blob: 14fe8000660887371852924bfc286dd73158b750 [file] [log] [blame] [edit]
{{/*
Enforce valid label value.
See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
*/}}
{{- define "loki.validLabelValue" -}}
{{- (regexReplaceAllLiteral "[^a-zA-Z0-9._-]" . "-") | trunc 63 | trimSuffix "-" | trimSuffix "_" | trimSuffix "." }}
{{- end }}
{{/*
Expand the name of the chart.
*/}}
{{- define "loki.name" -}}
{{- $default := ternary "enterprise-logs" "loki" .Values.enterprise.enabled }}
{{- coalesce .Values.nameOverride $default | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
singleBinary fullname
*/}}
{{- define "loki.singleBinaryFullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Resource name template
Params:
ctx = . context
component = component name (optional)
rolloutZoneName = rollout zone name (optional)
*/}}
{{- define "loki.resourceName" -}}
{{- $resourceName := include "loki.fullname" .ctx -}}
{{- if .component -}}{{- $resourceName = printf "%s-%s" $resourceName .component -}}{{- end -}}
{{- if and (not .component) .rolloutZoneName -}}{{- printf "Component name cannot be empty if rolloutZoneName (%s) is set" .rolloutZoneName | fail -}}{{- end -}}
{{- if .rolloutZoneName -}}{{- $resourceName = printf "%s-%s" $resourceName .rolloutZoneName -}}{{- end -}}
{{- if gt (len $resourceName) 253 -}}{{- printf "Resource name (%s) exceeds kubernetes limit of 253 character. To fix: shorten release name if this will be a fresh install or shorten zone names (e.g. \"a\" instead of \"zone-a\") if using zone-awareness." $resourceName | fail -}}{{- end -}}
{{- $resourceName -}}
{{- end -}}
{{/*
Return if deployment mode is simple scalable
*/}}
{{- define "loki.deployment.isScalable" -}}
{{- and (eq (include "loki.isUsingObjectStorage" . ) "true") (eq (int .Values.singleBinary.replicas) 0) }}
{{- end -}}
{{/*
Return if deployment mode is single binary
*/}}
{{- define "loki.deployment.isSingleBinary" -}}
{{- $nonZeroReplicas := gt (int .Values.singleBinary.replicas) 0 }}
{{- or (eq (include "loki.isUsingObjectStorage" . ) "false") ($nonZeroReplicas) }}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "loki.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := include "loki.name" . }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Cluster label for rules and alerts.
*/}}
{{- define "loki.clusterLabel" -}}
{{- if .Values.clusterLabelOverride }}
{{- .Values.clusterLabelOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := include "loki.name" . }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{/* Create a default storage config that uses filesystem storage
This is required for CI, but Loki will not be queryable with this default
applied, thus it is encouraged that users override this.
*/}}
{{- define "loki.storageConfig" -}}
{{- if .Values.loki.storageConfig -}}
{{- .Values.loki.storageConfig | toYaml | nindent 4 -}}
{{- else }}
{{- .Values.loki.defaultStorageConfig | toYaml | nindent 4 }}
{{- end}}
{{- end}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "loki.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "loki.labels" -}}
helm.sh/chart: {{ include "loki.chart" . }}
{{ include "loki.selectorLabels" . }}
{{- if or (.Chart.AppVersion) (.Values.loki.image.tag) }}
app.kubernetes.io/version: {{ include "loki.validLabelValue" (.Values.loki.image.tag | default .Chart.AppVersion) | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "loki.selectorLabels" -}}
app.kubernetes.io/name: {{ include "loki.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "loki.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "loki.name" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Base template for building docker image reference
*/}}
{{- define "loki.baseImage" }}
{{- $registry := .global.registry | default .service.registry | default "" -}}
{{- $repository := .service.repository | default "" -}}
{{- $ref := ternary (printf ":%s" (.service.tag | default .defaultVersion | toString)) (printf "@%s" .service.digest) (empty .service.digest) -}}
{{- if and $registry $repository -}}
{{- printf "%s/%s%s" $registry $repository $ref -}}
{{- else -}}
{{- printf "%s%s%s" $registry $repository $ref -}}
{{- end -}}
{{- end -}}
{{/*
Docker image name for Loki
*/}}
{{- define "loki.lokiImage" -}}
{{- $dict := dict "service" .Values.loki.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion -}}
{{- include "loki.baseImage" $dict -}}
{{- end -}}
{{/*
Docker image name for enterprise logs
*/}}
{{- define "loki.enterpriseImage" -}}
{{- $dict := dict "service" .Values.enterprise.image "global" .Values.global.image "defaultVersion" .Values.enterprise.version -}}
{{- include "loki.baseImage" $dict -}}
{{- end -}}
{{/*
Docker image name
*/}}
{{- define "loki.image" -}}
{{- if .Values.enterprise.enabled -}}{{- include "loki.enterpriseImage" . -}}{{- else -}}{{- include "loki.lokiImage" . -}}{{- end -}}
{{- end -}}
{{/*
Docker image name for kubectl container
*/}}
{{- define "loki.kubectlImage" -}}
{{- $dict := dict "service" .Values.kubectlImage "global" .Values.global.image "defaultVersion" "latest" -}}
{{- include "loki.baseImage" $dict -}}
{{- end -}}
{{/*
Generated storage config for loki common config
*/}}
{{- define "loki.commonStorageConfig" -}}
{{- if .Values.minio.enabled -}}
s3:
endpoint: {{ include "loki.minio" $ }}
bucketnames: {{ $.Values.loki.storage.bucketNames.chunks }}
secret_access_key: {{ $.Values.minio.rootPassword }}
access_key_id: {{ $.Values.minio.rootUser }}
s3forcepathstyle: true
insecure: true
{{- else if eq .Values.loki.storage.type "s3" -}}
{{- with .Values.loki.storage.s3 }}
s3:
{{- with .s3 }}
s3: {{ . }}
{{- end }}
{{- with .endpoint }}
endpoint: {{ . }}
{{- end }}
{{- with .region }}
region: {{ . }}
{{- end}}
bucketnames: {{ $.Values.loki.storage.bucketNames.chunks }}
{{- with .secretAccessKey }}
secret_access_key: {{ . }}
{{- end }}
{{- with .accessKeyId }}
access_key_id: {{ . }}
{{- end }}
{{- with .signatureVersion }}
signature_version: {{ . }}
{{- end }}
s3forcepathstyle: {{ .s3ForcePathStyle }}
insecure: {{ .insecure }}
{{- with .http_config}}
http_config:
{{- with .idle_conn_timeout }}
idle_conn_timeout: {{ . }}
{{- end}}
{{- with .response_header_timeout }}
response_header_timeout: {{ . }}
{{- end}}
{{- with .insecure_skip_verify }}
insecure_skip_verify: {{ . }}
{{- end}}
{{- with .ca_file}}
ca_file: {{ . }}
{{- end}}
{{- end }}
{{- with .backoff_config}}
backoff_config:
{{- with .min_period }}
min_period: {{ . }}
{{- end}}
{{- with .max_period }}
max_period: {{ . }}
{{- end}}
{{- with .max_retries }}
max_retries: {{ . }}
{{- end}}
{{- end }}
{{- end -}}
{{- else if eq .Values.loki.storage.type "gcs" -}}
{{- with .Values.loki.storage.gcs }}
gcs:
bucket_name: {{ $.Values.loki.storage.bucketNames.chunks }}
chunk_buffer_size: {{ .chunkBufferSize }}
request_timeout: {{ .requestTimeout }}
enable_http2: {{ .enableHttp2 }}
{{- end -}}
{{- else if eq .Values.loki.storage.type "azure" -}}
{{- with .Values.loki.storage.azure }}
azure:
account_name: {{ .accountName }}
{{- with .accountKey }}
account_key: {{ . }}
{{- end }}
{{- with .connectionString }}
connection_string: {{ . }}
{{- end }}
container_name: {{ $.Values.loki.storage.bucketNames.chunks }}
use_managed_identity: {{ .useManagedIdentity }}
use_federated_token: {{ .useFederatedToken }}
{{- with .userAssignedId }}
user_assigned_id: {{ . }}
{{- end }}
{{- with .requestTimeout }}
request_timeout: {{ . }}
{{- end }}
{{- with .endpointSuffix }}
endpoint_suffix: {{ . }}
{{- end }}
{{- end -}}
{{- else if eq .Values.loki.storage.type "swift" -}}
{{- with .Values.loki.storage.swift }}
swift:
{{- with .auth_version }}
auth_version: {{ . }}
{{- end }}
auth_url: {{ .auth_url }}
{{- with .internal }}
internal: {{ . }}
{{- end }}
username: {{ .username }}
user_domain_name: {{ .user_domain_name }}
{{- with .user_domain_id }}
user_domain_id: {{ . }}
{{- end }}
{{- with .user_id }}
user_id: {{ . }}
{{- end }}
password: {{ .password }}
{{- with .domain_id }}
domain_id: {{ . }}
{{- end }}
domain_name: {{ .domain_name }}
project_id: {{ .project_id }}
project_name: {{ .project_name }}
project_domain_id: {{ .project_domain_id }}
project_domain_name: {{ .project_domain_name }}
region_name: {{ .region_name }}
container_name: {{ .container_name }}
max_retries: {{ .max_retries | default 3 }}
connect_timeout: {{ .connect_timeout | default "10s" }}
request_timeout: {{ .request_timeout | default "5s" }}
{{- end -}}
{{- else -}}
{{- with .Values.loki.storage.filesystem }}
filesystem:
chunks_directory: {{ .chunks_directory }}
rules_directory: {{ .rules_directory }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Storage config for ruler
*/}}
{{- define "loki.rulerStorageConfig" -}}
{{- if .Values.minio.enabled -}}
type: "s3"
s3:
bucketnames: {{ $.Values.loki.storage.bucketNames.ruler }}
{{- else if eq .Values.loki.storage.type "s3" -}}
{{- with .Values.loki.storage.s3 }}
type: "s3"
s3:
{{- with .s3 }}
s3: {{ . }}
{{- end }}
{{- with .endpoint }}
endpoint: {{ . }}
{{- end }}
{{- with .region }}
region: {{ . }}
{{- end}}
bucketnames: {{ $.Values.loki.storage.bucketNames.ruler }}
{{- with .secretAccessKey }}
secret_access_key: {{ . }}
{{- end }}
{{- with .accessKeyId }}
access_key_id: {{ . }}
{{- end }}
s3forcepathstyle: {{ .s3ForcePathStyle }}
insecure: {{ .insecure }}
{{- with .http_config }}
http_config: {{ toYaml . | nindent 6 }}
{{- end }}
{{- end -}}
{{- else if eq .Values.loki.storage.type "gcs" -}}
{{- with .Values.loki.storage.gcs }}
type: "gcs"
gcs:
bucket_name: {{ $.Values.loki.storage.bucketNames.ruler }}
chunk_buffer_size: {{ .chunkBufferSize }}
request_timeout: {{ .requestTimeout }}
enable_http2: {{ .enableHttp2 }}
{{- end -}}
{{- else if eq .Values.loki.storage.type "azure" -}}
{{- with .Values.loki.storage.azure }}
type: "azure"
azure:
account_name: {{ .accountName }}
{{- with .accountKey }}
account_key: {{ . }}
{{- end }}
{{- with .connectionString }}
connection_string: {{ . }}
{{- end }}
container_name: {{ $.Values.loki.storage.bucketNames.ruler }}
use_managed_identity: {{ .useManagedIdentity }}
use_federated_token: {{ .useFederatedToken }}
{{- with .userAssignedId }}
user_assigned_id: {{ . }}
{{- end }}
{{- with .requestTimeout }}
request_timeout: {{ . }}
{{- end }}
{{- with .endpointSuffix }}
endpoint_suffix: {{ . }}
{{- end }}
{{- end -}}
{{- else if eq .Values.loki.storage.type "swift" -}}
{{- with .Values.loki.storage.swift }}
swift:
{{- with .auth_version }}
auth_version: {{ . }}
{{- end }}
auth_url: {{ .auth_url }}
{{- with .internal }}
internal: {{ . }}
{{- end }}
username: {{ .username }}
user_domain_name: {{ .user_domain_name }}
{{- with .user_domain_id }}
user_domain_id: {{ . }}
{{- end }}
{{- with .user_id }}
user_id: {{ . }}
{{- end }}
password: {{ .password }}
{{- with .domain_id }}
domain_id: {{ . }}
{{- end }}
domain_name: {{ .domain_name }}
project_id: {{ .project_id }}
project_name: {{ .project_name }}
project_domain_id: {{ .project_domain_id }}
project_domain_name: {{ .project_domain_name }}
region_name: {{ .region_name }}
container_name: {{ .container_name }}
max_retries: {{ .max_retries | default 3 }}
connect_timeout: {{ .connect_timeout | default "10s" }}
request_timeout: {{ .request_timeout | default "5s" }}
{{- end -}}
{{- else }}
type: "local"
{{- end -}}
{{- end -}}
{{/* Loki ruler config */}}
{{- define "loki.rulerConfig" }}
ruler:
storage:
{{- include "loki.rulerStorageConfig" . | nindent 4}}
{{- if (not (empty .Values.loki.rulerConfig)) }}
{{- toYaml .Values.loki.rulerConfig | nindent 2}}
{{- end }}
{{- end }}
{{/*
Calculate the config from structured and unstructred text input
*/}}
{{- define "loki.calculatedConfig" -}}
{{ tpl (mergeOverwrite (tpl .Values.loki.config . | fromYaml) .Values.loki.structuredConfig | toYaml) . }}
{{- end }}
{{/*
The volume to mount for loki configuration
*/}}
{{- define "loki.configVolume" -}}
{{- if eq .Values.loki.configStorageType "Secret" -}}
secret:
secretName: {{ tpl .Values.loki.externalConfigSecretName . }}
{{- else if eq .Values.loki.configStorageType "ConfigMap" -}}
configMap:
name: {{ tpl .Values.loki.externalConfigSecretName . }}
items:
- key: "config.yaml"
path: "config.yaml"
{{- end -}}
{{- end -}}
{{/*
Memcached Docker image
*/}}
{{- define "loki.memcachedImage" -}}
{{- $dict := dict "service" .Values.memcached.image "global" .Values.global.image -}}
{{- include "loki.image" $dict -}}
{{- end }}
{{/*
Memcached Exporter Docker image
*/}}
{{- define "loki.memcachedExporterImage" -}}
{{- $dict := dict "service" .Values.memcachedExporter.image "global" .Values.global.image -}}
{{- include "loki.image" $dict -}}
{{- end }}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "loki.ingress.apiVersion" -}}
{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) -}}
{{- print "networking.k8s.io/v1" -}}
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return if ingress is stable.
*/}}
{{- define "loki.ingress.isStable" -}}
{{- eq (include "loki.ingress.apiVersion" .) "networking.k8s.io/v1" -}}
{{- end -}}
{{/*
Return if ingress supports ingressClassName.
*/}}
{{- define "loki.ingress.supportsIngressClassName" -}}
{{- or (eq (include "loki.ingress.isStable" .) "true") (and (eq (include "loki.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}}
{{- end -}}
{{/*
Return if ingress supports pathType.
*/}}
{{- define "loki.ingress.supportsPathType" -}}
{{- or (eq (include "loki.ingress.isStable" .) "true") (and (eq (include "loki.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}}
{{- end -}}
{{/*
Generate list of ingress service paths based on deployment type
*/}}
{{- define "loki.ingress.servicePaths" -}}
{{- if (eq (include "loki.deployment.isScalable" .) "true") -}}
{{- include "loki.ingress.scalableServicePaths" . }}
{{- else -}}
{{- include "loki.ingress.singleBinaryServicePaths" . }}
{{- end -}}
{{- end -}}
{{/*
Ingress service paths for scalable deployment
*/}}
{{- define "loki.ingress.scalableServicePaths" -}}
{{- include "loki.ingress.servicePath" (dict "ctx" . "svcName" "read" "paths" .Values.ingress.paths.read )}}
{{- include "loki.ingress.servicePath" (dict "ctx" . "svcName" "write" "paths" .Values.ingress.paths.write )}}
{{- end -}}
{{/*
Ingress service paths for single binary deployment
*/}}
{{- define "loki.ingress.singleBinaryServicePaths" -}}
{{- include "loki.ingress.servicePath" (dict "ctx" . "svcName" "singleBinary" "paths" .Values.ingress.paths.singleBinary )}}
{{- end -}}
{{/*
Ingress service path helper function
Params:
ctx = . context
svcName = service name without the "loki.fullname" part (ie. read, write)
paths = list of url paths to allow ingress for
*/}}
{{- define "loki.ingress.servicePath" -}}
{{- $ingressApiIsStable := eq (include "loki.ingress.isStable" .ctx) "true" -}}
{{- $ingressSupportsPathType := eq (include "loki.ingress.supportsPathType" .ctx) "true" -}}
{{- range .paths }}
- path: {{ . }}
{{- if $ingressSupportsPathType }}
pathType: Prefix
{{- end }}
backend:
{{- $serviceName := include "loki.ingress.serviceName" (dict "ctx" $.ctx "svcName" $.svcName) }}
{{- if $ingressApiIsStable }}
service:
name: {{ $serviceName }}
port:
number: {{ $.ctx.Values.loki.server.http_listen_port }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $.ctx.Values.loki.server.http_listen_port }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Ingress service name helper function
Params:
ctx = . context
svcName = service name without the "loki.fullname" part (ie. read, write)
*/}}
{{- define "loki.ingress.serviceName" -}}
{{- if (eq .svcName "singleBinary") }}
{{- printf "%s" (include "loki.singleBinaryFullname" .ctx) }}
{{- else }}
{{- printf "%s-%s" (include "loki.name" .ctx) .svcName }}
{{- end -}}
{{- end -}}
{{/*
Create the service endpoint including port for MinIO.
*/}}
{{- define "loki.minio" -}}
{{- if .Values.minio.enabled -}}
{{- printf "%s-%s.%s.svc:%s" .Release.Name "minio" .Release.Namespace (.Values.minio.service.port | toString) -}}
{{- end -}}
{{- end -}}
{{/* Determine if deployment is using object storage */}}
{{- define "loki.isUsingObjectStorage" -}}
{{- or (eq .Values.loki.storage.type "gcs") (eq .Values.loki.storage.type "s3") (eq .Values.loki.storage.type "azure") (eq .Values.loki.storage.type "swift") (eq .Values.loki.storage.type "alibabacloud") -}}
{{- end -}}
{{/* Configure the correct name for the memberlist service */}}
{{- define "loki.memberlist" -}}
{{ include "loki.name" . }}-memberlist
{{- end -}}
{{/* Determine the public host for the Loki cluster */}}
{{- define "loki.host" -}}
{{- $isSingleBinary := eq (include "loki.deployment.isSingleBinary" .) "true" -}}
{{- $url := printf "%s.%s.svc.%s.:%s" (include "loki.gatewayFullname" .) .Release.Namespace .Values.global.clusterDomain (.Values.gateway.service.port | toString) }}
{{- if and $isSingleBinary (not .Values.gateway.enabled) }}
{{- $url = printf "%s.%s.svc.%s.:%s" (include "loki.singleBinaryFullname" .) .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }}
{{- end }}
{{- printf "%s" $url -}}
{{- end -}}
{{/* Determine the public endpoint for the Loki cluster */}}
{{- define "loki.address" -}}
{{- printf "http://%s" (include "loki.host" . ) -}}
{{- end -}}
{{/* Name of the cluster */}}
{{- define "loki.clusterName" -}}
{{- $name := .Values.enterprise.cluster_name | default .Release.Name }}
{{- printf "%s" $name -}}
{{- end -}}
{{/* Name of kubernetes secret to persist GEL admin token to */}}
{{- define "enterprise-logs.adminTokenSecret" }}
{{- .Values.enterprise.adminToken.secret | default (printf "%s-admin-token" (include "loki.name" . )) -}}
{{- end -}}
{{/* Prefix for provisioned secrets created for each provisioned tenant */}}
{{- define "enterprise-logs.provisionedSecretPrefix" }}
{{- .Values.enterprise.provisioner.provisionedSecretPrefix | default (printf "%s-provisioned" (include "loki.name" . )) -}}
{{- end -}}
{{/* Name of kubernetes secret to persist canary credentials in */}}
{{- define "enterprise-logs.selfMonitoringTenantSecret" }}
{{- .Values.enterprise.canarySecret | default (printf "%s-%s" (include "enterprise-logs.provisionedSecretPrefix" . ) .Values.monitoring.selfMonitoring.tenant.name) -}}
{{- end -}}
{{/* Snippet for the nginx file used by gateway */}}
{{- define "loki.nginxFile" }}
worker_processes 5; ## Default: 1
error_log /dev/stderr;
pid /tmp/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
}
http {
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
client_max_body_size 4M;
proxy_read_timeout 600; ## 10 minutes
proxy_send_timeout 600;
proxy_connect_timeout 600;
proxy_http_version 1.1;
default_type application/octet-stream;
log_format {{ .Values.gateway.nginxConfig.logFormat }}
{{- if .Values.gateway.verboseLogging }}
access_log /dev/stderr main;
{{- else }}
map $status $loggable {
~^[23] 0;
default 1;
}
access_log /dev/stderr main if=$loggable;
{{- end }}
sendfile on;
tcp_nopush on;
{{- if .Values.gateway.nginxConfig.resolver }}
resolver {{ .Values.gateway.nginxConfig.resolver }};
{{- else }}
resolver {{ .Values.global.dnsService }}.{{ .Values.global.dnsNamespace }}.svc.{{ .Values.global.clusterDomain }}.;
{{- end }}
{{- with .Values.gateway.nginxConfig.httpSnippet }}
{{- tpl . $ | nindent 2 }}
{{- end }}
server {
listen 8080;
{{- if .Values.gateway.nginxConfig.enableIPv6 }}
listen [::]:8080;
{{- end }}
{{- if .Values.gateway.basicAuth.enabled }}
auth_basic "Loki";
auth_basic_user_file /etc/nginx/secrets/.htpasswd;
{{- end }}
location = / {
return 200 'OK';
auth_basic off;
}
{{- $backendHost := include "loki.backendFullname" .}}
{{- $readHost := include "loki.readFullname" .}}
{{- $writeHost := include "loki.writeFullname" .}}
{{- if .Values.read.legacyReadTarget }}
{{- $backendHost = include "loki.readFullname" . }}
{{- end }}
{{- if gt (int .Values.singleBinary.replicas) 0 }}
{{- $backendHost = include "loki.singleBinaryFullname" . }}
{{- $readHost = include "loki.singleBinaryFullname" .}}
{{- $writeHost = include "loki.singleBinaryFullname" .}}
{{- end }}
{{- $writeUrl := printf "http://%s.%s.svc.%s:%s" $writeHost .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }}
{{- $readUrl := printf "http://%s.%s.svc.%s:%s" $readHost .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }}
{{- $backendUrl := printf "http://%s.%s.svc.%s:%s" $backendHost .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }}
{{- if .Values.gateway.nginxConfig.customWriteUrl }}
{{- $writeUrl = .Values.gateway.nginxConfig.customWriteUrl }}
{{- end }}
{{- if .Values.gateway.nginxConfig.customReadUrl }}
{{- $readUrl = .Values.gateway.nginxConfig.customReadUrl }}
{{- end }}
{{- if .Values.gateway.nginxConfig.customBackendUrl }}
{{- $backendUrl = .Values.gateway.nginxConfig.customBackendUrl }}
{{- end }}
# Distributor
location = /api/prom/push {
proxy_pass {{ $writeUrl }}$request_uri;
}
location = /loki/api/v1/push {
proxy_pass {{ $writeUrl }}$request_uri;
}
location = /distributor/ring {
proxy_pass {{ $writeUrl }}$request_uri;
}
# Ingester
location = /flush {
proxy_pass {{ $writeUrl }}$request_uri;
}
location ^~ /ingester/ {
proxy_pass {{ $writeUrl }}$request_uri;
}
location = /ingester {
internal; # to suppress 301
}
# Ring
location = /ring {
proxy_pass {{ $writeUrl }}$request_uri;
}
# MemberListKV
location = /memberlist {
proxy_pass {{ $writeUrl }}$request_uri;
}
# Ruler
location = /ruler/ring {
proxy_pass {{ $backendUrl }}$request_uri;
}
location = /api/prom/rules {
proxy_pass {{ $backendUrl }}$request_uri;
}
location ^~ /api/prom/rules/ {
proxy_pass {{ $backendUrl }}$request_uri;
}
location = /loki/api/v1/rules {
proxy_pass {{ $backendUrl }}$request_uri;
}
location ^~ /loki/api/v1/rules/ {
proxy_pass {{ $backendUrl }}$request_uri;
}
location = /prometheus/api/v1/alerts {
proxy_pass {{ $backendUrl }}$request_uri;
}
location = /prometheus/api/v1/rules {
proxy_pass {{ $backendUrl }}$request_uri;
}
# Compactor
location = /compactor/ring {
proxy_pass {{ $backendUrl }}$request_uri;
}
location = /loki/api/v1/delete {
proxy_pass {{ $backendUrl }}$request_uri;
}
location = /loki/api/v1/cache/generation_numbers {
proxy_pass {{ $backendUrl }}$request_uri;
}
# IndexGateway
location = /indexgateway/ring {
proxy_pass {{ $backendUrl }}$request_uri;
}
# QueryScheduler
location = /scheduler/ring {
proxy_pass {{ $backendUrl }}$request_uri;
}
# Config
location = /config {
proxy_pass {{ $backendUrl }}$request_uri;
}
{{- if and .Values.enterprise.enabled .Values.enterprise.adminApi.enabled }}
# Admin API
location ^~ /admin/api/ {
proxy_pass {{ $backendUrl }}$request_uri;
}
location = /admin/api {
internal; # to suppress 301
}
{{- end }}
# QueryFrontend, Querier
location = /api/prom/tail {
proxy_pass {{ $readUrl }}$request_uri;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location = /loki/api/v1/tail {
proxy_pass {{ $readUrl }}$request_uri;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ^~ /api/prom/ {
proxy_pass {{ $readUrl }}$request_uri;
}
location = /api/prom {
internal; # to suppress 301
}
location ^~ /loki/api/v1/ {
proxy_pass {{ $readUrl }}$request_uri;
}
location = /loki/api/v1 {
internal; # to suppress 301
}
{{- with .Values.gateway.nginxConfig.serverSnippet }}
{{ . | nindent 4 }}
{{- end }}
}
}
{{- end }}
{{/* Configure enableServiceLinks in pod */}}
{{- define "loki.enableServiceLinks" -}}
{{- if semverCompare ">=1.13-0" .Capabilities.KubeVersion.Version -}}
{{- if or (.Values.loki.enableServiceLinks) (ne .Values.loki.enableServiceLinks false) -}}
enableServiceLinks: true
{{- else -}}
enableServiceLinks: false
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Determine compactor address based on target configuration */}}
{{- define "loki.compactorAddress" -}}
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- $compactorAddress := include "loki.backendFullname" . -}}
{{- if and $isSimpleScalable .Values.read.legacyReadTarget -}}
{{/* 2 target configuration */}}
{{- $compactorAddress = include "loki.readFullname" . -}}
{{- else if (not $isSimpleScalable) -}}
{{/* single binary */}}
{{- $compactorAddress = include "loki.singleBinaryFullname" . -}}
{{- end -}}
{{- printf "http://%s:%s" $compactorAddress (.Values.loki.server.http_listen_port | toString) }}
{{- end }}
{{/* Determine query-scheduler address */}}
{{- define "loki.querySchedulerAddress" -}}
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- $schedulerAddress := ""}}
{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) -}}
{{- $schedulerAddress = printf "query-scheduler-discovery.%s.svc.%s.:%s" .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.grpc_listen_port | toString) -}}
{{- end -}}
{{- printf "%s" $schedulerAddress }}
{{- end }}