feat: add logging via vector + loki
diff --git a/charts/loki/values.yaml b/charts/loki/values.yaml
new file mode 100644
index 0000000..ac047d1
--- /dev/null
+++ b/charts/loki/values.yaml
@@ -0,0 +1,1301 @@
+---
+global:
+ image:
+ # -- Overrides the Docker registry globally for all images
+ registry: null
+ # -- Overrides the priorityClassName for all pods
+ priorityClassName: null
+ # -- configures cluster domain ("cluster.local" by default)
+ clusterDomain: "cluster.local"
+ # -- configures DNS service name
+ dnsService: "kube-dns"
+ # -- configures DNS service namespace
+ dnsNamespace: "kube-system"
+
+# -- Overrides the chart's name
+nameOverride: null
+
+# -- Overrides the chart's computed fullname
+fullnameOverride: null
+
+# -- Image pull secrets for Docker images
+imagePullSecrets: []
+
+kubectlImage:
+ # -- The Docker registry
+ registry: docker.io
+ # -- Docker image repository
+ repository: bitnami/kubectl
+ # -- Overrides the image tag whose default is the chart's appVersion
+ tag: null
+ # -- Docker image pull policy
+ pullPolicy: IfNotPresent
+
+loki:
+ # Configures the readiness probe for all of the Loki pods
+ readinessProbe:
+ httpGet:
+ path: /ready
+ port: http-metrics
+ initialDelaySeconds: 30
+ timeoutSeconds: 1
+ image:
+ # -- The Docker registry
+ registry: docker.io
+ # -- Docker image repository
+ repository: grafana/loki
+ # -- Overrides the image tag whose default is the chart's appVersion
+ # TODO: needed for 3rd target backend functionality
+ # revert to null or latest once this behavior is relased
+ tag: null
+ # -- Docker image pull policy
+ pullPolicy: IfNotPresent
+ # -- Common annotations for all pods
+ podAnnotations: {}
+ # -- Common labels for all pods
+ podLabels: {}
+ # -- The number of old ReplicaSets to retain to allow rollback
+ revisionHistoryLimit: 10
+ # -- The SecurityContext for Loki pods
+ podSecurityContext:
+ fsGroup: 10001
+ runAsGroup: 10001
+ runAsNonRoot: true
+ runAsUser: 10001
+ # -- The SecurityContext for Loki containers
+ containerSecurityContext:
+ readOnlyRootFilesystem: true
+ capabilities:
+ drop:
+ - ALL
+ allowPrivilegeEscalation: false
+ # -- Should enableServiceLinks be enabled. Default to enable
+ enableServiceLinks: true
+ # -- Specify an existing secret containing loki configuration. If non-empty, overrides `loki.config`
+ existingSecretForConfig: ""
+ # -- Config file contents for Loki
+ # @default -- See values.yaml
+ config: |
+ {{- if .Values.enterprise.enabled}}
+ {{- tpl .Values.enterprise.config . }}
+ {{- else }}
+ auth_enabled: {{ .Values.loki.auth_enabled }}
+ {{- end }}
+
+ {{- with .Values.loki.server }}
+ server:
+ {{- toYaml . | nindent 2}}
+ {{- end}}
+
+ memberlist:
+ join_members:
+ - {{ include "loki.memberlist" . }}
+ {{- with .Values.migrate.fromDistributed }}
+ {{- if .enabled }}
+ - {{ .memberlistService }}
+ {{- end }}
+ {{- end }}
+
+ {{- with .Values.loki.ingester }}
+ ingester:
+ {{- tpl (. | toYaml) $ | nindent 4 }}
+ {{- end }}
+
+ {{- if .Values.loki.commonConfig}}
+ common:
+ {{- toYaml .Values.loki.commonConfig | nindent 2}}
+ storage:
+ {{- include "loki.commonStorageConfig" . | nindent 4}}
+ {{- end}}
+
+ {{- with .Values.loki.limits_config }}
+ limits_config:
+ {{- tpl (. | toYaml) $ | nindent 4 }}
+ {{- end }}
+
+ runtime_config:
+ file: /etc/loki/runtime-config/runtime-config.yaml
+
+ {{- with .Values.loki.memcached.chunk_cache }}
+ {{- if and .enabled (or .host .addresses) }}
+ chunk_store_config:
+ chunk_cache_config:
+ memcached:
+ batch_size: {{ .batch_size }}
+ parallelism: {{ .parallelism }}
+ memcached_client:
+ {{- if .host }}
+ host: {{ .host }}
+ {{- end }}
+ {{- if .addresses }}
+ addresses: {{ .addresses }}
+ {{- end }}
+ service: {{ .service }}
+ {{- end }}
+ {{- end }}
+
+ {{- if .Values.loki.schemaConfig}}
+ schema_config:
+ {{- toYaml .Values.loki.schemaConfig | nindent 2}}
+ {{- else }}
+ schema_config:
+ configs:
+ - from: 2022-01-11
+ store: boltdb-shipper
+ object_store: {{ .Values.loki.storage.type }}
+ schema: v12
+ index:
+ prefix: loki_index_
+ period: 24h
+ {{- end }}
+
+ {{ include "loki.rulerConfig" . }}
+
+ table_manager:
+ retention_deletes_enabled: false
+ retention_period: 0
+
+ {{- with .Values.loki.memcached.results_cache }}
+ query_range:
+ align_queries_with_step: true
+ {{- if and .enabled (or .host .addresses) }}
+ cache_results: {{ .enabled }}
+ results_cache:
+ cache:
+ default_validity: {{ .default_validity }}
+ memcached_client:
+ {{- if .host }}
+ host: {{ .host }}
+ {{- end }}
+ {{- if .addresses }}
+ addresses: {{ .addresses }}
+ {{- end }}
+ service: {{ .service }}
+ timeout: {{ .timeout }}
+ {{- end }}
+ {{- end }}
+
+ {{- with .Values.loki.storage_config }}
+ storage_config:
+ {{- tpl (. | toYaml) $ | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.loki.query_scheduler }}
+ query_scheduler:
+ {{- tpl (. | toYaml) $ | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.loki.compactor }}
+ compactor:
+ {{- tpl (. | toYaml) $ | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.loki.analytics }}
+ analytics:
+ {{- tpl (. | toYaml) $ | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.loki.querier }}
+ querier:
+ {{- tpl (. | toYaml) $ | nindent 4 }}
+ {{- end }}
+
+ # Should authentication be enabled
+ auth_enabled: true
+
+ # -- Check https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration.
+ server:
+ http_listen_port: 3100
+ grpc_listen_port: 9095
+
+ # -- Limits config
+ limits_config:
+ enforce_metric_name: false
+ reject_old_samples: true
+ reject_old_samples_max_age: 168h
+ max_cache_freshness_per_query: 10m
+ split_queries_by_interval: 15m
+
+ # -- Provides a reloadable runtime configuration file for some specific configuration
+ runtimeConfig: {}
+
+ # -- Check https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration
+ commonConfig:
+ path_prefix: /var/loki
+ replication_factor: 3
+ compactor_address: '{{ include "loki.compactorAddress" . }}'
+
+ # -- Storage config. Providing this will automatically populate all necessary storage configs in the templated config.
+ storage:
+ bucketNames:
+ chunks: chunks
+ ruler: ruler
+ admin: admin
+ type: s3
+ s3:
+ s3: null
+ endpoint: null
+ region: null
+ secretAccessKey: null
+ accessKeyId: null
+ s3ForcePathStyle: false
+ insecure: false
+ http_config: {}
+ gcs:
+ chunkBufferSize: 0
+ requestTimeout: "0s"
+ enableHttp2: true
+ azure:
+ accountName: null
+ accountKey: null
+ useManagedIdentity: false
+ userAssignedId: null
+ requestTimeout: null
+ filesystem:
+ chunks_directory: /var/loki/chunks
+ rules_directory: /var/loki/rules
+
+ # -- Configure memcached as an external cache for chunk and results cache. Disabled by default
+ # must enable and specify a host for each cache you would like to use.
+ memcached:
+ chunk_cache:
+ enabled: false
+ host: ""
+ service: "memcached-client"
+ batch_size: 256
+ parallelism: 10
+ results_cache:
+ enabled: false
+ host: ""
+ service: "memcached-client"
+ timeout: "500ms"
+ default_validity: "12h"
+
+ # -- Check https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas
+ schemaConfig: {}
+
+ # -- Check https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler
+ rulerConfig: {}
+
+ # -- Structured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig`
+ structuredConfig: {}
+
+ # -- Additional query scheduler config
+ query_scheduler: {}
+
+ # -- Additional storage config
+ storage_config:
+ hedging:
+ at: "250ms"
+ max_per_second: 20
+ up_to: 3
+
+ # -- Optional compactor configuration
+ compactor: {}
+
+ # -- Optional analytics configuration
+ analytics: {}
+
+ # -- Optional querier configuration
+ querier: {}
+
+ # -- Optional ingester configuration
+ ingester: {}
+
+enterprise:
+ # Enable enterprise features, license must be provided
+ enabled: false
+
+ # Default verion of GEL to deploy
+ version: v1.6.1
+
+ # -- Optional name of the GEL cluster, otherwise will use .Release.Name
+ # The cluster name must match what is in your GEL license
+ cluster_name: null
+
+ # -- Grafana Enterprise Logs license
+ # In order to use Grafana Enterprise Logs features, you will need to provide
+ # the contents of your Grafana Enterprise Logs license, either by providing the
+ # contents of the license.jwt, or the name Kubernetes Secret that contains your
+ # license.jwt.
+ # To set the license contents, use the flag `--set-file 'license.contents=./license.jwt'`
+ license:
+ contents: "NOTAVALIDLICENSE"
+
+ # -- Set to true when providing an external license
+ useExternalLicense: false
+
+ # -- Name of external license secret to use
+ externalLicenseName: null
+
+ # -- Name of the external config secret to use
+ externalConfigName: ""
+
+ # -- If enabled, the correct admin_client storage will be configured. If disabled while running enterprise,
+ # make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`.
+ adminApi:
+ enabled: true
+
+ # enterprise specific sections of the config.yaml file
+ config: |
+ {{- if .Values.enterprise.adminApi.enabled }}
+ {{- if or .Values.minio.enabled (eq .Values.loki.storage.type "s3") (eq .Values.loki.storage.type "gcs") (eq .Values.loki.storage.type "azure") }}
+ admin_client:
+ storage:
+ s3:
+ bucket_name: {{ .Values.loki.storage.bucketNames.admin }}
+ {{- end }}
+ {{- end }}
+ auth:
+ type: {{ .Values.enterprise.adminApi.enabled | ternary "enterprise" "trust" }}
+ auth_enabled: {{ .Values.loki.auth_enabled }}
+ cluster_name: {{ include "loki.clusterName" . }}
+ license:
+ path: /etc/loki/license/license.jwt
+
+ image:
+ # -- The Docker registry
+ registry: docker.io
+ # -- Docker image repository
+ repository: grafana/enterprise-logs
+ # -- Docker image tag
+ # TODO: needed for 3rd target backend functionality
+ # revert to null or latest once this behavior is relased
+ tag: main-96f32b9f
+ # -- Docker image pull policy
+ pullPolicy: IfNotPresent
+
+ adminToken:
+ # -- Alternative name for admin token secret, needed by tokengen and provisioner jobs
+ secret: null
+ # -- Additional namespace to also create the token in. Useful if your Grafana instance
+ # is in a different namespace
+ additionalNamespaces: []
+
+ # -- Alternative name of the secret to store token for the canary
+ canarySecret: null
+
+ # -- Configuration for `tokengen` target
+ tokengen:
+ # -- Whether the job should be part of the deployment
+ enabled: true
+ # -- Comma-separated list of Loki modules to load for tokengen
+ targetModule: "tokengen"
+ # -- Additional CLI arguments for the `tokengen` target
+ extraArgs: []
+ # -- Additional Kubernetes environment
+ env: []
+ # -- Additional labels for the `tokengen` Job
+ labels: {}
+ # -- Additional annotations for the `tokengen` Job
+ annotations: {}
+ # -- Tolerations for tokengen Job
+ tolerations: []
+ # -- Additional volumes for Pods
+ extraVolumes: []
+ # -- Additional volume mounts for Pods
+ extraVolumeMounts: []
+ # -- Run containers as user `enterprise-logs(uid=10001)`
+ securityContext:
+ runAsNonRoot: true
+ runAsGroup: 10001
+ runAsUser: 10001
+ fsGroup: 10001
+ # -- Environment variables from secrets or configmaps to add to the tokengen pods
+ extraEnvFrom: []
+ # -- The name of the PriorityClass for tokengen Pods
+ priorityClassName: ""
+
+ # -- Configuration for `provisioner` target
+ provisioner:
+ # -- Whether the job should be part of the deployment
+ enabled: true
+ # -- Name of the secret to store provisioned tokens in
+ provisionedSecretPrefix: null
+ # -- Additional tenants to be created. Each tenant will get a read and write policy
+ # and associated token. Tenant must have a name and a namespace for the secret containting
+ # the token to be created in. For example
+ # additionalTenants:
+ # - name: loki
+ # secretNamespace: grafana
+ additionalTenants: []
+ # -- Additional Kubernetes environment
+ env: []
+ # -- Additional labels for the `provisioner` Job
+ labels: {}
+ # -- Additional annotations for the `provisioner` Job
+ annotations: {}
+ # -- The name of the PriorityClass for provisioner Job
+ priorityClassName: null
+ # -- Run containers as user `enterprise-logs(uid=10001)`
+ securityContext:
+ runAsNonRoot: true
+ runAsGroup: 10001
+ runAsUser: 10001
+ fsGroup: 10001
+ # -- Provisioner image to Utilize
+ image:
+ # -- The Docker registry
+ registry: docker.io
+ # -- Docker image repository
+ repository: grafana/enterprise-logs-provisioner
+ # -- Overrides the image tag whose default is the chart's appVersion
+ tag: null
+ # -- Docker image pull policy
+ pullPolicy: IfNotPresent
+ # -- Volume mounts to add to the provisioner pods
+ extraVolumeMounts: []
+
+# -- Options that may be necessary when performing a migration from another helm chart
+migrate:
+ # -- When migrating from a distributed chart like loki-distributed or enterprise-logs
+ fromDistributed:
+ # -- Set to true if migrating from a distributed helm chart
+ enabled: false
+ # -- If migrating from a distributed service, provide the distributed deployment's
+ # memberlist service DNS so the new deployment can join it's ring.
+ memberlistService: ""
+
+serviceAccount:
+ # -- Specifies whether a ServiceAccount should be created
+ create: true
+ # -- The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: null
+ # -- Image pull secrets for the service account
+ imagePullSecrets: []
+ # -- Annotations for the service account
+ annotations: {}
+ # -- Labels for the service account
+ labels: {}
+ # -- Set this toggle to false to opt out of automounting API credentials for the service account
+ automountServiceAccountToken: true
+
+# RBAC configuration
+rbac:
+ # -- If pspEnabled true, a PodSecurityPolicy is created for K8s that use psp.
+ pspEnabled: false
+ # -- For OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints.
+ sccEnabled: false
+
+# -- Section for configuring optional Helm test
+test:
+ enabled: true
+ # -- Address of the prometheus server to query for the test
+ prometheusAddress: "http://prometheus:9090"
+ # -- Number of times to retry the test before failing
+ timeout: 1m
+ # -- Additional labels for the test pods
+ labels: {}
+ # -- Additional annotations for test pods
+ annotations: {}
+ # -- Image to use for loki canary
+ image:
+ # -- The Docker registry
+ registry: docker.io
+ # -- Docker image repository
+ repository: grafana/loki-helm-test
+ # -- Overrides the image tag whose default is the chart's appVersion
+ tag: null
+ # -- Docker image pull policy
+ pullPolicy: IfNotPresent
+
+# Monitoring section determines which monitoring features to enable
+monitoring:
+ # Dashboards for monitoring Loki
+ dashboards:
+ # -- If enabled, create configmap with dashboards for monitoring Loki
+ enabled: true
+ # -- Alternative namespace to create dashboards ConfigMap in
+ namespace: null
+ # -- Additional annotations for the dashboards ConfigMap
+ annotations: {}
+ # -- Labels for the dashboards ConfigMap
+ labels:
+ grafana_dashboard: "1"
+
+ # Recording rules for monitoring Loki, required for some dashboards
+ rules:
+ # -- If enabled, create PrometheusRule resource with Loki recording rules
+ enabled: true
+ # -- Include alerting rules
+ alerting: true
+ # -- Alternative namespace to create PrometheusRule resources in
+ namespace: null
+ # -- Additional annotations for the rules PrometheusRule resource
+ annotations: {}
+ # -- Additional labels for the rules PrometheusRule resource
+ labels: {}
+ # -- Additional groups to add to the rules file
+ additionalGroups: []
+ # - name: additional-loki-rules
+ # rules:
+ # - record: job:loki_request_duration_seconds_bucket:sum_rate
+ # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job)
+ # - record: job_route:loki_request_duration_seconds_bucket:sum_rate
+ # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route)
+ # - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate
+ # expr: sum(rate(container_cpu_usage_seconds_total[1m])) by (node, namespace, pod, container)
+
+ # ServiceMonitor configuration
+ serviceMonitor:
+ # -- If enabled, ServiceMonitor resources for Prometheus Operator are created
+ enabled: true
+ # -- Namespace selector for ServiceMonitor resources
+ namespaceSelector: {}
+ # -- ServiceMonitor annotations
+ annotations: {}
+ # -- Additional ServiceMonitor labels
+ labels: {}
+ # -- ServiceMonitor scrape interval
+ interval: null
+ # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s)
+ scrapeTimeout: null
+ # -- ServiceMonitor relabel configs to apply to samples before scraping
+ # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ relabelings: []
+ # -- ServiceMonitor will use http by default, but you can pick https as well
+ scheme: http
+ # -- ServiceMonitor will use these tlsConfig settings to make the health check requests
+ tlsConfig: null
+ # -- If defined, will create a MetricsInstance for the Grafana Agent Operator.
+ metricsInstance:
+ # -- If enabled, MetricsInstance resources for Grafana Agent Operator are created
+ enabled: true
+ # -- MetricsInstance annotations
+ annotations: {}
+ # -- Additional MetricsInstance labels
+ labels: {}
+ # -- If defined a MetricsInstance will be created to remote write metrics.
+ remoteWrite: null
+
+ # Self monitoring determines whether Loki should scrape it's own logs.
+ # This feature currently relies on the Grafana Agent Operator being installed,
+ # which is installed by default using the grafana-agent-operator sub-chart.
+ # It will create custom resources for GrafanaAgent, LogsInstance, and PodLogs to configure
+ # scrape configs to scrape it's own logs with the labels expected by the included dashboards.
+ selfMonitoring:
+ enabled: true
+
+ # -- Tenant to use for self monitoring
+ tenant:
+ # -- Name of the tenant
+ name: "self-monitoring"
+ # -- Namespace to create additional tenant token secret in. Useful if your Grafana instance
+ # is in a separate namespace. Token will still be created in the canary namespace.
+ secretNamespace: "{{ .Release.Namespace }}"
+
+ # Grafana Agent configuration
+ grafanaAgent:
+ # -- Controls whether to install the Grafana Agent Operator and its CRDs.
+ # Note that helm will not install CRDs if this flag is enabled during an upgrade.
+ # In that case install the CRDs manually from https://github.com/grafana/agent/tree/main/production/operator/crds
+ installOperator: true
+ # -- Grafana Agent annotations
+ annotations: {}
+ # -- Additional Grafana Agent labels
+ labels: {}
+ # -- Enable the config read api on port 8080 of the agent
+ enableConfigReadAPI: false
+
+ # PodLogs configuration
+ podLogs:
+ # -- PodLogs annotations
+ annotations: {}
+ # -- Additional PodLogs labels
+ labels: {}
+ # -- PodLogs relabel configs to apply to samples before scraping
+ # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ relabelings: []
+
+ # LogsInstance configuration
+ logsInstance:
+ # -- LogsInstance annotations
+ annotations: {}
+ # -- Additional LogsInstance labels
+ labels: {}
+ # -- Additional clients for remote write
+ clients: null
+
+ # The Loki canary pushes logs to and queries from this loki installation to test
+ # that it's working correctly
+ lokiCanary:
+ enabled: true
+ # -- Additional annotations for the `loki-canary` Daemonset
+ annotations: {}
+ # -- Additional CLI arguments for the `loki-canary' command
+ extraArgs: []
+ # -- Environment variables to add to the canary pods
+ extraEnv: []
+ # -- Environment variables from secrets or configmaps to add to the canary pods
+ extraEnvFrom: []
+ # -- Resource requests and limits for the canary
+ resources: {}
+ # -- Node selector for canary pods
+ nodeSelector: {}
+ # -- Tolerations for canary pods
+ tolerations: []
+ # -- Image to use for loki canary
+ image:
+ # -- The Docker registry
+ registry: docker.io
+ # -- Docker image repository
+ repository: grafana/loki-canary
+ # -- Overrides the image tag whose default is the chart's appVersion
+ tag: null
+ # -- Docker image pull policy
+ pullPolicy: IfNotPresent
+
+# Configuration for the write pod(s)
+write:
+ # -- Number of replicas for the write
+ replicas: 3
+ image:
+ # -- The Docker registry for the write image. Overrides `loki.image.registry`
+ registry: null
+ # -- Docker image repository for the write image. Overrides `loki.image.repository`
+ repository: null
+ # -- Docker image tag for the write image. Overrides `loki.image.tag`
+ tag: null
+ # -- The name of the PriorityClass for write pods
+ priorityClassName: null
+ # -- Annotations for write pods
+ podAnnotations: {}
+ # -- Additional labels for each `write` pod
+ podLabels: {}
+ # -- Additional selector labels for each `write` pod
+ selectorLabels: {}
+ # -- Labels for ingester service
+ serviceLabels: {}
+ # -- Comma-separated list of Loki modules to load for the write
+ targetModule: "write"
+ # -- Additional CLI args for the write
+ extraArgs: []
+ # -- Environment variables to add to the write pods
+ extraEnv: []
+ # -- Environment variables from secrets or configmaps to add to the write pods
+ extraEnvFrom: []
+ # -- Lifecycle for the write container
+ lifecycle: {}
+ # -- Init containers to add to the write pods
+ initContainers: []
+ # -- Volume mounts to add to the write pods
+ extraVolumeMounts: []
+ # -- Volumes to add to the write pods
+ extraVolumes: []
+ # -- Resource requests and limits for the write
+ resources: {}
+ # -- Grace period to allow the write to shutdown before it is killed. Especially for the ingester,
+ # this must be increased. It must be long enough so writes can be gracefully shutdown flushing/transferring
+ # all data and to successfully leave the member ring on shutdown.
+ terminationGracePeriodSeconds: 300
+ # -- Affinity for write pods. Passed through `tpl` and, thus, to be configured as string
+ # @default -- Hard node and soft zone anti-affinity
+ affinity: |
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ {{- include "loki.writeSelectorLabels" . | nindent 10 }}
+ topologyKey: kubernetes.io/hostname
+ # -- Node selector for write pods
+ nodeSelector: {}
+ # -- Tolerations for write pods
+ tolerations: []
+ persistence:
+ # -- Enable StatefulSetAutoDeletePVC feature
+ enableStatefulSetAutoDeletePVC: false
+ # -- Size of persistent disk
+ size: 10Gi
+ # -- Storage class to be used.
+ # If defined, storageClassName: <storageClass>.
+ # If set to "-", storageClassName: "", which disables dynamic provisioning.
+ # If empty or set to null, no storageClassName spec is
+ # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
+ storageClass: null
+ # -- Selector for persistent disk
+ selector: null
+
+# Configuration for the table-manager
+tableManager:
+ # -- Specifies whether the table-manager should be enabled
+ enabled: false
+ image:
+ # -- The Docker registry for the table-manager image. Overrides `loki.image.registry`
+ registry: null
+ # -- Docker image repository for the table-manager image. Overrides `loki.image.repository`
+ repository: null
+ # -- Docker image tag for the table-manager image. Overrides `loki.image.tag`
+ tag: null
+ # -- Command to execute instead of defined in Docker image
+ command: null
+ # -- The name of the PriorityClass for table-manager pods
+ priorityClassName: null
+ # -- Labels for table-manager pods
+ podLabels: {}
+ # -- Annotations for table-manager pods
+ podAnnotations: {}
+ # -- Labels for table-manager service
+ serviceLabels: {}
+ # -- Additional CLI args for the table-manager
+ extraArgs: []
+ # -- Environment variables to add to the table-manager pods
+ extraEnv: []
+ # -- Environment variables from secrets or configmaps to add to the table-manager pods
+ extraEnvFrom: []
+ # -- Volume mounts to add to the table-manager pods
+ extraVolumeMounts: []
+ # -- Volumes to add to the table-manager pods
+ extraVolumes: []
+ # -- Resource requests and limits for the table-manager
+ resources: {}
+ # -- Containers to add to the table-manager pods
+ extraContainers: []
+ # -- Grace period to allow the table-manager to shutdown before it is killed
+ terminationGracePeriodSeconds: 30
+ # -- Affinity for table-manager pods. Passed through `tpl` and, thus, to be configured as string
+ # @default -- Hard node and soft zone anti-affinity
+ affinity: |
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ {{- include "loki.tableManagerSelectorLabels" . | nindent 10 }}
+ topologyKey: kubernetes.io/hostname
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ {{- include "loki.tableManagerSelectorLabels" . | nindent 12 }}
+ topologyKey: failure-domain.beta.kubernetes.io/zone
+ # -- Node selector for table-manager pods
+ nodeSelector: {}
+ # -- Tolerations for table-manager pods
+ tolerations: []
+
+# Configuration for the read pod(s)
+read:
+ # -- Number of replicas for the read
+ replicas: 3
+ autoscaling:
+ # -- Enable autoscaling for the read, this is only used if `queryIndex.enabled: true`
+ enabled: false
+ # -- Minimum autoscaling replicas for the read
+ minReplicas: 1
+ # -- Maximum autoscaling replicas for the read
+ maxReplicas: 3
+ # -- Target CPU utilisation percentage for the read
+ targetCPUUtilizationPercentage: 60
+ # -- Target memory utilisation percentage for the read
+ targetMemoryUtilizationPercentage:
+ image:
+ # -- The Docker registry for the read image. Overrides `loki.image.registry`
+ registry: null
+ # -- Docker image repository for the read image. Overrides `loki.image.repository`
+ repository: null
+ # -- Docker image tag for the read image. Overrides `loki.image.tag`
+ tag: null
+ # -- The name of the PriorityClass for read pods
+ priorityClassName: null
+ # -- Annotations for read pods
+ podAnnotations: {}
+ # -- Additional labels for each `read` pod
+ podLabels: {}
+ # -- Additional selector labels for each `read` pod
+ selectorLabels: {}
+ # -- Labels for read service
+ serviceLabels: {}
+ # -- Comma-separated list of Loki modules to load for the read
+ targetModule: "read"
+ # -- Whether or not to use the 2 target type simple scalable mode (read, write) or the
+ # 3 target type (read, write, backend). Legacy refers to the 2 target type, so true will
+ # run two targets, false will run 3 targets.
+ legacyReadTarget: true
+ # -- Additional CLI args for the read
+ extraArgs: []
+ # -- Environment variables to add to the read pods
+ extraEnv: []
+ # -- Environment variables from secrets or configmaps to add to the read pods
+ extraEnvFrom: []
+ # -- Lifecycle for the read container
+ lifecycle: {}
+ # -- Volume mounts to add to the read pods
+ extraVolumeMounts: []
+ # -- Volumes to add to the read pods
+ extraVolumes: []
+ # -- Resource requests and limits for the read
+ resources: {}
+ # -- Grace period to allow the read to shutdown before it is killed
+ terminationGracePeriodSeconds: 30
+ # -- Affinity for read pods. Passed through `tpl` and, thus, to be configured as string
+ # @default -- Hard node and soft zone anti-affinity
+ affinity: |
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ {{- include "loki.readSelectorLabels" . | nindent 10 }}
+ topologyKey: kubernetes.io/hostname
+ # -- Node selector for read pods
+ nodeSelector: {}
+ # -- Tolerations for read pods
+ tolerations: []
+ persistence:
+ # -- Enable StatefulSetAutoDeletePVC feature
+ enableStatefulSetAutoDeletePVC: true
+ # -- Size of persistent disk
+ size: 10Gi
+ # -- Storage class to be used.
+ # If defined, storageClassName: <storageClass>.
+ # If set to "-", storageClassName: "", which disables dynamic provisioning.
+ # If empty or set to null, no storageClassName spec is
+ # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
+ storageClass: null
+ # -- Selector for persistent disk
+ selector: null
+
+# Configuration for the backend pod(s)
+backend:
+ # -- Number of replicas for the backend
+ replicas: 3
+ image:
+ # -- The Docker registry for the backend image. Overrides `loki.image.registry`
+ registry: null
+ # -- Docker image repository for the backend image. Overrides `loki.image.repository`
+ repository: null
+ # -- Docker image tag for the backend image. Overrides `loki.image.tag`
+ tag: null
+ # -- The name of the PriorityClass for backend pods
+ priorityClassName: null
+ # -- Annotations for backend pods
+ podAnnotations: {}
+ # -- Additional labels for each `backend` pod
+ podLabels: {}
+ # -- Additional selector labels for each `backend` pod
+ selectorLabels: {}
+ # -- Labels for ingester service
+ serviceLabels: {}
+ # -- Comma-separated list of Loki modules to load for the read
+ targetModule: "backend"
+ # -- Additional CLI args for the backend
+ extraArgs: []
+ # -- Environment variables to add to the backend pods
+ extraEnv: []
+ # -- Environment variables from secrets or configmaps to add to the backend pods
+ extraEnvFrom: []
+ # -- Init containers to add to the backend pods
+ initContainers: []
+ # -- Volume mounts to add to the backend pods
+ extraVolumeMounts: []
+ # -- Volumes to add to the backend pods
+ extraVolumes: []
+ # -- Resource requests and limits for the backend
+ resources: {}
+ # -- Grace period to allow the backend to shutdown before it is killed. Especially for the ingester,
+ # this must be increased. It must be long enough so backends can be gracefully shutdown flushing/transferring
+ # all data and to successfully leave the member ring on shutdown.
+ terminationGracePeriodSeconds: 300
+ # -- Affinity for backend pods. Passed through `tpl` and, thus, to be configured as string
+ # @default -- Hard node and soft zone anti-affinity
+ affinity: |
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ {{- include "loki.backendSelectorLabels" . | nindent 10 }}
+ topologyKey: kubernetes.io/hostname
+ # -- Node selector for backend pods
+ nodeSelector: {}
+ # -- Tolerations for backend pods
+ tolerations: []
+ persistence:
+ # -- Enable StatefulSetAutoDeletePVC feature
+ enableStatefulSetAutoDeletePVC: true
+ # -- Size of persistent disk
+ size: 10Gi
+ # -- Storage class to be used.
+ # If defined, storageClassName: <storageClass>.
+ # If set to "-", storageClassName: "", which disables dynamic provisioning.
+ # If empty or set to null, no storageClassName spec is
+ # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
+ storageClass: null
+ # -- Selector for persistent disk
+ selector: null
+
+# Configuration for the single binary node(s)
+singleBinary:
+ # -- Number of replicas for the single binary
+ replicas: 0
+ autoscaling:
+ # -- Enable autoscaling, this is only used if `queryIndex.enabled: true`
+ enabled: false
+ # -- Minimum autoscaling replicas for the single binary
+ minReplicas: 1
+ # -- Maximum autoscaling replicas for the single binary
+ maxReplicas: 3
+ # -- Target CPU utilisation percentage for the single binary
+ targetCPUUtilizationPercentage: 60
+ # -- Target memory utilisation percentage for the single binary
+ targetMemoryUtilizationPercentage:
+ image:
+ # -- The Docker registry for the single binary image. Overrides `loki.image.registry`
+ registry: null
+ # -- Docker image repository for the single binary image. Overrides `loki.image.repository`
+ repository: null
+ # -- Docker image tag for the single binary image. Overrides `loki.image.tag`
+ tag: null
+ # -- The name of the PriorityClass for single binary pods
+ priorityClassName: null
+ # -- Annotations for single binary pods
+ podAnnotations: {}
+ # -- Additional labels for each `single binary` pod
+ podLabels: {}
+ # -- Additional selector labels for each `single binary` pod
+ selectorLabels: {}
+ # -- Comma-separated list of Loki modules to load for the single binary
+ targetModule: "all"
+ # -- Labels for single binary service
+ extraArgs: []
+ # -- Environment variables to add to the single binary pods
+ extraEnv: []
+ # -- Environment variables from secrets or configmaps to add to the single binary pods
+ extraEnvFrom: []
+ # -- Init containers to add to the single binary pods
+ initContainers: []
+ # -- Volume mounts to add to the single binary pods
+ extraVolumeMounts: []
+ # -- Volumes to add to the single binary pods
+ extraVolumes: []
+ # -- Resource requests and limits for the single binary
+ resources: {}
+ # -- Grace period to allow the single binary to shutdown before it is killed
+ terminationGracePeriodSeconds: 30
+ # -- Affinity for single binary pods. Passed through `tpl` and, thus, to be configured as string
+ # @default -- Hard node and soft zone anti-affinity
+ affinity: |
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ {{- include "loki.singleBinarySelectorLabels" . | nindent 10 }}
+ topologyKey: kubernetes.io/hostname
+ # -- Node selector for single binary pods
+ nodeSelector: {}
+ # -- Tolerations for single binary pods
+ tolerations: []
+ persistence:
+ # -- Enable StatefulSetAutoDeletePVC feature
+ enableStatefulSetAutoDeletePVC: true
+ # -- Enable persistent disk
+ enabled: true
+ # -- Size of persistent disk
+ size: 10Gi
+ # -- Storage class to be used.
+ # If defined, storageClassName: <storageClass>.
+ # If set to "-", storageClassName: "", which disables dynamic provisioning.
+ # If empty or set to null, no storageClassName spec is
+ # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
+ storageClass: null
+ # -- Selector for persistent disk
+ selector: null
+
+# Use either this ingress or the gateway, but not both at once.
+# If you enable this, make sure to disable the gateway.
+# You'll need to supply authn configuration for your ingress controller.
+ingress:
+ enabled: false
+ ingressClassName: ""
+ annotations: {}
+ # nginx.ingress.kubernetes.io/auth-type: basic
+ # nginx.ingress.kubernetes.io/auth-secret: loki-distributed-basic-auth
+ # nginx.ingress.kubernetes.io/auth-secret-type: auth-map
+ # nginx.ingress.kubernetes.io/configuration-snippet: |
+ # proxy_set_header X-Scope-OrgID $remote_user;
+ paths:
+ write:
+ - /api/prom/push
+ - /loki/api/v1/push
+ read:
+ - /api/prom/tail
+ - /loki/api/v1/tail
+ - /loki/api
+ - /api/prom/rules
+ - /loki/api/v1/rules
+ - /prometheus/api/v1/rules
+ - /prometheus/api/v1/alerts
+ singleBinary:
+ - /api/prom/push
+ - /loki/api/v1/push
+ - /api/prom/tail
+ - /loki/api/v1/tail
+ - /loki/api
+ - /api/prom/rules
+ - /loki/api/v1/rules
+ - /prometheus/api/v1/rules
+ - /prometheus/api/v1/alerts
+
+ hosts:
+ - loki.example.com
+ tls: []
+# - hosts:
+# - loki.example.com
+# secretName: loki-distributed-tls
+
+# Configuration for the memberlist service
+memberlist:
+ service:
+ publishNotReadyAddresses: false
+
+# Configuration for the gateway
+gateway:
+ # -- Specifies whether the gateway should be enabled
+ enabled: true
+ # -- Number of replicas for the gateway
+ replicas: 1
+ # -- Enable logging of 2xx and 3xx HTTP requests
+ verboseLogging: true
+ autoscaling:
+ # -- Enable autoscaling for the gateway
+ enabled: false
+ # -- Minimum autoscaling replicas for the gateway
+ minReplicas: 1
+ # -- Maximum autoscaling replicas for the gateway
+ maxReplicas: 3
+ # -- Target CPU utilisation percentage for the gateway
+ targetCPUUtilizationPercentage: 60
+ # -- Target memory utilisation percentage for the gateway
+ targetMemoryUtilizationPercentage:
+ # -- See `kubectl explain deployment.spec.strategy` for more
+ # -- ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+ deploymentStrategy:
+ type: RollingUpdate
+ image:
+ # -- The Docker registry for the gateway image
+ registry: docker.io
+ # -- The gateway image repository
+ repository: nginxinc/nginx-unprivileged
+ # -- The gateway image tag
+ tag: 1.19-alpine
+ # -- The gateway image pull policy
+ pullPolicy: IfNotPresent
+ # -- The name of the PriorityClass for gateway pods
+ priorityClassName: null
+ # -- Annotations for gateway pods
+ podAnnotations: {}
+ # -- Additional labels for gateway pods
+ podLabels: {}
+ # -- Additional CLI args for the gateway
+ extraArgs: []
+ # -- Environment variables to add to the gateway pods
+ extraEnv: []
+ # -- Environment variables from secrets or configmaps to add to the gateway pods
+ extraEnvFrom: []
+ # -- Lifecycle for the gateway container
+ lifecycle: {}
+ # -- Volumes to add to the gateway pods
+ extraVolumes: []
+ # -- Volume mounts to add to the gateway pods
+ extraVolumeMounts: []
+ # -- The SecurityContext for gateway containers
+ podSecurityContext:
+ fsGroup: 101
+ runAsGroup: 101
+ runAsNonRoot: true
+ runAsUser: 101
+ # -- The SecurityContext for gateway containers
+ containerSecurityContext:
+ readOnlyRootFilesystem: true
+ capabilities:
+ drop:
+ - ALL
+ allowPrivilegeEscalation: false
+ # -- Resource requests and limits for the gateway
+ resources: {}
+ # -- Grace period to allow the gateway to shutdown before it is killed
+ terminationGracePeriodSeconds: 30
+ # -- Affinity for gateway pods. Passed through `tpl` and, thus, to be configured as string
+ # @default -- Hard node and soft zone anti-affinity
+ affinity: |
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ {{- include "loki.gatewaySelectorLabels" . | nindent 10 }}
+ topologyKey: kubernetes.io/hostname
+ # -- Node selector for gateway pods
+ nodeSelector: {}
+ # -- Tolerations for gateway pods
+ tolerations: []
+ # Gateway service configuration
+ service:
+ # -- Port of the gateway service
+ port: 80
+ # -- Type of the gateway service
+ type: ClusterIP
+ # -- ClusterIP of the gateway service
+ clusterIP: null
+ # -- (int) Node port if service type is NodePort
+ nodePort: null
+ # -- Load balancer IPO address if service type is LoadBalancer
+ loadBalancerIP: null
+ # -- Annotations for the gateway service
+ annotations: {}
+ # -- Labels for gateway service
+ labels: {}
+ # Gateway ingress configuration
+ ingress:
+ # -- Specifies whether an ingress for the gateway should be created
+ enabled: false
+ # -- Ingress Class Name. MAY be required for Kubernetes versions >= 1.18
+ ingressClassName: ""
+ # -- Annotations for the gateway ingress
+ annotations: {}
+ # -- Hosts configuration for the gateway ingress
+ hosts:
+ - host: gateway.loki.example.com
+ paths:
+ - path: /
+ # -- pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers
+ # pathType: Prefix
+ # -- TLS configuration for the gateway ingress
+ tls:
+ - secretName: loki-gateway-tls
+ hosts:
+ - gateway.loki.example.com
+ # Basic auth configuration
+ basicAuth:
+ # -- Enables basic authentication for the gateway
+ enabled: false
+ # -- The basic auth username for the gateway
+ username: null
+ # -- The basic auth password for the gateway
+ password: null
+ # -- Uses the specified username and password to compute a htpasswd using Sprig's `htpasswd` function.
+ # The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes
+ # high CPU load.
+ htpasswd: >-
+ {{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }}
+
+ # -- Existing basic auth secret to use. Must contain '.htpasswd'
+ existingSecret: null
+ # Configures the readiness probe for the gateway
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ initialDelaySeconds: 15
+ timeoutSeconds: 1
+ nginxConfig:
+ # -- NGINX log format
+ logFormat: |-
+ main '$remote_addr - $remote_user [$time_local] $status '
+ '"$request" $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+ # -- Allows appending custom configuration to the server block
+ serverSnippet: ""
+ # -- Allows appending custom configuration to the http block
+ httpSnippet: ""
+ # -- Override Read URL
+ customReadUrl: null
+ # -- Override Write URL
+ customWriteUrl: null
+ # -- Override Backend URL
+ customBackendUrl: null
+ # -- Config file contents for Nginx. Passed through the `tpl` function to allow templating
+ # @default -- See values.yaml
+ file: |
+ {{- include "loki.nginxFile" . | indent 2 -}}
+networkPolicy:
+ # -- Specifies whether Network Policies should be created
+ enabled: false
+ metrics:
+ # -- Specifies the Pods which are allowed to access the metrics port.
+ # As this is cross-namespace communication, you also need the namespaceSelector.
+ podSelector: {}
+ # -- Specifies the namespaces which are allowed to access the metrics port
+ namespaceSelector: {}
+ # -- Specifies specific network CIDRs which are allowed to access the metrics port.
+ # In case you use namespaceSelector, you also have to specify your kubelet networks here.
+ # The metrics ports are also used for probes.
+ cidrs: []
+ ingress:
+ # -- Specifies the Pods which are allowed to access the http port.
+ # As this is cross-namespace communication, you also need the namespaceSelector.
+ podSelector: {}
+ # -- Specifies the namespaces which are allowed to access the http port
+ namespaceSelector: {}
+ alertmanager:
+ # -- Specify the alertmanager port used for alerting
+ port: 9093
+ # -- Specifies the alertmanager Pods.
+ # As this is cross-namespace communication, you also need the namespaceSelector.
+ podSelector: {}
+ # -- Specifies the namespace the alertmanager is running in
+ namespaceSelector: {}
+ externalStorage:
+ # -- Specify the port used for external storage, e.g. AWS S3
+ ports: []
+ # -- Specifies specific network CIDRs you want to limit access to
+ cidrs: []
+ discovery:
+ # -- (int) Specify the port used for discovery
+ port: null
+ # -- Specifies the Pods labels used for discovery.
+ # As this is cross-namespace communication, you also need the namespaceSelector.
+ podSelector: {}
+ # -- Specifies the namespace the discovery Pods are running in
+ namespaceSelector: {}
+
+tracing:
+ jaegerAgentHost: ""
+
+# -------------------------------------
+# Configuration for `minio` child chart
+# -------------------------------------
+minio:
+ enabled: false
+ replicas: 1
+ # Minio requires 2 to 16 drives for erasure code (drivesPerNode * replicas)
+ # https://docs.min.io/docs/minio-erasure-code-quickstart-guide
+ # Since we only have 1 replica, that means 2 drives must be used.
+ drivesPerNode: 2
+ rootUser: enterprise-logs
+ rootPassword: supersecret
+ buckets:
+ - name: chunks
+ policy: none
+ purge: false
+ - name: ruler
+ policy: none
+ purge: false
+ - name: admin
+ policy: none
+ purge: false
+ persistence:
+ size: 5Gi
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+
+# Create extra manifests via values. Would be passed through `tpl` for templating
+extraObjects: []
+# - apiVersion: v1
+# kind: ConfigMap
+# metadata:
+# name: loki-alerting-rules
+# data:
+# loki-alerting-rules.yaml: |-
+# groups:
+# - name: example
+# rules:
+# - alert: example
+# expr: |
+# sum(count_over_time({app="loki"} |~ "error")) > 0
+# for: 3m
+# labels:
+# severity: warning
+# category: logs
+# annotations:
+# message: "loki has encountered errors"