleDown: {} + # -- define scale up policies, must conform to HPAScalingRules + scaleUp: {} + image: + # -- The Docker registry for the bloom-builder image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the bloom-builder image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the bloom-builder image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + # -- The name of the PriorityClass for bloom-builder pods + priorityClassName: null + # -- Labels for bloom-builder pods + podLabels: {} + # -- Annotations for bloom-builder pods + podAnnotations: {} + # -- Labels for bloom-builder service + serviceLabels: {} + # -- Annotations for bloom-builder service + serviceAnnotations: {} + # -- Additional CLI args for the bloom-builder + extraArgs: [] + # -- Environment variables to add to the bloom-builder pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the bloom-builder pods + extraEnvFrom: [] + # -- Volume mounts to add to the bloom-builder pods + extraVolumeMounts: [] + # -- Volumes to add to the bloom-builder pods + extraVolumes: [] + # -- Resource requests and limits for the bloom-builder + resources: {} + # -- Containers to add to the bloom-builder pods + extraContainers: [] + # -- Grace period to allow the bloom-builder to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Affinity for bloom-builder pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: bloom-builder + topologyKey: kubernetes.io/hostname + # -- Pod Disruption Budget maxUnavailable + maxUnavailable: null + # -- Node selector for bloom-builder pods + nodeSelector: {} + # -- Tolerations for bloom-builder pods + tolerations: [] + # -- Adds the appProtocol field to the queryFrontend service. This allows bloomBuilder to work with istio protocol selection. + appProtocol: + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + grpc: "" +# -- Configuration for the pattern ingester +patternIngester: + # -- Number of replicas for the pattern ingester + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + image: + # -- The Docker registry for the pattern ingester image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the pattern ingester image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the pattern ingester image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + # -- The name of the PriorityClass for pattern ingester pods + priorityClassName: null + # -- Labels for pattern ingester pods + podLabels: {} + # -- Annotations for pattern ingester pods + podAnnotations: {} + # -- Affinity for pattern ingester pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pattern-ingester + topologyKey: kubernetes.io/hostname + # -- Labels for pattern ingester service + serviceLabels: {} + # -- Annotations for pattern ingester service + serviceAnnotations: {} + # -- Additional CLI args for the pattern ingester + extraArgs: [] + # -- Environment variables to add to the pattern ingester pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the pattern ingester pods + extraEnvFrom: [] + # -- Volume mounts to add to the pattern ingester pods + extraVolumeMounts: [] + # -- Volumes to add to the pattern ingester pods + extraVolumes: [] + # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` + readinessProbe: {} + # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` + livenessProbe: {} + # -- Resource requests and limits for the pattern ingester + resources: {} + # -- Containers to add to the pattern ingester pods + extraContainers: [] + # -- Init containers to add to the pattern ingester pods + initContainers: [] + # -- Grace period to allow the pattern ingester to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Node selector for pattern ingester pods + nodeSelector: {} + # -- Topology Spread Constraints for pattern ingester pods + topologySpreadConstraints: [] + # -- Tolerations for pattern ingester pods + tolerations: [] + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + appProtocol: + grpc: "" + persistence: + # -- Enable creating PVCs for the pattern ingester + enabled: false + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Annotations for pattern ingester PVCs + annotations: {} + # -- List of the pattern ingester PVCs + # @notationType -- list + claims: + - name: data + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # - name: wal + # size: 150Gi + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: false + whenDeleted: Retain + whenScaled: Retain + serviceAccount: + create: false + # -- The name of the ServiceAccount to use for the pattern ingester. + # If not set and create is true, a name is generated by appending + # "-pattern-ingester" to the common ServiceAccount. + name: null + # -- Image pull secrets for the pattern ingester service account + imagePullSecrets: [] + # -- Annotations for the pattern ingester service account + annotations: {} + # -- Set this toggle to false to opt out of automounting API credentials for the service account + automountServiceAccountToken: true +# -- Configuration for the ruler +ruler: + # -- The ruler component is optional and can be disabled if desired. + enabled: true + # -- Number of replicas for the ruler + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + image: + # -- The Docker registry for the ruler image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the ruler image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the ruler image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + # -- The name of the PriorityClass for ruler pods + priorityClassName: null + # -- Labels for compactor pods + podLabels: {} + # -- Annotations for ruler pods + podAnnotations: {} + # -- Labels for ruler service + serviceLabels: {} + # -- Annotations for ruler service + serviceAnnotations: {} + # -- Additional CLI args for the ruler + extraArgs: [] + # -- Environment variables to add to the ruler pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the ruler pods + extraEnvFrom: [] + # -- Volume mounts to add to the ruler pods + extraVolumeMounts: [] + # -- Volumes to add to the ruler pods + extraVolumes: [] + # -- Resource requests and limits for the ruler + resources: {} + # -- Containers to add to the ruler pods + extraContainers: [] + # -- Init containers to add to the ruler pods + initContainers: [] + # -- Grace period to allow the ruler to shutdown before it is killed + terminationGracePeriodSeconds: 300 + # -- Affinity for ruler pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: ruler + topologyKey: kubernetes.io/hostname + # -- Pod Disruption Budget maxUnavailable + maxUnavailable: null + # -- Node selector for ruler pods + nodeSelector: {} + # -- Topology Spread Constraints for ruler pods + topologySpreadConstraints: [] + # -- Tolerations for ruler pods + tolerations: [] + # -- DNSConfig for ruler pods + dnsConfig: {} + persistence: + # -- Enable creating PVCs which is required when using recording rules + enabled: false + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Annotations for ruler PVCs + annotations: {} + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + appProtocol: + grpc: "" + # -- Directories containing rules files + directories: {} + # tenant_foo: + # rules1.txt: | + # groups: + # - name: should_fire + # rules: + # - alert: HighPercentageError + # expr: | + # sum(rate({app="foo", env="production"} |= "error" [5m])) by (job) + # / + # sum(rate({app="foo", env="production"}[5m])) by (job) + # > 0.05 + # for: 10m + # labels: + # severity: warning + # annotations: + # summary: High error rate + # - name: credentials_leak + # rules: + # - alert: http-credentials-leaked + # annotations: + # message: "{{ $labels.job }} is leaking http basic auth credentials." + # expr: 'sum by (cluster, job, pod) (count_over_time({namespace="prod"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)' + # for: 10m + # labels: + # severity: critical + # rules2.txt: | + # groups: + # - name: example + # rules: + # - alert: HighThroughputLogStreams + # expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000 + # for: 2m + # tenant_bar: + # rules1.txt: | + # groups: + # - name: should_fire + # rules: + # - alert: HighPercentageError + # expr: | + # sum(rate({app="foo", env="production"} |= "error" [5m])) by (job) + # / + # sum(rate({app="foo", env="production"}[5m])) by (job) + # > 0.05 + # for: 10m + # labels: + # severity: warning + # annotations: + # summary: High error rate + # - name: credentials_leak + # rules: + # - alert: http-credentials-leaked + # annotations: + # message: "{{ $labels.job }} is leaking http basic auth credentials." + # expr: 'sum by (cluster, job, pod) (count_over_time({namespace="prod"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)' + # for: 10m + # labels: + # severity: critical + # rules2.txt: | + # groups: + # - name: example + # rules: + # - alert: HighThroughputLogStreams + # expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000 + # for: 2m + +# -- Configuration for the overrides-exporter +overridesExporter: + # -- The overrides-exporter component is optional and can be disabled if desired. + enabled: false + # -- Number of replicas for the overrides-exporter + replicas: 0 + # -- hostAliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + image: + # -- The Docker registry for the overrides-exporter image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the overrides-exporter image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the overrides-exporter image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + # -- The name of the PriorityClass for overrides-exporter pods + priorityClassName: null + # -- Labels for overrides-exporter pods + podLabels: {} + # -- Annotations for overrides-exporter pods + podAnnotations: {} + # -- Labels for overrides-exporter service + serviceLabels: {} + # -- Annotations for overrides-exporter service + serviceAnnotations: {} + # -- Additional CLI args for the overrides-exporter + extraArgs: [] + # -- Environment variables to add to the overrides-exporter pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the overrides-exporter pods + extraEnvFrom: [] + # -- Volume mounts to add to the overrides-exporter pods + extraVolumeMounts: [] + # -- Volumes to add to the overrides-exporter pods + extraVolumes: [] + # -- Resource requests and limits for the overrides-exporter + resources: {} + # -- Containers to add to the overrides-exporter pods + extraContainers: [] + # -- Init containers to add to the overrides-exporter pods + initContainers: [] + # -- Grace period to allow the overrides-exporter to shutdown before it is killed + terminationGracePeriodSeconds: 300 + # -- Affinity for overrides-exporter pods. + # @default -- Hard node anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: overrides-exporter + topologyKey: kubernetes.io/hostname + # -- Pod Disruption Budget maxUnavailable + maxUnavailable: null + # -- Node selector for overrides-exporter pods + nodeSelector: {} + # -- Topology Spread Constraints for overrides-exporter pods + topologySpreadConstraints: [] + # -- Tolerations for overrides-exporter pods + tolerations: [] + # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" + appProtocol: + grpc: "" + +memcached: + image: + # -- Memcached Docker image repository + repository: memcached + # -- Memcached Docker image tag + tag: 1.6.36-alpine + # -- Memcached Docker image pull policy + pullPolicy: IfNotPresent + # -- The SecurityContext override for memcached pods + podSecurityContext: + runAsNonRoot: true + runAsUser: 11211 + runAsGroup: 11211 + fsGroup: 11211 + # -- The name of the PriorityClass for memcached pods + priorityClassName: null + # -- The SecurityContext for memcached containers + containerSecurityContext: + readOnlyRootFilesystem: true + capabilities: + drop: [ALL] + allowPrivilegeEscalation: false +memcachedExporter: + # -- Whether memcached metrics should be exported + enabled: true + image: + repository: prom/memcached-exporter + tag: v0.15.0 + pullPolicy: IfNotPresent + resources: + requests: {} + limits: {} + # -- The SecurityContext for memcached exporter containers + containerSecurityContext: + readOnlyRootFilesystem: true + capabilities: + drop: [ALL] + allowPrivilegeEscalation: false + # -- Extra args to add to the exporter container. + # Example: + # extraArgs: + # memcached.tls.enable: true + # memcached.tls.cert-file: /certs/cert.crt + # memcached.tls.key-file: /certs/cert.key + # memcached.tls.ca-file: /certs/ca.crt + # memcached.tls.insecure-skip-verify: false + # memcached.tls.server-name: memcached + extraArgs: {} +resultsCache: + # -- Specifies whether memcached based results-cache should be enabled + enabled: true + # -- Specify how long cached results should be stored in the results-cache before being expired + defaultValidity: 12h + # -- Memcached operation timeout + timeout: 500ms + # -- Total number of results-cache replicas + replicas: 1 + # -- Port of the results-cache service + port: 11211 + # -- Amount of memory allocated to results-cache for object storage (in MB). + allocatedMemory: 1024 + # -- Maximum item results-cache for memcached (in MB). + maxItemMemory: 5 + # -- Maximum number of connections allowed + connectionLimit: 16384 + # -- Max memory to use for cache write back + writebackSizeLimit: 500MB + # -- Max number of objects to use for cache write back + writebackBuffer: 500000 + # -- Number of parallel threads for cache write back + writebackParallelism: 1 + # -- Extra init containers for results-cache pods + initContainers: [] + # -- Annotations for the results-cache pods + annotations: {} + # -- Node selector for results-cache pods + nodeSelector: {} + # -- Affinity for results-cache pods + affinity: {} + # -- topologySpreadConstraints allows to customize the default topologySpreadConstraints. This can be either a single dict as shown below or a slice of topologySpreadConstraints. + # labelSelector is taken from the constraint itself (if it exists) or is generated by the chart using the same selectors as for services. + topologySpreadConstraints: [] + # maxSkew: 1 + # topologyKey: kubernetes.io/hostname + # whenUnsatisfiable: ScheduleAnyway + # -- Tolerations for results-cache pods + tolerations: [] + # -- Pod Disruption Budget + podDisruptionBudget: + maxUnavailable: 1 + # -- The name of the PriorityClass for results-cache pods + priorityClassName: null + # -- Labels for results-cache pods + podLabels: {} + # -- Annotations for results-cache pods + podAnnotations: {} + # -- Management policy for results-cache pods + podManagementPolicy: Parallel + # -- Grace period to allow the results-cache to shutdown before it is killed + terminationGracePeriodSeconds: 60 + # -- Stateful results-cache strategy + statefulStrategy: + type: RollingUpdate + # -- Add extended options for results-cache memcached container. The format is the same as for the memcached -o/--extend flag. + # Example: + # extraExtendedOptions: 'tls,modern,track_sizes' + extraExtendedOptions: "" + # -- Additional CLI args for results-cache + extraArgs: {} + # -- Additional containers to be added to the results-cache pod. + extraContainers: [] + # -- Additional volumes to be added to the results-cache pod (applies to both memcached and exporter containers). + # Example: + # extraVolumes: + # - name: extra-volume + # secret: + # secretName: extra-volume-secret + extraVolumes: [] + # -- Additional volume mounts to be added to the results-cache pod (applies to both memcached and exporter containers). + # Example: + # extraVolumeMounts: + # - name: extra-volume + # mountPath: /etc/extra-volume + # readOnly: true + extraVolumeMounts: [] + # -- Resource requests and limits for the results-cache + # By default a safe memory limit will be requested based on allocatedMemory value (floor (* 1.2 allocatedMemory)). + resources: null + # -- Service annotations and labels + service: + annotations: {} + labels: {} + # -- Persistence settings for the results-cache + persistence: + # -- Enable creating PVCs for the results-cache + enabled: false + # -- Size of persistent disk, must be in G or Gi + storageSize: 10G + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Volume mount path + mountPath: /data +chunksCache: + # -- Specifies whether memcached based chunks-cache should be enabled + enabled: true + # -- Batchsize for sending and receiving chunks from chunks cache + batchSize: 4 + # -- Parallel threads for sending and receiving chunks from chunks cache + parallelism: 5 + # -- Memcached operation timeout + timeout: 2000ms + # -- Specify how long cached chunks should be stored in the chunks-cache before being expired + defaultValidity: 0s + # -- Total number of chunks-cache replicas + replicas: 1 + # -- Port of the chunks-cache service + port: 11211 + # -- Amount of memory allocated to chunks-cache for object storage (in MB). + allocatedMemory: 8192 + # -- Maximum item memory for chunks-cache (in MB). + maxItemMemory: 5 + # -- Maximum number of connections allowed + connectionLimit: 16384 + # -- Max memory to use for cache write back + writebackSizeLimit: 500MB + # -- Max number of objects to use for cache write back + writebackBuffer: 500000 + # -- Number of parallel threads for cache write back + writebackParallelism: 1 + # -- Extra init containers for chunks-cache pods + initContainers: [] + # -- Annotations for the chunks-cache pods + annotations: {} + # -- Node selector for chunks-cache pods + nodeSelector: {} + # -- Affinity for chunks-cache pods + affinity: {} + # -- topologySpreadConstraints allows to customize the default topologySpreadConstraints. This can be either a single dict as shown below or a slice of topologySpreadConstraints. + # labelSelector is taken from the constraint itself (if it exists) or is generated by the chart using the same selectors as for services. + topologySpreadConstraints: [] + # maxSkew: 1 + # topologyKey: kubernetes.io/hostname + # whenUnsatisfiable: ScheduleAnyway + # -- Tolerations for chunks-cache pods + tolerations: [] + # -- Pod Disruption Budget + podDisruptionBudget: + maxUnavailable: 1 + # -- The name of the PriorityClass for chunks-cache pods + priorityClassName: null + # -- Labels for chunks-cache pods + podLabels: {} + # -- Annotations for chunks-cache pods + podAnnotations: {} + # -- Management policy for chunks-cache pods + podManagementPolicy: Parallel + # -- Grace period to allow the chunks-cache to shutdown before it is killed + terminationGracePeriodSeconds: 60 + # -- Stateful chunks-cache strategy + statefulStrategy: + type: RollingUpdate + # -- Add extended options for chunks-cache memcached container. The format is the same as for the memcached -o/--extend flag. + # Example: + # extraExtendedOptions: 'tls,no_hashexpand' + extraExtendedOptions: "" + # -- Additional CLI args for chunks-cache + extraArgs: {} + # -- Additional containers to be added to the chunks-cache pod. + extraContainers: [] + # -- Additional volumes to be added to the chunks-cache pod (applies to both memcached and exporter containers). + # Example: + # extraVolumes: + # - name: extra-volume + # secret: + # secretName: extra-volume-secret + extraVolumes: [] + # -- Additional volume mounts to be added to the chunks-cache pod (applies to both memcached and exporter containers). + # Example: + # extraVolumeMounts: + # - name: extra-volume + # mountPath: /etc/extra-volume + # readOnly: true + extraVolumeMounts: [] + # -- Resource requests and limits for the chunks-cache + # By default a safe memory limit will be requested based on allocatedMemory value (floor (* 1.2 allocatedMemory)). + resources: null + # -- Service annotations and labels + service: + annotations: {} + labels: {} + # -- Persistence settings for the chunks-cache + persistence: + # -- Enable creating PVCs for the chunks-cache + enabled: false + # -- Size of persistent disk, must be in G or Gi + storageSize: 10G + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Volume mount path + mountPath: /data +###################################################################################################################### +# +# Subchart configurations +# +###################################################################################################################### +# -- Setting for the Grafana Rollout Operator https://github.com/grafana/helm-charts/tree/main/charts/rollout-operator +rollout_operator: + enabled: false + # -- podSecurityContext is the pod security context for the rollout operator. + # When installing on OpenShift, override podSecurityContext settings with + # + # rollout_operator: + # podSecurityContext: + # fsGroup: null + # runAsGroup: null + # runAsUser: null + podSecurityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + seccompProfile: + type: RuntimeDefault + # Set the container security context + securityContext: + readOnlyRootFilesystem: true + capabilities: + drop: [ALL] + allowPrivilegeEscalation: false +# -- Configuration for the minio subchart +minio: + enabled: false + replicas: 1 + # Minio requires 2 to 16 drives for erasure code (drivesPerNode * replicas) + # https://docs.min.io/docs/minio-erasure-code-quickstart-guide + # Since we only have 1 replica, that means 2 drives must be used. + drivesPerNode: 2 + # root user; not used for GEL authentication + rootUser: root-user + rootPassword: supersecretpassword + # The first user in the list below is used for Loki/GEL authentication. + # You can add additional users if desired; they will not impact Loki/GEL. + # `accessKey` = username, `secretKey` = password + users: + - accessKey: logs-user + secretKey: supersecretpassword + policy: readwrite + buckets: + - name: chunks + policy: none + purge: false + - name: ruler + policy: none + purge: false + - name: admin + policy: none + purge: false + persistence: + size: 5Gi + annotations: {} + resources: + requests: + cpu: 100m + memory: 128Mi + # Allow the address used by Loki to refer to Minio to be overridden + address: null +# Create extra manifests via values. Would be passed through `tpl` for templating +# objects can also be provided as multiline strings, useful for templating field names +extraObjects: [] +# - apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: loki-alerting-rules +# data: +# loki-alerting-rules.yaml: |- +# groups: +# - name: example +# rules: +# - alert: example +# expr: | +# sum(count_over_time({app="loki"} |~ "error")) > 0 +# for: 3m +# labels: +# severity: warning +# category: logs +# annotations: +# message: "loki has encountered errors" +# - | +# apiVersion: v1 +# kind: Secret +# type: Opaque +# metadata: +# name: loki-distributed-basic-auth +# data: +# {{- range .Values.loki.tenants }} +# {{ .name }}: {{ b64enc .password | quote }} +# {{- end }} + +sidecar: + image: + # -- The Docker registry and image for the k8s sidecar + repository: kiwigrid/k8s-sidecar + # -- Docker image tag + tag: 1.30.0 + # -- Docker image sha. If empty, no sha will be used + sha: "" + # -- Docker image pull policy + pullPolicy: IfNotPresent + # -- Resource requests and limits for the sidecar + resources: {} + # limits: + # cpu: 100m + # memory: 100Mi + # requests: + # cpu: 50m + # memory: 50Mi + # -- The SecurityContext for the sidecar. + securityContext: + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + # -- Set to true to skip tls verification for kube api calls. + skipTlsVerify: false + # -- Ensure that rule files aren't conflicting and being overwritten by prefixing their name with the namespace they are defined in. + enableUniqueFilenames: false + # -- Readiness probe definition. Probe is disabled on the sidecar by default. + readinessProbe: {} + # -- Liveness probe definition. Probe is disabled on the sidecar by default. + livenessProbe: {} + rules: + # -- Whether or not to create a sidecar to ingest rule from specific ConfigMaps and/or Secrets. + enabled: true + # -- Label that the configmaps/secrets with rules will be marked with. + label: loki_rule + # -- Label value that the configmaps/secrets with rules will be set to. + labelValue: "" + # -- Folder into which the rules will be placed. + folder: /rules + # -- Comma separated list of namespaces. If specified, the sidecar will search for config-maps/secrets inside these namespaces. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify 'ALL' to search in all namespaces. + searchNamespace: null + # -- Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH request, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # -- Search in configmap, secret, or both. + resource: both + # -- Absolute path to the shell script to execute after a configmap or secret has been reloaded. + script: null + # -- WatchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S. + watchServerTimeout: 60 + # + # -- WatchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # Defaults to 66sec. + watchClientTimeout: 60 + # -- Log level of the sidecar container. + logLevel: INFO +############################################## WARNING +# +# DEPRECATED VALUES +# +# The following values are deprecated and will be removed in a future version of the helm chart! +# +############################################## WARNING ############################################################## + +# -- DEPRECATED Monitoring section determines which monitoring features to enable, this section is being replaced +# by https://github.com/grafana/meta-monitoring-chart +monitoring: + # Dashboards for monitoring Loki + dashboards: + # -- If enabled, create configmap with dashboards for monitoring Loki + enabled: false + # -- Alternative namespace to create dashboards ConfigMap in + namespace: null + # -- Additional annotations for the dashboards ConfigMap + annotations: {} + # -- Labels for the dashboards ConfigMap + labels: + grafana_dashboard: "1" + # -- DEPRECATED Recording rules for monitoring Loki, required for some dashboards + rules: + # -- If enabled, create PrometheusRule resource with Loki recording rules + enabled: false + # -- Include alerting rules + alerting: true + # -- Specify which individual alerts should be disabled + # -- Instead of turning off each alert one by one, set the .monitoring.rules.alerting value to false instead. + # -- If you disable all the alerts and keep .monitoring.rules.alerting set to true, the chart will fail to render. + disabled: {} + # LokiRequestErrors: true + # LokiRequestPanics: true + # -- Alternative namespace to create PrometheusRule resources in + namespace: null + # -- Additional annotations for the rules PrometheusRule resource + annotations: {} + # -- Additional labels for the rules PrometheusRule resource + labels: {} + # -- Additional labels for PrometheusRule alerts + additionalRuleLabels: {} + # -- Additional groups to add to the rules file + additionalGroups: [] + # - name: additional-loki-rules + # rules: + # - record: job:loki_request_duration_seconds_bucket:sum_rate + # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job) + # - record: job_route:loki_request_duration_seconds_bucket:sum_rate + # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route) + # - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate + # expr: sum(rate(container_cpu_usage_seconds_total[1m])) by (node, namespace, pod, container) + # -- DEPRECATED ServiceMonitor configuration + serviceMonitor: + # -- If enabled, ServiceMonitor resources for Prometheus Operator are created + enabled: false + # -- Namespace selector for ServiceMonitor resources + namespaceSelector: {} + # -- ServiceMonitor annotations + annotations: {} + # -- Additional ServiceMonitor labels + labels: {} + # -- ServiceMonitor scrape interval + # Default is 15s because included recording rules use a 1m rate, and scrape interval needs to be at + # least 1/4 rate interval. + interval: 15s + # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s) + scrapeTimeout: null + # -- ServiceMonitor relabel configs to apply to samples before scraping + # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + relabelings: [] + # -- ServiceMonitor metric relabel configs to apply to samples before ingestion + # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint + metricRelabelings: [] + # -- ServiceMonitor will use http by default, but you can pick https as well + scheme: http + # -- ServiceMonitor will use these tlsConfig settings to make the health check requests + tlsConfig: null + # -- If defined, will create a MetricsInstance for the Grafana Agent Operator. + metricsInstance: + # -- If enabled, MetricsInstance resources for Grafana Agent Operator are created + enabled: true + # -- MetricsInstance annotations + annotations: {} + # -- Additional MetricsInstance labels + labels: {} + # -- If defined a MetricsInstance will be created to remote write metrics. + remoteWrite: null + # -- DEPRECATED Self monitoring determines whether Loki should scrape its own logs. + # This feature currently relies on the Grafana Agent Operator being installed, + # which is installed by default using the grafana-agent-operator sub-chart. + # It will create custom resources for GrafanaAgent, LogsInstance, and PodLogs to configure + # scrape configs to scrape its own logs with the labels expected by the included dashboards. + selfMonitoring: + enabled: false + # -- Tenant to use for self monitoring + tenant: + # -- Name of the tenant + name: "self-monitoring" + # -- Password of the gateway for Basic auth + password: null + # -- Namespace to create additional tenant token secret in. Useful if your Grafana instance + # is in a separate namespace. Token will still be created in the canary namespace. + secretNamespace: "{{ .Release.Namespace }}" + # -- DEPRECATED Grafana Agent configuration + grafanaAgent: + # -- DEPRECATED Controls whether to install the Grafana Agent Operator and its CRDs. + # Note that helm will not install CRDs if this flag is enabled during an upgrade. + # In that case install the CRDs manually from https://github.com/grafana/agent/tree/main/production/operator/crds + installOperator: false + # -- Grafana Agent annotations + annotations: {} + # -- Additional Grafana Agent labels + labels: {} + # -- Enable the config read api on port 8080 of the agent + enableConfigReadAPI: false + # -- The name of the PriorityClass for GrafanaAgent pods + priorityClassName: null + # -- Resource requests and limits for the grafanaAgent pods + resources: {} + # limits: + # memory: 200Mi + # requests: + # cpu: 50m + # memory: 100Mi + # -- Tolerations for GrafanaAgent pods + tolerations: [] + # PodLogs configuration + podLogs: + # -- PodLogs version + apiVersion: monitoring.grafana.com/v1alpha1 + # -- PodLogs annotations + annotations: {} + # -- Additional PodLogs labels + labels: {} + # -- PodLogs relabel configs to apply to samples before scraping + # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + relabelings: [] + # -- Additional pipeline stages to process logs after scraping + # https://grafana.com/docs/agent/latest/operator/api/#pipelinestagespec-a-namemonitoringgrafanacomv1alpha1pipelinestagespeca + additionalPipelineStages: [] + # LogsInstance configuration + logsInstance: + # -- LogsInstance annotations + annotations: {} + # -- Additional LogsInstance labels + labels: {} + # -- Additional clients for remote write + clients: null +# -- DEPRECATED Configuration for the table-manager. The table-manager is only necessary when using a deprecated +# index type such as Cassandra, Bigtable, or DynamoDB, it has not been necessary since loki introduced self- +# contained index types like 'boltdb-shipper' and 'tsdb'. This will be removed in a future helm chart. +tableManager: + # -- Specifies whether the table-manager should be enabled + enabled: false + image: + # -- The Docker registry for the table-manager image. Overrides `loki.image.registry` + registry: null + # -- Docker image repository for the table-manager image. Overrides `loki.image.repository` + repository: null + # -- Docker image tag for the table-manager image. Overrides `loki.image.tag` + tag: null + # -- Command to execute instead of defined in Docker image + command: null + # -- The name of the PriorityClass for table-manager pods + priorityClassName: null + # -- Labels for table-manager pods + podLabels: {} + # -- Annotations for table-manager deployment + annotations: {} + # -- Annotations for table-manager pods + podAnnotations: {} + service: + # -- Annotations for table-manager Service + annotations: {} + # -- Additional labels for table-manager Service + labels: {} + # -- Additional CLI args for the table-manager + extraArgs: [] + # -- Environment variables to add to the table-manager pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the table-manager pods + extraEnvFrom: [] + # -- Volume mounts to add to the table-manager pods + extraVolumeMounts: [] + # -- Volumes to add to the table-manager pods + extraVolumes: [] + # -- Resource requests and limits for the table-manager + resources: {} + # -- Containers to add to the table-manager pods + extraContainers: [] + # -- Grace period to allow the table-manager to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Affinity for table-manager pods. + # @default -- Hard node and anti-affinity + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: table-manager + topologyKey: kubernetes.io/hostname + # -- DNS config table-manager pods + dnsConfig: {} + # -- Node selector for table-manager pods + nodeSelector: {} + # -- Tolerations for table-manager pods + tolerations: [] + # -- Enable deletes by retention + retention_deletes_enabled: false + # -- Set retention period + retention_period: 0 diff --git a/main.tf b/main.tf index 368566e..315e83e 100644 --- a/main.tf +++ b/main.tf @@ -52,128 +52,135 @@ resource "helm_release" "loki" { wait = true values = [ - file("${path.module}/values/loki.yaml") + templatefile("${path.module}/values/loki.yml.tpl", { + # Image references + global_image_registry = module.images.images[local.loki_key].dest_registry + loki_image_registry = module.images.images[local.loki_key].dest_registry + loki_image_repository = module.images.images[local.loki_key].dest_repository + loki_image_tag = module.images.images[local.loki_key].tag + provisioner_image_repository = split(":", module.images.images[local.provisioner_key].dest_full_path)[0] + provisioner_image_tag = module.images.images[local.provisioner_key].tag + gateway_image_repository = module.images.images[local.gateway_key].dest_repository + gateway_image_tag = module.images.images[local.gateway_key].tag + canary_image_repository = module.images.images[local.canary_key].dest_repository + canary_image_tag = module.images.images[local.canary_key].tag + sidecar_image_repository = split(":", module.images.images[local.sidecar_key].dest_full_path)[0] + sidecar_image_tag = module.images.images[local.sidecar_key].tag + memcached_image_repository = split(":", module.images.images[local.memcached_key].dest_full_path)[0] + memcached_image_tag = module.images.images[local.memcached_key].tag + exporter_image_repository = split(":", module.images.images[local.exporter_key].dest_full_path)[0] + exporter_image_tag = module.images.images[local.exporter_key].tag + # Storage configuration + s3_bucket_name = module.loki_s3.s3_requested_bucket_name + region = var.region + # Storage classes + rwo_storage_class = var.rwo_storage_class + # IAM role + iam_role_arn = module.loki_irsa_role.iam_role_arn + }) ] +} - # Dynamic values that depend on Terraform variables or computed values - set { - name = "global.image.registry" - value = module.images.images[local.loki_key].dest_registry - } - - set { - name = "loki.image.repository" - value = module.images.images[local.loki_key].dest_repository - } - set { - name = "loki.image.tag" - value = module.images.images[local.loki_key].tag - } - - set { - name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" - value = module.loki_irsa_role.iam_role_arn - } - - # Storage-related dynamic configurations - set { - name = "loki.storage.bucketNames.chunks" - value = module.loki_s3.s3_requested_bucket_name - } - set { - name = "loki.storage.bucketNames.ruler" - value = module.loki_s3.s3_requested_bucket_name - } - set { - name = "loki.storage.bucketNames.admin" - value = module.loki_s3.s3_requested_bucket_name - } - set { - name = "loki.storage.type" - value = "s3" - } - set { - name = "loki.storage.s3.s3" - value = format("s3://%v", var.region) - } - set { - name = "loki.storage.s3.region" - value = var.region - } - set { - name = "loki.storage_config.aws.s3" - value = format("s3://%v/%v", - var.region, - module.loki_s3.s3_requested_bucket_name - ) - } - - # Storage class configurations - set { - name = "write.persistence.storageClass" - value = var.rwo_storage_class - } - set { - name = "backend.persistence.storageClass" - value = var.rwo_storage_class - } - set { - name = "read.persistence.storageClass" - value = var.rwo_storage_class - } - - # Image configurations for additional components - set { - name = "loki.provisioner.image.repository" - value = split(":", module.images.images[local.provisioner_key].dest_full_path)[0] - } - set { - name = "loki.provisioner.image.tag" - value = module.images.images[local.provisioner_key].tag - } - - set { - name = "gateway.image.repository" - value = module.images.images[local.gateway_key].dest_repository - } - set { - name = "gateway.image.tag" - value = module.images.images[local.gateway_key].tag - } - - set { - name = "lokiCanary.image.repository" - value = module.images.images[local.canary_key].dest_repository - } - set { - name = "lokiCanary.image.tag" - value = module.images.images[local.canary_key].tag - } - - set { - name = "sidecar.image.repository" - value = split(":", module.images.images[local.sidecar_key].dest_full_path)[0] - } - set { - name = "sidecar.image.tag" - value = module.images.images[local.sidecar_key].tag - } - set { - name = "memcached.image.repository" - value = split(":", module.images.images[local.memcached_key].dest_full_path)[0] - } - set { - name = "memcached.image.tag" - value = module.images.images[local.memcached_key].tag - } - - set { - name = "memcachedExporter.image.repository" - value = split(":", module.images.images[local.exporter_key].dest_full_path)[0] - } - set { - name = "memcachedExporter.image.tag" - value = module.images.images[local.exporter_key].tag - } -} +# # Storage-related dynamic configurations +# set { +# name = "loki.storage.bucketNames.chunks" +# value = module.loki_s3.s3_requested_bucket_name +# } +# set { +# name = "loki.storage.bucketNames.ruler" +# value = module.loki_s3.s3_requested_bucket_name +# } +# set { +# name = "loki.storage.bucketNames.admin" +# value = module.loki_s3.s3_requested_bucket_name +# } +# set { +# name = "loki.storage.type" +# value = "s3" +# } +# set { +# name = "loki.storage.s3.s3" +# value = format("s3://%v", var.region) +# } +# set { +# name = "loki.storage.s3.region" +# value = var.region +# } +# set { +# name = "loki.storage_config.aws.s3" +# value = format("s3://%v/%v", +# var.region, +# module.loki_s3.s3_requested_bucket_name +# ) +# } + +# # Storage class configurations +# set { +# name = "write.persistence.storageClass" +# value = var.rwo_storage_class +# } +# set { +# name = "backend.persistence.storageClass" +# value = var.rwo_storage_class +# } +# set { +# name = "read.persistence.storageClass" +# value = var.rwo_storage_class +# } + +# # Image configurations for additional components +# set { +# name = "loki.provisioner.image.repository" +# value = split(":", module.images.images[local.provisioner_key].dest_full_path)[0] +# } +# set { +# name = "loki.provisioner.image.tag" +# value = module.images.images[local.provisioner_key].tag +# } + +# set { +# name = "gateway.image.repository" +# value = module.images.images[local.gateway_key].dest_repository +# } +# set { +# name = "gateway.image.tag" +# value = module.images.images[local.gateway_key].tag +# } + +# set { +# name = "lokiCanary.image.repository" +# value = module.images.images[local.canary_key].dest_repository +# } +# set { +# name = "lokiCanary.image.tag" +# value = module.images.images[local.canary_key].tag +# } + +# set { +# name = "sidecar.image.repository" +# value = split(":", module.images.images[local.sidecar_key].dest_full_path)[0] +# } +# set { +# name = "sidecar.image.tag" +# value = module.images.images[local.sidecar_key].tag +# } + +# set { +# name = "memcached.image.repository" +# value = split(":", module.images.images[local.memcached_key].dest_full_path)[0] +# } +# set { +# name = "memcached.image.tag" +# value = module.images.images[local.memcached_key].tag +# } + +# set { +# name = "memcachedExporter.image.repository" +# value = split(":", module.images.images[local.exporter_key].dest_full_path)[0] +# } +# set { +# name = "memcachedExporter.image.tag" +# value = module.images.images[local.exporter_key].tag +# } +# } diff --git a/values/loki.yaml b/values/loki.yaml deleted file mode 100644 index 7a4ec00..0000000 --- a/values/loki.yaml +++ /dev/null @@ -1,126 +0,0 @@ ---- -loki: - auth_enabled: false - analytics: - reporting_enabled: true - - schemaConfig: - configs: - - from: 2024-04-01 - index: - period: 24h - prefix: loki_sb_index_ - object_store: s3 - schema: v13 - store: tsdb - - limits_config: - ingestion_rate_strategy: local - max_global_streams_per_user: 5000 - max_query_parallelism: 32 - max_streams_per_user: 10000 - -write: - persistence: - enabled: true - autoscaling: - enabled: true - minReplicas: 1 - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 200m - memory: 256Mi - extraVolumesMounts: - - name: data - mountPath: /loki - extraVolumes: - - name: loki - -read: - persistence: - enabled: true - autoscaling: - enabled: true - minReplicas: 1 - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 200m - memory: 256Mi -backend: - autoscaling: - enabled: true - minReplicas: 1 - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 200m - memory: 256Mi - -gateway: - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 100m - memory: 128Mi - -compactor: - working_directory: /loki/compactor - shared_store: s3 - compaction_interval: 10m - retention_enabled: true - retention_delete_delay: 2h - retention_delete_worker_count: 150 - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 200m - memory: 256Mi - -sidecar: - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 200m - memory: 256Mi - -ruler: - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 200m - memory: 256Mi - -monitoring: - dashboards: - enabled: false - rules: - enabled: false - serviceMonitor: - enabled: false - selfMonitoring: - enabled: false - lokiCanary: - enabled: false - -memberlist: - service: - publishNotReadyAddresses: false - -test: - enabled: false diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl new file mode 100644 index 0000000..7bedb9f --- /dev/null +++ b/values/loki.yml.tpl @@ -0,0 +1,206 @@ +--- +deploymentMode: SimpleScalable + +# Global settings +global: + image: + registry: ${loki_image_registry} + +# Main Loki configuration +loki: + image: + repository: ${loki_image_repository} + tag: ${loki_image_tag} + auth_enabled: false + analytics: + reporting_enabled: true + use_thanos_objstore: true + # Storage configuration + storage: + type: s3 + bucketNames: + chunks: ${s3_bucket_name} + ruler: ${s3_bucket_name} + admin: ${s3_bucket_name} + s3: + s3: s3://${region} + region: ${region} + storage_config: + aws: + s3: s3://${region}/${s3_bucket_name} + + # Provisioner settings + provisioner: + image: + repository: ${provisioner_image_repository} + tag: ${provisioner_image_tag} + + schemaConfig: + configs: + - from: 2024-04-01 + index: + period: 24h + prefix: index_ + object_store: s3 + schema: v13 + store: tsdb + +backend: + persistence: + enabled: true + storageClass: ${rwo_storage_class} + replicas: 1 + autoscaling: + enabled: true + minReplicas: 1 + targetCPUUtilizationPercentage: 80 + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 200m + memory: 256Mi + +compactor: + working_directory: /loki/compactor + shared_store: s3 + compaction_interval: 10m + retention_enabled: true + retention_delete_delay: 2h + retention_delete_worker_count: 150 + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 200m + memory: 256Mi + +gateway: + image: + repository: ${gateway_image_repository} + tag: ${gateway_image_tag} + autoscaling: + enabled: true + targetCPUUtilizationPercentage: 80 + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 100m + memory: 128Mi + +lokiCanary: + enabled: false + image: + repository: ${canary_image_repository} + tag: ${canary_image_tag} + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 100m + memory: 128Mi + +memcached: + chunk_cache: + enabled: true + results_cache: + enabled: true + image: + repository: ${memcached_image_repository} + tag: ${memcached_image_tag} + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 200m + memory: 256Mi + +memcachedExporter: + image: + repository: ${exporter_image_repository} + tag: ${exporter_image_tag} + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 200m + memory: 256Mi + +read: + persistence: + enabled: true + storageClass: ${rwo_storage_class} + replicas: 1 + autoscaling: + enabled: true + minReplicas: 1 + targetCPUUtilizationPercentage: 80 + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 200m + memory: 256Mi + +ruler: + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 200m + memory: 256Mi + +sidecar: + image: + repository: ${sidecar_image_repository} + tag: ${sidecar_image_tag} + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 200m + memory: 256Mi + + +memberlist: + service: + publishNotReadyAddresses: false + +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: ${iam_role_arn} + +test: + enabled: false + +write: + persistence: + enabled: true + storageClass: ${rwo_storage_class} + replicas: 1 + autoscaling: + enabled: true + minReplicas: 1 + targetCPUUtilizationPercentage: 80 + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 200m + memory: 256Mi + extraVolumesMounts: + - name: data + mountPath: /loki + extraVolumes: + - name: loki From fecabc9ee45c17cf751a7b00058a04978a2039aa Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 14:47:44 -0500 Subject: [PATCH 05/35] cleanup --- README.md | 3 +- main.tf | 121 +-------------------------------------------------- s3.tf | 2 +- variables.tf | 5 --- 4 files changed, 4 insertions(+), 127 deletions(-) diff --git a/README.md b/README.md index 58e2c92..9b1b99e 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ to loki. | Name | Source | Version | |------|--------|---------| | [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | -| [loki\_irsa\_role](#module\_loki\_irsa\_role) | git@github.e.it.census.gov:SCT-Engineering/tfmod-custom-iam-role-for-service-account-eks.git | n/a | +| [loki\_irsa\_role](#module\_loki\_irsa\_role) | git@github.e.it.census.gov:SCT-Engineering/tfmod-custom-iam-role-for-service-account-eks.git// | main | | [loki\_s3](#module\_loki\_s3) | git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard | tf-upgrade | ## Resources @@ -62,7 +62,6 @@ to loki. | [region](#input\_region) | The region holding these resources (for the s3 bucket.) | `string` | n/a | yes | | [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | | [sidecar\_tag](#input\_sidecar\_tag) | The version of kiwigrid/k8s-sidecar to use for the gateway. | `string` | `"1.27.4"` | no | -| [tag\_costallocation](#input\_tag\_costallocation) | Tag CostAllocation (default) | `string` | `"csvd:infrastructure"` | no | | [tags](#input\_tags) | Additional tags to add to resources created in AWS (s3 bucket, ...) | `map(string)` | `{}` | no | ## Outputs diff --git a/main.tf b/main.tf index 315e83e..228df46 100644 --- a/main.tf +++ b/main.tf @@ -4,22 +4,9 @@ locals { gateway_internal_url = format("http://%v:%v", local.gateway_internal_hostname, local.gateway_internal_port_number) } -locals { - tags = merge({ - "boc:eks-cluster-name" = var.cluster_name - "boc:tf_module_name" = local.module_name - "boc:tf_module_version" = local.module_version - "boc:created_by" = "terraform" - CostAllocation = var.tag_costallocation - }, var.tags) - -} - module "loki_irsa_role" { - # source = "git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/?ref=1.0.0" - # tflint-ignore: terraform_module_version # tflint-ignore: terraform_module_pinned_source - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-custom-iam-role-for-service-account-eks.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-custom-iam-role-for-service-account-eks.git//?ref=main" role_name = "r-${var.cluster_name}-loki" @@ -40,7 +27,7 @@ module "loki_irsa_role" { namespace_service_accounts = ["${var.namespace}:loki"] } } - tags = local.tags + tags = var.tags } resource "helm_release" "loki" { @@ -80,107 +67,3 @@ resource "helm_release" "loki" { }) ] } - - -# # Storage-related dynamic configurations -# set { -# name = "loki.storage.bucketNames.chunks" -# value = module.loki_s3.s3_requested_bucket_name -# } -# set { -# name = "loki.storage.bucketNames.ruler" -# value = module.loki_s3.s3_requested_bucket_name -# } -# set { -# name = "loki.storage.bucketNames.admin" -# value = module.loki_s3.s3_requested_bucket_name -# } -# set { -# name = "loki.storage.type" -# value = "s3" -# } -# set { -# name = "loki.storage.s3.s3" -# value = format("s3://%v", var.region) -# } -# set { -# name = "loki.storage.s3.region" -# value = var.region -# } -# set { -# name = "loki.storage_config.aws.s3" -# value = format("s3://%v/%v", -# var.region, -# module.loki_s3.s3_requested_bucket_name -# ) -# } - -# # Storage class configurations -# set { -# name = "write.persistence.storageClass" -# value = var.rwo_storage_class -# } -# set { -# name = "backend.persistence.storageClass" -# value = var.rwo_storage_class -# } -# set { -# name = "read.persistence.storageClass" -# value = var.rwo_storage_class -# } - -# # Image configurations for additional components -# set { -# name = "loki.provisioner.image.repository" -# value = split(":", module.images.images[local.provisioner_key].dest_full_path)[0] -# } -# set { -# name = "loki.provisioner.image.tag" -# value = module.images.images[local.provisioner_key].tag -# } - -# set { -# name = "gateway.image.repository" -# value = module.images.images[local.gateway_key].dest_repository -# } -# set { -# name = "gateway.image.tag" -# value = module.images.images[local.gateway_key].tag -# } - -# set { -# name = "lokiCanary.image.repository" -# value = module.images.images[local.canary_key].dest_repository -# } -# set { -# name = "lokiCanary.image.tag" -# value = module.images.images[local.canary_key].tag -# } - -# set { -# name = "sidecar.image.repository" -# value = split(":", module.images.images[local.sidecar_key].dest_full_path)[0] -# } -# set { -# name = "sidecar.image.tag" -# value = module.images.images[local.sidecar_key].tag -# } - -# set { -# name = "memcached.image.repository" -# value = split(":", module.images.images[local.memcached_key].dest_full_path)[0] -# } -# set { -# name = "memcached.image.tag" -# value = module.images.images[local.memcached_key].tag -# } - -# set { -# name = "memcachedExporter.image.repository" -# value = split(":", module.images.images[local.exporter_key].dest_full_path)[0] -# } -# set { -# name = "memcachedExporter.image.tag" -# value = module.images.images[local.exporter_key].tag -# } -# } diff --git a/s3.tf b/s3.tf index cac37c6..dd5a704 100644 --- a/s3.tf +++ b/s3.tf @@ -15,5 +15,5 @@ module "loki_s3" { bucket_name = format("%v-loki", var.cluster_name) access_log_bucket = data.aws_s3_bucket.s3_server_access_logs.id - tags = local.tags + tags = var.tags } diff --git a/variables.tf b/variables.tf index 650fac4..9a1a10f 100644 --- a/variables.tf +++ b/variables.tf @@ -1,8 +1,3 @@ -variable "tag_costallocation" { - description = "Tag CostAllocation (default)" - type = string - default = "csvd:infrastructure" -} variable "tags" { description = "Additional tags to add to resources created in AWS (s3 bucket, ...)" From a5e645abcfbadf8c0b9d30c09d394a89f047d9ab Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 15:52:32 -0500 Subject: [PATCH 06/35] kill the canary --- copy_images.tf | 1 - main.tf | 2 -- values/loki.yml.tpl | 14 -------------- 3 files changed, 17 deletions(-) diff --git a/copy_images.tf b/copy_images.tf index 887672c..7e8b0e4 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -1,6 +1,5 @@ locals { loki_key = format("%v#%v", "grafana/loki", var.loki_tag) - canary_key = format("%v#%v", "grafana/loki-canary", var.canary_tag) provisioner_key = format("%v#%v", "grafana/enterprise-logs-provisioner", var.enterprise_logs_provisioner_tag) gateway_key = format("%v#%v", "grafana/nginx-unprivileged", var.gateway_tag) sidecar_key = format("%v#%v", "kiwigrid/k8s-sidecar", var.sidecar_tag) diff --git a/main.tf b/main.tf index 228df46..a1af8f2 100644 --- a/main.tf +++ b/main.tf @@ -49,8 +49,6 @@ resource "helm_release" "loki" { provisioner_image_tag = module.images.images[local.provisioner_key].tag gateway_image_repository = module.images.images[local.gateway_key].dest_repository gateway_image_tag = module.images.images[local.gateway_key].tag - canary_image_repository = module.images.images[local.canary_key].dest_repository - canary_image_tag = module.images.images[local.canary_key].tag sidecar_image_repository = split(":", module.images.images[local.sidecar_key].dest_full_path)[0] sidecar_image_tag = module.images.images[local.sidecar_key].tag memcached_image_repository = split(":", module.images.images[local.memcached_key].dest_full_path)[0] diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 7bedb9f..f4b854d 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -94,16 +94,6 @@ gateway: lokiCanary: enabled: false - image: - repository: ${canary_image_repository} - tag: ${canary_image_tag} - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 100m - memory: 128Mi memcached: chunk_cache: @@ -172,10 +162,6 @@ sidecar: memory: 256Mi -memberlist: - service: - publishNotReadyAddresses: false - serviceAccount: annotations: eks.amazonaws.com/role-arn: ${iam_role_arn} From 46c2792778668c0773474565937b2a9cbbdd8ccf Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 15:53:40 -0500 Subject: [PATCH 07/35] remove canary --- README.md | 1 - copy_images.tf | 9 --------- variables.tf | 6 ------ 3 files changed, 16 deletions(-) diff --git a/README.md b/README.md index 9b1b99e..efb515c 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,6 @@ to loki. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [canary\_tag](#input\_canary\_tag) | The tag of the grafana/loki-canary image to use. | `string` | `"3.0.0"` | no | | [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes | | [enterprise\_logs\_provisioner\_tag](#input\_enterprise\_logs\_provisioner\_tag) | The version of the grafana/enterprise-logs-provisioner image to use. | `string` | `"v1.7.0"` | no | | [exporter\_tag](#input\_exporter\_tag) | The version of prom/memcached-exporter to use for the gateway. | `string` | `"v0.14.4"` | no | diff --git a/copy_images.tf b/copy_images.tf index 7e8b0e4..65c3dfe 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -16,15 +16,6 @@ locals { source_tag = var.loki_tag tag = var.loki_tag }, - { - enabled = true - dest_path = null - name = "grafana/loki-canary" - source_image = "grafana/loki-canary" - source_registry = "docker.io" - source_tag = var.canary_tag - tag = var.canary_tag - }, { enabled = true dest_path = null diff --git a/variables.tf b/variables.tf index 9a1a10f..35009fe 100644 --- a/variables.tf +++ b/variables.tf @@ -53,12 +53,6 @@ variable "loki_tag" { default = "3.1.1" } -variable "canary_tag" { - description = "The tag of the grafana/loki-canary image to use." - type = string - default = "3.0.0" -} - variable "enterprise_logs_provisioner_tag" { description = "The version of the grafana/enterprise-logs-provisioner image to use." type = string From 54f31cff1fd4187025e865cdf10390dd04688e8e Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 18:04:47 -0500 Subject: [PATCH 08/35] unified config --- README.md | 2 - copy_images.tf | 20 ------- main.tf | 4 -- values/loki.yml.tpl | 132 +++++++++++++++++++++----------------------- variables.tf | 12 ---- 5 files changed, 64 insertions(+), 106 deletions(-) diff --git a/README.md b/README.md index efb515c..5b7ff48 100644 --- a/README.md +++ b/README.md @@ -50,11 +50,9 @@ to loki. |------|-------------|------|---------|:--------:| | [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes | | [enterprise\_logs\_provisioner\_tag](#input\_enterprise\_logs\_provisioner\_tag) | The version of the grafana/enterprise-logs-provisioner image to use. | `string` | `"v1.7.0"` | no | -| [exporter\_tag](#input\_exporter\_tag) | The version of prom/memcached-exporter to use for the gateway. | `string` | `"v0.14.4"` | no | | [gateway\_tag](#input\_gateway\_tag) | The version of nginxinc/nginx-unprivileged to use for the gateway. | `string` | `"1.25.2-alpine"` | no | | [loki\_chart\_version](#input\_loki\_chart\_version) | Which version of the grafana/loki helm chart to use. | `string` | `"6.10.2"` | no | | [loki\_tag](#input\_loki\_tag) | The tag of the loki image to use. | `string` | `"3.1.1"` | no | -| [memcached\_tag](#input\_memcached\_tag) | The version of memcached to use for the gateway. | `string` | `"1.6.23-alpine"` | no | | [namespace](#input\_namespace) | The namespace into which grafana will be deployed | `string` | `"loki"` | no | | [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN in the EKS cluster for the OpenID Connect identity provider. | `string` | n/a | yes | | [profile](#input\_profile) | AWS config profile used to upload images into ECR | `string` | `""` | no | diff --git a/copy_images.tf b/copy_images.tf index 65c3dfe..b3e1517 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -3,8 +3,6 @@ locals { provisioner_key = format("%v#%v", "grafana/enterprise-logs-provisioner", var.enterprise_logs_provisioner_tag) gateway_key = format("%v#%v", "grafana/nginx-unprivileged", var.gateway_tag) sidecar_key = format("%v#%v", "kiwigrid/k8s-sidecar", var.sidecar_tag) - memcached_key = format("%v#%v", "memcached", var.memcached_tag) - exporter_key = format("%v#%v", "prom/memcached-exporter", var.exporter_tag) image_config = [ { @@ -16,24 +14,6 @@ locals { source_tag = var.loki_tag tag = var.loki_tag }, - { - enabled = true - dest_path = null - name = "memcached" - source_image = "bitnami/memcached" - source_registry = "public.ecr.aws" - source_tag = var.memcached_tag - tag = var.memcached_tag - }, - { - enabled = true - dest_path = null - name = "prom/memcached-exporter" - source_image = "prom/memcached-exporter" - source_registry = "docker.io" - source_tag = var.exporter_tag - tag = var.exporter_tag - }, { enabled = true dest_path = null diff --git a/main.tf b/main.tf index a1af8f2..68a785d 100644 --- a/main.tf +++ b/main.tf @@ -51,10 +51,6 @@ resource "helm_release" "loki" { gateway_image_tag = module.images.images[local.gateway_key].tag sidecar_image_repository = split(":", module.images.images[local.sidecar_key].dest_full_path)[0] sidecar_image_tag = module.images.images[local.sidecar_key].tag - memcached_image_repository = split(":", module.images.images[local.memcached_key].dest_full_path)[0] - memcached_image_tag = module.images.images[local.memcached_key].tag - exporter_image_repository = split(":", module.images.images[local.exporter_key].dest_full_path)[0] - exporter_image_tag = module.images.images[local.exporter_key].tag # Storage configuration s3_bucket_name = module.loki_s3.s3_requested_bucket_name region = var.region diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index f4b854d..119615c 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -8,33 +8,39 @@ global: # Main Loki configuration loki: + analytics: + reporting_enabled: true + auth_enabled: false image: repository: ${loki_image_repository} tag: ${loki_image_tag} - auth_enabled: false - analytics: - reporting_enabled: true - use_thanos_objstore: true + ingester: + chunk_encoding: snappy + limits_config: + allow_structured_metadata: true + query_timeout: 30s + max_streams_per_user: 1000 + max_query_parallelism: 32 + max_query_length: 2160h + ingestion_rate_strategy: local + split_queries_by_interval: 15m + max_cache_freshness_per_query: 10m + reject_old_samples_max_age: 168h + reject_old_samples: true + retention_period: 2160h # Storage configuration - storage: - type: s3 - bucketNames: - chunks: ${s3_bucket_name} - ruler: ${s3_bucket_name} - admin: ${s3_bucket_name} + use_thanos_objstore: true + object_store: s3: - s3: s3://${region} + bucketName: ${s3_bucket_name} + endpoint: s3.${region}.amazonaws.com region: ${region} - storage_config: - aws: - s3: s3://${region}/${s3_bucket_name} - # Provisioner settings provisioner: image: repository: ${provisioner_image_repository} tag: ${provisioner_image_tag} - + replication_factor: 1 schemaConfig: configs: - from: 2024-04-01 @@ -44,16 +50,18 @@ loki: object_store: s3 schema: v13 store: tsdb + tracing: + enabled: true backend: - persistence: - enabled: true - storageClass: ${rwo_storage_class} - replicas: 1 autoscaling: enabled: true minReplicas: 1 targetCPUUtilizationPercentage: 80 + persistence: + enabled: true + storageClass: ${rwo_storage_class} + replicas: 1 resources: requests: cpu: 1m @@ -61,8 +69,14 @@ backend: limits: cpu: 200m memory: 256Mi - +bloomCompactor: + replicas: 0 +bloomGateway: + replicas: 0 +chunksCache: + enabled: false compactor: + replicas: 0 working_directory: /loki/compactor shared_store: s3 compaction_interval: 10m @@ -76,7 +90,8 @@ compactor: limits: cpu: 200m memory: 256Mi - +distributer: + replicas: 0 gateway: image: repository: ${gateway_image_repository} @@ -91,47 +106,36 @@ gateway: limits: cpu: 100m memory: 128Mi - +indexGateway: + replicas: 0 +ingester: + replicas: 0 lokiCanary: enabled: false - memcached: + enabled: false chunk_cache: - enabled: true + enabled: false results_cache: - enabled: true - image: - repository: ${memcached_image_repository} - tag: ${memcached_image_tag} - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 200m - memory: 256Mi - + enabled: false memcachedExporter: - image: - repository: ${exporter_image_repository} - tag: ${exporter_image_tag} - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 200m - memory: 256Mi - + enabled: false +querier: + replicas: 0 + max_concurrent: 4 +queryFrontend: + replicas: 0 +queryScheduler: + replicas: 0 read: - persistence: - enabled: true - storageClass: ${rwo_storage_class} - replicas: 1 autoscaling: enabled: true minReplicas: 1 targetCPUUtilizationPercentage: 80 + persistence: + enabled: true + storageClass: ${rwo_storage_class} + replicas: 1 resources: requests: cpu: 1m @@ -139,16 +143,13 @@ read: limits: cpu: 200m memory: 256Mi - +resultsCache: + enabled: false ruler: - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 200m - memory: 256Mi - + enabled: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: ${iam_role_arn} sidecar: image: repository: ${sidecar_image_repository} @@ -160,15 +161,10 @@ sidecar: limits: cpu: 200m memory: 256Mi - - -serviceAccount: - annotations: - eks.amazonaws.com/role-arn: ${iam_role_arn} - +singleBinary: + replicas: 0 test: enabled: false - write: persistence: enabled: true diff --git a/variables.tf b/variables.tf index 35009fe..ad048a5 100644 --- a/variables.tf +++ b/variables.tf @@ -65,18 +65,6 @@ variable "gateway_tag" { default = "1.25.2-alpine" } -variable "memcached_tag" { - description = "The version of memcached to use for the gateway." - type = string - default = "1.6.23-alpine" -} - -variable "exporter_tag" { - description = "The version of prom/memcached-exporter to use for the gateway." - type = string - default = "v0.14.4" -} - variable "sidecar_tag" { description = "The version of kiwigrid/k8s-sidecar to use for the gateway." type = string From c1d791bb6fc3f98103878ffe47aa95c1ae355325 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 18:36:42 -0500 Subject: [PATCH 09/35] fix values --- values/loki.yml.tpl | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 119615c..e717809 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -18,23 +18,26 @@ loki: chunk_encoding: snappy limits_config: allow_structured_metadata: true - query_timeout: 30s - max_streams_per_user: 1000 - max_query_parallelism: 32 - max_query_length: 2160h ingestion_rate_strategy: local - split_queries_by_interval: 15m max_cache_freshness_per_query: 10m + max_query_length: 2160h + max_query_parallelism: 32 + max_streams_per_user: 1000 + query_timeout: 300s reject_old_samples_max_age: 168h reject_old_samples: true retention_period: 2160h + split_queries_by_interval: 15m # Storage configuration - use_thanos_objstore: true - object_store: - s3: - bucketName: ${s3_bucket_name} - endpoint: s3.${region}.amazonaws.com - region: ${region} + storage: + use_thanos_objstore: true + object_store: + s3: + bucketName: ${s3_bucket_name} + endpoint: s3.${region}.amazonaws.com + region: ${region} + pattern_ingester: + enabled: false # Provisioner settings provisioner: image: @@ -50,9 +53,11 @@ loki: object_store: s3 schema: v13 store: tsdb + tracing: enabled: true + backend: autoscaling: enabled: true @@ -76,13 +81,8 @@ bloomGateway: chunksCache: enabled: false compactor: - replicas: 0 - working_directory: /loki/compactor - shared_store: s3 compaction_interval: 10m - retention_enabled: true - retention_delete_delay: 2h - retention_delete_worker_count: 150 + replicas: 0 resources: requests: cpu: 1m @@ -90,6 +90,11 @@ compactor: limits: cpu: 200m memory: 256Mi + retention_delete_delay: 2h + retention_delete_worker_count: 150 + retention_enabled: true + shared_store: s3 + working_directory: /loki/compactor distributer: replicas: 0 gateway: @@ -99,6 +104,7 @@ gateway: autoscaling: enabled: true targetCPUUtilizationPercentage: 80 + replicas: 1 resources: requests: cpu: 1m From 6cbf1acf407dcbf24b4359e44757ae65d93873ad Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 18:46:33 -0500 Subject: [PATCH 10/35] template error --- loki.values.yml | 3767 ------------------------------------------- values/loki.yml.tpl | 11 +- 2 files changed, 6 insertions(+), 3772 deletions(-) delete mode 100644 loki.values.yml diff --git a/loki.values.yml b/loki.values.yml deleted file mode 100644 index 44c9283..0000000 --- a/loki.values.yml +++ /dev/null @@ -1,3767 +0,0 @@ -# -- Overrides the version used to determine compatibility of resources with the target Kubernetes cluster. -# This is useful when using `helm template`, because then helm will use the client version of kubectl as the Kubernetes version, -# which may or may not match your cluster's server version. Example: 'v1.24.4'. Set to null to use the version that helm -# devises. -kubeVersionOverride: null - -global: - image: - # -- Overrides the Docker registry globally for all images - registry: null - # -- Overrides the priorityClassName for all pods - priorityClassName: null - # -- configures cluster domain ("cluster.local" by default) - clusterDomain: "cluster.local" - # -- configures DNS service name - dnsService: "kube-dns" - # -- configures DNS service namespace - dnsNamespace: "kube-system" - # -- Common additional CLI arguments for all jobs (that is, -log.level debug, -config.expand-env=true or -log-config-reverse-order) - # scope: admin-api, backend, bloom-builder, bloom-gateway, bloom-planner, compactor, distributor, index-gateway, ingester, overrides-exporter, pattern-ingester, querier, query-frontend, query-scheduler, read, ruler, write. - extraArgs: [] - # -- Common environment variables to add to all pods directly managed by this chart. - # scope: admin-api, backend, bloom-builder, bloom-gateway, bloom-planner, compactor, distributor, index-gateway, ingester, overrides-exporter, pattern-ingester, querier, query-frontend, query-scheduler, read, ruler, write. - extraEnv: [] - # -- Common source of environment injections to add to all pods directly managed by this chart. - # scope: admin-api, backend, bloom-builder, bloom-gateway, bloom-planner, compactor, distributor, index-gateway, ingester, overrides-exporter, pattern-ingester, querier, query-frontend, query-scheduler, read, ruler, write. - # For example to inject values from a Secret, use: - # extraEnvFrom: - # - secretRef: - # name: mysecret - extraEnvFrom: [] - # -- Common volumes to add to all pods directly managed by this chart. - # scope: admin-api, backend, bloom-builder, bloom-gateway, bloom-planner, compactor, distributor, index-gateway, ingester, overrides-exporter, pattern-ingester, querier, query-frontend, query-scheduler, read, ruler, write. - extraVolumes: [] - # -- Common mount points to add to all pods directly managed by this chart. - # scope: admin-api, backend, bloom-builder, bloom-gateway, bloom-planner, compactor, distributor, index-gateway, ingester, overrides-exporter, pattern-ingester, querier, query-frontend, query-scheduler, read, ruler, write. - extraVolumeMounts: [] -# -- Overrides the chart's name -nameOverride: null -# -- Overrides the chart's computed fullname -fullnameOverride: null -# -- Overrides the chart's cluster label -clusterLabelOverride: null -# -- Image pull secrets for Docker images -imagePullSecrets: [] -# -- Deployment mode lets you specify how to deploy Loki. -# There are 3 options: -# - SingleBinary: Loki is deployed as a single binary, useful for small installs typically without HA, up to a few tens of GB/day. -# - SimpleScalable: Loki is deployed as 3 targets: read, write, and backend. Useful for medium installs easier to manage than distributed, up to a about 1TB/day. -# - Distributed: Loki is deployed as individual microservices. The most complicated but most capable, useful for large installs, typically over 1TB/day. -# There are also 2 additional modes used for migrating between deployment modes: -# - SingleBinary<->SimpleScalable: Migrate from SingleBinary to SimpleScalable (or vice versa) -# - SimpleScalable<->Distributed: Migrate from SimpleScalable to Distributed (or vice versa) -# Note: SimpleScalable and Distributed REQUIRE the use of object storage. -deploymentMode: SimpleScalable -###################################################################################################################### -# -# Base Loki Configs including kubernetes configurations and configurations for Loki itself, -# see below for more specifics on Loki's configuration. -# -###################################################################################################################### -# -- Configuration for running Loki -# @default -- See values.yaml -loki: - # Configures the readiness probe for all of the Loki pods - readinessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 30 - timeoutSeconds: 1 - image: - # -- The Docker registry - registry: docker.io - # -- Docker image repository - repository: grafana/loki - # -- Overrides the image tag whose default is the chart's appVersion - tag: 3.4.2 - # -- Overrides the image tag with an image digest - digest: null - # -- Docker image pull policy - pullPolicy: IfNotPresent - # -- Common annotations for all deployments/StatefulSets - annotations: {} - # -- Common annotations for all pods - podAnnotations: {} - # -- Common labels for all pods - podLabels: {} - # -- Common annotations for all services - serviceAnnotations: {} - # -- Common labels for all services - serviceLabels: {} - # -- The number of old ReplicaSets to retain to allow rollback - revisionHistoryLimit: 10 - # -- The SecurityContext for Loki pods - podSecurityContext: - fsGroup: 10001 - runAsGroup: 10001 - runAsNonRoot: true - runAsUser: 10001 - # -- The SecurityContext for Loki containers - containerSecurityContext: - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - # -- Should enableServiceLinks be enabled. Default to enable - enableServiceLinks: true - ###################################################################################################################### - # - # Loki Configuration - # - # There are several ways to pass configuration to Loki, listing them here in order of our preference for how - # you should use this chart. - # 1. Use the templated value of loki.config below and the corresponding override sections which follow. - # This allows us to set a lot of important Loki configurations and defaults and also allows us to maintain them - # over time as Loki changes and evolves. - # 2. Use the loki.structuredConfig section. - # This will completely override the templated value of loki.config, so you MUST provide the entire Loki config - # including any configuration that we set in loki.config unless you explicitly are trying to change one of those - # values and are not able to do so with the templated sections. - # If you choose this approach the burden is on you to maintain any changes we make to the templated config. - # 3. Use an existing secret or configmap to provide the configuration. - # This option is mostly provided for folks who have external processes which provide or modify the configuration. - # When using this option you can specify a different name for loki.generatedConfigObjectName and configObjectName - # if you have a process which takes the generated config and modifies it, or you can stop the chart from generating - # a config entirely by setting loki.generatedConfigObjectName to - # - ###################################################################################################################### - - # -- Defines what kind of object stores the configuration, a ConfigMap or a Secret. - # In order to move sensitive information (such as credentials) from the ConfigMap/Secret to a more secure location (e.g. vault), it is possible to use [environment variables in the configuration](https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration). - # Such environment variables can be then stored in a separate Secret and injected via the global.extraEnvFrom value. For details about environment injection from a Secret please see [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables). - configStorageType: ConfigMap - # -- The name of the object which Loki will mount as a volume containing the config. - # If the configStorageType is Secret, this will be the name of the Secret, if it is ConfigMap, this will be the name of the ConfigMap. - # The value will be passed through tpl. - configObjectName: '{{ include "loki.name" . }}' - # -- The name of the Secret or ConfigMap that will be created by this chart. - # If empty, no configmap or secret will be created. - # The value will be passed through tpl. - generatedConfigObjectName: '{{ include "loki.name" . }}' - # -- Config file contents for Loki - # @default -- See values.yaml - config: | - {{- if .Values.enterprise.enabled}} - {{- tpl .Values.enterprise.config . }} - {{- else }} - auth_enabled: {{ .Values.loki.auth_enabled }} - {{- end }} - - {{- with .Values.loki.server }} - server: - {{- toYaml . | nindent 2}} - {{- end}} - - pattern_ingester: - enabled: {{ .Values.loki.pattern_ingester.enabled }} - - memberlist: - {{- if .Values.loki.memberlistConfig }} - {{- toYaml .Values.loki.memberlistConfig | nindent 2 }} - {{- else }} - {{- if .Values.loki.extraMemberlistConfig}} - {{- toYaml .Values.loki.extraMemberlistConfig | nindent 2}} - {{- end }} - join_members: - - {{ include "loki.memberlist" . }} - {{- with .Values.migrate.fromDistributed }} - {{- if .enabled }} - - {{ .memberlistService }} - {{- end }} - {{- end }} - {{- end }} - - {{- with .Values.loki.ingester }} - ingester: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- if .Values.loki.commonConfig}} - common: - {{- toYaml .Values.loki.commonConfig | nindent 2}} - storage: - {{- include "loki.commonStorageConfig" . | nindent 4}} - {{- end}} - - {{- with .Values.loki.limits_config }} - limits_config: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - runtime_config: - file: /etc/loki/runtime-config/runtime-config.yaml - - {{- with .Values.chunksCache }} - {{- if .enabled }} - chunk_store_config: - chunk_cache_config: - default_validity: {{ .defaultValidity }} - background: - writeback_goroutines: {{ .writebackParallelism }} - writeback_buffer: {{ .writebackBuffer }} - writeback_size_limit: {{ .writebackSizeLimit }} - memcached: - batch_size: {{ .batchSize }} - parallelism: {{ .parallelism }} - memcached_client: - addresses: dnssrvnoa+_memcached-client._tcp.{{ template "loki.fullname" $ }}-chunks-cache.{{ $.Release.Namespace }}.svc - consistent_hash: true - timeout: {{ .timeout }} - max_idle_conns: 72 - {{- end }} - {{- end }} - - {{- if .Values.loki.schemaConfig }} - schema_config: - {{- toYaml .Values.loki.schemaConfig | nindent 2}} - {{- end }} - - {{- if .Values.loki.useTestSchema }} - schema_config: - {{- toYaml .Values.loki.testSchemaConfig | nindent 2}} - {{- end }} - - {{- if .Values.ruler.enabled }} - {{ include "loki.rulerConfig" . }} - {{- end }} - - {{- if and .Values.loki.storage.use_thanos_objstore .Values.ruler.enabled}} - ruler_storage: - {{- include "loki.rulerThanosStorageConfig" . | nindent 2 }} - {{- end }} - - {{- if or .Values.tableManager.retention_deletes_enabled .Values.tableManager.retention_period }} - table_manager: - retention_deletes_enabled: {{ .Values.tableManager.retention_deletes_enabled }} - retention_period: {{ .Values.tableManager.retention_period }} - {{- end }} - - query_range: - align_queries_with_step: true - {{- with .Values.loki.query_range }} - {{- tpl (. | toYaml) $ | nindent 2 }} - {{- end }} - {{- if .Values.resultsCache.enabled }} - {{- with .Values.resultsCache }} - cache_results: true - results_cache: - cache: - default_validity: {{ .defaultValidity }} - background: - writeback_goroutines: {{ .writebackParallelism }} - writeback_buffer: {{ .writebackBuffer }} - writeback_size_limit: {{ .writebackSizeLimit }} - memcached_client: - consistent_hash: true - addresses: dnssrvnoa+_memcached-client._tcp.{{ template "loki.fullname" $ }}-results-cache.{{ $.Release.Namespace }}.svc - timeout: {{ .timeout }} - update_interval: 1m - {{- end }} - {{- end }} - - {{- with .Values.loki.storage_config }} - storage_config: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.query_scheduler }} - query_scheduler: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.compactor }} - compactor: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.analytics }} - analytics: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.querier }} - querier: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.index_gateway }} - index_gateway: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.frontend }} - frontend: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.frontend_worker }} - frontend_worker: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.distributor }} - distributor: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - tracing: - enabled: {{ .Values.loki.tracing.enabled }} - - {{- with .Values.loki.bloom_build }} - bloom_build: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.bloom_gateway }} - bloom_gateway: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - # Should authentication be enabled - auth_enabled: true - # -- memberlist configuration (overrides embedded default) - memberlistConfig: {} - # -- Extra memberlist configuration - extraMemberlistConfig: {} - # -- Tenants list to be created on nginx htpasswd file, with name and password keys - tenants: [] - # -- Check https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration. - server: - http_listen_port: 3100 - grpc_listen_port: 9095 - http_server_read_timeout: 600s - http_server_write_timeout: 600s - # -- Limits config - limits_config: - reject_old_samples: true - reject_old_samples_max_age: 168h - max_cache_freshness_per_query: 10m - split_queries_by_interval: 15m - query_timeout: 300s - volume_enabled: true - # -- Provides a reloadable runtime configuration file for some specific configuration - runtimeConfig: {} - # -- Check https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration - commonConfig: - path_prefix: /var/loki - replication_factor: 3 - compactor_address: '{{ include "loki.compactorAddress" . }}' - # -- Storage config. Providing this will automatically populate all necessary storage configs in the templated config. - # -- In case of using thanos storage, enable use_thanos_objstore and the configuration should be done inside the object_store section. - storage: - # Loki requires a bucket for chunks and the ruler. GEL requires a third bucket for the admin API. - # Please provide these values if you are using object storage. - # bucketNames: - # chunks: FIXME - # ruler: FIXME - # admin: FIXME - type: s3 - s3: - s3: null - endpoint: null - region: null - secretAccessKey: null - accessKeyId: null - signatureVersion: null - s3ForcePathStyle: false - insecure: false - http_config: {} - # -- Check https://grafana.com/docs/loki/latest/configure/#s3_storage_config for more info on how to provide a backoff_config - backoff_config: {} - disable_dualstack: false - gcs: - chunkBufferSize: 0 - requestTimeout: "0s" - enableHttp2: true - azure: - accountName: null - accountKey: null - connectionString: null - useManagedIdentity: false - useFederatedToken: false - userAssignedId: null - requestTimeout: null - endpointSuffix: null - chunkDelimiter: null - swift: - auth_version: null - auth_url: null - internal: null - username: null - user_domain_name: null - user_domain_id: null - user_id: null - password: null - domain_id: null - domain_name: null - project_id: null - project_name: null - project_domain_id: null - project_domain_name: null - region_name: null - container_name: null - max_retries: null - connect_timeout: null - request_timeout: null - filesystem: - chunks_directory: /var/loki/chunks - rules_directory: /var/loki/rules - admin_api_directory: /var/loki/admin - - # Loki now supports using thanos storage clients for connecting to object storage backend. - # This will become the default way to configure storage in a future releases. - use_thanos_objstore: false - - object_store: - # Type of object store. Valid options are: s3, gcs, azure - type: s3 - prefix: null # Optional prefix for storage keys - - # S3 configuration (when type is "s3") - s3: - endpoint: null # S3 endpoint URL - region: null # Optional region - access_key_id: null # Optional access key - secret_access_key: null # Optional secret key - insecure: false # Optional. Enable if using self-signed TLS - sse: {} # Optional server-side encryption configuration - http: {} # Optional HTTP client configuration - - # GCS configuration (when type is "gcs") - gcs: - bucket_name: null # Name of the bucket - service_account: null # Optional service account JSON - - # Azure configuration (when type is "azure") - azure: - account_name: null # Storage account name - account_key: null # Optional storage account key - - # -- Configure memcached as an external cache for chunk and results cache. Disabled by default - # must enable and specify a host for each cache you would like to use. - memcached: - chunk_cache: - enabled: false - host: "" - service: "memcached-client" - batch_size: 256 - parallelism: 10 - results_cache: - enabled: false - host: "" - service: "memcached-client" - timeout: "500ms" - default_validity: "12h" - # -- Check https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas - schemaConfig: {} - # -- a real Loki install requires a proper schemaConfig defined above this, however for testing or playing around - # you can enable useTestSchema - useTestSchema: false - testSchemaConfig: - configs: - - from: 2024-04-01 - store: tsdb - object_store: '{{ include "loki.testSchemaObjectStore" . }}' - schema: v13 - index: - prefix: index_ - period: 24h - # -- Check https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler - rulerConfig: - wal: - dir: /var/loki/ruler-wal - # -- Structured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig` - structuredConfig: {} - # -- Additional query scheduler config - query_scheduler: {} - # -- Additional storage config - storage_config: - boltdb_shipper: - index_gateway_client: - server_address: '{{ include "loki.indexGatewayAddress" . }}' - tsdb_shipper: - index_gateway_client: - server_address: '{{ include "loki.indexGatewayAddress" . }}' - bloom_shipper: - working_directory: /var/loki/data/bloomshipper - hedging: - at: "250ms" - max_per_second: 20 - up_to: 3 - # -- Optional compactor configuration - compactor: {} - # -- Optional pattern ingester configuration - pattern_ingester: - enabled: false - # -- Optional analytics configuration - analytics: {} - # -- Optional querier configuration - query_range: {} - # -- Optional querier configuration - querier: {} - # -- Optional ingester configuration - ingester: {} - # -- Optional index gateway configuration - index_gateway: - mode: simple - frontend: - scheduler_address: '{{ include "loki.querySchedulerAddress" . }}' - tail_proxy_url: '{{ include "loki.querierAddress" . }}' - frontend_worker: - scheduler_address: '{{ include "loki.querySchedulerAddress" . }}' - # -- Optional distributor configuration - distributor: {} - # -- Enable tracing - tracing: - enabled: false - bloom_build: - enabled: false - builder: - planner_address: '{{ include "loki.bloomPlannerAddress" . }}' - bloom_gateway: - enabled: false - client: - addresses: '{{ include "loki.bloomGatewayAddresses" . }}' -###################################################################################################################### -# -# Enterprise Loki Configs -# -###################################################################################################################### - -# -- Configuration for running Enterprise Loki -enterprise: - # Enable enterprise features, license must be provided - enabled: false - # Default verion of GEL to deploy - version: 3.4.0 - # -- Optional name of the GEL cluster, otherwise will use .Release.Name - # The cluster name must match what is in your GEL license - cluster_name: null - # -- Grafana Enterprise Logs license - # In order to use Grafana Enterprise Logs features, you will need to provide - # the contents of your Grafana Enterprise Logs license, either by providing the - # contents of the license.jwt, or the name Kubernetes Secret that contains your - # license.jwt. - # To set the license contents, use the flag `--set-file 'enterprise.license.contents=./license.jwt'` - license: - contents: "NOTAVALIDLICENSE" - # -- Set to true when providing an external license - useExternalLicense: false - # -- Name of external license secret to use - externalLicenseName: null - # -- Name of the external config secret to use - externalConfigName: "" - # -- Use GEL gateway, if false will use the default nginx gateway - gelGateway: true - # -- If enabled, the correct admin_client storage will be configured. If disabled while running enterprise, - # make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`. - adminApi: - enabled: true - # enterprise specific sections of the config.yaml file - config: | - {{- if .Values.enterprise.adminApi.enabled }} - admin_client: - {{ include "enterprise-logs.adminAPIStorageConfig" . | nindent 2 }} - {{ end }} - auth: - type: {{ .Values.enterprise.adminApi.enabled | ternary "enterprise" "trust" }} - auth_enabled: {{ .Values.loki.auth_enabled }} - cluster_name: {{ include "loki.clusterName" . }} - license: - path: /etc/loki/license/license.jwt - image: - # -- The Docker registry - registry: docker.io - # -- Docker image repository - repository: grafana/enterprise-logs - # -- Docker image tag - tag: 3.4.0 - # -- Overrides the image tag with an image digest - digest: null - # -- Docker image pull policy - pullPolicy: IfNotPresent - adminToken: - # -- Alternative name for admin token secret, needed by tokengen and provisioner jobs - secret: null - # -- Additional namespace to also create the token in. Useful if your Grafana instance - # is in a different namespace - additionalNamespaces: [] - # -- Alternative name of the secret to store token for the canary - canarySecret: null - # -- Configuration for `tokengen` target - tokengen: - # -- Whether the job should be part of the deployment - enabled: true - # -- Comma-separated list of Loki modules to load for tokengen - targetModule: "tokengen" - # -- Additional CLI arguments for the `tokengen` target - extraArgs: [] - # -- Additional Kubernetes environment - env: [] - # -- Additional labels for the `tokengen` Job - labels: {} - # -- Additional annotations for the `tokengen` Job - annotations: {} - # -- Affinity for tokengen Pods - affinity: {} - # -- Node selector for tokengen Pods - nodeSelector: {} - # -- Tolerations for tokengen Job - tolerations: [] - # -- Additional volumes for Pods - extraVolumes: [] - # -- Additional volume mounts for Pods - extraVolumeMounts: [] - # -- Run containers as user `enterprise-logs(uid=10001)` - securityContext: - runAsNonRoot: true - runAsGroup: 10001 - runAsUser: 10001 - fsGroup: 10001 - # -- Environment variables from secrets or configmaps to add to the tokengen pods - extraEnvFrom: [] - # -- The name of the PriorityClass for tokengen Pods - priorityClassName: "" - # -- Configuration for `provisioner` target - provisioner: - # -- Whether the job should be part of the deployment - enabled: true - # -- Name of the secret to store provisioned tokens in - provisionedSecretPrefix: null - # -- Hook type(s) to customize when the job runs. defaults to post-install - hookType: "post-install" - # -- Additional tenants to be created. Each tenant will get a read and write policy - # and associated token. Tenant must have a name and a namespace for the secret containting - # the token to be created in. For example - # additionalTenants: - # - name: loki - # secretNamespace: grafana - additionalTenants: [] - # -- Additional Kubernetes environment - env: [] - # -- Additional labels for the `provisioner` Job - labels: {} - # -- Additional annotations for the `provisioner` Job - annotations: {} - # -- Affinity for tokengen Pods - affinity: {} - # -- Node selector for tokengen Pods - nodeSelector: {} - # -- Tolerations for tokengen Pods - tolerations: [] - # -- The name of the PriorityClass for provisioner Job - priorityClassName: null - # -- Run containers as user `enterprise-logs(uid=10001)` - securityContext: - runAsNonRoot: true - runAsGroup: 10001 - runAsUser: 10001 - fsGroup: 10001 - # -- Provisioner image to Utilize - image: - # -- The Docker registry - registry: docker.io - # -- Docker image repository - repository: grafana/enterprise-logs-provisioner - # -- Overrides the image tag whose default is the chart's appVersion - tag: null - # -- Overrides the image tag with an image digest - digest: null - # -- Docker image pull policy - pullPolicy: IfNotPresent - # -- Volume mounts to add to the provisioner pods - extraVolumeMounts: [] -# -- kubetclImage is used in the enterprise provisioner and tokengen jobs -kubectlImage: - # -- The Docker registry - registry: docker.io - # -- Docker image repository - repository: bitnami/kubectl - # -- Overrides the image tag whose default is the chart's appVersion - tag: null - # -- Overrides the image tag with an image digest - digest: null - # -- Docker image pull policy - pullPolicy: IfNotPresent -###################################################################################################################### -# -# Chart Testing -# -###################################################################################################################### - -# -- Section for configuring optional Helm test -test: - enabled: true - # -- Used to directly query the metrics endpoint of the canary for testing, this approach avoids needing prometheus for testing. - # This in a newer approach to using prometheusAddress such that tests do not have a dependency on prometheus - canaryServiceAddress: "http://loki-canary:3500/metrics" - # -- Address of the prometheus server to query for the test. This overrides any value set for canaryServiceAddress. - # This is kept for backward compatibility and may be removed in future releases. Previous value was 'http://prometheus:9090' - prometheusAddress: "" - # -- Number of times to retry the test before failing - timeout: 1m - # -- Additional labels for the test pods - labels: {} - # -- Additional annotations for test pods - annotations: {} - # -- Image to use for loki canary - image: - # -- The Docker registry - registry: docker.io - # -- Docker image repository - repository: grafana/loki-helm-test - # -- Overrides the image tag whose default is the chart's appVersion - tag: "ewelch-distributed-helm-chart-17db5ee" - # -- Overrides the image tag with an image digest - digest: null - # -- Docker image pull policy - pullPolicy: IfNotPresent -# The Loki canary pushes logs to and queries from this loki installation to test -# that it's working correctly -lokiCanary: - enabled: true - # -- If true, the canary will send directly to Loki via the address configured for verification -- - # -- If false, it will write to stdout and an Agent will be needed to scrape and send the logs -- - push: true - # -- The name of the label to look for at loki when doing the checks. - labelname: pod - # -- Additional annotations for the `loki-canary` Daemonset - annotations: {} - # -- Additional labels for each `loki-canary` pod - podLabels: {} - service: - # -- Annotations for loki-canary Service - annotations: {} - # -- Additional labels for loki-canary Service - labels: {} - # -- Additional CLI arguments for the `loki-canary' command - extraArgs: [] - # -- Environment variables to add to the canary pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the canary pods - extraEnvFrom: [] - # -- Volume mounts to add to the canary pods - extraVolumeMounts: [] - # -- Volumes to add to the canary pods - extraVolumes: [] - # -- Resource requests and limits for the canary - resources: {} - # -- DNS config for canary pods - dnsConfig: {} - # -- Node selector for canary pods - nodeSelector: {} - # -- Tolerations for canary pods - tolerations: [] - # -- The name of the PriorityClass for loki-canary pods - priorityClassName: null - # -- Image to use for loki canary - image: - # -- The Docker registry - registry: docker.io - # -- Docker image repository - repository: grafana/loki-canary - # -- Overrides the image tag whose default is the chart's appVersion - tag: null - # -- Overrides the image tag with an image digest - digest: null - # -- Docker image pull policy - pullPolicy: IfNotPresent - # -- Update strategy for the `loki-canary` Daemonset pods - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 -###################################################################################################################### -# -# Service Accounts and Kubernetes RBAC -# -###################################################################################################################### -serviceAccount: - # -- Specifies whether a ServiceAccount should be created - create: true - # -- The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: null - # -- Image pull secrets for the service account - imagePullSecrets: [] - # -- Annotations for the service account - annotations: {} - # -- Labels for the service account - labels: {} - # -- Set this toggle to false to opt out of automounting API credentials for the service account - automountServiceAccountToken: true -# RBAC configuration -rbac: - # -- If pspEnabled true, a PodSecurityPolicy is created for K8s that use psp. - pspEnabled: false - # -- For OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints. - sccEnabled: false - # -- Specify PSP annotations - # Ref: https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/#podsecuritypolicy-annotations - pspAnnotations: {} - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - # -- Whether to install RBAC in the namespace only or cluster-wide. Useful if you want to watch ConfigMap globally. - namespaced: false -###################################################################################################################### -# -# Network Policy configuration -# -###################################################################################################################### -networkPolicy: - # -- Specifies whether Network Policies should be created - enabled: false - # -- Specifies whether the policies created will be standard Network Policies (flavor: kubernetes) - # or Cilium Network Policies (flavor: cilium) - flavor: kubernetes - metrics: - # -- Specifies the Pods which are allowed to access the metrics port. - # As this is cross-namespace communication, you also need the namespaceSelector. - podSelector: {} - # -- Specifies the namespaces which are allowed to access the metrics port - namespaceSelector: {} - # -- Specifies specific network CIDRs which are allowed to access the metrics port. - # In case you use namespaceSelector, you also have to specify your kubelet networks here. - # The metrics ports are also used for probes. - cidrs: [] - ingress: - # -- Specifies the Pods which are allowed to access the http port. - # As this is cross-namespace communication, you also need the namespaceSelector. - podSelector: {} - # -- Specifies the namespaces which are allowed to access the http port - namespaceSelector: {} - alertmanager: - # -- Specify the alertmanager port used for alerting - port: 9093 - # -- Specifies the alertmanager Pods. - # As this is cross-namespace communication, you also need the namespaceSelector. - podSelector: {} - # -- Specifies the namespace the alertmanager is running in - namespaceSelector: {} - externalStorage: - # -- Specify the port used for external storage, e.g. AWS S3 - ports: [] - # -- Specifies specific network CIDRs you want to limit access to - cidrs: [] - discovery: - # -- (int) Specify the port used for discovery - port: null - # -- Specifies the Pods labels used for discovery. - # As this is cross-namespace communication, you also need the namespaceSelector. - podSelector: {} - # -- Specifies the namespace the discovery Pods are running in - namespaceSelector: {} - egressWorld: - # -- Enable additional cilium egress rules to external world for write, read and backend. - enabled: false - egressKubeApiserver: - # -- Enable additional cilium egress rules to kube-apiserver for backend. - enabled: false -###################################################################################################################### -# -# Global memberlist configuration -# -###################################################################################################################### - -# Configuration for the memberlist service -memberlist: - service: - publishNotReadyAddresses: false - annotations: {} -###################################################################################################################### -# -# adminAPI configuration, enterprise only. -# -###################################################################################################################### - -# -- Configuration for the `admin-api` target -adminApi: - # -- Define the amount of instances - replicas: 1 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - # -- Additional CLI arguments for the `admin-api` target - extraArgs: {} - # -- Environment variables from secrets or configmaps to add to the admin-api pods - extraEnvFrom: [] - # -- Additional labels for the `admin-api` Deployment - labels: {} - # -- Additional annotations for the `admin-api` Deployment - annotations: {} - # -- Additional labels and annotations for the `admin-api` Service - service: - labels: {} - annotations: {} - # -- Run container as user `enterprise-logs(uid=10001)` - # `fsGroup` must not be specified, because these security options are applied - # on container level not on Pod level. - podSecurityContext: - runAsNonRoot: true - runAsGroup: 10001 - runAsUser: 10001 - containerSecurityContext: - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - # -- Update strategy - strategy: - type: RollingUpdate - # -- Readiness probe - readinessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 45 - # -- Request and limit Kubernetes resources - # -- Values are defined in small.yaml and large.yaml - resources: {} - # -- Configure optional environment variables - env: [] - # -- Configure optional initContainers - initContainers: [] - # -- Conifgure optional extraContainers - extraContainers: [] - # -- Additional volumes for Pods - extraVolumes: [] - # -- Additional volume mounts for Pods - extraVolumeMounts: [] - # -- Affinity for admin-api Pods - affinity: {} - # -- Node selector for admin-api Pods - nodeSelector: {} - # -- Topology Spread Constraints for admin-api pods - topologySpreadConstraints: [] - # -- Tolerations for admin-api Pods - tolerations: [] - # -- Grace period to allow the admin-api to shutdown before it is killed - terminationGracePeriodSeconds: 60 -###################################################################################################################### -# -# Gateway and Ingress -# -# By default this chart will deploy a Nginx container to act as a gateway which handles routing of traffic -# and can also do auth. -# -# If you would prefer you can optionally disable this and enable using k8s ingress to do the incoming routing. -# -###################################################################################################################### - -# Configuration for the gateway -gateway: - # -- Specifies whether the gateway should be enabled - enabled: true - # -- Number of replicas for the gateway - replicas: 1 - # -- Default container port - containerPort: 8080 - # -- Enable logging of 2xx and 3xx HTTP requests - verboseLogging: true - autoscaling: - # -- Enable autoscaling for the gateway - enabled: false - # -- Minimum autoscaling replicas for the gateway - minReplicas: 1 - # -- Maximum autoscaling replicas for the gateway - maxReplicas: 3 - # -- Target CPU utilisation percentage for the gateway - targetCPUUtilizationPercentage: 60 - # -- Target memory utilisation percentage for the gateway - targetMemoryUtilizationPercentage: - # -- See `kubectl explain deployment.spec.strategy` for more - # -- ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - # -- Behavior policies while scaling. - behavior: {} - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 60 - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - deploymentStrategy: - type: RollingUpdate - image: - # -- The Docker registry for the gateway image - registry: docker.io - # -- The gateway image repository - repository: nginxinc/nginx-unprivileged - # -- The gateway image tag - tag: 1.27-alpine - # -- Overrides the gateway image tag with an image digest - digest: null - # -- The gateway image pull policy - pullPolicy: IfNotPresent - # -- The name of the PriorityClass for gateway pods - priorityClassName: null - # -- Annotations for gateway deployment - annotations: {} - # -- Annotations for gateway pods - podAnnotations: {} - # -- Additional labels for gateway pods - podLabels: {} - # -- Additional CLI args for the gateway - extraArgs: [] - # -- Environment variables to add to the gateway pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the gateway pods - extraEnvFrom: [] - # -- Lifecycle for the gateway container - lifecycle: {} - # -- Volumes to add to the gateway pods - extraVolumes: [] - # -- Volume mounts to add to the gateway pods - extraVolumeMounts: [] - # -- The SecurityContext for gateway containers - podSecurityContext: - fsGroup: 101 - runAsGroup: 101 - runAsNonRoot: true - runAsUser: 101 - # -- The SecurityContext for gateway containers - containerSecurityContext: - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - # -- Resource requests and limits for the gateway - resources: {} - # -- Containers to add to the gateway pods - extraContainers: [] - # -- Grace period to allow the gateway to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Affinity for gateway pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: gateway - topologyKey: kubernetes.io/hostname - # -- DNS config for gateway pods - dnsConfig: {} - # -- Node selector for gateway pods - nodeSelector: {} - # -- Topology Spread Constraints for gateway pods - topologySpreadConstraints: [] - # -- Tolerations for gateway pods - tolerations: [] - # Gateway service configuration - service: - # -- Port of the gateway service - port: 80 - # -- Type of the gateway service - type: ClusterIP - # -- ClusterIP of the gateway service - clusterIP: null - # -- (int) Node port if service type is NodePort - nodePort: null - # -- Load balancer IPO address if service type is LoadBalancer - loadBalancerIP: null - # -- Annotations for the gateway service - annotations: {} - # -- Labels for gateway service - labels: {} - # Gateway ingress configuration - ingress: - # -- Specifies whether an ingress for the gateway should be created - enabled: false - # -- Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 - ingressClassName: "" - # -- Annotations for the gateway ingress - annotations: {} - # -- Labels for the gateway ingress - labels: {} - # -- Hosts configuration for the gateway ingress, passed through the `tpl` function to allow templating - hosts: - - host: gateway.loki.example.com - paths: - - path: / - # -- pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers - # pathType: Prefix - # -- TLS configuration for the gateway ingress. Hosts passed through the `tpl` function to allow templating - tls: - - secretName: loki-gateway-tls - hosts: - - gateway.loki.example.com - # Basic auth configuration - basicAuth: - # -- Enables basic authentication for the gateway - enabled: false - # -- The basic auth username for the gateway - username: null - # -- The basic auth password for the gateway - password: null - # -- Uses the specified users from the `loki.tenants` list to create the htpasswd file. - # if `loki.tenants` is not set, the `gateway.basicAuth.username` and `gateway.basicAuth.password` are used. - # The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes - # high CPU load. - # @default -- Either `loki.tenants` or `gateway.basicAuth.username` and `gateway.basicAuth.password`. - htpasswd: >- - {{ if .Values.loki.tenants }} - - - {{- range $t := .Values.loki.tenants }} - {{ htpasswd (required "All tenants must have a 'name' set" $t.name) (required "All tenants must have a 'password' set" $t.password) }} - - - {{- end }} - {{ else }} {{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }} {{ end }} - # -- Existing basic auth secret to use. Must contain '.htpasswd' - existingSecret: null - # Configures the readiness probe for the gateway - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: 15 - timeoutSeconds: 1 - nginxConfig: - # -- Which schema to be used when building URLs. Can be 'http' or 'https'. - schema: http - # -- Enable listener for IPv6, disable on IPv4-only systems - enableIPv6: true - # -- NGINX log format - logFormat: |- - main '$remote_addr - $remote_user [$time_local] $status ' - '"$request" $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - # -- Allows appending custom configuration to the server block - serverSnippet: "" - # -- Allows appending custom configuration to the http block, passed through the `tpl` function to allow templating - httpSnippet: >- - {{ if .Values.loki.tenants }}proxy_set_header X-Scope-OrgID $remote_user;{{ end }} - # -- Allows customizing the `client_max_body_size` directive - clientMaxBodySize: 4M - # -- Whether ssl should be appended to the listen directive of the server block or not. - ssl: false - # -- Override Read URL - customReadUrl: null - # -- Override Write URL - customWriteUrl: null - # -- Override Backend URL - customBackendUrl: null - # -- Allows overriding the DNS resolver address nginx will use. - resolver: "" - # -- Config file contents for Nginx. Passed through the `tpl` function to allow templating - # @default -- See values.yaml - file: | - {{- include "loki.nginxFile" . | indent 2 -}} -# -- If running enterprise and using the default enterprise gateway, configs go here. -enterpriseGateway: - # -- Define the amount of instances - replicas: 1 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - # -- Additional CLI arguments for the `gateway` target - extraArgs: {} - # -- Environment variables from secrets or configmaps to add to the enterprise gateway pods - extraEnvFrom: [] - # -- Additional labels for the `gateway` Pod - labels: {} - # -- Additional annotations for the `gateway` Pod - annotations: {} - # -- Additional labels and annotations for the `gateway` Service - # -- Service overriding service type - service: - type: ClusterIP - labels: {} - annotations: {} - # -- Run container as user `enterprise-logs(uid=10001)` - podSecurityContext: - runAsNonRoot: true - runAsGroup: 10001 - runAsUser: 10001 - fsGroup: 10001 - containerSecurityContext: - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - # -- If you want to use your own proxy URLs, set this to false. - useDefaultProxyURLs: true - # -- update strategy - strategy: - type: RollingUpdate - # -- Readiness probe - readinessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 45 - # -- Request and limit Kubernetes resources - # -- Values are defined in small.yaml and large.yaml - resources: {} - # -- Configure optional environment variables - env: [] - # -- Configure optional initContainers - initContainers: [] - # -- Conifgure optional extraContainers - extraContainers: [] - # -- Additional volumes for Pods - extraVolumes: [] - # -- Additional volume mounts for Pods - extraVolumeMounts: [] - # -- Affinity for gateway Pods - affinity: {} - # -- Node selector for gateway Pods - nodeSelector: {} - # -- Topology Spread Constraints for enterprise-gateway pods - topologySpreadConstraints: [] - # -- Tolerations for gateway Pods - tolerations: [] - # -- Grace period to allow the gateway to shutdown before it is killed - terminationGracePeriodSeconds: 60 -# -- Ingress configuration Use either this ingress or the gateway, but not both at once. -# If you enable this, make sure to disable the gateway. -# You'll need to supply authn configuration for your ingress controller. -ingress: - enabled: false - ingressClassName: "" - annotations: {} - # nginx.ingress.kubernetes.io/auth-type: basic - # nginx.ingress.kubernetes.io/auth-secret: loki-distributed-basic-auth - # nginx.ingress.kubernetes.io/auth-secret-type: auth-map - # nginx.ingress.kubernetes.io/configuration-snippet: | - # proxy_set_header X-Scope-OrgID $remote_user; - labels: {} - # blackbox.monitoring.exclude: "true" - paths: - # -- Paths that are exposed by Loki Distributor. - # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.distributorFullname"}}`. - # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.writeFullname"}}`. - # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` - distributor: - - /api/prom/push - - /loki/api/v1/push - - /otlp/v1/logs - # -- Paths that are exposed by Loki Query Frontend. - # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.queryFrontendFullname"}}`. - # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.readFullname"}}`. - # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` - queryFrontend: - - /api/prom/query - # this path covers labels and labelValues endpoints - - /api/prom/label - - /api/prom/series - - /api/prom/tail - - /loki/api/v1/query - - /loki/api/v1/query_range - - /loki/api/v1/tail - # this path covers labels and labelValues endpoints - - /loki/api/v1/label - - /loki/api/v1/labels - - /loki/api/v1/series - - /loki/api/v1/index/stats - - /loki/api/v1/index/volume - - /loki/api/v1/index/volume_range - - /loki/api/v1/format_query - - /loki/api/v1/detected_field - - /loki/api/v1/detected_fields - - /loki/api/v1/detected_labels - - /loki/api/v1/patterns - # -- Paths that are exposed by Loki Ruler. - # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.rulerFullname"}}`. - # If deployment mode is SimpleScalable, the requests are forwarded to k8s service: `{{"loki.backendFullname"}}`. - # If deployment mode is SimpleScalable but `read.legacyReadTarget` is `true`, the requests are forwarded to k8s service: `{{"loki.readFullname"}}`. - # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` - ruler: - - /api/prom/rules - - /api/prom/api/v1/rules - - /api/prom/api/v1/alerts - - /loki/api/v1/rules - - /prometheus/api/v1/rules - - /prometheus/api/v1/alerts - # -- Hosts configuration for the ingress, passed through the `tpl` function to allow templating - hosts: - - loki.example.com - # -- TLS configuration for the ingress. Hosts passed through the `tpl` function to allow templating - tls: [] -# - hosts: -# - loki.example.com -# secretName: loki-distributed-tls - -###################################################################################################################### -# -# Migration -# -###################################################################################################################### - -# -- Options that may be necessary when performing a migration from another helm chart -migrate: - # -- When migrating from a distributed chart like loki-distributed or enterprise-logs - fromDistributed: - # -- Set to true if migrating from a distributed helm chart - enabled: false - # -- If migrating from a distributed service, provide the distributed deployment's - # memberlist service DNS so the new deployment can join its ring. - memberlistService: "" -###################################################################################################################### -# -# Single Binary Deployment -# -# For small Loki installations up to a few 10's of GB per day, or for testing and development. -# -###################################################################################################################### - -# Configuration for the single binary node(s) -singleBinary: - # -- Number of replicas for the single binary - replicas: 0 - autoscaling: - # -- Enable autoscaling - enabled: false - # -- Minimum autoscaling replicas for the single binary - minReplicas: 1 - # -- Maximum autoscaling replicas for the single binary - maxReplicas: 3 - # -- Target CPU utilisation percentage for the single binary - targetCPUUtilizationPercentage: 60 - # -- Target memory utilisation percentage for the single binary - targetMemoryUtilizationPercentage: - image: - # -- The Docker registry for the single binary image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the single binary image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the single binary image. Overrides `loki.image.tag` - tag: null - # -- The name of the PriorityClass for single binary pods - priorityClassName: null - # -- Annotations for single binary StatefulSet - annotations: {} - # -- Annotations for single binary pods - podAnnotations: {} - # -- Additional labels for each `single binary` pod - podLabels: {} - # -- Additional selector labels for each `single binary` pod - selectorLabels: {} - service: - # -- Annotations for single binary Service - annotations: {} - # -- Additional labels for single binary Service - labels: {} - # -- Comma-separated list of Loki modules to load for the single binary - targetModule: "all" - # -- Labels for single binary service - extraArgs: [] - # -- Environment variables to add to the single binary pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the single binary pods - extraEnvFrom: [] - # -- Extra containers to add to the single binary loki pod - extraContainers: [] - # -- Init containers to add to the single binary pods - initContainers: [] - # -- Volume mounts to add to the single binary pods - extraVolumeMounts: [] - # -- Volumes to add to the single binary pods - extraVolumes: [] - # -- Resource requests and limits for the single binary - resources: {} - # -- Grace period to allow the single binary to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Affinity for single binary pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: single-binary - topologyKey: kubernetes.io/hostname - # -- DNS config for single binary pods - dnsConfig: {} - # -- Node selector for single binary pods - nodeSelector: {} - # -- Tolerations for single binary pods - tolerations: [] - persistence: - # -- Enable StatefulSetAutoDeletePVC feature - enableStatefulSetAutoDeletePVC: true - # -- Enable persistent disk - enabled: true - # -- Size of persistent disk - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Selector for persistent disk - selector: null - # -- Annotations for volume claim - annotations: {} -###################################################################################################################### -# -# Simple Scalable Deployment (SSD) Mode -# -# -# For small to medium size Loki deployments up to around 1 TB/day, this is the default mode for this helm chart -###################################################################################################################### - -# Configuration for the write pod(s) -write: - # -- Number of replicas for the write - replicas: 3 - autoscaling: - # -- Enable autoscaling for the write. - enabled: false - # -- Minimum autoscaling replicas for the write. - minReplicas: 2 - # -- Maximum autoscaling replicas for the write. - maxReplicas: 6 - # -- Target CPU utilisation percentage for the write. - targetCPUUtilizationPercentage: 60 - # -- Target memory utilization percentage for the write. - targetMemoryUtilizationPercentage: - # -- Behavior policies while scaling. - behavior: - # -- see https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown for scaledown details - scaleUp: - policies: - - type: Pods - value: 1 - periodSeconds: 900 - scaleDown: - policies: - - type: Pods - value: 1 - periodSeconds: 1800 - stabilizationWindowSeconds: 3600 - image: - # -- The Docker registry for the write image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the write image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the write image. Overrides `loki.image.tag` - tag: null - # -- The name of the PriorityClass for write pods - priorityClassName: null - # -- Annotations for write StatefulSet - annotations: {} - # -- Annotations for write pods - podAnnotations: {} - # -- Additional labels for each `write` pod - podLabels: {} - # -- Additional selector labels for each `write` pod - selectorLabels: {} - service: - # -- Annotations for write Service - annotations: {} - # -- Additional labels for write Service - labels: {} - # -- Comma-separated list of Loki modules to load for the write - targetModule: "write" - # -- Additional CLI args for the write - extraArgs: [] - # -- Environment variables to add to the write pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the write pods - extraEnvFrom: [] - # -- Lifecycle for the write container - lifecycle: {} - # -- The default /flush_shutdown preStop hook is recommended as part of the ingester - # scaledown process so it's added to the template by default when autoscaling is enabled, - # but it's disabled to optimize rolling restarts in instances that will never be scaled - # down or when using chunks storage with WAL disabled. - # https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown - # -- Init containers to add to the write pods - initContainers: [] - # -- Containers to add to the write pods - extraContainers: [] - # -- Volume mounts to add to the write pods - extraVolumeMounts: [] - # -- Volumes to add to the write pods - extraVolumes: [] - # -- volumeClaimTemplates to add to StatefulSet - extraVolumeClaimTemplates: [] - # -- Resource requests and limits for the write - resources: {} - # -- Grace period to allow the write to shutdown before it is killed. Especially for the ingester, - # this must be increased. It must be long enough so writes can be gracefully shutdown flushing/transferring - # all data and to successfully leave the member ring on shutdown. - terminationGracePeriodSeconds: 300 - # -- Affinity for write pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: write - topologyKey: kubernetes.io/hostname - # -- DNS config for write pods - dnsConfig: {} - # -- Node selector for write pods - nodeSelector: {} - # -- Topology Spread Constraints for write pods - topologySpreadConstraints: [] - # -- Tolerations for write pods - tolerations: [] - # -- The default is to deploy all pods in parallel. - podManagementPolicy: "Parallel" - persistence: - # -- Enable volume claims in pod spec - volumeClaimsEnabled: true - # -- Parameters used for the `data` volume when volumeClaimEnabled if false - dataVolumeParameters: - emptyDir: {} - # -- Enable StatefulSetAutoDeletePVC feature - enableStatefulSetAutoDeletePVC: false - # -- Size of persistent disk - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Selector for persistent disk - selector: null - # -- Annotations for volume claim - annotations: {} -# -- Configuration for the read pod(s) -read: - # -- Number of replicas for the read - replicas: 3 - autoscaling: - # -- Enable autoscaling for the read, this is only used if `queryIndex.enabled: true` - enabled: false - # -- Minimum autoscaling replicas for the read - minReplicas: 2 - # -- Maximum autoscaling replicas for the read - maxReplicas: 6 - # -- Target CPU utilisation percentage for the read - targetCPUUtilizationPercentage: 60 - # -- Target memory utilisation percentage for the read - targetMemoryUtilizationPercentage: - # -- Behavior policies while scaling. - behavior: {} - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 60 - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - image: - # -- The Docker registry for the read image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the read image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the read image. Overrides `loki.image.tag` - tag: null - # -- The name of the PriorityClass for read pods - priorityClassName: null - # -- Annotations for read deployment - annotations: {} - # -- Annotations for read pods - podAnnotations: {} - # -- Additional labels for each `read` pod - podLabels: {} - # -- Additional selector labels for each `read` pod - selectorLabels: {} - service: - # -- Annotations for read Service - annotations: {} - # -- Additional labels for read Service - labels: {} - # -- Comma-separated list of Loki modules to load for the read - targetModule: "read" - # -- Whether or not to use the 2 target type simple scalable mode (read, write) or the - # 3 target type (read, write, backend). Legacy refers to the 2 target type, so true will - # run two targets, false will run 3 targets. - legacyReadTarget: false - # -- Additional CLI args for the read - extraArgs: [] - # -- Containers to add to the read pods - extraContainers: [] - # -- Environment variables to add to the read pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the read pods - extraEnvFrom: [] - # -- Lifecycle for the read container - lifecycle: {} - # -- Volume mounts to add to the read pods - extraVolumeMounts: [] - # -- Volumes to add to the read pods - extraVolumes: [] - # -- Resource requests and limits for the read - resources: {} - # -- Grace period to allow the read to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Affinity for read pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: read - topologyKey: kubernetes.io/hostname - # -- DNS config for read pods - dnsConfig: {} - # -- Node selector for read pods - nodeSelector: {} - # -- Topology Spread Constraints for read pods - topologySpreadConstraints: [] - # -- Tolerations for read pods - tolerations: [] - # -- The default is to deploy all pods in parallel. - podManagementPolicy: "Parallel" - # -- read.persistence is used only if legacyReadTarget is set to true - persistence: - # -- Enable StatefulSetAutoDeletePVC feature - enableStatefulSetAutoDeletePVC: true - # -- Size of persistent disk - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Selector for persistent disk - selector: null - # -- Annotations for volume claim - annotations: {} -# -- Configuration for the backend pod(s) -backend: - # -- Number of replicas for the backend - replicas: 3 - autoscaling: - # -- Enable autoscaling for the backend. - enabled: false - # -- Minimum autoscaling replicas for the backend. - minReplicas: 3 - # -- Maximum autoscaling replicas for the backend. - maxReplicas: 6 - # -- Target CPU utilization percentage for the backend. - targetCPUUtilizationPercentage: 60 - # -- Target memory utilization percentage for the backend. - targetMemoryUtilizationPercentage: - # -- Behavior policies while scaling. - behavior: {} - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 60 - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - image: - # -- The Docker registry for the backend image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the backend image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the backend image. Overrides `loki.image.tag` - tag: null - # -- The name of the PriorityClass for backend pods - priorityClassName: null - # -- Annotations for backend StatefulSet - annotations: {} - # -- Annotations for backend pods - podAnnotations: {} - # -- Additional labels for each `backend` pod - podLabels: {} - # -- Additional selector labels for each `backend` pod - selectorLabels: {} - service: - # -- Annotations for backend Service - annotations: {} - # -- Additional labels for backend Service - labels: {} - # -- Comma-separated list of Loki modules to load for the backend - targetModule: "backend" - # -- Additional CLI args for the backend - extraArgs: [] - # -- Environment variables to add to the backend pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the backend pods - extraEnvFrom: [] - # -- Init containers to add to the backend pods - initContainers: [] - # -- Volume mounts to add to the backend pods - extraVolumeMounts: [] - # -- Volumes to add to the backend pods - extraVolumes: [] - # -- Resource requests and limits for the backend - resources: {} - # -- Grace period to allow the backend to shutdown before it is killed. Especially for the ingester, - # this must be increased. It must be long enough so backends can be gracefully shutdown flushing/transferring - # all data and to successfully leave the member ring on shutdown. - terminationGracePeriodSeconds: 300 - # -- Affinity for backend pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: backend - topologyKey: kubernetes.io/hostname - # -- DNS config for backend pods - dnsConfig: {} - # -- Node selector for backend pods - nodeSelector: {} - # -- Topology Spread Constraints for backend pods - topologySpreadConstraints: [] - # -- Tolerations for backend pods - tolerations: [] - # -- The default is to deploy all pods in parallel. - podManagementPolicy: "Parallel" - persistence: - # -- Enable volume claims in pod spec - volumeClaimsEnabled: true - # -- Parameters used for the `data` volume when volumeClaimEnabled if false - dataVolumeParameters: - emptyDir: {} - # -- Enable StatefulSetAutoDeletePVC feature - enableStatefulSetAutoDeletePVC: true - # -- Size of persistent disk - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Selector for persistent disk - selector: null - # -- Annotations for volume claim - annotations: {} -###################################################################################################################### -# -# Microservices Mode -# -# For large Loki deployments ingesting more than 1 TB/day -# -###################################################################################################################### - -# -- Configuration for the ingester -ingester: - # -- Number of replicas for the ingester, when zoneAwareReplication.enabled is true, the total - # number of replicas will match this value with each zone having 1/3rd of the total replicas. - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - autoscaling: - # -- Enable autoscaling for the ingester - enabled: false - # -- Minimum autoscaling replicas for the ingester - minReplicas: 1 - # -- Maximum autoscaling replicas for the ingester - maxReplicas: 3 - # -- Target CPU utilisation percentage for the ingester - targetCPUUtilizationPercentage: 60 - # -- Target memory utilisation percentage for the ingester - targetMemoryUtilizationPercentage: null - # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) - customMetrics: [] - # - type: Pods - # pods: - # metric: - # name: loki_lines_total - # target: - # type: AverageValue - # averageValue: 10k - behavior: - # -- Enable autoscaling behaviours - enabled: false - # -- define scale down policies, must conform to HPAScalingRules - scaleDown: {} - # -- define scale up policies, must conform to HPAScalingRules - scaleUp: {} - image: - # -- The Docker registry for the ingester image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the ingester image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the ingester image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - priorityClassName: null - # -- Labels for ingester pods - podLabels: {} - # -- Annotations for ingester pods - podAnnotations: {} - # -- The name of the PriorityClass for ingester pods - # -- Labels for ingestor service - serviceLabels: {} - # -- Annotations for ingestor service - serviceAnnotations: {} - # -- Additional CLI args for the ingester - extraArgs: [] - # -- Environment variables to add to the ingester pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the ingester pods - extraEnvFrom: [] - # -- Volume mounts to add to the ingester pods - extraVolumeMounts: [] - # -- Volumes to add to the ingester pods - extraVolumes: [] - # -- Resource requests and limits for the ingester - resources: {} - # -- Containers to add to the ingester pods - extraContainers: [] - # -- Init containers to add to the ingester pods - initContainers: [] - # -- Grace period to allow the ingester to shutdown before it is killed. Especially for the ingestor, - # this must be increased. It must be long enough so ingesters can be gracefully shutdown flushing/transferring - # all data and to successfully leave the member ring on shutdown. - terminationGracePeriodSeconds: 300 - # -- Lifecycle for the ingester container - lifecycle: {} - # -- topologySpread for ingester pods. - # @default -- Defaults to allow skew no more than 1 node - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: ingester - # -- Affinity for ingester pods. Ignored if zoneAwareReplication is enabled. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: ingester - topologyKey: kubernetes.io/hostname - # -- Pod Disruption Budget maxUnavailable - maxUnavailable: 1 - # -- Node selector for ingester pods - nodeSelector: {} - # -- Tolerations for ingester pods - tolerations: [] - # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` - readinessProbe: {} - # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` - livenessProbe: {} - # -- UpdateStrategy for the ingester StatefulSets. - updateStrategy: - # -- One of 'OnDelete' or 'RollingUpdate' - type: RollingUpdate - # -- Optional for updateStrategy.type=RollingUpdate. See [Partitioned rolling updates](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions) in the StatefulSet docs for details. - # rollingUpdate: - # partition: 0 - persistence: - # -- Enable creating PVCs which is required when using boltdb-shipper - enabled: false - # -- Use emptyDir with ramdisk for storage. **Please note that all data in ingester will be lost on pod restart** - inMemory: false - # -- List of the ingester PVCs - # @notationType -- list - claims: - - name: data - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # - name: wal - # size: 150Gi - # -- Enable StatefulSetAutoDeletePVC feature - enableStatefulSetAutoDeletePVC: false - whenDeleted: Retain - whenScaled: Retain - # -- Adds the appProtocol field to the ingester service. This allows ingester to work with istio protocol selection. - appProtocol: - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - grpc: "" - # -- Enabling zone awareness on ingesters will create 3 statefulests where all writes will send a replica to each zone. - # This is primarily intended to accelerate rollout operations by allowing for multiple ingesters within a single - # zone to be shutdown and restart simultaneously (the remaining 2 zones will be guaranteed to have at least one copy - # of the data). - # Note: This can be used to run Loki over multiple cloud provider availability zones however this is not currently - # recommended as Loki is not optimized for this and cross zone network traffic costs can become extremely high - # extremely quickly. Even with zone awareness enabled, it is recommended to run Loki in a single availability zone. - zoneAwareReplication: - # -- Enable zone awareness. - enabled: true - # -- The percent of replicas in each zone that will be restarted at once. In a value of 0-100 - maxUnavailablePct: 33 - # -- zoneA configuration - zoneA: - # -- optionally define a node selector for this zone - nodeSelector: null - # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host - extraAffinity: {} - # -- Specific annotations to add to zone A statefulset - annotations: {} - # -- Specific annotations to add to zone A pods - podAnnotations: {} - zoneB: - # -- optionally define a node selector for this zone - nodeSelector: null - # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host - extraAffinity: {} - # -- Specific annotations to add to zone B statefulset - annotations: {} - # -- Specific annotations to add to zone B pods - podAnnotations: {} - zoneC: - # -- optionally define a node selector for this zone - nodeSelector: null - # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host - extraAffinity: {} - # -- Specific annotations to add to zone C statefulset - annotations: {} - # -- Specific annotations to add to zone C pods - podAnnotations: {} - # -- The migration block allows migrating non zone aware ingesters to zone aware ingesters. - migration: - enabled: false - excludeDefaultZone: false - readPath: false - writePath: false - - # optionally allow adding arbitrary prefix to the ingester rollout-group label - rolloutGroupPrefix: null - # optionally allow adding 'loki-' prefix to ingester name label - addIngesterNamePrefix: false - -# -- Configuration for the distributor -distributor: - # -- Number of replicas for the distributor - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - autoscaling: - # -- Enable autoscaling for the distributor - enabled: false - # -- Minimum autoscaling replicas for the distributor - minReplicas: 1 - # -- Maximum autoscaling replicas for the distributor - maxReplicas: 3 - # -- Target CPU utilisation percentage for the distributor - targetCPUUtilizationPercentage: 60 - # -- Target memory utilisation percentage for the distributor - targetMemoryUtilizationPercentage: null - # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) - customMetrics: [] - # - type: Pods - # pods: - # metric: - # name: loki_lines_total - # target: - # type: AverageValue - # averageValue: 10k - behavior: - # -- Enable autoscaling behaviours - enabled: false - # -- define scale down policies, must conform to HPAScalingRules - scaleDown: {} - # -- define scale up policies, must conform to HPAScalingRules - scaleUp: {} - image: - # -- The Docker registry for the distributor image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the distributor image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the distributor image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - # -- The name of the PriorityClass for distributor pods - priorityClassName: null - # -- Labels for distributor pods - podLabels: {} - # -- Annotations for distributor pods - podAnnotations: {} - # -- Labels for distributor service - serviceLabels: {} - # -- Annotations for distributor service - serviceAnnotations: {} - # -- Additional CLI args for the distributor - extraArgs: [] - # -- Environment variables to add to the distributor pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the distributor pods - extraEnvFrom: [] - # -- Volume mounts to add to the distributor pods - extraVolumeMounts: [] - # -- Volumes to add to the distributor pods - extraVolumes: [] - # -- Resource requests and limits for the distributor - resources: {} - # -- Containers to add to the distributor pods - extraContainers: [] - # -- Grace period to allow the distributor to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Affinity for distributor pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: distributor - topologyKey: kubernetes.io/hostname - # -- Pod Disruption Budget maxUnavailable - maxUnavailable: null - # -- Max Surge for distributor pods - maxSurge: 0 - # -- Node selector for distributor pods - nodeSelector: {} - # -- Topology Spread Constraints for distributor pods - topologySpreadConstraints: [] - # -- Tolerations for distributor pods - tolerations: [] - # -- Adds the appProtocol field to the distributor service. This allows distributor to work with istio protocol selection. - appProtocol: - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - grpc: "" -# -- Configuration for the querier -querier: - # -- Number of replicas for the querier - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - autoscaling: - # -- Enable autoscaling for the querier, this is only used if `indexGateway.enabled: true` - enabled: false - # -- Minimum autoscaling replicas for the querier - minReplicas: 1 - # -- Maximum autoscaling replicas for the querier - maxReplicas: 3 - # -- Target CPU utilisation percentage for the querier - targetCPUUtilizationPercentage: 60 - # -- Target memory utilisation percentage for the querier - targetMemoryUtilizationPercentage: null - # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) - customMetrics: [] - # - type: External - # external: - # metric: - # name: loki_inflight_queries - # target: - # type: AverageValue - # averageValue: 12 - behavior: - # -- Enable autoscaling behaviours - enabled: false - # -- define scale down policies, must conform to HPAScalingRules - scaleDown: {} - # -- define scale up policies, must conform to HPAScalingRules - scaleUp: {} - image: - # -- The Docker registry for the querier image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the querier image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the querier image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - # -- The name of the PriorityClass for querier pods - priorityClassName: null - # -- Labels for querier pods - podLabels: {} - # -- Annotations for querier pods - podAnnotations: {} - # -- Labels for querier service - serviceLabels: {} - # -- Annotations for querier service - serviceAnnotations: {} - # -- Additional CLI args for the querier - extraArgs: [] - # -- Environment variables to add to the querier pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the querier pods - extraEnvFrom: [] - # -- Volume mounts to add to the querier pods - extraVolumeMounts: [] - # -- Volumes to add to the querier pods - extraVolumes: [] - # -- Resource requests and limits for the querier - resources: {} - # -- Containers to add to the querier pods - extraContainers: [] - # -- Init containers to add to the querier pods - initContainers: [] - # -- Grace period to allow the querier to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- topologySpread for querier pods. - # @default -- Defaults to allow skew no more then 1 node - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/component: querier - # -- Affinity for querier pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: querier - topologyKey: kubernetes.io/hostname - # -- Pod Disruption Budget maxUnavailable - maxUnavailable: null - # -- Max Surge for querier pods - maxSurge: 0 - # -- Node selector for querier pods - nodeSelector: {} - # -- Tolerations for querier pods - tolerations: [] - # -- DNSConfig for querier pods - dnsConfig: {} - persistence: - # -- Enable creating PVCs for the querier cache - enabled: false - # -- Size of persistent disk - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Annotations for querier PVCs - annotations: {} - # -- Adds the appProtocol field to the querier service. This allows querier to work with istio protocol selection. - appProtocol: - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - grpc: "" -# -- Configuration for the query-frontend -queryFrontend: - # -- Number of replicas for the query-frontend - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - autoscaling: - # -- Enable autoscaling for the query-frontend - enabled: false - # -- Minimum autoscaling replicas for the query-frontend - minReplicas: 1 - # -- Maximum autoscaling replicas for the query-frontend - maxReplicas: 3 - # -- Target CPU utilisation percentage for the query-frontend - targetCPUUtilizationPercentage: 60 - # -- Target memory utilisation percentage for the query-frontend - targetMemoryUtilizationPercentage: null - # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) - customMetrics: [] - # - type: Pods - # pods: - # metric: - # name: loki_query_rate - # target: - # type: AverageValue - # averageValue: 100 - behavior: - # -- Enable autoscaling behaviours - enabled: false - # -- define scale down policies, must conform to HPAScalingRules - scaleDown: {} - # -- define scale up policies, must conform to HPAScalingRules - scaleUp: {} - image: - # -- The Docker registry for the query-frontend image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the query-frontend image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the query-frontend image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - # -- The name of the PriorityClass for query-frontend pods - priorityClassName: null - # -- Labels for query-frontend pods - podLabels: {} - # -- Annotations for query-frontend pods - podAnnotations: {} - # -- Labels for query-frontend service - serviceLabels: {} - # -- Annotations for query-frontend service - serviceAnnotations: {} - # -- Additional CLI args for the query-frontend - extraArgs: [] - # -- Environment variables to add to the query-frontend pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the query-frontend pods - extraEnvFrom: [] - # -- Volume mounts to add to the query-frontend pods - extraVolumeMounts: [] - # -- Volumes to add to the query-frontend pods - extraVolumes: [] - # -- Resource requests and limits for the query-frontend - resources: {} - # -- Containers to add to the query-frontend pods - extraContainers: [] - # -- Grace period to allow the query-frontend to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Affinity for query-frontend pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: query-frontend - topologyKey: kubernetes.io/hostname - # -- Pod Disruption Budget maxUnavailable - maxUnavailable: null - # -- Node selector for query-frontend pods - nodeSelector: {} - # -- Topology Spread Constraints for query-frontend pods - topologySpreadConstraints: [] - # -- Tolerations for query-frontend pods - tolerations: [] - # -- Adds the appProtocol field to the queryFrontend service. This allows queryFrontend to work with istio protocol selection. - appProtocol: - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - grpc: "" -# -- Configuration for the query-scheduler -queryScheduler: - # -- Number of replicas for the query-scheduler. - # It should be lower than `-querier.max-concurrent` to avoid generating back-pressure in queriers; - # it's also recommended that this value evenly divides the latter - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - image: - # -- The Docker registry for the query-scheduler image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the query-scheduler image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the query-scheduler image. Overrides `loki.image.tag` - tag: null - # -- The name of the PriorityClass for query-scheduler pods - priorityClassName: null - # -- Labels for query-scheduler pods - podLabels: {} - # -- Annotations for query-scheduler pods - podAnnotations: {} - # -- Labels for query-scheduler service - serviceLabels: {} - # -- Annotations for query-scheduler service - serviceAnnotations: {} - # -- Additional CLI args for the query-scheduler - extraArgs: [] - # -- Environment variables to add to the query-scheduler pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the query-scheduler pods - extraEnvFrom: [] - # -- Volume mounts to add to the query-scheduler pods - extraVolumeMounts: [] - # -- Volumes to add to the query-scheduler pods - extraVolumes: [] - # -- Resource requests and limits for the query-scheduler - resources: {} - # -- Containers to add to the query-scheduler pods - extraContainers: [] - # -- Grace period to allow the query-scheduler to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Affinity for query-scheduler pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: query-scheduler - topologyKey: kubernetes.io/hostname - # -- Pod Disruption Budget maxUnavailable - maxUnavailable: 1 - # -- Node selector for query-scheduler pods - nodeSelector: {} - # -- Topology Spread Constraints for query-scheduler pods - topologySpreadConstraints: [] - # -- Tolerations for query-scheduler pods - tolerations: [] - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - appProtocol: - grpc: "" -# -- Configuration for the index-gateway -indexGateway: - # -- Number of replicas for the index-gateway - replicas: 0 - # -- Whether the index gateway should join the memberlist hashring - joinMemberlist: true - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - image: - # -- The Docker registry for the index-gateway image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the index-gateway image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the index-gateway image. Overrides `loki.image.tag` - tag: null - # -- The name of the PriorityClass for index-gateway pods - priorityClassName: null - # -- Labels for index-gateway pods - podLabels: {} - # -- Annotations for index-gateway pods - podAnnotations: {} - # -- Labels for index-gateway service - serviceLabels: {} - # -- Annotations for index-gateway service - serviceAnnotations: {} - # -- Additional CLI args for the index-gateway - extraArgs: [] - # -- Environment variables to add to the index-gateway pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the index-gateway pods - extraEnvFrom: [] - # -- Volume mounts to add to the index-gateway pods - extraVolumeMounts: [] - # -- Volumes to add to the index-gateway pods - extraVolumes: [] - # -- Resource requests and limits for the index-gateway - resources: {} - # -- Containers to add to the index-gateway pods - extraContainers: [] - # -- Init containers to add to the index-gateway pods - initContainers: [] - # -- Grace period to allow the index-gateway to shutdown before it is killed. - terminationGracePeriodSeconds: 300 - # -- Affinity for index-gateway pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: index-gateway - topologyKey: kubernetes.io/hostname - # -- Pod Disruption Budget maxUnavailable - maxUnavailable: null - # -- Node selector for index-gateway pods - nodeSelector: {} - # -- Topology Spread Constraints for index-gateway pods - topologySpreadConstraints: [] - # -- Tolerations for index-gateway pods - tolerations: [] - persistence: - # -- Enable creating PVCs which is required when using boltdb-shipper - enabled: false - # -- Use emptyDir with ramdisk for storage. **Please note that all data in indexGateway will be lost on pod restart** - inMemory: false - # -- Size of persistent or memory disk - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Annotations for index gateway PVCs - annotations: {} - # -- Enable StatefulSetAutoDeletePVC feature - enableStatefulSetAutoDeletePVC: false - whenDeleted: Retain - whenScaled: Retain - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - appProtocol: - grpc: "" - # -- UpdateStrategy for the indexGateway StatefulSet. - updateStrategy: - # -- One of 'OnDelete' or 'RollingUpdate' - type: RollingUpdate - # -- Optional for updateStrategy.type=RollingUpdate. See [Partitioned rolling updates](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions) in the StatefulSet docs for details. - # rollingUpdate: - # partition: 0 -# -- Configuration for the compactor -compactor: - # -- Number of replicas for the compactor - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - image: - # -- The Docker registry for the compactor image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the compactor image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the compactor image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - # -- The name of the PriorityClass for compactor pods - priorityClassName: null - # -- Labels for compactor pods - podLabels: {} - # -- Annotations for compactor pods - podAnnotations: {} - # -- Affinity for compactor pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: compactor - topologyKey: kubernetes.io/hostname - # -- Labels for compactor service - serviceLabels: {} - # -- Annotations for compactor service - serviceAnnotations: {} - # -- Additional CLI args for the compactor - extraArgs: [] - # -- Environment variables to add to the compactor pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the compactor pods - extraEnvFrom: [] - # -- Volume mounts to add to the compactor pods - extraVolumeMounts: [] - # -- Volumes to add to the compactor pods - extraVolumes: [] - # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` - readinessProbe: {} - # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` - livenessProbe: {} - # -- Resource requests and limits for the compactor - resources: {} - # -- Containers to add to the compactor pods - extraContainers: [] - # -- Init containers to add to the compactor pods - initContainers: [] - # -- Grace period to allow the compactor to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Node selector for compactor pods - nodeSelector: {} - # -- Tolerations for compactor pods - tolerations: [] - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - appProtocol: - grpc: "" - persistence: - # -- Enable creating PVCs for the compactor - enabled: false - # -- Size of persistent disk - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Annotations for compactor PVCs - annotations: {} - # -- List of the compactor PVCs - # @notationType -- list - claims: - - name: data - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # - name: wal - # size: 150Gi - # -- Enable StatefulSetAutoDeletePVC feature - enableStatefulSetAutoDeletePVC: false - whenDeleted: Retain - whenScaled: Retain - serviceAccount: - create: false - # -- The name of the ServiceAccount to use for the compactor. - # If not set and create is true, a name is generated by appending - # "-compactor" to the common ServiceAccount. - name: null - # -- Image pull secrets for the compactor service account - imagePullSecrets: [] - # -- Annotations for the compactor service account - annotations: {} - # -- Set this toggle to false to opt out of automounting API credentials for the service account - automountServiceAccountToken: true -# -- Configuration for the bloom-gateway -bloomGateway: - # -- Number of replicas for the bloom-gateway - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - image: - # -- The Docker registry for the bloom-gateway image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the bloom-gateway image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the bloom-gateway image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - # -- The name of the PriorityClass for bloom-gateway pods - priorityClassName: null - # -- Labels for bloom-gateway pods - podLabels: {} - # -- Annotations for bloom-gateway pods - podAnnotations: {} - # -- Affinity for bloom-gateway pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: bloom-gateway - topologyKey: kubernetes.io/hostname - # -- Labels for bloom-gateway service - serviceLabels: {} - # -- Annotations for bloom-gateway service - serviceAnnotations: {} - # -- Additional CLI args for the bloom-gateway - extraArgs: [] - # -- Environment variables to add to the bloom-gateway pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the bloom-gateway pods - extraEnvFrom: [] - # -- Volume mounts to add to the bloom-gateway pods - extraVolumeMounts: [] - # -- Volumes to add to the bloom-gateway pods - extraVolumes: [] - # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` - readinessProbe: {} - # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` - livenessProbe: {} - # -- Resource requests and limits for the bloom-gateway - resources: {} - # -- Containers to add to the bloom-gateway pods - extraContainers: [] - # -- Init containers to add to the bloom-gateway pods - initContainers: [] - # -- Grace period to allow the bloom-gateway to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Node selector for bloom-gateway pods - nodeSelector: {} - # -- Tolerations for bloom-gateway pods - tolerations: [] - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - appProtocol: - grpc: "" - persistence: - # -- Enable creating PVCs for the bloom-gateway - enabled: false - # -- Annotations for bloom-gateway PVCs - annotations: {} - # -- List of the bloom-gateway PVCs - # @notationType -- list - claims: - - name: data - # -- Size of persistent disk - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Enable StatefulSetAutoDeletePVC feature - enableStatefulSetAutoDeletePVC: false - whenDeleted: Retain - whenScaled: Retain - serviceAccount: - create: false - # -- The name of the ServiceAccount to use for the bloom-gateway. - # If not set and create is true, a name is generated by appending - # "-bloom-gateway" to the common ServiceAccount. - name: null - # -- Image pull secrets for the bloom-gateway service account - imagePullSecrets: [] - # -- Annotations for the bloom-gateway service account - annotations: {} - # -- Set this toggle to false to opt out of automounting API credentials for the service account - automountServiceAccountToken: true -# -- Configuration for the bloom-planner -bloomPlanner: - # -- Number of replicas for the bloom-planner - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - image: - # -- The Docker registry for the bloom-planner image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the bloom-planner image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the bloom-planner image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - # -- The name of the PriorityClass for bloom-planner pods - priorityClassName: null - # -- Labels for bloom-planner pods - podLabels: {} - # -- Annotations for bloom-planner pods - podAnnotations: {} - # -- Affinity for bloom-planner pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: bloom-planner - topologyKey: kubernetes.io/hostname - # -- Labels for bloom-planner service - serviceLabels: {} - # -- Annotations for bloom-planner service - serviceAnnotations: {} - # -- Additional CLI args for the bloom-planner - extraArgs: [] - # -- Environment variables to add to the bloom-planner pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the bloom-planner pods - extraEnvFrom: [] - # -- Volume mounts to add to the bloom-planner pods - extraVolumeMounts: [] - # -- Volumes to add to the bloom-planner pods - extraVolumes: [] - # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` - readinessProbe: {} - # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` - livenessProbe: {} - # -- Resource requests and limits for the bloom-planner - resources: {} - # -- Containers to add to the bloom-planner pods - extraContainers: [] - # -- Init containers to add to the bloom-planner pods - initContainers: [] - # -- Grace period to allow the bloom-planner to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Node selector for bloom-planner pods - nodeSelector: {} - # -- Tolerations for bloom-planner pods - tolerations: [] - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - appProtocol: - grpc: "" - persistence: - # -- Enable creating PVCs for the bloom-planner - enabled: false - # -- Annotations for bloom-planner PVCs - annotations: {} - # -- List of the bloom-planner PVCs - # @notationType -- list - claims: - - name: data - # -- Size of persistent disk - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Enable StatefulSetAutoDeletePVC feature - enableStatefulSetAutoDeletePVC: false - whenDeleted: Retain - whenScaled: Retain - serviceAccount: - create: false - # -- The name of the ServiceAccount to use for the bloom-planner. - # If not set and create is true, a name is generated by appending - # "-bloom-planner" to the common ServiceAccount. - name: null - # -- Image pull secrets for the bloom-planner service account - imagePullSecrets: [] - # -- Annotations for the bloom-planner service account - annotations: {} - # -- Set this toggle to false to opt out of automounting API credentials for the service account - automountServiceAccountToken: true -# -- Configuration for the bloom-builder -bloomBuilder: - # -- Number of replicas for the bloom-builder - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - autoscaling: - # -- Enable autoscaling for the bloom-builder - enabled: false - # -- Minimum autoscaling replicas for the bloom-builder - minReplicas: 1 - # -- Maximum autoscaling replicas for the bloom-builder - maxReplicas: 3 - # -- Target CPU utilisation percentage for the bloom-builder - targetCPUUtilizationPercentage: 60 - # -- Target memory utilisation percentage for the bloom-builder - targetMemoryUtilizationPercentage: null - # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) - customMetrics: [] - # - type: Pods - # pods: - # metric: - # name: loki_query_rate - # target: - # type: AverageValue - # averageValue: 100 - behavior: - # -- Enable autoscaling behaviours - enabled: false - # -- define scale down policies, must conform to HPAScalingRules - scaleDown: {} - # -- define scale up policies, must conform to HPAScalingRules - scaleUp: {} - image: - # -- The Docker registry for the bloom-builder image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the bloom-builder image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the bloom-builder image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - # -- The name of the PriorityClass for bloom-builder pods - priorityClassName: null - # -- Labels for bloom-builder pods - podLabels: {} - # -- Annotations for bloom-builder pods - podAnnotations: {} - # -- Labels for bloom-builder service - serviceLabels: {} - # -- Annotations for bloom-builder service - serviceAnnotations: {} - # -- Additional CLI args for the bloom-builder - extraArgs: [] - # -- Environment variables to add to the bloom-builder pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the bloom-builder pods - extraEnvFrom: [] - # -- Volume mounts to add to the bloom-builder pods - extraVolumeMounts: [] - # -- Volumes to add to the bloom-builder pods - extraVolumes: [] - # -- Resource requests and limits for the bloom-builder - resources: {} - # -- Containers to add to the bloom-builder pods - extraContainers: [] - # -- Grace period to allow the bloom-builder to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Affinity for bloom-builder pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: bloom-builder - topologyKey: kubernetes.io/hostname - # -- Pod Disruption Budget maxUnavailable - maxUnavailable: null - # -- Node selector for bloom-builder pods - nodeSelector: {} - # -- Tolerations for bloom-builder pods - tolerations: [] - # -- Adds the appProtocol field to the queryFrontend service. This allows bloomBuilder to work with istio protocol selection. - appProtocol: - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - grpc: "" -# -- Configuration for the pattern ingester -patternIngester: - # -- Number of replicas for the pattern ingester - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - image: - # -- The Docker registry for the pattern ingester image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the pattern ingester image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the pattern ingester image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - # -- The name of the PriorityClass for pattern ingester pods - priorityClassName: null - # -- Labels for pattern ingester pods - podLabels: {} - # -- Annotations for pattern ingester pods - podAnnotations: {} - # -- Affinity for pattern ingester pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: pattern-ingester - topologyKey: kubernetes.io/hostname - # -- Labels for pattern ingester service - serviceLabels: {} - # -- Annotations for pattern ingester service - serviceAnnotations: {} - # -- Additional CLI args for the pattern ingester - extraArgs: [] - # -- Environment variables to add to the pattern ingester pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the pattern ingester pods - extraEnvFrom: [] - # -- Volume mounts to add to the pattern ingester pods - extraVolumeMounts: [] - # -- Volumes to add to the pattern ingester pods - extraVolumes: [] - # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` - readinessProbe: {} - # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` - livenessProbe: {} - # -- Resource requests and limits for the pattern ingester - resources: {} - # -- Containers to add to the pattern ingester pods - extraContainers: [] - # -- Init containers to add to the pattern ingester pods - initContainers: [] - # -- Grace period to allow the pattern ingester to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Node selector for pattern ingester pods - nodeSelector: {} - # -- Topology Spread Constraints for pattern ingester pods - topologySpreadConstraints: [] - # -- Tolerations for pattern ingester pods - tolerations: [] - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - appProtocol: - grpc: "" - persistence: - # -- Enable creating PVCs for the pattern ingester - enabled: false - # -- Size of persistent disk - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Annotations for pattern ingester PVCs - annotations: {} - # -- List of the pattern ingester PVCs - # @notationType -- list - claims: - - name: data - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # - name: wal - # size: 150Gi - # -- Enable StatefulSetAutoDeletePVC feature - enableStatefulSetAutoDeletePVC: false - whenDeleted: Retain - whenScaled: Retain - serviceAccount: - create: false - # -- The name of the ServiceAccount to use for the pattern ingester. - # If not set and create is true, a name is generated by appending - # "-pattern-ingester" to the common ServiceAccount. - name: null - # -- Image pull secrets for the pattern ingester service account - imagePullSecrets: [] - # -- Annotations for the pattern ingester service account - annotations: {} - # -- Set this toggle to false to opt out of automounting API credentials for the service account - automountServiceAccountToken: true -# -- Configuration for the ruler -ruler: - # -- The ruler component is optional and can be disabled if desired. - enabled: true - # -- Number of replicas for the ruler - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - image: - # -- The Docker registry for the ruler image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the ruler image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the ruler image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - # -- The name of the PriorityClass for ruler pods - priorityClassName: null - # -- Labels for compactor pods - podLabels: {} - # -- Annotations for ruler pods - podAnnotations: {} - # -- Labels for ruler service - serviceLabels: {} - # -- Annotations for ruler service - serviceAnnotations: {} - # -- Additional CLI args for the ruler - extraArgs: [] - # -- Environment variables to add to the ruler pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the ruler pods - extraEnvFrom: [] - # -- Volume mounts to add to the ruler pods - extraVolumeMounts: [] - # -- Volumes to add to the ruler pods - extraVolumes: [] - # -- Resource requests and limits for the ruler - resources: {} - # -- Containers to add to the ruler pods - extraContainers: [] - # -- Init containers to add to the ruler pods - initContainers: [] - # -- Grace period to allow the ruler to shutdown before it is killed - terminationGracePeriodSeconds: 300 - # -- Affinity for ruler pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: ruler - topologyKey: kubernetes.io/hostname - # -- Pod Disruption Budget maxUnavailable - maxUnavailable: null - # -- Node selector for ruler pods - nodeSelector: {} - # -- Topology Spread Constraints for ruler pods - topologySpreadConstraints: [] - # -- Tolerations for ruler pods - tolerations: [] - # -- DNSConfig for ruler pods - dnsConfig: {} - persistence: - # -- Enable creating PVCs which is required when using recording rules - enabled: false - # -- Size of persistent disk - size: 10Gi - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Annotations for ruler PVCs - annotations: {} - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - appProtocol: - grpc: "" - # -- Directories containing rules files - directories: {} - # tenant_foo: - # rules1.txt: | - # groups: - # - name: should_fire - # rules: - # - alert: HighPercentageError - # expr: | - # sum(rate({app="foo", env="production"} |= "error" [5m])) by (job) - # / - # sum(rate({app="foo", env="production"}[5m])) by (job) - # > 0.05 - # for: 10m - # labels: - # severity: warning - # annotations: - # summary: High error rate - # - name: credentials_leak - # rules: - # - alert: http-credentials-leaked - # annotations: - # message: "{{ $labels.job }} is leaking http basic auth credentials." - # expr: 'sum by (cluster, job, pod) (count_over_time({namespace="prod"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)' - # for: 10m - # labels: - # severity: critical - # rules2.txt: | - # groups: - # - name: example - # rules: - # - alert: HighThroughputLogStreams - # expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000 - # for: 2m - # tenant_bar: - # rules1.txt: | - # groups: - # - name: should_fire - # rules: - # - alert: HighPercentageError - # expr: | - # sum(rate({app="foo", env="production"} |= "error" [5m])) by (job) - # / - # sum(rate({app="foo", env="production"}[5m])) by (job) - # > 0.05 - # for: 10m - # labels: - # severity: warning - # annotations: - # summary: High error rate - # - name: credentials_leak - # rules: - # - alert: http-credentials-leaked - # annotations: - # message: "{{ $labels.job }} is leaking http basic auth credentials." - # expr: 'sum by (cluster, job, pod) (count_over_time({namespace="prod"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)' - # for: 10m - # labels: - # severity: critical - # rules2.txt: | - # groups: - # - name: example - # rules: - # - alert: HighThroughputLogStreams - # expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000 - # for: 2m - -# -- Configuration for the overrides-exporter -overridesExporter: - # -- The overrides-exporter component is optional and can be disabled if desired. - enabled: false - # -- Number of replicas for the overrides-exporter - replicas: 0 - # -- hostAliases to add - hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld - image: - # -- The Docker registry for the overrides-exporter image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the overrides-exporter image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the overrides-exporter image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - # -- The name of the PriorityClass for overrides-exporter pods - priorityClassName: null - # -- Labels for overrides-exporter pods - podLabels: {} - # -- Annotations for overrides-exporter pods - podAnnotations: {} - # -- Labels for overrides-exporter service - serviceLabels: {} - # -- Annotations for overrides-exporter service - serviceAnnotations: {} - # -- Additional CLI args for the overrides-exporter - extraArgs: [] - # -- Environment variables to add to the overrides-exporter pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the overrides-exporter pods - extraEnvFrom: [] - # -- Volume mounts to add to the overrides-exporter pods - extraVolumeMounts: [] - # -- Volumes to add to the overrides-exporter pods - extraVolumes: [] - # -- Resource requests and limits for the overrides-exporter - resources: {} - # -- Containers to add to the overrides-exporter pods - extraContainers: [] - # -- Init containers to add to the overrides-exporter pods - initContainers: [] - # -- Grace period to allow the overrides-exporter to shutdown before it is killed - terminationGracePeriodSeconds: 300 - # -- Affinity for overrides-exporter pods. - # @default -- Hard node anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: overrides-exporter - topologyKey: kubernetes.io/hostname - # -- Pod Disruption Budget maxUnavailable - maxUnavailable: null - # -- Node selector for overrides-exporter pods - nodeSelector: {} - # -- Topology Spread Constraints for overrides-exporter pods - topologySpreadConstraints: [] - # -- Tolerations for overrides-exporter pods - tolerations: [] - # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" - appProtocol: - grpc: "" - -memcached: - image: - # -- Memcached Docker image repository - repository: memcached - # -- Memcached Docker image tag - tag: 1.6.36-alpine - # -- Memcached Docker image pull policy - pullPolicy: IfNotPresent - # -- The SecurityContext override for memcached pods - podSecurityContext: - runAsNonRoot: true - runAsUser: 11211 - runAsGroup: 11211 - fsGroup: 11211 - # -- The name of the PriorityClass for memcached pods - priorityClassName: null - # -- The SecurityContext for memcached containers - containerSecurityContext: - readOnlyRootFilesystem: true - capabilities: - drop: [ALL] - allowPrivilegeEscalation: false -memcachedExporter: - # -- Whether memcached metrics should be exported - enabled: true - image: - repository: prom/memcached-exporter - tag: v0.15.0 - pullPolicy: IfNotPresent - resources: - requests: {} - limits: {} - # -- The SecurityContext for memcached exporter containers - containerSecurityContext: - readOnlyRootFilesystem: true - capabilities: - drop: [ALL] - allowPrivilegeEscalation: false - # -- Extra args to add to the exporter container. - # Example: - # extraArgs: - # memcached.tls.enable: true - # memcached.tls.cert-file: /certs/cert.crt - # memcached.tls.key-file: /certs/cert.key - # memcached.tls.ca-file: /certs/ca.crt - # memcached.tls.insecure-skip-verify: false - # memcached.tls.server-name: memcached - extraArgs: {} -resultsCache: - # -- Specifies whether memcached based results-cache should be enabled - enabled: true - # -- Specify how long cached results should be stored in the results-cache before being expired - defaultValidity: 12h - # -- Memcached operation timeout - timeout: 500ms - # -- Total number of results-cache replicas - replicas: 1 - # -- Port of the results-cache service - port: 11211 - # -- Amount of memory allocated to results-cache for object storage (in MB). - allocatedMemory: 1024 - # -- Maximum item results-cache for memcached (in MB). - maxItemMemory: 5 - # -- Maximum number of connections allowed - connectionLimit: 16384 - # -- Max memory to use for cache write back - writebackSizeLimit: 500MB - # -- Max number of objects to use for cache write back - writebackBuffer: 500000 - # -- Number of parallel threads for cache write back - writebackParallelism: 1 - # -- Extra init containers for results-cache pods - initContainers: [] - # -- Annotations for the results-cache pods - annotations: {} - # -- Node selector for results-cache pods - nodeSelector: {} - # -- Affinity for results-cache pods - affinity: {} - # -- topologySpreadConstraints allows to customize the default topologySpreadConstraints. This can be either a single dict as shown below or a slice of topologySpreadConstraints. - # labelSelector is taken from the constraint itself (if it exists) or is generated by the chart using the same selectors as for services. - topologySpreadConstraints: [] - # maxSkew: 1 - # topologyKey: kubernetes.io/hostname - # whenUnsatisfiable: ScheduleAnyway - # -- Tolerations for results-cache pods - tolerations: [] - # -- Pod Disruption Budget - podDisruptionBudget: - maxUnavailable: 1 - # -- The name of the PriorityClass for results-cache pods - priorityClassName: null - # -- Labels for results-cache pods - podLabels: {} - # -- Annotations for results-cache pods - podAnnotations: {} - # -- Management policy for results-cache pods - podManagementPolicy: Parallel - # -- Grace period to allow the results-cache to shutdown before it is killed - terminationGracePeriodSeconds: 60 - # -- Stateful results-cache strategy - statefulStrategy: - type: RollingUpdate - # -- Add extended options for results-cache memcached container. The format is the same as for the memcached -o/--extend flag. - # Example: - # extraExtendedOptions: 'tls,modern,track_sizes' - extraExtendedOptions: "" - # -- Additional CLI args for results-cache - extraArgs: {} - # -- Additional containers to be added to the results-cache pod. - extraContainers: [] - # -- Additional volumes to be added to the results-cache pod (applies to both memcached and exporter containers). - # Example: - # extraVolumes: - # - name: extra-volume - # secret: - # secretName: extra-volume-secret - extraVolumes: [] - # -- Additional volume mounts to be added to the results-cache pod (applies to both memcached and exporter containers). - # Example: - # extraVolumeMounts: - # - name: extra-volume - # mountPath: /etc/extra-volume - # readOnly: true - extraVolumeMounts: [] - # -- Resource requests and limits for the results-cache - # By default a safe memory limit will be requested based on allocatedMemory value (floor (* 1.2 allocatedMemory)). - resources: null - # -- Service annotations and labels - service: - annotations: {} - labels: {} - # -- Persistence settings for the results-cache - persistence: - # -- Enable creating PVCs for the results-cache - enabled: false - # -- Size of persistent disk, must be in G or Gi - storageSize: 10G - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Volume mount path - mountPath: /data -chunksCache: - # -- Specifies whether memcached based chunks-cache should be enabled - enabled: true - # -- Batchsize for sending and receiving chunks from chunks cache - batchSize: 4 - # -- Parallel threads for sending and receiving chunks from chunks cache - parallelism: 5 - # -- Memcached operation timeout - timeout: 2000ms - # -- Specify how long cached chunks should be stored in the chunks-cache before being expired - defaultValidity: 0s - # -- Total number of chunks-cache replicas - replicas: 1 - # -- Port of the chunks-cache service - port: 11211 - # -- Amount of memory allocated to chunks-cache for object storage (in MB). - allocatedMemory: 8192 - # -- Maximum item memory for chunks-cache (in MB). - maxItemMemory: 5 - # -- Maximum number of connections allowed - connectionLimit: 16384 - # -- Max memory to use for cache write back - writebackSizeLimit: 500MB - # -- Max number of objects to use for cache write back - writebackBuffer: 500000 - # -- Number of parallel threads for cache write back - writebackParallelism: 1 - # -- Extra init containers for chunks-cache pods - initContainers: [] - # -- Annotations for the chunks-cache pods - annotations: {} - # -- Node selector for chunks-cache pods - nodeSelector: {} - # -- Affinity for chunks-cache pods - affinity: {} - # -- topologySpreadConstraints allows to customize the default topologySpreadConstraints. This can be either a single dict as shown below or a slice of topologySpreadConstraints. - # labelSelector is taken from the constraint itself (if it exists) or is generated by the chart using the same selectors as for services. - topologySpreadConstraints: [] - # maxSkew: 1 - # topologyKey: kubernetes.io/hostname - # whenUnsatisfiable: ScheduleAnyway - # -- Tolerations for chunks-cache pods - tolerations: [] - # -- Pod Disruption Budget - podDisruptionBudget: - maxUnavailable: 1 - # -- The name of the PriorityClass for chunks-cache pods - priorityClassName: null - # -- Labels for chunks-cache pods - podLabels: {} - # -- Annotations for chunks-cache pods - podAnnotations: {} - # -- Management policy for chunks-cache pods - podManagementPolicy: Parallel - # -- Grace period to allow the chunks-cache to shutdown before it is killed - terminationGracePeriodSeconds: 60 - # -- Stateful chunks-cache strategy - statefulStrategy: - type: RollingUpdate - # -- Add extended options for chunks-cache memcached container. The format is the same as for the memcached -o/--extend flag. - # Example: - # extraExtendedOptions: 'tls,no_hashexpand' - extraExtendedOptions: "" - # -- Additional CLI args for chunks-cache - extraArgs: {} - # -- Additional containers to be added to the chunks-cache pod. - extraContainers: [] - # -- Additional volumes to be added to the chunks-cache pod (applies to both memcached and exporter containers). - # Example: - # extraVolumes: - # - name: extra-volume - # secret: - # secretName: extra-volume-secret - extraVolumes: [] - # -- Additional volume mounts to be added to the chunks-cache pod (applies to both memcached and exporter containers). - # Example: - # extraVolumeMounts: - # - name: extra-volume - # mountPath: /etc/extra-volume - # readOnly: true - extraVolumeMounts: [] - # -- Resource requests and limits for the chunks-cache - # By default a safe memory limit will be requested based on allocatedMemory value (floor (* 1.2 allocatedMemory)). - resources: null - # -- Service annotations and labels - service: - annotations: {} - labels: {} - # -- Persistence settings for the chunks-cache - persistence: - # -- Enable creating PVCs for the chunks-cache - enabled: false - # -- Size of persistent disk, must be in G or Gi - storageSize: 10G - # -- Storage class to be used. - # If defined, storageClassName: . - # If set to "-", storageClassName: "", which disables dynamic provisioning. - # If empty or set to null, no storageClassName spec is - # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). - storageClass: null - # -- Volume mount path - mountPath: /data -###################################################################################################################### -# -# Subchart configurations -# -###################################################################################################################### -# -- Setting for the Grafana Rollout Operator https://github.com/grafana/helm-charts/tree/main/charts/rollout-operator -rollout_operator: - enabled: false - # -- podSecurityContext is the pod security context for the rollout operator. - # When installing on OpenShift, override podSecurityContext settings with - # - # rollout_operator: - # podSecurityContext: - # fsGroup: null - # runAsGroup: null - # runAsUser: null - podSecurityContext: - fsGroup: 10001 - runAsGroup: 10001 - runAsNonRoot: true - runAsUser: 10001 - seccompProfile: - type: RuntimeDefault - # Set the container security context - securityContext: - readOnlyRootFilesystem: true - capabilities: - drop: [ALL] - allowPrivilegeEscalation: false -# -- Configuration for the minio subchart -minio: - enabled: false - replicas: 1 - # Minio requires 2 to 16 drives for erasure code (drivesPerNode * replicas) - # https://docs.min.io/docs/minio-erasure-code-quickstart-guide - # Since we only have 1 replica, that means 2 drives must be used. - drivesPerNode: 2 - # root user; not used for GEL authentication - rootUser: root-user - rootPassword: supersecretpassword - # The first user in the list below is used for Loki/GEL authentication. - # You can add additional users if desired; they will not impact Loki/GEL. - # `accessKey` = username, `secretKey` = password - users: - - accessKey: logs-user - secretKey: supersecretpassword - policy: readwrite - buckets: - - name: chunks - policy: none - purge: false - - name: ruler - policy: none - purge: false - - name: admin - policy: none - purge: false - persistence: - size: 5Gi - annotations: {} - resources: - requests: - cpu: 100m - memory: 128Mi - # Allow the address used by Loki to refer to Minio to be overridden - address: null -# Create extra manifests via values. Would be passed through `tpl` for templating -# objects can also be provided as multiline strings, useful for templating field names -extraObjects: [] -# - apiVersion: v1 -# kind: ConfigMap -# metadata: -# name: loki-alerting-rules -# data: -# loki-alerting-rules.yaml: |- -# groups: -# - name: example -# rules: -# - alert: example -# expr: | -# sum(count_over_time({app="loki"} |~ "error")) > 0 -# for: 3m -# labels: -# severity: warning -# category: logs -# annotations: -# message: "loki has encountered errors" -# - | -# apiVersion: v1 -# kind: Secret -# type: Opaque -# metadata: -# name: loki-distributed-basic-auth -# data: -# {{- range .Values.loki.tenants }} -# {{ .name }}: {{ b64enc .password | quote }} -# {{- end }} - -sidecar: - image: - # -- The Docker registry and image for the k8s sidecar - repository: kiwigrid/k8s-sidecar - # -- Docker image tag - tag: 1.30.0 - # -- Docker image sha. If empty, no sha will be used - sha: "" - # -- Docker image pull policy - pullPolicy: IfNotPresent - # -- Resource requests and limits for the sidecar - resources: {} - # limits: - # cpu: 100m - # memory: 100Mi - # requests: - # cpu: 50m - # memory: 50Mi - # -- The SecurityContext for the sidecar. - securityContext: - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - # -- Set to true to skip tls verification for kube api calls. - skipTlsVerify: false - # -- Ensure that rule files aren't conflicting and being overwritten by prefixing their name with the namespace they are defined in. - enableUniqueFilenames: false - # -- Readiness probe definition. Probe is disabled on the sidecar by default. - readinessProbe: {} - # -- Liveness probe definition. Probe is disabled on the sidecar by default. - livenessProbe: {} - rules: - # -- Whether or not to create a sidecar to ingest rule from specific ConfigMaps and/or Secrets. - enabled: true - # -- Label that the configmaps/secrets with rules will be marked with. - label: loki_rule - # -- Label value that the configmaps/secrets with rules will be set to. - labelValue: "" - # -- Folder into which the rules will be placed. - folder: /rules - # -- Comma separated list of namespaces. If specified, the sidecar will search for config-maps/secrets inside these namespaces. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify 'ALL' to search in all namespaces. - searchNamespace: null - # -- Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH request, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # -- Search in configmap, secret, or both. - resource: both - # -- Absolute path to the shell script to execute after a configmap or secret has been reloaded. - script: null - # -- WatchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S. - watchServerTimeout: 60 - # - # -- WatchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # Defaults to 66sec. - watchClientTimeout: 60 - # -- Log level of the sidecar container. - logLevel: INFO -############################################## WARNING -# -# DEPRECATED VALUES -# -# The following values are deprecated and will be removed in a future version of the helm chart! -# -############################################## WARNING ############################################################## - -# -- DEPRECATED Monitoring section determines which monitoring features to enable, this section is being replaced -# by https://github.com/grafana/meta-monitoring-chart -monitoring: - # Dashboards for monitoring Loki - dashboards: - # -- If enabled, create configmap with dashboards for monitoring Loki - enabled: false - # -- Alternative namespace to create dashboards ConfigMap in - namespace: null - # -- Additional annotations for the dashboards ConfigMap - annotations: {} - # -- Labels for the dashboards ConfigMap - labels: - grafana_dashboard: "1" - # -- DEPRECATED Recording rules for monitoring Loki, required for some dashboards - rules: - # -- If enabled, create PrometheusRule resource with Loki recording rules - enabled: false - # -- Include alerting rules - alerting: true - # -- Specify which individual alerts should be disabled - # -- Instead of turning off each alert one by one, set the .monitoring.rules.alerting value to false instead. - # -- If you disable all the alerts and keep .monitoring.rules.alerting set to true, the chart will fail to render. - disabled: {} - # LokiRequestErrors: true - # LokiRequestPanics: true - # -- Alternative namespace to create PrometheusRule resources in - namespace: null - # -- Additional annotations for the rules PrometheusRule resource - annotations: {} - # -- Additional labels for the rules PrometheusRule resource - labels: {} - # -- Additional labels for PrometheusRule alerts - additionalRuleLabels: {} - # -- Additional groups to add to the rules file - additionalGroups: [] - # - name: additional-loki-rules - # rules: - # - record: job:loki_request_duration_seconds_bucket:sum_rate - # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job) - # - record: job_route:loki_request_duration_seconds_bucket:sum_rate - # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route) - # - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate - # expr: sum(rate(container_cpu_usage_seconds_total[1m])) by (node, namespace, pod, container) - # -- DEPRECATED ServiceMonitor configuration - serviceMonitor: - # -- If enabled, ServiceMonitor resources for Prometheus Operator are created - enabled: false - # -- Namespace selector for ServiceMonitor resources - namespaceSelector: {} - # -- ServiceMonitor annotations - annotations: {} - # -- Additional ServiceMonitor labels - labels: {} - # -- ServiceMonitor scrape interval - # Default is 15s because included recording rules use a 1m rate, and scrape interval needs to be at - # least 1/4 rate interval. - interval: 15s - # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s) - scrapeTimeout: null - # -- ServiceMonitor relabel configs to apply to samples before scraping - # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - relabelings: [] - # -- ServiceMonitor metric relabel configs to apply to samples before ingestion - # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint - metricRelabelings: [] - # -- ServiceMonitor will use http by default, but you can pick https as well - scheme: http - # -- ServiceMonitor will use these tlsConfig settings to make the health check requests - tlsConfig: null - # -- If defined, will create a MetricsInstance for the Grafana Agent Operator. - metricsInstance: - # -- If enabled, MetricsInstance resources for Grafana Agent Operator are created - enabled: true - # -- MetricsInstance annotations - annotations: {} - # -- Additional MetricsInstance labels - labels: {} - # -- If defined a MetricsInstance will be created to remote write metrics. - remoteWrite: null - # -- DEPRECATED Self monitoring determines whether Loki should scrape its own logs. - # This feature currently relies on the Grafana Agent Operator being installed, - # which is installed by default using the grafana-agent-operator sub-chart. - # It will create custom resources for GrafanaAgent, LogsInstance, and PodLogs to configure - # scrape configs to scrape its own logs with the labels expected by the included dashboards. - selfMonitoring: - enabled: false - # -- Tenant to use for self monitoring - tenant: - # -- Name of the tenant - name: "self-monitoring" - # -- Password of the gateway for Basic auth - password: null - # -- Namespace to create additional tenant token secret in. Useful if your Grafana instance - # is in a separate namespace. Token will still be created in the canary namespace. - secretNamespace: "{{ .Release.Namespace }}" - # -- DEPRECATED Grafana Agent configuration - grafanaAgent: - # -- DEPRECATED Controls whether to install the Grafana Agent Operator and its CRDs. - # Note that helm will not install CRDs if this flag is enabled during an upgrade. - # In that case install the CRDs manually from https://github.com/grafana/agent/tree/main/production/operator/crds - installOperator: false - # -- Grafana Agent annotations - annotations: {} - # -- Additional Grafana Agent labels - labels: {} - # -- Enable the config read api on port 8080 of the agent - enableConfigReadAPI: false - # -- The name of the PriorityClass for GrafanaAgent pods - priorityClassName: null - # -- Resource requests and limits for the grafanaAgent pods - resources: {} - # limits: - # memory: 200Mi - # requests: - # cpu: 50m - # memory: 100Mi - # -- Tolerations for GrafanaAgent pods - tolerations: [] - # PodLogs configuration - podLogs: - # -- PodLogs version - apiVersion: monitoring.grafana.com/v1alpha1 - # -- PodLogs annotations - annotations: {} - # -- Additional PodLogs labels - labels: {} - # -- PodLogs relabel configs to apply to samples before scraping - # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - relabelings: [] - # -- Additional pipeline stages to process logs after scraping - # https://grafana.com/docs/agent/latest/operator/api/#pipelinestagespec-a-namemonitoringgrafanacomv1alpha1pipelinestagespeca - additionalPipelineStages: [] - # LogsInstance configuration - logsInstance: - # -- LogsInstance annotations - annotations: {} - # -- Additional LogsInstance labels - labels: {} - # -- Additional clients for remote write - clients: null -# -- DEPRECATED Configuration for the table-manager. The table-manager is only necessary when using a deprecated -# index type such as Cassandra, Bigtable, or DynamoDB, it has not been necessary since loki introduced self- -# contained index types like 'boltdb-shipper' and 'tsdb'. This will be removed in a future helm chart. -tableManager: - # -- Specifies whether the table-manager should be enabled - enabled: false - image: - # -- The Docker registry for the table-manager image. Overrides `loki.image.registry` - registry: null - # -- Docker image repository for the table-manager image. Overrides `loki.image.repository` - repository: null - # -- Docker image tag for the table-manager image. Overrides `loki.image.tag` - tag: null - # -- Command to execute instead of defined in Docker image - command: null - # -- The name of the PriorityClass for table-manager pods - priorityClassName: null - # -- Labels for table-manager pods - podLabels: {} - # -- Annotations for table-manager deployment - annotations: {} - # -- Annotations for table-manager pods - podAnnotations: {} - service: - # -- Annotations for table-manager Service - annotations: {} - # -- Additional labels for table-manager Service - labels: {} - # -- Additional CLI args for the table-manager - extraArgs: [] - # -- Environment variables to add to the table-manager pods - extraEnv: [] - # -- Environment variables from secrets or configmaps to add to the table-manager pods - extraEnvFrom: [] - # -- Volume mounts to add to the table-manager pods - extraVolumeMounts: [] - # -- Volumes to add to the table-manager pods - extraVolumes: [] - # -- Resource requests and limits for the table-manager - resources: {} - # -- Containers to add to the table-manager pods - extraContainers: [] - # -- Grace period to allow the table-manager to shutdown before it is killed - terminationGracePeriodSeconds: 30 - # -- Affinity for table-manager pods. - # @default -- Hard node and anti-affinity - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: table-manager - topologyKey: kubernetes.io/hostname - # -- DNS config table-manager pods - dnsConfig: {} - # -- Node selector for table-manager pods - nodeSelector: {} - # -- Tolerations for table-manager pods - tolerations: [] - # -- Enable deletes by retention - retention_deletes_enabled: false - # -- Set retention period - retention_period: 0 diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index e717809..721f892 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -43,6 +43,8 @@ loki: image: repository: ${provisioner_image_repository} tag: ${provisioner_image_tag} + querier: + max_concurrent: 2 replication_factor: 1 schemaConfig: configs: @@ -66,7 +68,7 @@ backend: persistence: enabled: true storageClass: ${rwo_storage_class} - replicas: 1 + replicas: 2 resources: requests: cpu: 1m @@ -104,7 +106,7 @@ gateway: autoscaling: enabled: true targetCPUUtilizationPercentage: 80 - replicas: 1 + replicas: 0 resources: requests: cpu: 1m @@ -128,7 +130,6 @@ memcachedExporter: enabled: false querier: replicas: 0 - max_concurrent: 4 queryFrontend: replicas: 0 queryScheduler: @@ -141,7 +142,7 @@ read: persistence: enabled: true storageClass: ${rwo_storage_class} - replicas: 1 + replicas: 2 resources: requests: cpu: 1m @@ -175,7 +176,7 @@ write: persistence: enabled: true storageClass: ${rwo_storage_class} - replicas: 1 + replicas: 2 autoscaling: enabled: true minReplicas: 1 From 67dde5284d7adea5d8568240994b1aae4d936ff5 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 18:54:39 -0500 Subject: [PATCH 11/35] remove extras --- values/loki.yml.tpl | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 721f892..0ce7bdc 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -55,7 +55,6 @@ loki: object_store: s3 schema: v13 store: tsdb - tracing: enabled: true @@ -80,23 +79,8 @@ bloomCompactor: replicas: 0 bloomGateway: replicas: 0 -chunksCache: - enabled: false compactor: - compaction_interval: 10m replicas: 0 - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 200m - memory: 256Mi - retention_delete_delay: 2h - retention_delete_worker_count: 150 - retention_enabled: true - shared_store: s3 - working_directory: /loki/compactor distributer: replicas: 0 gateway: @@ -106,7 +90,6 @@ gateway: autoscaling: enabled: true targetCPUUtilizationPercentage: 80 - replicas: 0 resources: requests: cpu: 1m @@ -114,20 +97,10 @@ gateway: limits: cpu: 100m memory: 128Mi -indexGateway: - replicas: 0 ingester: replicas: 0 lokiCanary: enabled: false -memcached: - enabled: false - chunk_cache: - enabled: false - results_cache: - enabled: false -memcachedExporter: - enabled: false querier: replicas: 0 queryFrontend: @@ -150,10 +123,6 @@ read: limits: cpu: 200m memory: 256Mi -resultsCache: - enabled: false -ruler: - enabled: false serviceAccount: annotations: eks.amazonaws.com/role-arn: ${iam_role_arn} From 1a7899dd01dd8c6780d25334f8ac08fc4a0a9636 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 19:04:25 -0500 Subject: [PATCH 12/35] add both storage configs --- values/loki.yml.tpl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 0ce7bdc..cd9a60c 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -30,12 +30,16 @@ loki: split_queries_by_interval: 15m # Storage configuration storage: - use_thanos_objstore: true + bucketNames: + chunks: ${s3_bucket_name} + ruler: ${s3_bucket_name} + admin: ${s3_bucket_name} object_store: s3: bucketName: ${s3_bucket_name} endpoint: s3.${region}.amazonaws.com region: ${region} + use_thanos_objstore: true pattern_ingester: enabled: false # Provisioner settings From 3cca6cafec634a9d1821d2db8841b4760892a22f Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 19:17:01 -0500 Subject: [PATCH 13/35] add some back --- values/loki.yml.tpl | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index cd9a60c..d64b70a 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -59,6 +59,7 @@ loki: object_store: s3 schema: v13 store: tsdb + tracing: enabled: true @@ -83,8 +84,23 @@ bloomCompactor: replicas: 0 bloomGateway: replicas: 0 +chunksCache: + enabled: false compactor: + compaction_interval: 10m replicas: 0 + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 200m + memory: 256Mi + retention_delete_delay: 2h + retention_delete_worker_count: 150 + retention_enabled: true + shared_store: s3 + working_directory: /loki/compactor distributer: replicas: 0 gateway: @@ -94,6 +110,7 @@ gateway: autoscaling: enabled: true targetCPUUtilizationPercentage: 80 + replicas: 1 resources: requests: cpu: 1m @@ -101,10 +118,20 @@ gateway: limits: cpu: 100m memory: 128Mi +indexGateway: + replicas: 0 ingester: replicas: 0 lokiCanary: enabled: false +memcached: + enabled: false + chunk_cache: + enabled: false + results_cache: + enabled: false +memcachedExporter: + enabled: false querier: replicas: 0 queryFrontend: @@ -127,6 +154,10 @@ read: limits: cpu: 200m memory: 256Mi +resultsCache: + enabled: false +ruler: + enabled: false serviceAccount: annotations: eks.amazonaws.com/role-arn: ${iam_role_arn} From de5e0414ce3d2021d382d9184befb6cd6bf8a360 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 19:27:01 -0500 Subject: [PATCH 14/35] add back required images --- README.md | 2 ++ copy_images.tf | 22 +++++++++++++++++++++- main.tf | 4 ++++ variables.tf | 12 ++++++++++++ 4 files changed, 39 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5b7ff48..efb515c 100644 --- a/README.md +++ b/README.md @@ -50,9 +50,11 @@ to loki. |------|-------------|------|---------|:--------:| | [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes | | [enterprise\_logs\_provisioner\_tag](#input\_enterprise\_logs\_provisioner\_tag) | The version of the grafana/enterprise-logs-provisioner image to use. | `string` | `"v1.7.0"` | no | +| [exporter\_tag](#input\_exporter\_tag) | The version of prom/memcached-exporter to use for the gateway. | `string` | `"v0.14.4"` | no | | [gateway\_tag](#input\_gateway\_tag) | The version of nginxinc/nginx-unprivileged to use for the gateway. | `string` | `"1.25.2-alpine"` | no | | [loki\_chart\_version](#input\_loki\_chart\_version) | Which version of the grafana/loki helm chart to use. | `string` | `"6.10.2"` | no | | [loki\_tag](#input\_loki\_tag) | The tag of the loki image to use. | `string` | `"3.1.1"` | no | +| [memcached\_tag](#input\_memcached\_tag) | The version of memcached to use for the gateway. | `string` | `"1.6.23-alpine"` | no | | [namespace](#input\_namespace) | The namespace into which grafana will be deployed | `string` | `"loki"` | no | | [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN in the EKS cluster for the OpenID Connect identity provider. | `string` | n/a | yes | | [profile](#input\_profile) | AWS config profile used to upload images into ECR | `string` | `""` | no | diff --git a/copy_images.tf b/copy_images.tf index b3e1517..b1547be 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -1,7 +1,9 @@ locals { + exporter_key = format("%v#%v", "prom/memcached-exporter", var.exporter_tag) + gateway_key = format("%v#%v", "grafana/nginx-unprivileged", var.gateway_tag) loki_key = format("%v#%v", "grafana/loki", var.loki_tag) + memcached_key = format("%v#%v", "memcached", var.memcached_tag) provisioner_key = format("%v#%v", "grafana/enterprise-logs-provisioner", var.enterprise_logs_provisioner_tag) - gateway_key = format("%v#%v", "grafana/nginx-unprivileged", var.gateway_tag) sidecar_key = format("%v#%v", "kiwigrid/k8s-sidecar", var.sidecar_tag) image_config = [ @@ -14,6 +16,24 @@ locals { source_tag = var.loki_tag tag = var.loki_tag }, + { + enabled = true + dest_path = null + name = "memcached" + source_image = "bitnami/memcached" + source_registry = "public.ecr.aws" + source_tag = var.memcached_tag + tag = var.memcached_tag + }, + { + enabled = true + dest_path = null + name = "prom/memcached-exporter" + source_image = "prom/memcached-exporter" + source_registry = "docker.io" + source_tag = var.exporter_tag + tag = var.exporter_tag + }, { enabled = true dest_path = null diff --git a/main.tf b/main.tf index 68a785d..a1af8f2 100644 --- a/main.tf +++ b/main.tf @@ -51,6 +51,10 @@ resource "helm_release" "loki" { gateway_image_tag = module.images.images[local.gateway_key].tag sidecar_image_repository = split(":", module.images.images[local.sidecar_key].dest_full_path)[0] sidecar_image_tag = module.images.images[local.sidecar_key].tag + memcached_image_repository = split(":", module.images.images[local.memcached_key].dest_full_path)[0] + memcached_image_tag = module.images.images[local.memcached_key].tag + exporter_image_repository = split(":", module.images.images[local.exporter_key].dest_full_path)[0] + exporter_image_tag = module.images.images[local.exporter_key].tag # Storage configuration s3_bucket_name = module.loki_s3.s3_requested_bucket_name region = var.region diff --git a/variables.tf b/variables.tf index ad048a5..35009fe 100644 --- a/variables.tf +++ b/variables.tf @@ -65,6 +65,18 @@ variable "gateway_tag" { default = "1.25.2-alpine" } +variable "memcached_tag" { + description = "The version of memcached to use for the gateway." + type = string + default = "1.6.23-alpine" +} + +variable "exporter_tag" { + description = "The version of prom/memcached-exporter to use for the gateway." + type = string + default = "v0.14.4" +} + variable "sidecar_tag" { description = "The version of kiwigrid/k8s-sidecar to use for the gateway." type = string From 8f12610a548b47340499c2659df427ee39ab7932 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 19:49:02 -0500 Subject: [PATCH 15/35] add cleanup_on_fail --- main.tf | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/main.tf b/main.tf index a1af8f2..45d54be 100644 --- a/main.tf +++ b/main.tf @@ -31,12 +31,13 @@ module "loki_irsa_role" { } resource "helm_release" "loki" { - chart = "loki" - version = var.loki_chart_version - name = "loki" - namespace = var.namespace - repository = "https://grafana.github.io/helm-charts" - wait = true + chart = "loki" + version = var.loki_chart_version + name = "loki" + namespace = var.namespace + repository = "https://grafana.github.io/helm-charts" + cleanup_on_fail = true + wait = true values = [ templatefile("${path.module}/values/loki.yml.tpl", { From ec09af84e08f6af4ee9e8610e3eec404f0191a0d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 20:09:22 -0500 Subject: [PATCH 16/35] add replace true --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index 45d54be..1f75a6c 100644 --- a/main.tf +++ b/main.tf @@ -37,6 +37,7 @@ resource "helm_release" "loki" { namespace = var.namespace repository = "https://grafana.github.io/helm-charts" cleanup_on_fail = true + replace = true wait = true values = [ From 895316fbdd18e110a4499ba7bfbff907febc4775 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 20:30:09 -0500 Subject: [PATCH 17/35] add path_prefix --- main.tf | 1 + values/loki.yml.tpl | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 1f75a6c..7db3180 100644 --- a/main.tf +++ b/main.tf @@ -36,6 +36,7 @@ resource "helm_release" "loki" { name = "loki" namespace = var.namespace repository = "https://grafana.github.io/helm-charts" + atomic = true cleanup_on_fail = true replace = true wait = true diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index d64b70a..adb4bbc 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -11,6 +11,8 @@ loki: analytics: reporting_enabled: true auth_enabled: false + commonConfig: + path_prefix: /loki image: repository: ${loki_image_repository} tag: ${loki_image_tag} @@ -59,7 +61,6 @@ loki: object_store: s3 schema: v13 store: tsdb - tracing: enabled: true From ae2e1b36962507e836bfaf37d09787ab6325d0b5 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 20:35:37 -0500 Subject: [PATCH 18/35] give more mem to backend and write --- values/loki.yml.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index adb4bbc..fa8d016 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -80,7 +80,7 @@ backend: memory: 1Mi limits: cpu: 200m - memory: 256Mi + memory: 512Mi bloomCompactor: replicas: 0 bloomGateway: @@ -192,7 +192,7 @@ write: memory: 1Mi limits: cpu: 200m - memory: 256Mi + memory: 512Mi extraVolumesMounts: - name: data mountPath: /loki From 3a683f1583cdf1061cb16aab0c39426bd8a0f1b8 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 7 Mar 2025 20:40:38 -0500 Subject: [PATCH 19/35] sort --- main.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index 7db3180..a4b679c 100644 --- a/main.tf +++ b/main.tf @@ -31,14 +31,15 @@ module "loki_irsa_role" { } resource "helm_release" "loki" { + atomic = true chart = "loki" - version = var.loki_chart_version + cleanup_on_fail = true name = "loki" namespace = var.namespace - repository = "https://grafana.github.io/helm-charts" - atomic = true - cleanup_on_fail = true replace = true + repository = "https://grafana.github.io/helm-charts" + timeout = 900 + version = var.loki_chart_version wait = true values = [ From db2b7a4f0f3925b0994cdb03a69de3594b816bd0 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 14:49:00 -0400 Subject: [PATCH 20/35] update requests resources --- values/loki.yml.tpl | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index fa8d016..74da5bf 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -54,7 +54,7 @@ loki: replication_factor: 1 schemaConfig: configs: - - from: 2024-04-01 + - from: "2024-04-01" index: period: 24h prefix: index_ @@ -79,7 +79,7 @@ backend: cpu: 1m memory: 1Mi limits: - cpu: 200m + cpu: 500m memory: 512Mi bloomCompactor: replicas: 0 @@ -90,13 +90,6 @@ chunksCache: compactor: compaction_interval: 10m replicas: 0 - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 200m - memory: 256Mi retention_delete_delay: 2h retention_delete_worker_count: 150 retention_enabled: true @@ -153,8 +146,8 @@ read: cpu: 1m memory: 1Mi limits: - cpu: 200m - memory: 256Mi + cpu: 500m + memory: 512Mi resultsCache: enabled: false ruler: @@ -191,7 +184,7 @@ write: cpu: 1m memory: 1Mi limits: - cpu: 200m + cpu: 500m memory: 512Mi extraVolumesMounts: - name: data From addd092f49a8cc6dc813be048e11afbddd68271c Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 14:49:34 -0400 Subject: [PATCH 21/35] set timeout to 10m --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index a4b679c..949608a 100644 --- a/main.tf +++ b/main.tf @@ -38,7 +38,7 @@ resource "helm_release" "loki" { namespace = var.namespace replace = true repository = "https://grafana.github.io/helm-charts" - timeout = 900 + timeout = 600 version = var.loki_chart_version wait = true From 8a9b62113ec9b4792330cc707588d5224f221c5e Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 15:16:52 -0400 Subject: [PATCH 22/35] more values --- values/loki.yml.tpl | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 74da5bf..6f3a0da 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -11,6 +11,9 @@ loki: analytics: reporting_enabled: true auth_enabled: false + compactor: + retention_enabled: true + delete_request_store: true commonConfig: path_prefix: /loki image: @@ -30,20 +33,9 @@ loki: reject_old_samples: true retention_period: 2160h split_queries_by_interval: 15m - # Storage configuration - storage: - bucketNames: - chunks: ${s3_bucket_name} - ruler: ${s3_bucket_name} - admin: ${s3_bucket_name} - object_store: - s3: - bucketName: ${s3_bucket_name} - endpoint: s3.${region}.amazonaws.com - region: ${region} - use_thanos_objstore: true + volume_enabled: true pattern_ingester: - enabled: false + enabled: true # Provisioner settings provisioner: image: @@ -61,6 +53,23 @@ loki: object_store: s3 schema: v13 store: tsdb + # Storage configuration + storage: + bucketNames: + chunks: ${s3_bucket_name} + ruler: ${s3_bucket_name} + admin: ${s3_bucket_name} + object_store: + s3: + bucketName: ${s3_bucket_name} + endpoint: s3.${region}.amazonaws.com + region: ${region} + use_thanos_objstore: true + storage_config: + aws: + region: ${region} + s3forcepathstyle: false + bucketnames: ${s3_bucket_name} tracing: enabled: true From c53d61997d710f7023d5ba1db08e34b25b370f68 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 16:36:12 -0400 Subject: [PATCH 23/35] more values --- values/loki.yml.tpl | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 6f3a0da..3df0a8c 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -64,12 +64,18 @@ loki: bucketName: ${s3_bucket_name} endpoint: s3.${region}.amazonaws.com region: ${region} + prefix: loki/ use_thanos_objstore: true storage_config: aws: region: ${region} s3forcepathstyle: false bucketnames: ${s3_bucket_name} + s3: + bucketname: ${s3_bucket_name} + region: ${region} + endpoint: s3.${region}.amazonaws.com + prefix: loki/ tracing: enabled: true From 86dbea903dcc1bb55d880a0fdd7342f397dbad2b Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 16:44:11 -0400 Subject: [PATCH 24/35] shorter timeout again --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 949608a..5be6fda 100644 --- a/main.tf +++ b/main.tf @@ -38,7 +38,7 @@ resource "helm_release" "loki" { namespace = var.namespace replace = true repository = "https://grafana.github.io/helm-charts" - timeout = 600 + timeout = 300 version = var.loki_chart_version wait = true From 944d180bfde2d24cb9060c9446c76df643bd9810 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 16:55:01 -0400 Subject: [PATCH 25/35] fix config parsing --- values/loki.yml.tpl | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 3df0a8c..5d5920d 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -64,18 +64,13 @@ loki: bucketName: ${s3_bucket_name} endpoint: s3.${region}.amazonaws.com region: ${region} - prefix: loki/ use_thanos_objstore: true storage_config: aws: region: ${region} s3forcepathstyle: false bucketnames: ${s3_bucket_name} - s3: - bucketname: ${s3_bucket_name} - region: ${region} - endpoint: s3.${region}.amazonaws.com - prefix: loki/ + s3: s3://${region}/${s3_bucket_name}/loki/ tracing: enabled: true From 54063d97b5dba8cd5c40bef42b42ee4054de8d36 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 17:03:22 -0400 Subject: [PATCH 26/35] fix schema --- values/loki.yml.tpl | 2 -- 1 file changed, 2 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 5d5920d..ed0f98e 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -49,7 +49,6 @@ loki: - from: "2024-04-01" index: period: 24h - prefix: index_ object_store: s3 schema: v13 store: tsdb @@ -74,7 +73,6 @@ loki: tracing: enabled: true - backend: autoscaling: enabled: true From 0cfce2acfe4ccfd9c83a6b38b10c6187fdaadfd9 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 18:16:08 -0400 Subject: [PATCH 27/35] add s3 prefix --- values/loki.yml.tpl | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index ed0f98e..29526d8 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -48,6 +48,7 @@ loki: configs: - from: "2024-04-01" index: + prefix: index_ period: 24h object_store: s3 schema: v13 @@ -55,10 +56,11 @@ loki: # Storage configuration storage: bucketNames: - chunks: ${s3_bucket_name} - ruler: ${s3_bucket_name} - admin: ${s3_bucket_name} + chunks: ${s3_bucket_name}/chunks + ruler: ${s3_bucket_name}/ruler + admin: ${s3_bucket_name}/admin object_store: + prefix: loki/ s3: bucketName: ${s3_bucket_name} endpoint: s3.${region}.amazonaws.com From 9acc3cbc9eacb00740cfb204fbf18fc405daeff8 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 18:22:28 -0400 Subject: [PATCH 28/35] no thanos --- values/loki.yml.tpl | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 29526d8..1c2a9d7 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -56,22 +56,15 @@ loki: # Storage configuration storage: bucketNames: + admin: ${s3_bucket_name}/admin chunks: ${s3_bucket_name}/chunks ruler: ${s3_bucket_name}/ruler - admin: ${s3_bucket_name}/admin - object_store: - prefix: loki/ - s3: - bucketName: ${s3_bucket_name} - endpoint: s3.${region}.amazonaws.com - region: ${region} - use_thanos_objstore: true - storage_config: - aws: + s3: + bucketName: ${s3_bucket_name} + endpoint: s3.${region}.amazonaws.com region: ${region} - s3forcepathstyle: false - bucketnames: ${s3_bucket_name} s3: s3://${region}/${s3_bucket_name}/loki/ + s3forcepathstyle: false tracing: enabled: true From 3aeb21f387a0b5f8149e4d5db8f18a4e2c222237 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 18:36:21 -0400 Subject: [PATCH 29/35] more testing --- values/loki.yml.tpl | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 1c2a9d7..7a3b1ce 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -16,6 +16,7 @@ loki: delete_request_store: true commonConfig: path_prefix: /loki + replication_factor: 1 image: repository: ${loki_image_repository} tag: ${loki_image_tag} @@ -24,16 +25,11 @@ loki: limits_config: allow_structured_metadata: true ingestion_rate_strategy: local - max_cache_freshness_per_query: 10m max_query_length: 2160h max_query_parallelism: 32 max_streams_per_user: 1000 query_timeout: 300s - reject_old_samples_max_age: 168h - reject_old_samples: true retention_period: 2160h - split_queries_by_interval: 15m - volume_enabled: true pattern_ingester: enabled: true # Provisioner settings @@ -43,16 +39,15 @@ loki: tag: ${provisioner_image_tag} querier: max_concurrent: 2 - replication_factor: 1 schemaConfig: configs: - from: "2024-04-01" + store: tsdb + object_store: s3 + schema: v13 index: prefix: index_ period: 24h - object_store: s3 - schema: v13 - store: tsdb # Storage configuration storage: bucketNames: @@ -82,7 +77,7 @@ backend: cpu: 1m memory: 1Mi limits: - cpu: 500m + cpu: 1000m memory: 512Mi bloomCompactor: replicas: 0 @@ -187,7 +182,7 @@ write: cpu: 1m memory: 1Mi limits: - cpu: 500m + cpu: 1000m memory: 512Mi extraVolumesMounts: - name: data From 21006b41c0dda7bf1a789bc3f311c9607a1c7aee Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 18:42:05 -0400 Subject: [PATCH 30/35] delete store fix --- values/loki.yml.tpl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 7a3b1ce..505b0ef 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -13,7 +13,7 @@ loki: auth_enabled: false compactor: retention_enabled: true - delete_request_store: true + delete_request_store: s3 commonConfig: path_prefix: /loki replication_factor: 1 @@ -57,9 +57,12 @@ loki: s3: bucketName: ${s3_bucket_name} endpoint: s3.${region}.amazonaws.com + region: ${region} + s3ForcePathStyle: false + storage_config: + aws: region: ${region} s3: s3://${region}/${s3_bucket_name}/loki/ - s3forcepathstyle: false tracing: enabled: true From 913cba6eaa1107717fbaad80576bf70a7c832a03 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 19:22:11 -0400 Subject: [PATCH 31/35] fix volumes --- values/loki.yml.tpl | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 505b0ef..f364fe5 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -14,8 +14,9 @@ loki: compactor: retention_enabled: true delete_request_store: s3 + working_directory: /data/loki/compactor commonConfig: - path_prefix: /loki + path_prefix: /data/loki replication_factor: 1 image: repository: ${loki_image_repository} @@ -66,6 +67,7 @@ loki: tracing: enabled: true + backend: autoscaling: enabled: true @@ -95,7 +97,11 @@ compactor: retention_delete_worker_count: 150 retention_enabled: true shared_store: s3 - working_directory: /loki/compactor + working_directory: /data/loki/compactor + persistence: + enabled: true + size: 10Gi + storageClass: ${rwo_storage_class} distributer: replicas: 0 gateway: @@ -189,6 +195,7 @@ write: memory: 512Mi extraVolumesMounts: - name: data - mountPath: /loki + mountPath: /data extraVolumes: - - name: loki + - name: data + emptyDir: {} From ba8a1900f297275fd334fec172fdbb27c44099fb Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 19:41:09 -0400 Subject: [PATCH 32/35] update s3 --- values/loki.yml.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index f364fe5..33b89cf 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -63,7 +63,7 @@ loki: storage_config: aws: region: ${region} - s3: s3://${region}/${s3_bucket_name}/loki/ + s3: s3://${region}/${s3_bucket_name}/ tracing: enabled: true From afd94eaf210db78effa085655d6c51fcc379a2e2 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 20:28:15 -0400 Subject: [PATCH 33/35] guess --- values/loki.yml.tpl | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 33b89cf..82f4a44 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -74,7 +74,6 @@ backend: minReplicas: 1 targetCPUUtilizationPercentage: 80 persistence: - enabled: true storageClass: ${rwo_storage_class} replicas: 2 resources: @@ -145,7 +144,6 @@ read: minReplicas: 1 targetCPUUtilizationPercentage: 80 persistence: - enabled: true storageClass: ${rwo_storage_class} replicas: 2 resources: @@ -179,7 +177,6 @@ test: enabled: false write: persistence: - enabled: true storageClass: ${rwo_storage_class} replicas: 2 autoscaling: @@ -197,5 +194,5 @@ write: - name: data mountPath: /data extraVolumes: - - name: data + - name: loki emptyDir: {} From 4a00ac9d73ba0313b37ef5c8f76b97398d10d773 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 10 Mar 2025 20:52:44 -0400 Subject: [PATCH 34/35] less is more --- values/loki.yml.tpl | 51 +++++++++------------------------------------ 1 file changed, 10 insertions(+), 41 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index 82f4a44..b1431ee 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -8,16 +8,7 @@ global: # Main Loki configuration loki: - analytics: - reporting_enabled: true auth_enabled: false - compactor: - retention_enabled: true - delete_request_store: s3 - working_directory: /data/loki/compactor - commonConfig: - path_prefix: /data/loki - replication_factor: 1 image: repository: ${loki_image_repository} tag: ${loki_image_tag} @@ -31,15 +22,14 @@ loki: max_streams_per_user: 1000 query_timeout: 300s retention_period: 2160h - pattern_ingester: - enabled: true # Provisioner settings provisioner: image: repository: ${provisioner_image_repository} tag: ${provisioner_image_tag} querier: - max_concurrent: 2 + max_concurrent: 4 + replication_factor: 1 schemaConfig: configs: - from: "2024-04-01" @@ -51,19 +41,16 @@ loki: period: 24h # Storage configuration storage: + type: s3 bucketNames: - admin: ${s3_bucket_name}/admin - chunks: ${s3_bucket_name}/chunks - ruler: ${s3_bucket_name}/ruler + admin: ${s3_bucket_name} + chunks: ${s3_bucket_name} + ruler: ${s3_bucket_name} s3: + s3: s3://${region} bucketName: ${s3_bucket_name} - endpoint: s3.${region}.amazonaws.com region: ${region} s3ForcePathStyle: false - storage_config: - aws: - region: ${region} - s3: s3://${region}/${s3_bucket_name}/ tracing: enabled: true @@ -75,7 +62,7 @@ backend: targetCPUUtilizationPercentage: 80 persistence: storageClass: ${rwo_storage_class} - replicas: 2 + replicas: 3 resources: requests: cpu: 1m @@ -90,17 +77,7 @@ bloomGateway: chunksCache: enabled: false compactor: - compaction_interval: 10m replicas: 0 - retention_delete_delay: 2h - retention_delete_worker_count: 150 - retention_enabled: true - shared_store: s3 - working_directory: /data/loki/compactor - persistence: - enabled: true - size: 10Gi - storageClass: ${rwo_storage_class} distributer: replicas: 0 gateway: @@ -143,9 +120,7 @@ read: enabled: true minReplicas: 1 targetCPUUtilizationPercentage: 80 - persistence: - storageClass: ${rwo_storage_class} - replicas: 2 + replicas: 3 resources: requests: cpu: 1m @@ -178,7 +153,7 @@ test: write: persistence: storageClass: ${rwo_storage_class} - replicas: 2 + replicas: 3 autoscaling: enabled: true minReplicas: 1 @@ -190,9 +165,3 @@ write: limits: cpu: 1000m memory: 512Mi - extraVolumesMounts: - - name: data - mountPath: /data - extraVolumes: - - name: loki - emptyDir: {} From 08ba8d5069a49e589eb5f116b51abd9cab59e9e8 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Wed, 12 Mar 2025 17:29:10 -0400 Subject: [PATCH 35/35] increase requests --- values/loki.yml.tpl | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/values/loki.yml.tpl b/values/loki.yml.tpl index b1431ee..2a89401 100644 --- a/values/loki.yml.tpl +++ b/values/loki.yml.tpl @@ -65,8 +65,8 @@ backend: replicas: 3 resources: requests: - cpu: 1m - memory: 1Mi + cpu: 10m + memory: 128Mi limits: cpu: 1000m memory: 512Mi @@ -90,8 +90,8 @@ gateway: replicas: 1 resources: requests: - cpu: 1m - memory: 1Mi + cpu: 10m + memory: 128Mi limits: cpu: 100m memory: 128Mi @@ -123,8 +123,8 @@ read: replicas: 3 resources: requests: - cpu: 1m - memory: 1Mi + cpu: 10m + memory: 128Mi limits: cpu: 500m memory: 512Mi @@ -141,8 +141,8 @@ sidecar: tag: ${sidecar_image_tag} resources: requests: - cpu: 1m - memory: 1Mi + cpu: 10m + memory: 128Mi limits: cpu: 200m memory: 256Mi @@ -160,8 +160,8 @@ write: targetCPUUtilizationPercentage: 80 resources: requests: - cpu: 1m - memory: 1Mi + cpu: 10m + memory: 128Mi limits: cpu: 1000m memory: 512Mi