blob: 855e75c551fdfb0df8cfb1b11692afd3a29e449b [file] [log] [blame]
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +00001global:
2 image:
3 # -- Overrides the Docker registry globally for all images
4 registry: null
5 # -- Overrides the priorityClassName for all pods
6 priorityClassName: null
7 # -- configures cluster domain ("cluster.local" by default)
8 clusterDomain: "cluster.local"
9 # -- configures DNS service name
10 dnsService: "kube-dns"
11 # -- configures DNS service namespace
12 dnsNamespace: "kube-system"
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +000013# -- Overrides the chart's name
14nameOverride: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +000015# -- Overrides the chart's computed fullname
16fullnameOverride: null
Giovanni Tirloni59219b62024-04-09 14:50:25 -030017# -- Overrides the chart's cluster label
18clusterLabelOverride: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +000019# -- Image pull secrets for Docker images
20imagePullSecrets: []
Mohammed Naser65cda132024-05-02 14:34:08 -040021# -- Deployment mode lets you specify how to deploy Loki.
22# There are 3 options:
23# - SingleBinary: Loki is deployed as a single binary, useful for small installs typically without HA, up to a few tens of GB/day.
24# - SimpleScalable: Loki is deployed as 3 targets: read, write, and backend. Useful for medium installs easier to manage than distributed, up to a about 1TB/day.
25# - Distributed: Loki is deployed as individual microservices. The most complicated but most capable, useful for large installs, typically over 1TB/day.
26# There are also 2 additional modes used for migrating between deployment modes:
27# - SingleBinary<->SimpleScalable: Migrate from SingleBinary to SimpleScalable (or vice versa)
28# - SimpleScalable<->Distributed: Migrate from SimpleScalable to Distributed (or vice versa)
29# Note: SimpleScalable and Distributed REQUIRE the use of object storage.
30deploymentMode: SimpleScalable
31######################################################################################################################
32#
33# Base Loki Configs including kubernetes configurations and configurations for Loki itself,
34# see below for more specifics on Loki's configuration.
35#
36######################################################################################################################
37# -- Configuration for running Loki
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +000038loki:
39 # Configures the readiness probe for all of the Loki pods
40 readinessProbe:
41 httpGet:
42 path: /ready
43 port: http-metrics
44 initialDelaySeconds: 30
45 timeoutSeconds: 1
46 image:
47 # -- The Docker registry
48 registry: docker.io
49 # -- Docker image repository
50 repository: grafana/loki
51 # -- Overrides the image tag whose default is the chart's appVersion
52 # TODO: needed for 3rd target backend functionality
53 # revert to null or latest once this behavior is relased
54 tag: null
Giovanni Tirloni59219b62024-04-09 14:50:25 -030055 # -- Overrides the image tag with an image digest
56 digest: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +000057 # -- Docker image pull policy
58 pullPolicy: IfNotPresent
Giovanni Tirloni59219b62024-04-09 14:50:25 -030059 # -- Common annotations for all deployments/StatefulSets
60 annotations: {}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +000061 # -- Common annotations for all pods
62 podAnnotations: {}
63 # -- Common labels for all pods
64 podLabels: {}
Giovanni Tirloni59219b62024-04-09 14:50:25 -030065 # -- Common annotations for all services
66 serviceAnnotations: {}
67 # -- Common labels for all services
68 serviceLabels: {}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +000069 # -- The number of old ReplicaSets to retain to allow rollback
70 revisionHistoryLimit: 10
71 # -- The SecurityContext for Loki pods
72 podSecurityContext:
73 fsGroup: 10001
74 runAsGroup: 10001
75 runAsNonRoot: true
76 runAsUser: 10001
77 # -- The SecurityContext for Loki containers
78 containerSecurityContext:
79 readOnlyRootFilesystem: true
80 capabilities:
81 drop:
82 - ALL
83 allowPrivilegeEscalation: false
84 # -- Should enableServiceLinks be enabled. Default to enable
85 enableServiceLinks: true
Mohammed Naser65cda132024-05-02 14:34:08 -040086 ######################################################################################################################
87 #
88 # Loki Configuration
89 #
90 # There are several ways to pass configuration to Loki, listing them here in order of our preference for how
91 # you should use this chart.
92 # 1. Use the templated value of loki.config below and the corresponding override sections which follow.
93 # This allows us to set a lot of important Loki configurations and defaults and also allows us to maintain them
94 # over time as Loki changes and evolves.
95 # 2. Use the loki.structuredConfig section.
96 # This will completely override the templated value of loki.config, so you MUST provide the entire Loki config
97 # including any configuration that we set in loki.config unless you explicitly are trying to change one of those
98 # values and are not able to do so with the templated sections.
99 # If you choose this approach the burden is on you to maintain any changes we make to the templated config.
100 # 3. Use an existing secret or configmap to provide the configuration.
101 # This option is mostly provided for folks who have external processes which provide or modify the configuration.
102 # When using this option you can specify a different name for loki.generatedConfigObjectName and configObjectName
103 # if you have a process which takes the generated config and modifies it, or you can stop the chart from generating
104 # a config entirely by setting loki.generatedConfigObjectName to
105 #
106 ######################################################################################################################
107
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300108 # -- Defines what kind of object stores the configuration, a ConfigMap or a Secret.
109 # In order to move sensitive information (such as credentials) from the ConfigMap/Secret to a more secure location (e.g. vault), it is possible to use [environment variables in the configuration](https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration).
110 # Such environment variables can be then stored in a separate Secret and injected via the global.extraEnvFrom value. For details about environment injection from a Secret please see [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables).
111 configStorageType: ConfigMap
Mohammed Naser65cda132024-05-02 14:34:08 -0400112 # -- The name of the object which Loki will mount as a volume containing the config.
113 # If the configStorageType is Secret, this will be the name of the Secret, if it is ConfigMap, this will be the name of the ConfigMap.
114 # The value will be passed through tpl.
115 configObjectName: '{{ include "loki.name" . }}'
116 # -- The name of the Secret or ConfigMap that will be created by this chart.
117 # If empty, no configmap or secret will be created.
118 # The value will be passed through tpl.
119 generatedConfigObjectName: '{{ include "loki.name" . }}'
120
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000121 # -- Config file contents for Loki
122 # @default -- See values.yaml
123 config: |
124 {{- if .Values.enterprise.enabled}}
125 {{- tpl .Values.enterprise.config . }}
126 {{- else }}
127 auth_enabled: {{ .Values.loki.auth_enabled }}
128 {{- end }}
129
130 {{- with .Values.loki.server }}
131 server:
132 {{- toYaml . | nindent 2}}
133 {{- end}}
134
Mohammed Naser65cda132024-05-02 14:34:08 -0400135 pattern_ingester:
136 enabled: {{ .Values.loki.pattern_ingester.enabled }}
137
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000138 memberlist:
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300139 {{- if .Values.loki.memberlistConfig }}
140 {{- toYaml .Values.loki.memberlistConfig | nindent 2 }}
141 {{- else }}
142 {{- if .Values.loki.extraMemberlistConfig}}
143 {{- toYaml .Values.loki.extraMemberlistConfig | nindent 2}}
144 {{- end }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000145 join_members:
146 - {{ include "loki.memberlist" . }}
147 {{- with .Values.migrate.fromDistributed }}
148 {{- if .enabled }}
149 - {{ .memberlistService }}
150 {{- end }}
151 {{- end }}
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300152 {{- end }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000153
154 {{- with .Values.loki.ingester }}
155 ingester:
156 {{- tpl (. | toYaml) $ | nindent 4 }}
157 {{- end }}
158
159 {{- if .Values.loki.commonConfig}}
160 common:
161 {{- toYaml .Values.loki.commonConfig | nindent 2}}
162 storage:
163 {{- include "loki.commonStorageConfig" . | nindent 4}}
164 {{- end}}
165
166 {{- with .Values.loki.limits_config }}
167 limits_config:
168 {{- tpl (. | toYaml) $ | nindent 4 }}
169 {{- end }}
170
171 runtime_config:
172 file: /etc/loki/runtime-config/runtime-config.yaml
173
Mohammed Naser65cda132024-05-02 14:34:08 -0400174 {{- with .Values.chunksCache }}
175 {{- if .enabled }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000176 chunk_store_config:
177 chunk_cache_config:
Mohammed Naser65cda132024-05-02 14:34:08 -0400178 default_validity: {{ .defaultValidity }}
179 background:
180 writeback_goroutines: {{ .writebackParallelism }}
181 writeback_buffer: {{ .writebackBuffer }}
182 writeback_size_limit: {{ .writebackSizeLimit }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000183 memcached:
Mohammed Naser65cda132024-05-02 14:34:08 -0400184 batch_size: {{ .batchSize }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000185 parallelism: {{ .parallelism }}
186 memcached_client:
Mohammed Naser65cda132024-05-02 14:34:08 -0400187 addresses: dnssrvnoa+_memcached-client._tcp.{{ template "loki.fullname" $ }}-chunks-cache.{{ $.Release.Namespace }}.svc
188 consistent_hash: true
189 timeout: {{ .timeout }}
190 max_idle_conns: 72
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000191 {{- end }}
192 {{- end }}
193
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300194 {{- if .Values.loki.schemaConfig }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000195 schema_config:
196 {{- toYaml .Values.loki.schemaConfig | nindent 2}}
Mohammed Naser65cda132024-05-02 14:34:08 -0400197 {{- end }}
198
199 {{- if .Values.loki.useTestSchema }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000200 schema_config:
Mohammed Naser65cda132024-05-02 14:34:08 -0400201 {{- toYaml .Values.loki.testSchemaConfig | nindent 2}}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000202 {{- end }}
203
204 {{ include "loki.rulerConfig" . }}
205
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300206 {{- if or .Values.tableManager.retention_deletes_enabled .Values.tableManager.retention_period }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000207 table_manager:
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300208 retention_deletes_enabled: {{ .Values.tableManager.retention_deletes_enabled }}
209 retention_period: {{ .Values.tableManager.retention_period }}
210 {{- end }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000211
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000212 query_range:
213 align_queries_with_step: true
Mohammed Naser65cda132024-05-02 14:34:08 -0400214 {{- with .Values.loki.query_range }}
215 {{- tpl (. | toYaml) $ | nindent 4 }}
216 {{- end }}
217 {{- if .Values.resultsCache.enabled }}
218 {{- with .Values.resultsCache }}
219 cache_results: true
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000220 results_cache:
221 cache:
Mohammed Naser65cda132024-05-02 14:34:08 -0400222 default_validity: {{ .defaultValidity }}
223 background:
224 writeback_goroutines: {{ .writebackParallelism }}
225 writeback_buffer: {{ .writebackBuffer }}
226 writeback_size_limit: {{ .writebackSizeLimit }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000227 memcached_client:
Mohammed Naser65cda132024-05-02 14:34:08 -0400228 consistent_hash: true
229 addresses: dnssrvnoa+_memcached-client._tcp.{{ template "loki.fullname" $ }}-results-cache.{{ $.Release.Namespace }}.svc
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000230 timeout: {{ .timeout }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400231 update_interval: 1m
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000232 {{- end }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400233 {{- end }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000234
235 {{- with .Values.loki.storage_config }}
236 storage_config:
237 {{- tpl (. | toYaml) $ | nindent 4 }}
238 {{- end }}
239
240 {{- with .Values.loki.query_scheduler }}
241 query_scheduler:
242 {{- tpl (. | toYaml) $ | nindent 4 }}
243 {{- end }}
244
245 {{- with .Values.loki.compactor }}
246 compactor:
247 {{- tpl (. | toYaml) $ | nindent 4 }}
248 {{- end }}
249
250 {{- with .Values.loki.analytics }}
251 analytics:
252 {{- tpl (. | toYaml) $ | nindent 4 }}
253 {{- end }}
254
255 {{- with .Values.loki.querier }}
256 querier:
257 {{- tpl (. | toYaml) $ | nindent 4 }}
258 {{- end }}
259
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300260 {{- with .Values.loki.index_gateway }}
261 index_gateway:
262 {{- tpl (. | toYaml) $ | nindent 4 }}
263 {{- end }}
264
265 {{- with .Values.loki.frontend }}
266 frontend:
267 {{- tpl (. | toYaml) $ | nindent 4 }}
268 {{- end }}
269
270 {{- with .Values.loki.frontend_worker }}
271 frontend_worker:
272 {{- tpl (. | toYaml) $ | nindent 4 }}
273 {{- end }}
274
275 {{- with .Values.loki.distributor }}
276 distributor:
277 {{- tpl (. | toYaml) $ | nindent 4 }}
278 {{- end }}
279
280 tracing:
281 enabled: {{ .Values.loki.tracing.enabled }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000282 # Should authentication be enabled
283 auth_enabled: true
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300284 # -- memberlist configuration (overrides embedded default)
285 memberlistConfig: {}
286 # -- Extra memberlist configuration
287 extraMemberlistConfig: {}
288 # -- Tenants list to be created on nginx htpasswd file, with name and password keys
289 tenants: []
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000290 # -- Check https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration.
291 server:
292 http_listen_port: 3100
293 grpc_listen_port: 9095
Mohammed Naser65cda132024-05-02 14:34:08 -0400294 http_server_read_timeout: 600s
295 http_server_write_timeout: 600s
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000296 # -- Limits config
297 limits_config:
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000298 reject_old_samples: true
299 reject_old_samples_max_age: 168h
300 max_cache_freshness_per_query: 10m
301 split_queries_by_interval: 15m
Mohammed Naser65cda132024-05-02 14:34:08 -0400302 query_timeout: 300s
303 volume_enabled: true
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000304 # -- Provides a reloadable runtime configuration file for some specific configuration
305 runtimeConfig: {}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000306 # -- Check https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration
307 commonConfig:
308 path_prefix: /var/loki
309 replication_factor: 3
310 compactor_address: '{{ include "loki.compactorAddress" . }}'
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000311 # -- Storage config. Providing this will automatically populate all necessary storage configs in the templated config.
312 storage:
Mohammed Naser65cda132024-05-02 14:34:08 -0400313 # Loki requires a bucket for chunks and the ruler. GEL requires a third bucket for the admin API.
314 # Please provide these values if you are using object storage.
315 # bucketNames:
316 # chunks: FIXME
317 # ruler: FIXME
318 # admin: FIXME
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000319 type: s3
320 s3:
321 s3: null
322 endpoint: null
323 region: null
324 secretAccessKey: null
325 accessKeyId: null
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300326 signatureVersion: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000327 s3ForcePathStyle: false
328 insecure: false
329 http_config: {}
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300330 # -- Check https://grafana.com/docs/loki/latest/configure/#s3_storage_config for more info on how to provide a backoff_config
331 backoff_config: {}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000332 gcs:
333 chunkBufferSize: 0
334 requestTimeout: "0s"
335 enableHttp2: true
336 azure:
337 accountName: null
338 accountKey: null
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300339 connectionString: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000340 useManagedIdentity: false
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300341 useFederatedToken: false
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000342 userAssignedId: null
343 requestTimeout: null
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300344 endpointSuffix: null
345 swift:
346 auth_version: null
347 auth_url: null
348 internal: null
349 username: null
350 user_domain_name: null
351 user_domain_id: null
352 user_id: null
353 password: null
354 domain_id: null
355 domain_name: null
356 project_id: null
357 project_name: null
358 project_domain_id: null
359 project_domain_name: null
360 region_name: null
361 container_name: null
362 max_retries: null
363 connect_timeout: null
364 request_timeout: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000365 filesystem:
366 chunks_directory: /var/loki/chunks
367 rules_directory: /var/loki/rules
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000368 # -- Configure memcached as an external cache for chunk and results cache. Disabled by default
369 # must enable and specify a host for each cache you would like to use.
370 memcached:
371 chunk_cache:
372 enabled: false
373 host: ""
374 service: "memcached-client"
375 batch_size: 256
376 parallelism: 10
377 results_cache:
378 enabled: false
379 host: ""
380 service: "memcached-client"
381 timeout: "500ms"
382 default_validity: "12h"
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000383 # -- Check https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas
384 schemaConfig: {}
Mohammed Naser65cda132024-05-02 14:34:08 -0400385 # -- a real Loki install requires a proper schemaConfig defined above this, however for testing or playing around
386 # you can enable useTestSchema
387 useTestSchema: false
388 testSchemaConfig:
389 configs:
390 - from: 2024-04-01
391 store: tsdb
392 object_store: '{{ include "loki.testSchemaObjectStore" . }}'
393 schema: v13
394 index:
395 prefix: index_
396 period: 24h
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000397 # -- Check https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler
398 rulerConfig: {}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000399 # -- Structured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig`
400 structuredConfig: {}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000401 # -- Additional query scheduler config
402 query_scheduler: {}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000403 # -- Additional storage config
404 storage_config:
Mohammed Naser65cda132024-05-02 14:34:08 -0400405 boltdb_shipper:
406 index_gateway_client:
407 server_address: '{{ include "loki.indexGatewayAddress" . }}'
408 tsdb_shipper:
409 index_gateway_client:
410 server_address: '{{ include "loki.indexGatewayAddress" . }}'
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000411 hedging:
412 at: "250ms"
413 max_per_second: 20
414 up_to: 3
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000415 # -- Optional compactor configuration
416 compactor: {}
Mohammed Naser65cda132024-05-02 14:34:08 -0400417 # -- Optional pattern ingester configuration
418 pattern_ingester:
419 enabled: false
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000420 # -- Optional analytics configuration
421 analytics: {}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000422 # -- Optional querier configuration
Mohammed Naser65cda132024-05-02 14:34:08 -0400423 query_range: {}
424 # -- Optional querier configuration
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000425 querier: {}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000426 # -- Optional ingester configuration
427 ingester: {}
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300428 # -- Optional index gateway configuration
429 index_gateway:
Mohammed Naser65cda132024-05-02 14:34:08 -0400430 mode: simple
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300431 frontend:
432 scheduler_address: '{{ include "loki.querySchedulerAddress" . }}'
Mohammed Naser65cda132024-05-02 14:34:08 -0400433 tail_proxy_url: '{{ include "loki.querierAddress" . }}'
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300434 frontend_worker:
435 scheduler_address: '{{ include "loki.querySchedulerAddress" . }}'
436 # -- Optional distributor configuration
437 distributor: {}
438 # -- Enable tracing
439 tracing:
440 enabled: false
Mohammed Naser65cda132024-05-02 14:34:08 -0400441######################################################################################################################
442#
443# Enterprise Loki Configs
444#
445######################################################################################################################
446
447# -- Configuration for running Enterprise Loki
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000448enterprise:
449 # Enable enterprise features, license must be provided
450 enabled: false
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000451 # Default verion of GEL to deploy
Mohammed Naser65cda132024-05-02 14:34:08 -0400452 version: v3.0.0
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000453 # -- Optional name of the GEL cluster, otherwise will use .Release.Name
454 # The cluster name must match what is in your GEL license
455 cluster_name: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000456 # -- Grafana Enterprise Logs license
457 # In order to use Grafana Enterprise Logs features, you will need to provide
458 # the contents of your Grafana Enterprise Logs license, either by providing the
459 # contents of the license.jwt, or the name Kubernetes Secret that contains your
460 # license.jwt.
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300461 # To set the license contents, use the flag `--set-file 'enterprise.license.contents=./license.jwt'`
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000462 license:
463 contents: "NOTAVALIDLICENSE"
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000464 # -- Set to true when providing an external license
465 useExternalLicense: false
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000466 # -- Name of external license secret to use
467 externalLicenseName: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000468 # -- Name of the external config secret to use
469 externalConfigName: ""
Mohammed Naser65cda132024-05-02 14:34:08 -0400470 # -- Use GEL gateway, if false will use the default nginx gateway
471 gelGateway: true
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000472 # -- If enabled, the correct admin_client storage will be configured. If disabled while running enterprise,
473 # make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`.
474 adminApi:
475 enabled: true
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000476 # enterprise specific sections of the config.yaml file
477 config: |
478 {{- if .Values.enterprise.adminApi.enabled }}
479 {{- if or .Values.minio.enabled (eq .Values.loki.storage.type "s3") (eq .Values.loki.storage.type "gcs") (eq .Values.loki.storage.type "azure") }}
480 admin_client:
481 storage:
482 s3:
Mohammed Naser65cda132024-05-02 14:34:08 -0400483 bucket_name: admin
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000484 {{- end }}
485 {{- end }}
486 auth:
487 type: {{ .Values.enterprise.adminApi.enabled | ternary "enterprise" "trust" }}
488 auth_enabled: {{ .Values.loki.auth_enabled }}
489 cluster_name: {{ include "loki.clusterName" . }}
490 license:
491 path: /etc/loki/license/license.jwt
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000492 image:
493 # -- The Docker registry
494 registry: docker.io
495 # -- Docker image repository
496 repository: grafana/enterprise-logs
497 # -- Docker image tag
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300498 tag: null
499 # -- Overrides the image tag with an image digest
500 digest: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000501 # -- Docker image pull policy
502 pullPolicy: IfNotPresent
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000503 adminToken:
504 # -- Alternative name for admin token secret, needed by tokengen and provisioner jobs
505 secret: null
506 # -- Additional namespace to also create the token in. Useful if your Grafana instance
507 # is in a different namespace
508 additionalNamespaces: []
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000509 # -- Alternative name of the secret to store token for the canary
510 canarySecret: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000511 # -- Configuration for `tokengen` target
512 tokengen:
513 # -- Whether the job should be part of the deployment
514 enabled: true
515 # -- Comma-separated list of Loki modules to load for tokengen
516 targetModule: "tokengen"
517 # -- Additional CLI arguments for the `tokengen` target
518 extraArgs: []
519 # -- Additional Kubernetes environment
520 env: []
521 # -- Additional labels for the `tokengen` Job
522 labels: {}
523 # -- Additional annotations for the `tokengen` Job
524 annotations: {}
525 # -- Tolerations for tokengen Job
526 tolerations: []
527 # -- Additional volumes for Pods
528 extraVolumes: []
529 # -- Additional volume mounts for Pods
530 extraVolumeMounts: []
531 # -- Run containers as user `enterprise-logs(uid=10001)`
532 securityContext:
533 runAsNonRoot: true
534 runAsGroup: 10001
535 runAsUser: 10001
536 fsGroup: 10001
537 # -- Environment variables from secrets or configmaps to add to the tokengen pods
538 extraEnvFrom: []
539 # -- The name of the PriorityClass for tokengen Pods
540 priorityClassName: ""
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000541 # -- Configuration for `provisioner` target
542 provisioner:
543 # -- Whether the job should be part of the deployment
544 enabled: true
545 # -- Name of the secret to store provisioned tokens in
546 provisionedSecretPrefix: null
547 # -- Additional tenants to be created. Each tenant will get a read and write policy
548 # and associated token. Tenant must have a name and a namespace for the secret containting
549 # the token to be created in. For example
550 # additionalTenants:
551 # - name: loki
552 # secretNamespace: grafana
553 additionalTenants: []
554 # -- Additional Kubernetes environment
555 env: []
556 # -- Additional labels for the `provisioner` Job
557 labels: {}
558 # -- Additional annotations for the `provisioner` Job
559 annotations: {}
560 # -- The name of the PriorityClass for provisioner Job
561 priorityClassName: null
562 # -- Run containers as user `enterprise-logs(uid=10001)`
563 securityContext:
564 runAsNonRoot: true
565 runAsGroup: 10001
566 runAsUser: 10001
567 fsGroup: 10001
568 # -- Provisioner image to Utilize
569 image:
570 # -- The Docker registry
571 registry: docker.io
572 # -- Docker image repository
573 repository: grafana/enterprise-logs-provisioner
574 # -- Overrides the image tag whose default is the chart's appVersion
575 tag: null
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300576 # -- Overrides the image tag with an image digest
577 digest: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000578 # -- Docker image pull policy
579 pullPolicy: IfNotPresent
580 # -- Volume mounts to add to the provisioner pods
581 extraVolumeMounts: []
Mohammed Naser65cda132024-05-02 14:34:08 -0400582# -- kubetclImage is used in the enterprise provisioner and tokengen jobs
583kubectlImage:
584 # -- The Docker registry
585 registry: docker.io
586 # -- Docker image repository
587 repository: bitnami/kubectl
588 # -- Overrides the image tag whose default is the chart's appVersion
589 tag: null
590 # -- Overrides the image tag with an image digest
591 digest: null
592 # -- Docker image pull policy
593 pullPolicy: IfNotPresent
594######################################################################################################################
595#
596# Chart Testing
597#
598######################################################################################################################
599
600# -- Section for configuring optional Helm test
601test:
602 enabled: true
603 # -- Used to directly query the metrics endpoint of the canary for testing, this approach avoids needing prometheus for testing.
604 # This in a newer approach to using prometheusAddress such that tests do not have a dependency on prometheus
605 canaryServiceAddress: "http://loki-canary:3500/metrics"
606 # -- Address of the prometheus server to query for the test. This overrides any value set for canaryServiceAddress.
607 # This is kept for backward compatibility and may be removed in future releases. Previous value was 'http://prometheus:9090'
608 prometheusAddress: ""
609 # -- Number of times to retry the test before failing
610 timeout: 1m
611 # -- Additional labels for the test pods
612 labels: {}
613 # -- Additional annotations for test pods
614 annotations: {}
615 # -- Image to use for loki canary
616 image:
617 # -- The Docker registry
618 registry: docker.io
619 # -- Docker image repository
620 repository: grafana/loki-helm-test
621 # -- Overrides the image tag whose default is the chart's appVersion
622 tag: "ewelch-distributed-helm-chart-17db5ee"
623 # -- Overrides the image tag with an image digest
624 digest: null
625 # -- Docker image pull policy
626 pullPolicy: IfNotPresent
627# The Loki canary pushes logs to and queries from this loki installation to test
628# that it's working correctly
629lokiCanary:
630 enabled: true
631 # -- If true, the canary will send directly to Loki via the address configured for verification --
632 # -- If false, it will write to stdout and an Agent will be needed to scrape and send the logs --
633 push: true
634 # -- The name of the label to look for at loki when doing the checks.
635 labelname: pod
636 # -- Additional annotations for the `loki-canary` Daemonset
637 annotations: {}
638 # -- Additional labels for each `loki-canary` pod
639 podLabels: {}
640 service:
641 # -- Annotations for loki-canary Service
642 annotations: {}
643 # -- Additional labels for loki-canary Service
644 labels: {}
645 # -- Additional CLI arguments for the `loki-canary' command
646 extraArgs: []
647 # -- Environment variables to add to the canary pods
648 extraEnv: []
649 # -- Environment variables from secrets or configmaps to add to the canary pods
650 extraEnvFrom: []
651 # -- Volume mounts to add to the canary pods
652 extraVolumeMounts: []
653 # -- Volumes to add to the canary pods
654 extraVolumes: []
655 # -- Resource requests and limits for the canary
656 resources: {}
657 # -- DNS config for canary pods
658 dnsConfig: {}
659 # -- Node selector for canary pods
660 nodeSelector: {}
661 # -- Tolerations for canary pods
662 tolerations: []
663 # -- The name of the PriorityClass for loki-canary pods
664 priorityClassName: null
665 # -- Image to use for loki canary
666 image:
667 # -- The Docker registry
668 registry: docker.io
669 # -- Docker image repository
670 repository: grafana/loki-canary
671 # -- Overrides the image tag whose default is the chart's appVersion
672 tag: null
673 # -- Overrides the image tag with an image digest
674 digest: null
675 # -- Docker image pull policy
676 pullPolicy: IfNotPresent
677 # -- Update strategy for the `loki-canary` Daemonset pods
678 updateStrategy:
679 type: RollingUpdate
680 rollingUpdate:
681 maxUnavailable: 1
682######################################################################################################################
683#
684# Service Accounts and Kubernetes RBAC
685#
686######################################################################################################################
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000687serviceAccount:
688 # -- Specifies whether a ServiceAccount should be created
689 create: true
690 # -- The name of the ServiceAccount to use.
691 # If not set and create is true, a name is generated using the fullname template
692 name: null
693 # -- Image pull secrets for the service account
694 imagePullSecrets: []
695 # -- Annotations for the service account
696 annotations: {}
697 # -- Labels for the service account
698 labels: {}
699 # -- Set this toggle to false to opt out of automounting API credentials for the service account
700 automountServiceAccountToken: true
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000701# RBAC configuration
702rbac:
703 # -- If pspEnabled true, a PodSecurityPolicy is created for K8s that use psp.
704 pspEnabled: false
705 # -- For OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints.
706 sccEnabled: false
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300707 # -- Specify PSP annotations
708 # Ref: https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/#podsecuritypolicy-annotations
709 pspAnnotations: {}
710 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
711 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
712 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
713 # -- Whether to install RBAC in the namespace only or cluster-wide. Useful if you want to watch ConfigMap globally.
714 namespaced: false
Mohammed Naser65cda132024-05-02 14:34:08 -0400715######################################################################################################################
716#
717# Network Policy configuration
718#
719######################################################################################################################
720networkPolicy:
721 # -- Specifies whether Network Policies should be created
722 enabled: false
723 # -- Specifies whether the policies created will be standard Network Policies (flavor: kubernetes)
724 # or Cilium Network Policies (flavor: cilium)
725 flavor: kubernetes
726 metrics:
727 # -- Specifies the Pods which are allowed to access the metrics port.
728 # As this is cross-namespace communication, you also need the namespaceSelector.
729 podSelector: {}
730 # -- Specifies the namespaces which are allowed to access the metrics port
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000731 namespaceSelector: {}
Mohammed Naser65cda132024-05-02 14:34:08 -0400732 # -- Specifies specific network CIDRs which are allowed to access the metrics port.
733 # In case you use namespaceSelector, you also have to specify your kubelet networks here.
734 # The metrics ports are also used for probes.
735 cidrs: []
736 ingress:
737 # -- Specifies the Pods which are allowed to access the http port.
738 # As this is cross-namespace communication, you also need the namespaceSelector.
739 podSelector: {}
740 # -- Specifies the namespaces which are allowed to access the http port
741 namespaceSelector: {}
742 alertmanager:
743 # -- Specify the alertmanager port used for alerting
744 port: 9093
745 # -- Specifies the alertmanager Pods.
746 # As this is cross-namespace communication, you also need the namespaceSelector.
747 podSelector: {}
748 # -- Specifies the namespace the alertmanager is running in
749 namespaceSelector: {}
750 externalStorage:
751 # -- Specify the port used for external storage, e.g. AWS S3
752 ports: []
753 # -- Specifies specific network CIDRs you want to limit access to
754 cidrs: []
755 discovery:
756 # -- (int) Specify the port used for discovery
757 port: null
758 # -- Specifies the Pods labels used for discovery.
759 # As this is cross-namespace communication, you also need the namespaceSelector.
760 podSelector: {}
761 # -- Specifies the namespace the discovery Pods are running in
762 namespaceSelector: {}
763 egressWorld:
764 # -- Enable additional cilium egress rules to external world for write, read and backend.
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300765 enabled: false
Mohammed Naser65cda132024-05-02 14:34:08 -0400766 egressKubeApiserver:
767 # -- Enable additional cilium egress rules to kube-apiserver for backend.
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000768 enabled: false
Mohammed Naser65cda132024-05-02 14:34:08 -0400769######################################################################################################################
770#
771# Global memberlist configuration
772#
773######################################################################################################################
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000774
775# Configuration for the memberlist service
776memberlist:
777 service:
778 publishNotReadyAddresses: false
Mohammed Naser65cda132024-05-02 14:34:08 -0400779######################################################################################################################
780#
781# adminAPI configuration, enterprise only.
782#
783######################################################################################################################
784
785# -- Configuration for the `admin-api` target
786adminApi:
787 # -- Define the amount of instances
788 replicas: 1
789 # -- hostAliases to add
790 hostAliases: []
791 # - ip: 1.2.3.4
792 # hostnames:
793 # - domain.tld
794 # -- Additional CLI arguments for the `admin-api` target
795 extraArgs: {}
796 # -- Additional labels for the `admin-api` Deployment
797 labels: {}
798 # -- Additional annotations for the `admin-api` Deployment
799 annotations: {}
800 # -- Additional labels and annotations for the `admin-api` Service
801 service:
802 labels: {}
803 annotations: {}
804 # -- Run container as user `enterprise-logs(uid=10001)`
805 # `fsGroup` must not be specified, because these security options are applied
806 # on container level not on Pod level.
807 podSecurityContext:
808 runAsNonRoot: true
809 runAsGroup: 10001
810 runAsUser: 10001
811 containerSecurityContext:
812 readOnlyRootFilesystem: true
813 capabilities:
814 drop:
815 - ALL
816 allowPrivilegeEscalation: false
817 # -- Update strategy
818 strategy:
819 type: RollingUpdate
820 # -- Readiness probe
821 readinessProbe:
822 httpGet:
823 path: /ready
824 port: http-metrics
825 initialDelaySeconds: 45
826 # -- Request and limit Kubernetes resources
827 # -- Values are defined in small.yaml and large.yaml
828 resources: {}
829 # -- Configure optional environment variables
830 env: []
831 # -- Configure optional initContainers
832 initContainers: []
833 # -- Conifgure optional extraContainers
834 extraContainers: []
835 # -- Additional volumes for Pods
836 extraVolumes: []
837 # -- Additional volume mounts for Pods
838 extraVolumeMounts: []
839 # -- Affinity for admin-api Pods
840 affinity: {}
841 # -- Node selector for admin-api Pods
842 nodeSelector: {}
843 # -- Tolerations for admin-api Pods
844 tolerations: []
845 # -- Grace period to allow the admin-api to shutdown before it is killed
846 terminationGracePeriodSeconds: 60
847
848
849######################################################################################################################
850#
851# Gateway and Ingress
852#
853# By default this chart will deploy a Nginx container to act as a gateway which handles routing of traffic
854# and can also do auth.
855#
856# If you would prefer you can optionally disable this and enable using k8s ingress to do the incoming routing.
857#
858######################################################################################################################
859
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000860# Configuration for the gateway
861gateway:
862 # -- Specifies whether the gateway should be enabled
863 enabled: true
864 # -- Number of replicas for the gateway
865 replicas: 1
866 # -- Enable logging of 2xx and 3xx HTTP requests
867 verboseLogging: true
868 autoscaling:
869 # -- Enable autoscaling for the gateway
870 enabled: false
871 # -- Minimum autoscaling replicas for the gateway
872 minReplicas: 1
873 # -- Maximum autoscaling replicas for the gateway
874 maxReplicas: 3
875 # -- Target CPU utilisation percentage for the gateway
876 targetCPUUtilizationPercentage: 60
877 # -- Target memory utilisation percentage for the gateway
878 targetMemoryUtilizationPercentage:
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300879 # -- See `kubectl explain deployment.spec.strategy` for more
880 # -- ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
881 # -- Behavior policies while scaling.
882 behavior: {}
883 # scaleUp:
884 # stabilizationWindowSeconds: 300
885 # policies:
886 # - type: Pods
887 # value: 1
888 # periodSeconds: 60
889 # scaleDown:
890 # stabilizationWindowSeconds: 300
891 # policies:
892 # - type: Pods
893 # value: 1
894 # periodSeconds: 180
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000895 deploymentStrategy:
896 type: RollingUpdate
897 image:
898 # -- The Docker registry for the gateway image
899 registry: docker.io
900 # -- The gateway image repository
901 repository: nginxinc/nginx-unprivileged
902 # -- The gateway image tag
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300903 tag: 1.24-alpine
904 # -- Overrides the gateway image tag with an image digest
905 digest: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000906 # -- The gateway image pull policy
907 pullPolicy: IfNotPresent
908 # -- The name of the PriorityClass for gateway pods
909 priorityClassName: null
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300910 # -- Annotations for gateway deployment
911 annotations: {}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000912 # -- Annotations for gateway pods
913 podAnnotations: {}
914 # -- Additional labels for gateway pods
915 podLabels: {}
916 # -- Additional CLI args for the gateway
917 extraArgs: []
918 # -- Environment variables to add to the gateway pods
919 extraEnv: []
920 # -- Environment variables from secrets or configmaps to add to the gateway pods
921 extraEnvFrom: []
922 # -- Lifecycle for the gateway container
923 lifecycle: {}
924 # -- Volumes to add to the gateway pods
925 extraVolumes: []
926 # -- Volume mounts to add to the gateway pods
927 extraVolumeMounts: []
928 # -- The SecurityContext for gateway containers
929 podSecurityContext:
930 fsGroup: 101
931 runAsGroup: 101
932 runAsNonRoot: true
933 runAsUser: 101
934 # -- The SecurityContext for gateway containers
935 containerSecurityContext:
936 readOnlyRootFilesystem: true
937 capabilities:
938 drop:
939 - ALL
940 allowPrivilegeEscalation: false
941 # -- Resource requests and limits for the gateway
942 resources: {}
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300943 # -- Containers to add to the gateway pods
944 extraContainers: []
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000945 # -- Grace period to allow the gateway to shutdown before it is killed
946 terminationGracePeriodSeconds: 30
Mohammed Naser65cda132024-05-02 14:34:08 -0400947 # -- Affinity for gateway pods.
948 # @default -- Hard node anti-affinity
949 affinity:
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000950 podAntiAffinity:
951 requiredDuringSchedulingIgnoredDuringExecution:
952 - labelSelector:
953 matchLabels:
Mohammed Naser65cda132024-05-02 14:34:08 -0400954 app.kubernetes.io/component: gateway
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000955 topologyKey: kubernetes.io/hostname
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300956 # -- DNS config for gateway pods
957 dnsConfig: {}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000958 # -- Node selector for gateway pods
959 nodeSelector: {}
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300960 # -- Topology Spread Constraints for gateway pods
961 topologySpreadConstraints: []
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000962 # -- Tolerations for gateway pods
963 tolerations: []
964 # Gateway service configuration
965 service:
966 # -- Port of the gateway service
967 port: 80
968 # -- Type of the gateway service
969 type: ClusterIP
970 # -- ClusterIP of the gateway service
971 clusterIP: null
972 # -- (int) Node port if service type is NodePort
973 nodePort: null
974 # -- Load balancer IPO address if service type is LoadBalancer
975 loadBalancerIP: null
976 # -- Annotations for the gateway service
977 annotations: {}
978 # -- Labels for gateway service
979 labels: {}
980 # Gateway ingress configuration
981 ingress:
982 # -- Specifies whether an ingress for the gateway should be created
983 enabled: false
984 # -- Ingress Class Name. MAY be required for Kubernetes versions >= 1.18
985 ingressClassName: ""
986 # -- Annotations for the gateway ingress
987 annotations: {}
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300988 # -- Labels for the gateway ingress
989 labels: {}
990 # -- Hosts configuration for the gateway ingress, passed through the `tpl` function to allow templating
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000991 hosts:
992 - host: gateway.loki.example.com
993 paths:
994 - path: /
995 # -- pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers
996 # pathType: Prefix
Giovanni Tirloni59219b62024-04-09 14:50:25 -0300997 # -- TLS configuration for the gateway ingress. Hosts passed through the `tpl` function to allow templating
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000998 tls:
999 - secretName: loki-gateway-tls
1000 hosts:
1001 - gateway.loki.example.com
1002 # Basic auth configuration
1003 basicAuth:
1004 # -- Enables basic authentication for the gateway
1005 enabled: false
1006 # -- The basic auth username for the gateway
1007 username: null
1008 # -- The basic auth password for the gateway
1009 password: null
Giovanni Tirloni59219b62024-04-09 14:50:25 -03001010 # -- Uses the specified users from the `loki.tenants` list to create the htpasswd file
1011 # if `loki.tenants` is not set, the `gateway.basicAuth.username` and `gateway.basicAuth.password` are used
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +00001012 # The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes
1013 # high CPU load.
1014 htpasswd: >-
Giovanni Tirloni59219b62024-04-09 14:50:25 -03001015 {{ if .Values.loki.tenants }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +00001016
Mohammed Naser65cda132024-05-02 14:34:08 -04001017
Giovanni Tirloni59219b62024-04-09 14:50:25 -03001018 {{- range $t := .Values.loki.tenants }}
1019 {{ htpasswd (required "All tenants must have a 'name' set" $t.name) (required "All tenants must have a 'password' set" $t.password) }}
1020
Mohammed Naser65cda132024-05-02 14:34:08 -04001021
Giovanni Tirloni59219b62024-04-09 14:50:25 -03001022 {{- end }}
1023 {{ else }} {{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }} {{ end }}
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +00001024 # -- Existing basic auth secret to use. Must contain '.htpasswd'
1025 existingSecret: null
1026 # Configures the readiness probe for the gateway
1027 readinessProbe:
1028 httpGet:
1029 path: /
Mohammed Naser65cda132024-05-02 14:34:08 -04001030 port: http-metrics
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +00001031 initialDelaySeconds: 15
1032 timeoutSeconds: 1
1033 nginxConfig:
Mohammed Naser65cda132024-05-02 14:34:08 -04001034 # -- Which schema to be used when building URLs. Can be 'http' or 'https'.
1035 schema: http
Giovanni Tirloni59219b62024-04-09 14:50:25 -03001036 # -- Enable listener for IPv6, disable on IPv4-only systems
1037 enableIPv6: true
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +00001038 # -- NGINX log format
1039 logFormat: |-
1040 main '$remote_addr - $remote_user [$time_local] $status '
1041 '"$request" $body_bytes_sent "$http_referer" '
1042 '"$http_user_agent" "$http_x_forwarded_for"';
1043 # -- Allows appending custom configuration to the server block
1044 serverSnippet: ""
Giovanni Tirloni59219b62024-04-09 14:50:25 -03001045 # -- Allows appending custom configuration to the http block, passed through the `tpl` function to allow templating
1046 httpSnippet: >-
1047 {{ if .Values.loki.tenants }}proxy_set_header X-Scope-OrgID $remote_user;{{ end }}
Mohammed Naser65cda132024-05-02 14:34:08 -04001048 # -- Whether ssl should be appended to the listen directive of the server block or not.
1049 ssl: false
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +00001050 # -- Override Read URL
1051 customReadUrl: null
1052 # -- Override Write URL
1053 customWriteUrl: null
1054 # -- Override Backend URL
1055 customBackendUrl: null
Giovanni Tirloni59219b62024-04-09 14:50:25 -03001056 # -- Allows overriding the DNS resolver address nginx will use.
1057 resolver: ""
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +00001058 # -- Config file contents for Nginx. Passed through the `tpl` function to allow templating
1059 # @default -- See values.yaml
1060 file: |
1061 {{- include "loki.nginxFile" . | indent 2 -}}
Mohammed Naser65cda132024-05-02 14:34:08 -04001062# -- If running enterprise and using the default enterprise gateway, configs go here.
1063enterpriseGateway:
1064 # -- Define the amount of instances
1065 replicas: 1
1066 # -- hostAliases to add
1067 hostAliases: []
1068 # - ip: 1.2.3.4
1069 # hostnames:
1070 # - domain.tld
1071 # -- Additional CLI arguments for the `gateway` target
1072 extraArgs: {}
1073 # -- Additional labels for the `gateway` Pod
1074 labels: {}
1075 # -- Additional annotations for the `gateway` Pod
1076 annotations: {}
1077 # -- Additional labels and annotations for the `gateway` Service
1078 # -- Service overriding service type
1079 service:
1080 type: ClusterIP
1081 labels: {}
1082 annotations: {}
1083 # -- Run container as user `enterprise-logs(uid=10001)`
1084 podSecurityContext:
1085 runAsNonRoot: true
1086 runAsGroup: 10001
1087 runAsUser: 10001
1088 fsGroup: 10001
1089 containerSecurityContext:
1090 readOnlyRootFilesystem: true
1091 capabilities:
1092 drop:
1093 - ALL
1094 allowPrivilegeEscalation: false
1095 # -- If you want to use your own proxy URLs, set this to false.
1096 useDefaultProxyURLs: true
1097 # -- update strategy
1098 strategy:
1099 type: RollingUpdate
1100 # -- Readiness probe
1101 readinessProbe:
1102 httpGet:
1103 path: /ready
1104 port: http-metrics
1105 initialDelaySeconds: 45
1106 # -- Request and limit Kubernetes resources
1107 # -- Values are defined in small.yaml and large.yaml
1108 resources: {}
1109 # -- Configure optional environment variables
1110 env: []
1111 # -- Configure optional initContainers
1112 initContainers: []
1113 # -- Conifgure optional extraContainers
1114 extraContainers: []
1115 # -- Additional volumes for Pods
1116 extraVolumes: []
1117 # -- Additional volume mounts for Pods
1118 extraVolumeMounts: []
1119 # -- Affinity for gateway Pods
1120 affinity: {}
1121 # -- Node selector for gateway Pods
1122 nodeSelector: {}
1123 # -- Tolerations for gateway Pods
1124 tolerations: []
1125 # -- Grace period to allow the gateway to shutdown before it is killed
1126 terminationGracePeriodSeconds: 60
1127# -- Ingress configuration Use either this ingress or the gateway, but not both at once.
1128# If you enable this, make sure to disable the gateway.
1129# You'll need to supply authn configuration for your ingress controller.
1130ingress:
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +00001131 enabled: false
Mohammed Naser65cda132024-05-02 14:34:08 -04001132 ingressClassName: ""
1133 annotations: {}
1134 # nginx.ingress.kubernetes.io/auth-type: basic
1135 # nginx.ingress.kubernetes.io/auth-secret: loki-distributed-basic-auth
1136 # nginx.ingress.kubernetes.io/auth-secret-type: auth-map
1137 # nginx.ingress.kubernetes.io/configuration-snippet: |
1138 # proxy_set_header X-Scope-OrgID $remote_user;
1139 labels: {}
1140 # blackbox.monitoring.exclude: "true"
1141 paths:
1142 write:
1143 - /api/prom/push
1144 - /loki/api/v1/push
1145 read:
1146 - /api/prom/tail
1147 - /loki/api/v1/tail
1148 - /loki/api
1149 - /api/prom/rules
1150 - /loki/api/v1/rules
1151 - /prometheus/api/v1/rules
1152 - /prometheus/api/v1/alerts
1153 singleBinary:
1154 - /api/prom/push
1155 - /loki/api/v1/push
1156 - /api/prom/tail
1157 - /loki/api/v1/tail
1158 - /loki/api
1159 - /api/prom/rules
1160 - /loki/api/v1/rules
1161 - /prometheus/api/v1/rules
1162 - /prometheus/api/v1/alerts
1163 # -- Hosts configuration for the ingress, passed through the `tpl` function to allow templating
1164 hosts:
1165 - loki.example.com
1166 # -- TLS configuration for the ingress. Hosts passed through the `tpl` function to allow templating
1167 tls: []
1168# - hosts:
1169# - loki.example.com
1170# secretName: loki-distributed-tls
1171
1172######################################################################################################################
1173#
1174# Migration
1175#
1176######################################################################################################################
1177
1178# -- Options that may be necessary when performing a migration from another helm chart
1179migrate:
1180 # -- When migrating from a distributed chart like loki-distributed or enterprise-logs
1181 fromDistributed:
1182 # -- Set to true if migrating from a distributed helm chart
Giovanni Tirloni59219b62024-04-09 14:50:25 -03001183 enabled: false
Mohammed Naser65cda132024-05-02 14:34:08 -04001184 # -- If migrating from a distributed service, provide the distributed deployment's
1185 # memberlist service DNS so the new deployment can join its ring.
1186 memberlistService: ""
1187
1188######################################################################################################################
1189#
1190# Single Binary Deployment
1191#
1192# For small Loki installations up to a few 10's of GB per day, or for testing and development.
1193#
1194######################################################################################################################
1195
1196# Configuration for the single binary node(s)
1197singleBinary:
1198 # -- Number of replicas for the single binary
1199 replicas: 0
1200 autoscaling:
1201 # -- Enable autoscaling
Giovanni Tirloni59219b62024-04-09 14:50:25 -03001202 enabled: false
Mohammed Naser65cda132024-05-02 14:34:08 -04001203 # -- Minimum autoscaling replicas for the single binary
1204 minReplicas: 1
1205 # -- Maximum autoscaling replicas for the single binary
1206 maxReplicas: 3
1207 # -- Target CPU utilisation percentage for the single binary
1208 targetCPUUtilizationPercentage: 60
1209 # -- Target memory utilisation percentage for the single binary
1210 targetMemoryUtilizationPercentage:
1211 image:
1212 # -- The Docker registry for the single binary image. Overrides `loki.image.registry`
1213 registry: null
1214 # -- Docker image repository for the single binary image. Overrides `loki.image.repository`
1215 repository: null
1216 # -- Docker image tag for the single binary image. Overrides `loki.image.tag`
1217 tag: null
1218 # -- The name of the PriorityClass for single binary pods
1219 priorityClassName: null
1220 # -- Annotations for single binary StatefulSet
1221 annotations: {}
1222 # -- Annotations for single binary pods
1223 podAnnotations: {}
1224 # -- Additional labels for each `single binary` pod
1225 podLabels: {}
1226 # -- Additional selector labels for each `single binary` pod
1227 selectorLabels: {}
1228 service:
1229 # -- Annotations for single binary Service
1230 annotations: {}
1231 # -- Additional labels for single binary Service
1232 labels: {}
1233 # -- Comma-separated list of Loki modules to load for the single binary
1234 targetModule: "all"
1235 # -- Labels for single binary service
1236 extraArgs: []
1237 # -- Environment variables to add to the single binary pods
1238 extraEnv: []
1239 # -- Environment variables from secrets or configmaps to add to the single binary pods
1240 extraEnvFrom: []
1241 # -- Extra containers to add to the single binary loki pod
1242 extraContainers: []
1243 # -- Init containers to add to the single binary pods
1244 initContainers: []
1245 # -- Volume mounts to add to the single binary pods
1246 extraVolumeMounts: []
1247 # -- Volumes to add to the single binary pods
1248 extraVolumes: []
1249 # -- Resource requests and limits for the single binary
1250 resources: {}
1251 # -- Grace period to allow the single binary to shutdown before it is killed
1252 terminationGracePeriodSeconds: 30
1253 # -- Affinity for single binary pods.
1254 # @default -- Hard node anti-affinity
1255 affinity:
1256 podAntiAffinity:
1257 requiredDuringSchedulingIgnoredDuringExecution:
1258 - labelSelector:
1259 matchLabels:
1260 app.kubernetes.io/component: single-binary
1261 topologyKey: kubernetes.io/hostname
1262 # -- DNS config for single binary pods
1263 dnsConfig: {}
1264 # -- Node selector for single binary pods
1265 nodeSelector: {}
1266 # -- Tolerations for single binary pods
1267 tolerations: []
1268 persistence:
1269 # -- Enable StatefulSetAutoDeletePVC feature
1270 enableStatefulSetAutoDeletePVC: true
1271 # -- Enable persistent disk
1272 enabled: true
1273 # -- Size of persistent disk
1274 size: 10Gi
1275 # -- Storage class to be used.
1276 # If defined, storageClassName: <storageClass>.
1277 # If set to "-", storageClassName: "", which disables dynamic provisioning.
1278 # If empty or set to null, no storageClassName spec is
1279 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
1280 storageClass: null
1281 # -- Selector for persistent disk
1282 selector: null
1283######################################################################################################################
1284#
1285# Simple Scalable Deployment (SSD) Mode
1286#
1287# For small to medium size Loki deployments up to around 1 TB/day, this is the default mode for this helm chart
1288#
1289######################################################################################################################
1290
1291# Configuration for the write pod(s)
1292write:
1293 # -- Number of replicas for the write
1294 replicas: 3
1295 autoscaling:
1296 # -- Enable autoscaling for the write.
1297 enabled: false
1298 # -- Minimum autoscaling replicas for the write.
1299 minReplicas: 2
1300 # -- Maximum autoscaling replicas for the write.
1301 maxReplicas: 6
1302 # -- Target CPU utilisation percentage for the write.
1303 targetCPUUtilizationPercentage: 60
1304 # -- Target memory utilization percentage for the write.
1305 targetMemoryUtilizationPercentage:
1306 # -- Behavior policies while scaling.
1307 behavior:
1308 # -- see https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown for scaledown details
1309 scaleUp:
1310 policies:
1311 - type: Pods
1312 value: 1
1313 periodSeconds: 900
1314 scaleDown:
1315 policies:
1316 - type: Pods
1317 value: 1
1318 periodSeconds: 1800
1319 stabilizationWindowSeconds: 3600
1320 image:
1321 # -- The Docker registry for the write image. Overrides `loki.image.registry`
1322 registry: null
1323 # -- Docker image repository for the write image. Overrides `loki.image.repository`
1324 repository: null
1325 # -- Docker image tag for the write image. Overrides `loki.image.tag`
1326 tag: null
1327 # -- The name of the PriorityClass for write pods
1328 priorityClassName: null
1329 # -- Annotations for write StatefulSet
1330 annotations: {}
1331 # -- Annotations for write pods
1332 podAnnotations: {}
1333 # -- Additional labels for each `write` pod
1334 podLabels: {}
1335 # -- Additional selector labels for each `write` pod
1336 selectorLabels: {}
1337 service:
1338 # -- Annotations for write Service
1339 annotations: {}
1340 # -- Additional labels for write Service
1341 labels: {}
1342 # -- Comma-separated list of Loki modules to load for the write
1343 targetModule: "write"
1344 # -- Additional CLI args for the write
1345 extraArgs: []
1346 # -- Environment variables to add to the write pods
1347 extraEnv: []
1348 # -- Environment variables from secrets or configmaps to add to the write pods
1349 extraEnvFrom: []
1350 # -- Lifecycle for the write container
1351 lifecycle: {}
1352 # -- The default /flush_shutdown preStop hook is recommended as part of the ingester
1353 # scaledown process so it's added to the template by default when autoscaling is enabled,
1354 # but it's disabled to optimize rolling restarts in instances that will never be scaled
1355 # down or when using chunks storage with WAL disabled.
1356 # https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown
1357 # -- Init containers to add to the write pods
1358 initContainers: []
1359 # -- Containers to add to the write pods
1360 extraContainers: []
1361 # -- Volume mounts to add to the write pods
1362 extraVolumeMounts: []
1363 # -- Volumes to add to the write pods
1364 extraVolumes: []
1365 # -- volumeClaimTemplates to add to StatefulSet
1366 extraVolumeClaimTemplates: []
1367 # -- Resource requests and limits for the write
1368 resources: {}
1369 # -- Grace period to allow the write to shutdown before it is killed. Especially for the ingester,
1370 # this must be increased. It must be long enough so writes can be gracefully shutdown flushing/transferring
1371 # all data and to successfully leave the member ring on shutdown.
1372 terminationGracePeriodSeconds: 300
1373 # -- Affinity for write pods.
1374 # @default -- Hard node anti-affinity
1375 affinity:
1376 podAntiAffinity:
1377 requiredDuringSchedulingIgnoredDuringExecution:
1378 - labelSelector:
1379 matchLabels:
1380 app.kubernetes.io/component: write
1381 topologyKey: kubernetes.io/hostname
1382 # -- DNS config for write pods
1383 dnsConfig: {}
1384 # -- Node selector for write pods
1385 nodeSelector: {}
1386 # -- Topology Spread Constraints for write pods
1387 topologySpreadConstraints: []
1388 # -- Tolerations for write pods
1389 tolerations: []
1390 # -- The default is to deploy all pods in parallel.
1391 podManagementPolicy: "Parallel"
1392 persistence:
1393 # -- Enable volume claims in pod spec
1394 volumeClaimsEnabled: true
1395 # -- Parameters used for the `data` volume when volumeClaimEnabled if false
1396 dataVolumeParameters:
1397 emptyDir: {}
1398 # -- Enable StatefulSetAutoDeletePVC feature
1399 enableStatefulSetAutoDeletePVC: false
1400 # -- Size of persistent disk
1401 size: 10Gi
1402 # -- Storage class to be used.
1403 # If defined, storageClassName: <storageClass>.
1404 # If set to "-", storageClassName: "", which disables dynamic provisioning.
1405 # If empty or set to null, no storageClassName spec is
1406 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
1407 storageClass: null
1408 # -- Selector for persistent disk
1409 selector: null
1410# -- Configuration for the read pod(s)
1411read:
1412 # -- Number of replicas for the read
1413 replicas: 3
1414 autoscaling:
1415 # -- Enable autoscaling for the read, this is only used if `queryIndex.enabled: true`
1416 enabled: false
1417 # -- Minimum autoscaling replicas for the read
1418 minReplicas: 2
1419 # -- Maximum autoscaling replicas for the read
1420 maxReplicas: 6
1421 # -- Target CPU utilisation percentage for the read
1422 targetCPUUtilizationPercentage: 60
1423 # -- Target memory utilisation percentage for the read
1424 targetMemoryUtilizationPercentage:
1425 # -- Behavior policies while scaling.
1426 behavior: {}
1427 # scaleUp:
1428 # stabilizationWindowSeconds: 300
1429 # policies:
1430 # - type: Pods
1431 # value: 1
1432 # periodSeconds: 60
1433 # scaleDown:
1434 # stabilizationWindowSeconds: 300
1435 # policies:
1436 # - type: Pods
1437 # value: 1
1438 # periodSeconds: 180
1439 image:
1440 # -- The Docker registry for the read image. Overrides `loki.image.registry`
1441 registry: null
1442 # -- Docker image repository for the read image. Overrides `loki.image.repository`
1443 repository: null
1444 # -- Docker image tag for the read image. Overrides `loki.image.tag`
1445 tag: null
1446 # -- The name of the PriorityClass for read pods
1447 priorityClassName: null
1448 # -- Annotations for read deployment
1449 annotations: {}
1450 # -- Annotations for read pods
1451 podAnnotations: {}
1452 # -- Additional labels for each `read` pod
1453 podLabels: {}
1454 # -- Additional selector labels for each `read` pod
1455 selectorLabels: {}
1456 service:
1457 # -- Annotations for read Service
1458 annotations: {}
1459 # -- Additional labels for read Service
1460 labels: {}
1461 # -- Comma-separated list of Loki modules to load for the read
1462 targetModule: "read"
1463 # -- Whether or not to use the 2 target type simple scalable mode (read, write) or the
1464 # 3 target type (read, write, backend). Legacy refers to the 2 target type, so true will
1465 # run two targets, false will run 3 targets.
1466 legacyReadTarget: false
1467 # -- Additional CLI args for the read
1468 extraArgs: []
1469 # -- Containers to add to the read pods
1470 extraContainers: []
1471 # -- Environment variables to add to the read pods
1472 extraEnv: []
1473 # -- Environment variables from secrets or configmaps to add to the read pods
1474 extraEnvFrom: []
1475 # -- Lifecycle for the read container
1476 lifecycle: {}
1477 # -- Volume mounts to add to the read pods
1478 extraVolumeMounts: []
1479 # -- Volumes to add to the read pods
1480 extraVolumes: []
1481 # -- Resource requests and limits for the read
1482 resources: {}
1483 # -- Grace period to allow the read to shutdown before it is killed
1484 terminationGracePeriodSeconds: 30
1485 # -- Affinity for read pods.
1486 # @default -- Hard node anti-affinity
1487 affinity:
1488 podAntiAffinity:
1489 requiredDuringSchedulingIgnoredDuringExecution:
1490 - labelSelector:
1491 matchLabels:
1492 app.kubernetes.io/component: read
1493 topologyKey: kubernetes.io/hostname
1494 # -- DNS config for read pods
1495 dnsConfig: {}
1496 # -- Node selector for read pods
1497 nodeSelector: {}
1498 # -- Topology Spread Constraints for read pods
1499 topologySpreadConstraints: []
1500 # -- Tolerations for read pods
1501 tolerations: []
1502 # -- The default is to deploy all pods in parallel.
1503 podManagementPolicy: "Parallel"
1504 persistence:
1505 # -- Enable StatefulSetAutoDeletePVC feature
1506 enableStatefulSetAutoDeletePVC: true
1507 # -- Size of persistent disk
1508 size: 10Gi
1509 # -- Storage class to be used.
1510 # If defined, storageClassName: <storageClass>.
1511 # If set to "-", storageClassName: "", which disables dynamic provisioning.
1512 # If empty or set to null, no storageClassName spec is
1513 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
1514 storageClass: null
1515 # -- Selector for persistent disk
1516 selector: null
1517# -- Configuration for the backend pod(s)
1518backend:
1519 # -- Number of replicas for the backend
1520 replicas: 3
1521 autoscaling:
1522 # -- Enable autoscaling for the backend.
1523 enabled: false
1524 # -- Minimum autoscaling replicas for the backend.
1525 minReplicas: 3
1526 # -- Maximum autoscaling replicas for the backend.
1527 maxReplicas: 6
1528 # -- Target CPU utilization percentage for the backend.
1529 targetCPUUtilizationPercentage: 60
1530 # -- Target memory utilization percentage for the backend.
1531 targetMemoryUtilizationPercentage:
1532 # -- Behavior policies while scaling.
1533 behavior: {}
1534 # scaleUp:
1535 # stabilizationWindowSeconds: 300
1536 # policies:
1537 # - type: Pods
1538 # value: 1
1539 # periodSeconds: 60
1540 # scaleDown:
1541 # stabilizationWindowSeconds: 300
1542 # policies:
1543 # - type: Pods
1544 # value: 1
1545 # periodSeconds: 180
1546 image:
1547 # -- The Docker registry for the backend image. Overrides `loki.image.registry`
1548 registry: null
1549 # -- Docker image repository for the backend image. Overrides `loki.image.repository`
1550 repository: null
1551 # -- Docker image tag for the backend image. Overrides `loki.image.tag`
1552 tag: null
1553 # -- The name of the PriorityClass for backend pods
1554 priorityClassName: null
1555 # -- Annotations for backend StatefulSet
1556 annotations: {}
1557 # -- Annotations for backend pods
1558 podAnnotations: {}
1559 # -- Additional labels for each `backend` pod
1560 podLabels: {}
1561 # -- Additional selector labels for each `backend` pod
1562 selectorLabels: {}
1563 service:
1564 # -- Annotations for backend Service
1565 annotations: {}
1566 # -- Additional labels for backend Service
1567 labels: {}
1568 # -- Comma-separated list of Loki modules to load for the read
1569 targetModule: "backend"
1570 # -- Additional CLI args for the backend
1571 extraArgs: []
1572 # -- Environment variables to add to the backend pods
1573 extraEnv: []
1574 # -- Environment variables from secrets or configmaps to add to the backend pods
1575 extraEnvFrom: []
1576 # -- Init containers to add to the backend pods
1577 initContainers: []
1578 # -- Volume mounts to add to the backend pods
1579 extraVolumeMounts: []
1580 # -- Volumes to add to the backend pods
1581 extraVolumes: []
1582 # -- Resource requests and limits for the backend
1583 resources: {}
1584 # -- Grace period to allow the backend to shutdown before it is killed. Especially for the ingester,
1585 # this must be increased. It must be long enough so backends can be gracefully shutdown flushing/transferring
1586 # all data and to successfully leave the member ring on shutdown.
1587 terminationGracePeriodSeconds: 300
1588 # -- Affinity for backend pods.
1589 # @default -- Hard node anti-affinity
1590 affinity:
1591 podAntiAffinity:
1592 requiredDuringSchedulingIgnoredDuringExecution:
1593 - labelSelector:
1594 matchLabels:
1595 app.kubernetes.io/component: backend
1596 topologyKey: kubernetes.io/hostname
1597 # -- DNS config for backend pods
1598 dnsConfig: {}
1599 # -- Node selector for backend pods
1600 nodeSelector: {}
1601 # -- Topology Spread Constraints for backend pods
1602 topologySpreadConstraints: []
1603 # -- Tolerations for backend pods
1604 tolerations: []
1605 # -- The default is to deploy all pods in parallel.
1606 podManagementPolicy: "Parallel"
1607 persistence:
1608 # -- Enable volume claims in pod spec
1609 volumeClaimsEnabled: true
1610 # -- Parameters used for the `data` volume when volumeClaimEnabled if false
1611 dataVolumeParameters:
1612 emptyDir: {}
1613 # -- Enable StatefulSetAutoDeletePVC feature
1614 enableStatefulSetAutoDeletePVC: true
1615 # -- Size of persistent disk
1616 size: 10Gi
1617 # -- Storage class to be used.
1618 # If defined, storageClassName: <storageClass>.
1619 # If set to "-", storageClassName: "", which disables dynamic provisioning.
1620 # If empty or set to null, no storageClassName spec is
1621 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
1622 storageClass: null
1623 # -- Selector for persistent disk
1624 selector: null
1625######################################################################################################################
1626#
1627# Microservices Mode
1628#
1629# For large Loki deployments ingesting more than 1 TB/day
1630#
1631######################################################################################################################
1632
1633# -- Configuration for the ingester
1634ingester:
1635 # -- Number of replicas for the ingester, when zoneAwareReplication.enabled is true, the total
1636 # number of replicas will match this value with each zone having 1/3rd of the total replicas.
1637 replicas: 0
1638 # -- hostAliases to add
1639 hostAliases: []
1640 # - ip: 1.2.3.4
1641 # hostnames:
1642 # - domain.tld
1643 autoscaling:
1644 # -- Enable autoscaling for the ingester
1645 enabled: false
1646 # -- Minimum autoscaling replicas for the ingester
1647 minReplicas: 1
1648 # -- Maximum autoscaling replicas for the ingester
1649 maxReplicas: 3
1650 # -- Target CPU utilisation percentage for the ingester
1651 targetCPUUtilizationPercentage: 60
1652 # -- Target memory utilisation percentage for the ingester
1653 targetMemoryUtilizationPercentage: null
1654 # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics)
1655 customMetrics: []
1656 # - type: Pods
1657 # pods:
1658 # metric:
1659 # name: loki_lines_total
1660 # target:
1661 # type: AverageValue
1662 # averageValue: 10k
1663 behavior:
1664 # -- Enable autoscaling behaviours
1665 enabled: false
1666 # -- define scale down policies, must conform to HPAScalingRules
1667 scaleDown: {}
1668 # -- define scale up policies, must conform to HPAScalingRules
1669 scaleUp: {}
1670 image:
1671 # -- The Docker registry for the ingester image. Overrides `loki.image.registry`
1672 registry: null
1673 # -- Docker image repository for the ingester image. Overrides `loki.image.repository`
1674 repository: null
1675 # -- Docker image tag for the ingester image. Overrides `loki.image.tag`
1676 tag: null
1677 # -- Command to execute instead of defined in Docker image
1678 command: null
1679 priorityClassName: null
1680 # -- Labels for ingester pods
1681 podLabels: {}
1682 # -- Annotations for ingester pods
1683 podAnnotations: {}
1684 # -- The name of the PriorityClass for ingester pods
1685 # -- Labels for ingestor service
1686 serviceLabels: {}
1687 # -- Additional CLI args for the ingester
1688 extraArgs: []
1689 # -- Environment variables to add to the ingester pods
1690 extraEnv: []
1691 # -- Environment variables from secrets or configmaps to add to the ingester pods
1692 extraEnvFrom: []
1693 # -- Volume mounts to add to the ingester pods
1694 extraVolumeMounts: []
1695 # -- Volumes to add to the ingester pods
1696 extraVolumes: []
1697 # -- Resource requests and limits for the ingester
1698 resources: {}
1699 # -- Containers to add to the ingester pods
1700 extraContainers: []
1701 # -- Init containers to add to the ingester pods
1702 initContainers: []
1703 # -- Grace period to allow the ingester to shutdown before it is killed. Especially for the ingestor,
1704 # this must be increased. It must be long enough so ingesters can be gracefully shutdown flushing/transferring
1705 # all data and to successfully leave the member ring on shutdown.
1706 terminationGracePeriodSeconds: 300
1707 # -- Lifecycle for the ingester container
1708 lifecycle: {}
1709 # -- topologySpread for ingester pods.
1710 # @default -- Defaults to allow skew no more than 1 node
1711 topologySpreadConstraints:
1712 - maxSkew: 1
1713 topologyKey: kubernetes.io/hostname
1714 whenUnsatisfiable: ScheduleAnyway
1715 labelSelector:
1716 matchLabels:
1717 app.kubernetes.io/component: ingester
1718 # -- Affinity for ingester pods. Ignored if zoneAwareReplication is enabled.
1719 # @default -- Hard node anti-affinity
1720 affinity:
1721 podAntiAffinity:
1722 requiredDuringSchedulingIgnoredDuringExecution:
1723 - labelSelector:
1724 matchLabels:
1725 app.kubernetes.io/component: ingester
1726 topologyKey: kubernetes.io/hostname
1727 # -- Pod Disruption Budget maxUnavailable
1728 maxUnavailable: 1
1729 # -- Node selector for ingester pods
1730 nodeSelector: {}
1731 # -- Tolerations for ingester pods
1732 tolerations: []
1733 # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe`
1734 readinessProbe: {}
1735 # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe`
1736 livenessProbe: {}
1737 persistence:
1738 # -- Enable creating PVCs which is required when using boltdb-shipper
1739 enabled: false
1740 # -- Use emptyDir with ramdisk for storage. **Please note that all data in ingester will be lost on pod restart**
1741 inMemory: false
1742 # -- List of the ingester PVCs
1743 # @notationType -- list
1744 claims:
1745 - name: data
1746 size: 10Gi
1747 # -- Storage class to be used.
1748 # If defined, storageClassName: <storageClass>.
1749 # If set to "-", storageClassName: "", which disables dynamic provisioning.
1750 # If empty or set to null, no storageClassName spec is
1751 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
1752 storageClass: null
1753 # - name: wal
1754 # size: 150Gi
1755 # -- Enable StatefulSetAutoDeletePVC feature
1756 enableStatefulSetAutoDeletePVC: false
1757 whenDeleted: Retain
1758 whenScaled: Retain
1759 # -- Adds the appProtocol field to the ingester service. This allows ingester to work with istio protocol selection.
1760 appProtocol:
1761 # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"
1762 grpc: ""
1763 # -- Enabling zone awareness on ingesters will create 3 statefulests where all writes will send a replica to each zone.
1764 # This is primarily intended to accelerate rollout operations by allowing for multiple ingesters within a single
1765 # zone to be shutdown and restart simultaneously (the remaining 2 zones will be guaranteed to have at least one copy
1766 # of the data).
1767 # Note: This can be used to run Loki over multiple cloud provider availability zones however this is not currently
1768 # recommended as Loki is not optimized for this and cross zone network traffic costs can become extremely high
1769 # extremely quickly. Even with zone awareness enabled, it is recommended to run Loki in a single availability zone.
1770 zoneAwareReplication:
1771 # -- Enable zone awareness.
1772 enabled: true
1773 # -- The percent of replicas in each zone that will be restarted at once. In a value of 0-100
1774 maxUnavailablePct: 33
1775 # -- zoneA configuration
1776 zoneA:
1777 # -- optionally define a node selector for this zone
1778 nodeSelector: null
1779 # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host
1780 extraAffinity: {}
1781 # -- Specific annotations to add to zone A statefulset
1782 annotations: {}
1783 # -- Specific annotations to add to zone A pods
1784 podAnnotations: {}
1785 zoneB:
1786 # -- optionally define a node selector for this zone
1787 nodeSelector: null
1788 # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host
1789 extraAffinity: {}
1790 # -- Specific annotations to add to zone B statefulset
1791 annotations: {}
1792 # -- Specific annotations to add to zone B pods
1793 podAnnotations: {}
1794 zoneC:
1795 # -- optionally define a node selector for this zone
1796 nodeSelector: null
1797 # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host
1798 extraAffinity: {}
1799 # -- Specific annotations to add to zone C statefulset
1800 annotations: {}
1801 # -- Specific annotations to add to zone C pods
1802 podAnnotations: {}
1803 # -- The migration block allows migrating non zone aware ingesters to zone aware ingesters.
1804 migration:
1805 enabled: false
1806 excludeDefaultZone: false
1807 readPath: false
1808 writePath: false
1809# -- Configuration for the distributor
1810distributor:
1811 # -- Number of replicas for the distributor
1812 replicas: 0
1813 # -- hostAliases to add
1814 hostAliases: []
1815 # - ip: 1.2.3.4
1816 # hostnames:
1817 # - domain.tld
1818 autoscaling:
1819 # -- Enable autoscaling for the distributor
1820 enabled: false
1821 # -- Minimum autoscaling replicas for the distributor
1822 minReplicas: 1
1823 # -- Maximum autoscaling replicas for the distributor
1824 maxReplicas: 3
1825 # -- Target CPU utilisation percentage for the distributor
1826 targetCPUUtilizationPercentage: 60
1827 # -- Target memory utilisation percentage for the distributor
1828 targetMemoryUtilizationPercentage: null
1829 # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics)
1830 customMetrics: []
1831 # - type: Pods
1832 # pods:
1833 # metric:
1834 # name: loki_lines_total
1835 # target:
1836 # type: AverageValue
1837 # averageValue: 10k
1838 behavior:
1839 # -- Enable autoscaling behaviours
1840 enabled: false
1841 # -- define scale down policies, must conform to HPAScalingRules
1842 scaleDown: {}
1843 # -- define scale up policies, must conform to HPAScalingRules
1844 scaleUp: {}
1845 image:
1846 # -- The Docker registry for the distributor image. Overrides `loki.image.registry`
1847 registry: null
1848 # -- Docker image repository for the distributor image. Overrides `loki.image.repository`
1849 repository: null
1850 # -- Docker image tag for the distributor image. Overrides `loki.image.tag`
1851 tag: null
1852 # -- Command to execute instead of defined in Docker image
1853 command: null
1854 # -- The name of the PriorityClass for distributor pods
1855 priorityClassName: null
1856 # -- Labels for distributor pods
1857 podLabels: {}
1858 # -- Annotations for distributor pods
1859 podAnnotations: {}
1860 # -- Labels for distributor service
1861 serviceLabels: {}
1862 # -- Additional CLI args for the distributor
1863 extraArgs: []
1864 # -- Environment variables to add to the distributor pods
1865 extraEnv: []
1866 # -- Environment variables from secrets or configmaps to add to the distributor pods
1867 extraEnvFrom: []
1868 # -- Volume mounts to add to the distributor pods
1869 extraVolumeMounts: []
1870 # -- Volumes to add to the distributor pods
1871 extraVolumes: []
1872 # -- Resource requests and limits for the distributor
1873 resources: {}
1874 # -- Containers to add to the distributor pods
1875 extraContainers: []
1876 # -- Grace period to allow the distributor to shutdown before it is killed
1877 terminationGracePeriodSeconds: 30
1878 # -- Affinity for distributor pods.
1879 # @default -- Hard node anti-affinity
1880 affinity:
1881 podAntiAffinity:
1882 requiredDuringSchedulingIgnoredDuringExecution:
1883 - labelSelector:
1884 matchLabels:
1885 app.kubernetes.io/component: distributor
1886 topologyKey: kubernetes.io/hostname
1887 # -- Pod Disruption Budget maxUnavailable
1888 maxUnavailable: null
1889 # -- Max Surge for distributor pods
1890 maxSurge: 0
1891 # -- Node selector for distributor pods
1892 nodeSelector: {}
1893 # -- Tolerations for distributor pods
1894 tolerations: []
1895 # -- Adds the appProtocol field to the distributor service. This allows distributor to work with istio protocol selection.
1896 appProtocol:
1897 # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"
1898 grpc: ""
1899# -- Configuration for the querier
1900querier:
1901 # -- Number of replicas for the querier
1902 replicas: 0
1903 # -- hostAliases to add
1904 hostAliases: []
1905 # - ip: 1.2.3.4
1906 # hostnames:
1907 # - domain.tld
1908 autoscaling:
1909 # -- Enable autoscaling for the querier, this is only used if `indexGateway.enabled: true`
1910 enabled: false
1911 # -- Minimum autoscaling replicas for the querier
1912 minReplicas: 1
1913 # -- Maximum autoscaling replicas for the querier
1914 maxReplicas: 3
1915 # -- Target CPU utilisation percentage for the querier
1916 targetCPUUtilizationPercentage: 60
1917 # -- Target memory utilisation percentage for the querier
1918 targetMemoryUtilizationPercentage: null
1919 # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics)
1920 customMetrics: []
1921 # - type: External
1922 # external:
1923 # metric:
1924 # name: loki_inflight_queries
1925 # target:
1926 # type: AverageValue
1927 # averageValue: 12
1928 behavior:
1929 # -- Enable autoscaling behaviours
1930 enabled: false
1931 # -- define scale down policies, must conform to HPAScalingRules
1932 scaleDown: {}
1933 # -- define scale up policies, must conform to HPAScalingRules
1934 scaleUp: {}
1935 image:
1936 # -- The Docker registry for the querier image. Overrides `loki.image.registry`
1937 registry: null
1938 # -- Docker image repository for the querier image. Overrides `loki.image.repository`
1939 repository: null
1940 # -- Docker image tag for the querier image. Overrides `loki.image.tag`
1941 tag: null
1942 # -- Command to execute instead of defined in Docker image
1943 command: null
1944 # -- The name of the PriorityClass for querier pods
1945 priorityClassName: null
1946 # -- Labels for querier pods
1947 podLabels: {}
1948 # -- Annotations for querier pods
1949 podAnnotations: {}
1950 # -- Labels for querier service
1951 serviceLabels: {}
1952 # -- Additional CLI args for the querier
1953 extraArgs: []
1954 # -- Environment variables to add to the querier pods
1955 extraEnv: []
1956 # -- Environment variables from secrets or configmaps to add to the querier pods
1957 extraEnvFrom: []
1958 # -- Volume mounts to add to the querier pods
1959 extraVolumeMounts: []
1960 # -- Volumes to add to the querier pods
1961 extraVolumes: []
1962 # -- Resource requests and limits for the querier
1963 resources: {}
1964 # -- Containers to add to the querier pods
1965 extraContainers: []
1966 # -- Init containers to add to the querier pods
1967 initContainers: []
1968 # -- Grace period to allow the querier to shutdown before it is killed
1969 terminationGracePeriodSeconds: 30
1970 # -- topologySpread for querier pods.
1971 # @default -- Defaults to allow skew no more then 1 node
1972 topologySpreadConstraints:
1973 - maxSkew: 1
1974 topologyKey: kubernetes.io/hostname
1975 whenUnsatisfiable: ScheduleAnyway
1976 labelSelector:
1977 matchLabels:
1978 app.kubernetes.io/component: querier
1979 # -- Affinity for querier pods.
1980 # @default -- Hard node anti-affinity
1981 affinity:
1982 podAntiAffinity:
1983 requiredDuringSchedulingIgnoredDuringExecution:
1984 - labelSelector:
1985 matchLabels:
1986 app.kubernetes.io/component: querier
1987 topologyKey: kubernetes.io/hostname
1988 # -- Pod Disruption Budget maxUnavailable
1989 maxUnavailable: null
1990 # -- Max Surge for querier pods
1991 maxSurge: 0
1992 # -- Node selector for querier pods
1993 nodeSelector: {}
1994 # -- Tolerations for querier pods
1995 tolerations: []
1996 # -- DNSConfig for querier pods
1997 dnsConfig: {}
1998 persistence:
1999 # -- Enable creating PVCs for the querier cache
2000 enabled: false
2001 # -- Size of persistent disk
2002 size: 10Gi
2003 # -- Storage class to be used.
2004 # If defined, storageClassName: <storageClass>.
2005 # If set to "-", storageClassName: "", which disables dynamic provisioning.
2006 # If empty or set to null, no storageClassName spec is
2007 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
2008 storageClass: null
2009 # -- Annotations for querier PVCs
2010 annotations: {}
2011 # -- Adds the appProtocol field to the querier service. This allows querier to work with istio protocol selection.
2012 appProtocol:
2013 # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"
2014 grpc: ""
2015# -- Configuration for the query-frontend
2016queryFrontend:
2017 # -- Number of replicas for the query-frontend
2018 replicas: 0
2019 # -- hostAliases to add
2020 hostAliases: []
2021 # - ip: 1.2.3.4
2022 # hostnames:
2023 # - domain.tld
2024 autoscaling:
2025 # -- Enable autoscaling for the query-frontend
2026 enabled: false
2027 # -- Minimum autoscaling replicas for the query-frontend
2028 minReplicas: 1
2029 # -- Maximum autoscaling replicas for the query-frontend
2030 maxReplicas: 3
2031 # -- Target CPU utilisation percentage for the query-frontend
2032 targetCPUUtilizationPercentage: 60
2033 # -- Target memory utilisation percentage for the query-frontend
2034 targetMemoryUtilizationPercentage: null
2035 # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics)
2036 customMetrics: []
2037 # - type: Pods
2038 # pods:
2039 # metric:
2040 # name: loki_query_rate
2041 # target:
2042 # type: AverageValue
2043 # averageValue: 100
2044 behavior:
2045 # -- Enable autoscaling behaviours
2046 enabled: false
2047 # -- define scale down policies, must conform to HPAScalingRules
2048 scaleDown: {}
2049 # -- define scale up policies, must conform to HPAScalingRules
2050 scaleUp: {}
2051 image:
2052 # -- The Docker registry for the query-frontend image. Overrides `loki.image.registry`
2053 registry: null
2054 # -- Docker image repository for the query-frontend image. Overrides `loki.image.repository`
2055 repository: null
2056 # -- Docker image tag for the query-frontend image. Overrides `loki.image.tag`
2057 tag: null
2058 # -- Command to execute instead of defined in Docker image
2059 command: null
2060 # -- The name of the PriorityClass for query-frontend pods
2061 priorityClassName: null
2062 # -- Labels for query-frontend pods
2063 podLabels: {}
2064 # -- Annotations for query-frontend pods
2065 podAnnotations: {}
2066 # -- Labels for query-frontend service
2067 serviceLabels: {}
2068 # -- Additional CLI args for the query-frontend
2069 extraArgs: []
2070 # -- Environment variables to add to the query-frontend pods
2071 extraEnv: []
2072 # -- Environment variables from secrets or configmaps to add to the query-frontend pods
2073 extraEnvFrom: []
2074 # -- Volume mounts to add to the query-frontend pods
2075 extraVolumeMounts: []
2076 # -- Volumes to add to the query-frontend pods
2077 extraVolumes: []
2078 # -- Resource requests and limits for the query-frontend
2079 resources: {}
2080 # -- Containers to add to the query-frontend pods
2081 extraContainers: []
2082 # -- Grace period to allow the query-frontend to shutdown before it is killed
2083 terminationGracePeriodSeconds: 30
2084 # -- Affinity for query-frontend pods.
2085 # @default -- Hard node anti-affinity
2086 affinity:
2087 podAntiAffinity:
2088 requiredDuringSchedulingIgnoredDuringExecution:
2089 - labelSelector:
2090 matchLabels:
2091 app.kubernetes.io/component: query-frontend
2092 topologyKey: kubernetes.io/hostname
2093 # -- Pod Disruption Budget maxUnavailable
2094 maxUnavailable: null
2095 # -- Node selector for query-frontend pods
2096 nodeSelector: {}
2097 # -- Tolerations for query-frontend pods
2098 tolerations: []
2099 # -- Adds the appProtocol field to the queryFrontend service. This allows queryFrontend to work with istio protocol selection.
2100 appProtocol:
2101 # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"
2102 grpc: ""
2103# -- Configuration for the query-scheduler
2104queryScheduler:
2105 # -- Number of replicas for the query-scheduler.
2106 # It should be lower than `-querier.max-concurrent` to avoid generating back-pressure in queriers;
2107 # it's also recommended that this value evenly divides the latter
2108 replicas: 0
2109 # -- hostAliases to add
2110 hostAliases: []
2111 # - ip: 1.2.3.4
2112 # hostnames:
2113 # - domain.tld
2114 image:
2115 # -- The Docker registry for the query-scheduler image. Overrides `loki.image.registry`
2116 registry: null
2117 # -- Docker image repository for the query-scheduler image. Overrides `loki.image.repository`
2118 repository: null
2119 # -- Docker image tag for the query-scheduler image. Overrides `loki.image.tag`
2120 tag: null
2121 # -- The name of the PriorityClass for query-scheduler pods
2122 priorityClassName: null
2123 # -- Labels for query-scheduler pods
2124 podLabels: {}
2125 # -- Annotations for query-scheduler pods
2126 podAnnotations: {}
2127 # -- Labels for query-scheduler service
2128 serviceLabels: {}
2129 # -- Additional CLI args for the query-scheduler
2130 extraArgs: []
2131 # -- Environment variables to add to the query-scheduler pods
2132 extraEnv: []
2133 # -- Environment variables from secrets or configmaps to add to the query-scheduler pods
2134 extraEnvFrom: []
2135 # -- Volume mounts to add to the query-scheduler pods
2136 extraVolumeMounts: []
2137 # -- Volumes to add to the query-scheduler pods
2138 extraVolumes: []
2139 # -- Resource requests and limits for the query-scheduler
2140 resources: {}
2141 # -- Containers to add to the query-scheduler pods
2142 extraContainers: []
2143 # -- Grace period to allow the query-scheduler to shutdown before it is killed
2144 terminationGracePeriodSeconds: 30
2145 # -- Affinity for query-scheduler pods.
2146 # @default -- Hard node anti-affinity
2147 affinity:
2148 podAntiAffinity:
2149 requiredDuringSchedulingIgnoredDuringExecution:
2150 - labelSelector:
2151 matchLabels:
2152 app.kubernetes.io/component: query-scheduler
2153 topologyKey: kubernetes.io/hostname
2154 # -- Pod Disruption Budget maxUnavailable
2155 maxUnavailable: 1
2156 # -- Node selector for query-scheduler pods
2157 nodeSelector: {}
2158 # -- Tolerations for query-scheduler pods
2159 tolerations: []
2160 # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"
2161 appProtocol:
2162 grpc: ""
2163# -- Configuration for the index-gateway
2164indexGateway:
2165 # -- Number of replicas for the index-gateway
2166 replicas: 0
2167 # -- Whether the index gateway should join the memberlist hashring
2168 joinMemberlist: true
2169 # -- hostAliases to add
2170 hostAliases: []
2171 # - ip: 1.2.3.4
2172 # hostnames:
2173 # - domain.tld
2174 image:
2175 # -- The Docker registry for the index-gateway image. Overrides `loki.image.registry`
2176 registry: null
2177 # -- Docker image repository for the index-gateway image. Overrides `loki.image.repository`
2178 repository: null
2179 # -- Docker image tag for the index-gateway image. Overrides `loki.image.tag`
2180 tag: null
2181 # -- The name of the PriorityClass for index-gateway pods
2182 priorityClassName: null
2183 # -- Labels for index-gateway pods
2184 podLabels: {}
2185 # -- Annotations for index-gateway pods
2186 podAnnotations: {}
2187 # -- Labels for index-gateway service
2188 serviceLabels: {}
2189 # -- Additional CLI args for the index-gateway
2190 extraArgs: []
2191 # -- Environment variables to add to the index-gateway pods
2192 extraEnv: []
2193 # -- Environment variables from secrets or configmaps to add to the index-gateway pods
2194 extraEnvFrom: []
2195 # -- Volume mounts to add to the index-gateway pods
2196 extraVolumeMounts: []
2197 # -- Volumes to add to the index-gateway pods
2198 extraVolumes: []
2199 # -- Resource requests and limits for the index-gateway
2200 resources: {}
2201 # -- Containers to add to the index-gateway pods
2202 extraContainers: []
2203 # -- Init containers to add to the index-gateway pods
2204 initContainers: []
2205 # -- Grace period to allow the index-gateway to shutdown before it is killed.
2206 terminationGracePeriodSeconds: 300
2207 # -- Affinity for index-gateway pods.
2208 # @default -- Hard node anti-affinity
2209 affinity:
2210 podAntiAffinity:
2211 requiredDuringSchedulingIgnoredDuringExecution:
2212 - labelSelector:
2213 matchLabels:
2214 app.kubernetes.io/component: index-gateway
2215 topologyKey: kubernetes.io/hostname
2216 # -- Pod Disruption Budget maxUnavailable
2217 maxUnavailable: null
2218 # -- Node selector for index-gateway pods
2219 nodeSelector: {}
2220 # -- Tolerations for index-gateway pods
2221 tolerations: []
2222 persistence:
2223 # -- Enable creating PVCs which is required when using boltdb-shipper
2224 enabled: false
2225 # -- Use emptyDir with ramdisk for storage. **Please note that all data in indexGateway will be lost on pod restart**
2226 inMemory: false
2227 # -- Size of persistent or memory disk
2228 size: 10Gi
2229 # -- Storage class to be used.
2230 # If defined, storageClassName: <storageClass>.
2231 # If set to "-", storageClassName: "", which disables dynamic provisioning.
2232 # If empty or set to null, no storageClassName spec is
2233 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
2234 storageClass: null
2235 # -- Annotations for index gateway PVCs
2236 annotations: {}
2237 # -- Enable StatefulSetAutoDeletePVC feature
2238 enableStatefulSetAutoDeletePVC: false
2239 whenDeleted: Retain
2240 whenScaled: Retain
2241 # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"
2242 appProtocol:
2243 grpc: ""
2244# -- Configuration for the compactor
2245compactor:
2246 # -- Number of replicas for the compactor
2247 replicas: 0
2248 # -- hostAliases to add
2249 hostAliases: []
2250 # - ip: 1.2.3.4
2251 # hostnames:
2252 # - domain.tld
2253 image:
2254 # -- The Docker registry for the compactor image. Overrides `loki.image.registry`
2255 registry: null
2256 # -- Docker image repository for the compactor image. Overrides `loki.image.repository`
2257 repository: null
2258 # -- Docker image tag for the compactor image. Overrides `loki.image.tag`
2259 tag: null
2260 # -- Command to execute instead of defined in Docker image
2261 command: null
2262 # -- The name of the PriorityClass for compactor pods
2263 priorityClassName: null
2264 # -- Labels for compactor pods
2265 podLabels: {}
2266 # -- Annotations for compactor pods
2267 podAnnotations: {}
2268 # -- Affinity for compactor pods.
2269 # @default -- Hard node anti-affinity
2270 affinity:
2271 podAntiAffinity:
2272 requiredDuringSchedulingIgnoredDuringExecution:
2273 - labelSelector:
2274 matchLabels:
2275 app.kubernetes.io/component: compactor
2276 topologyKey: kubernetes.io/hostname
2277 # -- Labels for compactor service
2278 serviceLabels: {}
2279 # -- Additional CLI args for the compactor
2280 extraArgs: []
2281 # -- Environment variables to add to the compactor pods
2282 extraEnv: []
2283 # -- Environment variables from secrets or configmaps to add to the compactor pods
2284 extraEnvFrom: []
2285 # -- Volume mounts to add to the compactor pods
2286 extraVolumeMounts: []
2287 # -- Volumes to add to the compactor pods
2288 extraVolumes: []
2289 # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe`
2290 readinessProbe: {}
2291 # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe`
2292 livenessProbe: {}
2293 # -- Resource requests and limits for the compactor
2294 resources: {}
2295 # -- Containers to add to the compactor pods
2296 extraContainers: []
2297 # -- Init containers to add to the compactor pods
2298 initContainers: []
2299 # -- Grace period to allow the compactor to shutdown before it is killed
2300 terminationGracePeriodSeconds: 30
2301 # -- Node selector for compactor pods
2302 nodeSelector: {}
2303 # -- Tolerations for compactor pods
2304 tolerations: []
2305 # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"
2306 appProtocol:
2307 grpc: ""
2308 persistence:
2309 # -- Enable creating PVCs for the compactor
2310 enabled: false
2311 # -- Size of persistent disk
2312 size: 10Gi
2313 # -- Storage class to be used.
2314 # If defined, storageClassName: <storageClass>.
2315 # If set to "-", storageClassName: "", which disables dynamic provisioning.
2316 # If empty or set to null, no storageClassName spec is
2317 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
2318 storageClass: null
2319 # -- Annotations for compactor PVCs
2320 annotations: {}
2321 # -- List of the compactor PVCs
2322 # @notationType -- list
2323 claims:
2324 - name: data
2325 size: 10Gi
2326 # -- Storage class to be used.
2327 # If defined, storageClassName: <storageClass>.
2328 # If set to "-", storageClassName: "", which disables dynamic provisioning.
2329 # If empty or set to null, no storageClassName spec is
2330 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
2331 storageClass: null
2332 # - name: wal
2333 # size: 150Gi
2334 # -- Enable StatefulSetAutoDeletePVC feature
2335 enableStatefulSetAutoDeletePVC: false
2336 whenDeleted: Retain
2337 whenScaled: Retain
2338 serviceAccount:
2339 create: false
2340 # -- The name of the ServiceAccount to use for the compactor.
2341 # If not set and create is true, a name is generated by appending
2342 # "-compactor" to the common ServiceAccount.
2343 name: null
2344 # -- Image pull secrets for the compactor service account
2345 imagePullSecrets: []
2346 # -- Annotations for the compactor service account
2347 annotations: {}
2348 # -- Set this toggle to false to opt out of automounting API credentials for the service account
2349 automountServiceAccountToken: true
2350# -- Configuration for the bloom gateway
2351bloomGateway:
2352 # -- Number of replicas for the bloom gateway
2353 replicas: 0
2354 # -- hostAliases to add
2355 hostAliases: []
2356 # - ip: 1.2.3.4
2357 # hostnames:
2358 # - domain.tld
2359 image:
2360 # -- The Docker registry for the bloom gateway image. Overrides `loki.image.registry`
2361 registry: null
2362 # -- Docker image repository for the bloom gateway image. Overrides `loki.image.repository`
2363 repository: null
2364 # -- Docker image tag for the bloom gateway image. Overrides `loki.image.tag`
2365 tag: null
2366 # -- Command to execute instead of defined in Docker image
2367 command: null
2368 # -- The name of the PriorityClass for bloom gateway pods
2369 priorityClassName: null
2370 # -- Labels for bloom gateway pods
2371 podLabels: {}
2372 # -- Annotations for bloom gateway pods
2373 podAnnotations: {}
2374 # -- Affinity for bloom gateway pods.
2375 # @default -- Hard node anti-affinity
2376 affinity:
2377 podAntiAffinity:
2378 requiredDuringSchedulingIgnoredDuringExecution:
2379 - labelSelector:
2380 matchLabels:
2381 app.kubernetes.io/component: bloom-gateway
2382 topologyKey: kubernetes.io/hostname
2383 # -- Labels for bloom gateway service
2384 serviceLabels: {}
2385 # -- Additional CLI args for the bloom gateway
2386 extraArgs: []
2387 # -- Environment variables to add to the bloom gateway pods
2388 extraEnv: []
2389 # -- Environment variables from secrets or configmaps to add to the bloom gateway pods
2390 extraEnvFrom: []
2391 # -- Volume mounts to add to the bloom gateway pods
2392 extraVolumeMounts: []
2393 # -- Volumes to add to the bloom gateway pods
2394 extraVolumes: []
2395 # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe`
2396 readinessProbe: {}
2397 # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe`
2398 livenessProbe: {}
2399 # -- Resource requests and limits for the bloom gateway
2400 resources: {}
2401 # -- Containers to add to the bloom gateway pods
2402 extraContainers: []
2403 # -- Init containers to add to the bloom gateway pods
2404 initContainers: []
2405 # -- Grace period to allow the bloom gateway to shutdown before it is killed
2406 terminationGracePeriodSeconds: 30
2407 # -- Node selector for bloom gateway pods
2408 nodeSelector: {}
2409 # -- Tolerations for bloom gateway pods
2410 tolerations: []
2411 # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"
2412 appProtocol:
2413 grpc: ""
2414 persistence:
2415 # -- Enable creating PVCs for the bloom gateway
2416 enabled: false
2417 # -- Size of persistent disk
2418 size: 10Gi
2419 # -- Storage class to be used.
2420 # If defined, storageClassName: <storageClass>.
2421 # If set to "-", storageClassName: "", which disables dynamic provisioning.
2422 # If empty or set to null, no storageClassName spec is
2423 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
2424 storageClass: null
2425 # -- Annotations for bloom gateway PVCs
2426 annotations: {}
2427 # -- List of the bloom gateway PVCs
2428 # @notationType -- list
2429 claims:
2430 - name: data
2431 size: 10Gi
2432 # -- Storage class to be used.
2433 # If defined, storageClassName: <storageClass>.
2434 # If set to "-", storageClassName: "", which disables dynamic provisioning.
2435 # If empty or set to null, no storageClassName spec is
2436 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
2437 storageClass: null
2438 # - name: wal
2439 # size: 150Gi
2440 # -- Enable StatefulSetAutoDeletePVC feature
2441 enableStatefulSetAutoDeletePVC: false
2442 whenDeleted: Retain
2443 whenScaled: Retain
2444 serviceAccount:
2445 create: false
2446 # -- The name of the ServiceAccount to use for the bloom gateway.
2447 # If not set and create is true, a name is generated by appending
2448 # "-bloom-gateway" to the common ServiceAccount.
2449 name: null
2450 # -- Image pull secrets for the bloom gateway service account
2451 imagePullSecrets: []
2452 # -- Annotations for the bloom gateway service account
2453 annotations: {}
2454 # -- Set this toggle to false to opt out of automounting API credentials for the service account
2455 automountServiceAccountToken: true
2456# -- Configuration for the bloom compactor
2457bloomCompactor:
2458 # -- Number of replicas for the bloom compactor
2459 replicas: 0
2460 # -- hostAliases to add
2461 hostAliases: []
2462 # - ip: 1.2.3.4
2463 # hostnames:
2464 # - domain.tld
2465 image:
2466 # -- The Docker registry for the bloom compactor image. Overrides `loki.image.registry`
2467 registry: null
2468 # -- Docker image repository for the bloom compactor image. Overrides `loki.image.repository`
2469 repository: null
2470 # -- Docker image tag for the bloom compactor image. Overrides `loki.image.tag`
2471 tag: null
2472 # -- Command to execute instead of defined in Docker image
2473 command: null
2474 # -- The name of the PriorityClass for bloom compactor pods
2475 priorityClassName: null
2476 # -- Labels for bloom compactor pods
2477 podLabels: {}
2478 # -- Annotations for bloom compactor pods
2479 podAnnotations: {}
2480 # -- Affinity for bloom compactor pods.
2481 # @default -- Hard node anti-affinity
2482 affinity:
2483 podAntiAffinity:
2484 requiredDuringSchedulingIgnoredDuringExecution:
2485 - labelSelector:
2486 matchLabels:
2487 app.kubernetes.io/component: bloom-compactor
2488 topologyKey: kubernetes.io/hostname
2489 # -- Labels for bloom compactor service
2490 serviceLabels: {}
2491 # -- Additional CLI args for the bloom compactor
2492 extraArgs: []
2493 # -- Environment variables to add to the bloom compactor pods
2494 extraEnv: []
2495 # -- Environment variables from secrets or configmaps to add to the bloom compactor pods
2496 extraEnvFrom: []
2497 # -- Volume mounts to add to the bloom compactor pods
2498 extraVolumeMounts: []
2499 # -- Volumes to add to the bloom compactor pods
2500 extraVolumes: []
2501 # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe`
2502 readinessProbe: {}
2503 # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe`
2504 livenessProbe: {}
2505 # -- Resource requests and limits for the bloom compactor
2506 resources: {}
2507 # -- Containers to add to the bloom compactor pods
2508 extraContainers: []
2509 # -- Init containers to add to the bloom compactor pods
2510 initContainers: []
2511 # -- Grace period to allow the bloom compactor to shutdown before it is killed
2512 terminationGracePeriodSeconds: 30
2513 # -- Node selector for bloom compactor pods
2514 nodeSelector: {}
2515 # -- Tolerations for bloom compactor pods
2516 tolerations: []
2517 # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"
2518 appProtocol:
2519 grpc: ""
2520 persistence:
2521 # -- Enable creating PVCs for the bloom compactor
2522 enabled: false
2523 # -- Size of persistent disk
2524 size: 10Gi
2525 # -- Storage class to be used.
2526 # If defined, storageClassName: <storageClass>.
2527 # If set to "-", storageClassName: "", which disables dynamic provisioning.
2528 # If empty or set to null, no storageClassName spec is
2529 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
2530 storageClass: null
2531 # -- Annotations for bloom compactor PVCs
2532 annotations: {}
2533 # -- List of the bloom compactor PVCs
2534 # @notationType -- list
2535 claims:
2536 - name: data
2537 size: 10Gi
2538 # -- Storage class to be used.
2539 # If defined, storageClassName: <storageClass>.
2540 # If set to "-", storageClassName: "", which disables dynamic provisioning.
2541 # If empty or set to null, no storageClassName spec is
2542 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
2543 storageClass: null
2544 # - name: wal
2545 # size: 150Gi
2546 # -- Enable StatefulSetAutoDeletePVC feature
2547 enableStatefulSetAutoDeletePVC: false
2548 whenDeleted: Retain
2549 whenScaled: Retain
2550 serviceAccount:
2551 create: false
2552 # -- The name of the ServiceAccount to use for the bloom compactor.
2553 # If not set and create is true, a name is generated by appending
2554 # "-bloom-compactor" to the common ServiceAccount.
2555 name: null
2556 # -- Image pull secrets for the bloom compactor service account
2557 imagePullSecrets: []
2558 # -- Annotations for the bloom compactor service account
2559 annotations: {}
2560 # -- Set this toggle to false to opt out of automounting API credentials for the service account
2561 automountServiceAccountToken: true
2562# -- Configuration for the pattern ingester
2563patternIngester:
2564 # -- Number of replicas for the pattern ingester
2565 replicas: 0
2566 # -- hostAliases to add
2567 hostAliases: []
2568 # - ip: 1.2.3.4
2569 # hostnames:
2570 # - domain.tld
2571 image:
2572 # -- The Docker registry for the pattern ingester image. Overrides `loki.image.registry`
2573 registry: null
2574 # -- Docker image repository for the pattern ingester image. Overrides `loki.image.repository`
2575 repository: null
2576 # -- Docker image tag for the pattern ingester image. Overrides `loki.image.tag`
2577 tag: null
2578 # -- Command to execute instead of defined in Docker image
2579 command: null
2580 # -- The name of the PriorityClass for pattern ingester pods
2581 priorityClassName: null
2582 # -- Labels for pattern ingester pods
2583 podLabels: {}
2584 # -- Annotations for pattern ingester pods
2585 podAnnotations: {}
2586 # -- Affinity for pattern ingester pods.
2587 # @default -- Hard node anti-affinity
2588 affinity:
2589 podAntiAffinity:
2590 requiredDuringSchedulingIgnoredDuringExecution:
2591 - labelSelector:
2592 matchLabels:
2593 app.kubernetes.io/component: pattern-ingester
2594 topologyKey: kubernetes.io/hostname
2595 # -- Labels for pattern ingester service
2596 serviceLabels: {}
2597 # -- Additional CLI args for the pattern ingester
2598 extraArgs: []
2599 # -- Environment variables to add to the pattern ingester pods
2600 extraEnv: []
2601 # -- Environment variables from secrets or configmaps to add to the pattern ingester pods
2602 extraEnvFrom: []
2603 # -- Volume mounts to add to the pattern ingester pods
2604 extraVolumeMounts: []
2605 # -- Volumes to add to the pattern ingester pods
2606 extraVolumes: []
2607 # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe`
2608 readinessProbe: {}
2609 # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe`
2610 livenessProbe: {}
2611 # -- Resource requests and limits for the pattern ingester
2612 resources: {}
2613 # -- Containers to add to the pattern ingester pods
2614 extraContainers: []
2615 # -- Init containers to add to the pattern ingester pods
2616 initContainers: []
2617 # -- Grace period to allow the pattern ingester to shutdown before it is killed
2618 terminationGracePeriodSeconds: 30
2619 # -- Node selector for pattern ingester pods
2620 nodeSelector: {}
2621 # -- Tolerations for pattern ingester pods
2622 tolerations: []
2623 # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"
2624 appProtocol:
2625 grpc: ""
2626 persistence:
2627 # -- Enable creating PVCs for the pattern ingester
2628 enabled: false
2629 # -- Size of persistent disk
2630 size: 10Gi
2631 # -- Storage class to be used.
2632 # If defined, storageClassName: <storageClass>.
2633 # If set to "-", storageClassName: "", which disables dynamic provisioning.
2634 # If empty or set to null, no storageClassName spec is
2635 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
2636 storageClass: null
2637 # -- Annotations for pattern ingester PVCs
2638 annotations: {}
2639 # -- List of the pattern ingester PVCs
2640 # @notationType -- list
2641 claims:
2642 - name: data
2643 size: 10Gi
2644 # -- Storage class to be used.
2645 # If defined, storageClassName: <storageClass>.
2646 # If set to "-", storageClassName: "", which disables dynamic provisioning.
2647 # If empty or set to null, no storageClassName spec is
2648 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
2649 storageClass: null
2650 # - name: wal
2651 # size: 150Gi
2652 # -- Enable StatefulSetAutoDeletePVC feature
2653 enableStatefulSetAutoDeletePVC: false
2654 whenDeleted: Retain
2655 whenScaled: Retain
2656 serviceAccount:
2657 create: false
2658 # -- The name of the ServiceAccount to use for the pattern ingester.
2659 # If not set and create is true, a name is generated by appending
2660 # "-pattern-ingester" to the common ServiceAccount.
2661 name: null
2662 # -- Image pull secrets for the pattern ingester service account
2663 imagePullSecrets: []
2664 # -- Annotations for the pattern ingester service account
2665 annotations: {}
2666 # -- Set this toggle to false to opt out of automounting API credentials for the service account
2667 automountServiceAccountToken: true
2668# -- Configuration for the ruler
2669ruler:
2670 # -- The ruler component is optional and can be disabled if desired.
2671 enabled: true
2672 # -- Number of replicas for the ruler
2673 replicas: 0
2674 # -- hostAliases to add
2675 hostAliases: []
2676 # - ip: 1.2.3.4
2677 # hostnames:
2678 # - domain.tld
2679 image:
2680 # -- The Docker registry for the ruler image. Overrides `loki.image.registry`
2681 registry: null
2682 # -- Docker image repository for the ruler image. Overrides `loki.image.repository`
2683 repository: null
2684 # -- Docker image tag for the ruler image. Overrides `loki.image.tag`
2685 tag: null
2686 # -- Command to execute instead of defined in Docker image
2687 command: null
2688 # -- The name of the PriorityClass for ruler pods
2689 priorityClassName: null
2690 # -- Labels for compactor pods
2691 podLabels: {}
2692 # -- Annotations for ruler pods
2693 podAnnotations: {}
2694 # -- Labels for ruler service
2695 serviceLabels: {}
2696 # -- Additional CLI args for the ruler
2697 extraArgs: []
2698 # -- Environment variables to add to the ruler pods
2699 extraEnv: []
2700 # -- Environment variables from secrets or configmaps to add to the ruler pods
2701 extraEnvFrom: []
2702 # -- Volume mounts to add to the ruler pods
2703 extraVolumeMounts: []
2704 # -- Volumes to add to the ruler pods
2705 extraVolumes: []
2706 # -- Resource requests and limits for the ruler
2707 resources: {}
2708 # -- Containers to add to the ruler pods
2709 extraContainers: []
2710 # -- Init containers to add to the ruler pods
2711 initContainers: []
2712 # -- Grace period to allow the ruler to shutdown before it is killed
2713 terminationGracePeriodSeconds: 300
2714 # -- Affinity for ruler pods.
2715 # @default -- Hard node anti-affinity
2716 affinity:
2717 podAntiAffinity:
2718 requiredDuringSchedulingIgnoredDuringExecution:
2719 - labelSelector:
2720 matchLabels:
2721 app.kubernetes.io/component: ruler
2722 topologyKey: kubernetes.io/hostname
2723 # -- Pod Disruption Budget maxUnavailable
2724 maxUnavailable: null
2725 # -- Node selector for ruler pods
2726 nodeSelector: {}
2727 # -- Tolerations for ruler pods
2728 tolerations: []
2729 # -- DNSConfig for ruler pods
2730 dnsConfig: {}
2731 persistence:
2732 # -- Enable creating PVCs which is required when using recording rules
2733 enabled: false
2734 # -- Size of persistent disk
2735 size: 10Gi
2736 # -- Storage class to be used.
2737 # If defined, storageClassName: <storageClass>.
2738 # If set to "-", storageClassName: "", which disables dynamic provisioning.
2739 # If empty or set to null, no storageClassName spec is
2740 # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
2741 storageClass: null
2742 # -- Annotations for ruler PVCs
2743 annotations: {}
2744 # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"
2745 appProtocol:
2746 grpc: ""
2747 # -- Directories containing rules files
2748 directories: {}
2749 # tenant_foo:
2750 # rules1.txt: |
2751 # groups:
2752 # - name: should_fire
2753 # rules:
2754 # - alert: HighPercentageError
2755 # expr: |
2756 # sum(rate({app="foo", env="production"} |= "error" [5m])) by (job)
2757 # /
2758 # sum(rate({app="foo", env="production"}[5m])) by (job)
2759 # > 0.05
2760 # for: 10m
2761 # labels:
2762 # severity: warning
2763 # annotations:
2764 # summary: High error rate
2765 # - name: credentials_leak
2766 # rules:
2767 # - alert: http-credentials-leaked
2768 # annotations:
2769 # message: "{{ $labels.job }} is leaking http basic auth credentials."
2770 # expr: 'sum by (cluster, job, pod) (count_over_time({namespace="prod"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)'
2771 # for: 10m
2772 # labels:
2773 # severity: critical
2774 # rules2.txt: |
2775 # groups:
2776 # - name: example
2777 # rules:
2778 # - alert: HighThroughputLogStreams
2779 # expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000
2780 # for: 2m
2781 # tenant_bar:
2782 # rules1.txt: |
2783 # groups:
2784 # - name: should_fire
2785 # rules:
2786 # - alert: HighPercentageError
2787 # expr: |
2788 # sum(rate({app="foo", env="production"} |= "error" [5m])) by (job)
2789 # /
2790 # sum(rate({app="foo", env="production"}[5m])) by (job)
2791 # > 0.05
2792 # for: 10m
2793 # labels:
2794 # severity: warning
2795 # annotations:
2796 # summary: High error rate
2797 # - name: credentials_leak
2798 # rules:
2799 # - alert: http-credentials-leaked
2800 # annotations:
2801 # message: "{{ $labels.job }} is leaking http basic auth credentials."
2802 # expr: 'sum by (cluster, job, pod) (count_over_time({namespace="prod"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)'
2803 # for: 10m
2804 # labels:
2805 # severity: critical
2806 # rules2.txt: |
2807 # groups:
2808 # - name: example
2809 # rules:
2810 # - alert: HighThroughputLogStreams
2811 # expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000
2812 # for: 2m
2813memcached:
2814 image:
2815 # -- Memcached Docker image repository
2816 repository: memcached
2817 # -- Memcached Docker image tag
2818 tag: 1.6.23-alpine
2819 # -- Memcached Docker image pull policy
2820 pullPolicy: IfNotPresent
2821 # -- The SecurityContext override for memcached pods
2822 podSecurityContext: {}
2823 # -- The name of the PriorityClass for memcached pods
2824 priorityClassName: null
2825 # -- The SecurityContext for memcached containers
2826 containerSecurityContext:
2827 readOnlyRootFilesystem: true
2828 capabilities:
2829 drop: [ALL]
2830 allowPrivilegeEscalation: false
2831memcachedExporter:
2832 # -- Whether memcached metrics should be exported
2833 enabled: true
2834 image:
2835 repository: prom/memcached-exporter
2836 tag: v0.14.2
2837 pullPolicy: IfNotPresent
2838 resources:
2839 requests: {}
2840 limits: {}
2841 # -- The SecurityContext for memcached exporter containers
2842 containerSecurityContext:
2843 readOnlyRootFilesystem: true
2844 capabilities:
2845 drop: [ALL]
2846 allowPrivilegeEscalation: false
2847 # -- Extra args to add to the exporter container.
2848 # Example:
2849 # extraArgs:
2850 # memcached.tls.enable: true
2851 # memcached.tls.cert-file: /certs/cert.crt
2852 # memcached.tls.key-file: /certs/cert.key
2853 # memcached.tls.ca-file: /certs/ca.crt
2854 # memcached.tls.insecure-skip-verify: false
2855 # memcached.tls.server-name: memcached
2856 extraArgs: {}
2857resultsCache:
2858 # -- Specifies whether memcached based results-cache should be enabled
2859 enabled: true
2860 # -- Specify how long cached results should be stored in the results-cache before being expired
2861 defaultValidity: 12h
2862 # -- Memcached operation timeout
2863 timeout: 500ms
2864 # -- Total number of results-cache replicas
2865 replicas: 1
2866 # -- Port of the results-cache service
2867 port: 11211
2868 # -- Amount of memory allocated to results-cache for object storage (in MB).
2869 allocatedMemory: 1024
2870 # -- Maximum item results-cache for memcached (in MB).
2871 maxItemMemory: 5
2872 # -- Maximum number of connections allowed
2873 connectionLimit: 16384
2874 # -- Max memory to use for cache write back
2875 writebackSizeLimit: 500MB
2876 # -- Max number of objects to use for cache write back
2877 writebackBuffer: 500000
2878 # -- Number of parallel threads for cache write back
2879 writebackParallelism: 1
2880 # -- Extra init containers for results-cache pods
2881 initContainers: []
2882 # -- Annotations for the results-cache pods
2883 annotations: {}
2884 # -- Node selector for results-cache pods
2885 nodeSelector: {}
2886 # -- Affinity for results-cache pods
2887 affinity: {}
2888 # -- topologySpreadConstraints allows to customize the default topologySpreadConstraints. This can be either a single dict as shown below or a slice of topologySpreadConstraints.
2889 # labelSelector is taken from the constraint itself (if it exists) or is generated by the chart using the same selectors as for services.
2890 topologySpreadConstraints: []
2891 # maxSkew: 1
2892 # topologyKey: kubernetes.io/hostname
2893 # whenUnsatisfiable: ScheduleAnyway
2894 # -- Tolerations for results-cache pods
2895 tolerations: []
2896 # -- Pod Disruption Budget
2897 podDisruptionBudget:
2898 maxUnavailable: 1
2899 # -- The name of the PriorityClass for results-cache pods
2900 priorityClassName: null
2901 # -- Labels for results-cache pods
2902 podLabels: {}
2903 # -- Annotations for results-cache pods
2904 podAnnotations: {}
2905 # -- Management policy for results-cache pods
2906 podManagementPolicy: Parallel
2907 # -- Grace period to allow the results-cache to shutdown before it is killed
2908 terminationGracePeriodSeconds: 60
2909 # -- Stateful results-cache strategy
2910 statefulStrategy:
2911 type: RollingUpdate
2912 # -- Add extended options for results-cache memcached container. The format is the same as for the memcached -o/--extend flag.
2913 # Example:
2914 # extraExtendedOptions: 'tls,modern,track_sizes'
2915 extraExtendedOptions: ""
2916 # -- Additional CLI args for results-cache
2917 extraArgs: {}
2918 # -- Additional containers to be added to the results-cache pod.
2919 extraContainers: []
2920 # -- Additional volumes to be added to the results-cache pod (applies to both memcached and exporter containers).
2921 # Example:
2922 # extraVolumes:
2923 # - name: extra-volume
2924 # secret:
2925 # secretName: extra-volume-secret
2926 extraVolumes: []
2927 # -- Additional volume mounts to be added to the results-cache pod (applies to both memcached and exporter containers).
2928 # Example:
2929 # extraVolumeMounts:
2930 # - name: extra-volume
2931 # mountPath: /etc/extra-volume
2932 # readOnly: true
2933 extraVolumeMounts: []
2934 # -- Resource requests and limits for the results-cache
2935 # By default a safe memory limit will be requested based on allocatedMemory value (floor (* 1.2 allocatedMemory)).
2936 resources: null
2937 # -- Service annotations and labels
2938 service:
2939 annotations: {}
2940 labels: {}
2941chunksCache:
2942 # -- Specifies whether memcached based chunks-cache should be enabled
2943 enabled: true
2944 # -- Batchsize for sending and receiving chunks from chunks cache
2945 batchSize: 4
2946 # -- Parallel threads for sending and receiving chunks from chunks cache
2947 parallelism: 5
2948 # -- Memcached operation timeout
2949 timeout: 2000ms
2950 # -- Specify how long cached chunks should be stored in the chunks-cache before being expired
2951 defaultValidity: 0s
2952 # -- Total number of chunks-cache replicas
2953 replicas: 1
2954 # -- Port of the chunks-cache service
2955 port: 11211
2956 # -- Amount of memory allocated to chunks-cache for object storage (in MB).
2957 allocatedMemory: 8192
2958 # -- Maximum item memory for chunks-cache (in MB).
2959 maxItemMemory: 5
2960 # -- Maximum number of connections allowed
2961 connectionLimit: 16384
2962 # -- Max memory to use for cache write back
2963 writebackSizeLimit: 500MB
2964 # -- Max number of objects to use for cache write back
2965 writebackBuffer: 500000
2966 # -- Number of parallel threads for cache write back
2967 writebackParallelism: 1
2968 # -- Extra init containers for chunks-cache pods
2969 initContainers: []
2970 # -- Annotations for the chunks-cache pods
2971 annotations: {}
2972 # -- Node selector for chunks-cache pods
2973 nodeSelector: {}
2974 # -- Affinity for chunks-cache pods
2975 affinity: {}
2976 # -- topologySpreadConstraints allows to customize the default topologySpreadConstraints. This can be either a single dict as shown below or a slice of topologySpreadConstraints.
2977 # labelSelector is taken from the constraint itself (if it exists) or is generated by the chart using the same selectors as for services.
2978 topologySpreadConstraints: []
2979 # maxSkew: 1
2980 # topologyKey: kubernetes.io/hostname
2981 # whenUnsatisfiable: ScheduleAnyway
2982 # -- Tolerations for chunks-cache pods
2983 tolerations: []
2984 # -- Pod Disruption Budget
2985 podDisruptionBudget:
2986 maxUnavailable: 1
2987 # -- The name of the PriorityClass for chunks-cache pods
2988 priorityClassName: null
2989 # -- Labels for chunks-cache pods
2990 podLabels: {}
2991 # -- Annotations for chunks-cache pods
2992 podAnnotations: {}
2993 # -- Management policy for chunks-cache pods
2994 podManagementPolicy: Parallel
2995 # -- Grace period to allow the chunks-cache to shutdown before it is killed
2996 terminationGracePeriodSeconds: 60
2997 # -- Stateful chunks-cache strategy
2998 statefulStrategy:
2999 type: RollingUpdate
3000 # -- Add extended options for chunks-cache memcached container. The format is the same as for the memcached -o/--extend flag.
3001 # Example:
3002 # extraExtendedOptions: 'tls,no_hashexpand'
3003 extraExtendedOptions: ""
3004 # -- Additional CLI args for chunks-cache
3005 extraArgs: {}
3006 # -- Additional containers to be added to the chunks-cache pod.
3007 extraContainers: []
3008 # -- Additional volumes to be added to the chunks-cache pod (applies to both memcached and exporter containers).
3009 # Example:
3010 # extraVolumes:
3011 # - name: extra-volume
3012 # secret:
3013 # secretName: extra-volume-secret
3014 extraVolumes: []
3015 # -- Additional volume mounts to be added to the chunks-cache pod (applies to both memcached and exporter containers).
3016 # Example:
3017 # extraVolumeMounts:
3018 # - name: extra-volume
3019 # mountPath: /etc/extra-volume
3020 # readOnly: true
3021 extraVolumeMounts: []
3022 # -- Resource requests and limits for the chunks-cache
3023 # By default a safe memory limit will be requested based on allocatedMemory value (floor (* 1.2 allocatedMemory)).
3024 resources: null
3025 # -- Service annotations and labels
3026 service:
3027 annotations: {}
3028 labels: {}
3029######################################################################################################################
3030#
3031# Subchart configurations
3032#
3033######################################################################################################################
3034# -- Setting for the Grafana Rollout Operator https://github.com/grafana/helm-charts/tree/main/charts/rollout-operator
3035rollout_operator:
3036 enabled: false
3037 # -- podSecurityContext is the pod security context for the rollout operator.
3038 # When installing on OpenShift, override podSecurityContext settings with
3039 #
3040 # rollout_operator:
3041 # podSecurityContext:
3042 # fsGroup: null
3043 # runAsGroup: null
3044 # runAsUser: null
3045 podSecurityContext:
3046 fsGroup: 10001
3047 runAsGroup: 10001
3048 runAsNonRoot: true
3049 runAsUser: 10001
3050 seccompProfile:
3051 type: RuntimeDefault
3052 # Set the container security context
3053 securityContext:
3054 readOnlyRootFilesystem: true
3055 capabilities:
3056 drop: [ALL]
3057 allowPrivilegeEscalation: false
3058# -- Configuration for the minio subchart
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +00003059minio:
3060 enabled: false
3061 replicas: 1
3062 # Minio requires 2 to 16 drives for erasure code (drivesPerNode * replicas)
3063 # https://docs.min.io/docs/minio-erasure-code-quickstart-guide
3064 # Since we only have 1 replica, that means 2 drives must be used.
3065 drivesPerNode: 2
3066 rootUser: enterprise-logs
3067 rootPassword: supersecret
3068 buckets:
3069 - name: chunks
3070 policy: none
3071 purge: false
3072 - name: ruler
3073 policy: none
3074 purge: false
3075 - name: admin
3076 policy: none
3077 purge: false
3078 persistence:
3079 size: 5Gi
3080 resources:
3081 requests:
3082 cpu: 100m
3083 memory: 128Mi
Mohammed Naser65cda132024-05-02 14:34:08 -04003084 # Allow the address used by Loki to refer to Minio to be overridden
3085 address: null
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +00003086# Create extra manifests via values. Would be passed through `tpl` for templating
3087extraObjects: []
3088# - apiVersion: v1
3089# kind: ConfigMap
3090# metadata:
3091# name: loki-alerting-rules
3092# data:
3093# loki-alerting-rules.yaml: |-
3094# groups:
3095# - name: example
3096# rules:
3097# - alert: example
3098# expr: |
3099# sum(count_over_time({app="loki"} |~ "error")) > 0
3100# for: 3m
3101# labels:
3102# severity: warning
3103# category: logs
3104# annotations:
3105# message: "loki has encountered errors"
Giovanni Tirloni59219b62024-04-09 14:50:25 -03003106
3107sidecar:
3108 image:
3109 # -- The Docker registry and image for the k8s sidecar
3110 repository: kiwigrid/k8s-sidecar
3111 # -- Docker image tag
3112 tag: 1.24.3
3113 # -- Docker image sha. If empty, no sha will be used
3114 sha: ""
3115 # -- Docker image pull policy
3116 pullPolicy: IfNotPresent
3117 # -- Resource requests and limits for the sidecar
3118 resources: {}
3119 # limits:
3120 # cpu: 100m
3121 # memory: 100Mi
3122 # requests:
3123 # cpu: 50m
3124 # memory: 50Mi
3125 # -- The SecurityContext for the sidecar.
3126 securityContext: {}
3127 # -- Set to true to skip tls verification for kube api calls.
3128 skipTlsVerify: false
3129 # -- Ensure that rule files aren't conflicting and being overwritten by prefixing their name with the namespace they are defined in.
3130 enableUniqueFilenames: false
3131 # -- Readiness probe definition. Probe is disabled on the sidecar by default.
3132 readinessProbe: {}
3133 # -- Liveness probe definition. Probe is disabled on the sidecar by default.
3134 livenessProbe: {}
3135 rules:
3136 # -- Whether or not to create a sidecar to ingest rule from specific ConfigMaps and/or Secrets.
3137 enabled: true
3138 # -- Label that the configmaps/secrets with rules will be marked with.
3139 label: loki_rule
3140 # -- Label value that the configmaps/secrets with rules will be set to.
3141 labelValue: ""
3142 # -- Folder into which the rules will be placed.
3143 folder: /rules
3144 # -- Comma separated list of namespaces. If specified, the sidecar will search for config-maps/secrets inside these namespaces.
3145 # Otherwise the namespace in which the sidecar is running will be used.
3146 # It's also possible to specify 'ALL' to search in all namespaces.
3147 searchNamespace: null
3148 # -- Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH request, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
3149 watchMethod: WATCH
3150 # -- Search in configmap, secret, or both.
3151 resource: both
3152 # -- Absolute path to the shell script to execute after a configmap or secret has been reloaded.
3153 script: null
3154 # -- WatchServerTimeout: request to the server, asking it to cleanly close the connection after that.
3155 # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S.
3156 watchServerTimeout: 60
3157 #
3158 # -- WatchClientTimeout: is a client-side timeout, configuring your local socket.
3159 # If you have a network outage dropping all packets with no RST/FIN,
3160 # this is how long your client waits before realizing & dropping the connection.
3161 # Defaults to 66sec.
3162 watchClientTimeout: 60
3163 # -- Log level of the sidecar container.
3164 logLevel: INFO
Mohammed Naser65cda132024-05-02 14:34:08 -04003165############################################## WARNING ###############################################################
3166#
3167# DEPRECATED VALUES
3168#
3169# The following values are deprecated and will be removed in a future version of the helm chart!
3170#
3171############################################## WARNING ##############################################################
3172
3173# -- DEPRECATED Monitoring section determines which monitoring features to enable, this section is being replaced
3174# by https://github.com/grafana/meta-monitoring-chart
3175monitoring:
3176 # Dashboards for monitoring Loki
3177 dashboards:
3178 # -- If enabled, create configmap with dashboards for monitoring Loki
3179 enabled: false
3180 # -- Alternative namespace to create dashboards ConfigMap in
3181 namespace: null
3182 # -- Additional annotations for the dashboards ConfigMap
3183 annotations: {}
3184 # -- Labels for the dashboards ConfigMap
3185 labels:
3186 grafana_dashboard: "1"
3187 # Recording rules for monitoring Loki, required for some dashboards
3188 rules:
3189 # -- If enabled, create PrometheusRule resource with Loki recording rules
3190 enabled: false
3191 # -- Include alerting rules
3192 alerting: true
3193 # -- Specify which individual alerts should be disabled
3194 # -- Instead of turning off each alert one by one, set the .monitoring.rules.alerting value to false instead.
3195 # -- If you disable all the alerts and keep .monitoring.rules.alerting set to true, the chart will fail to render.
3196 disabled: {}
3197 # LokiRequestErrors: true
3198 # LokiRequestPanics: true
3199 # -- Alternative namespace to create PrometheusRule resources in
3200 namespace: null
3201 # -- Additional annotations for the rules PrometheusRule resource
3202 annotations: {}
3203 # -- Additional labels for the rules PrometheusRule resource
3204 labels: {}
3205 # -- Additional labels for PrometheusRule alerts
3206 additionalRuleLabels: {}
3207 # -- Additional groups to add to the rules file
3208 additionalGroups: []
3209 # - name: additional-loki-rules
3210 # rules:
3211 # - record: job:loki_request_duration_seconds_bucket:sum_rate
3212 # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job)
3213 # - record: job_route:loki_request_duration_seconds_bucket:sum_rate
3214 # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route)
3215 # - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate
3216 # expr: sum(rate(container_cpu_usage_seconds_total[1m])) by (node, namespace, pod, container)
3217 # ServiceMonitor configuration
3218 serviceMonitor:
3219 # -- If enabled, ServiceMonitor resources for Prometheus Operator are created
3220 enabled: false
3221 # -- Namespace selector for ServiceMonitor resources
3222 namespaceSelector: {}
3223 # -- ServiceMonitor annotations
3224 annotations: {}
3225 # -- Additional ServiceMonitor labels
3226 labels: {}
3227 # -- ServiceMonitor scrape interval
3228 # Default is 15s because included recording rules use a 1m rate, and scrape interval needs to be at
3229 # least 1/4 rate interval.
3230 interval: 15s
3231 # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s)
3232 scrapeTimeout: null
3233 # -- ServiceMonitor relabel configs to apply to samples before scraping
3234 # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
3235 relabelings: []
3236 # -- ServiceMonitor metric relabel configs to apply to samples before ingestion
3237 # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
3238 metricRelabelings: []
3239 # -- ServiceMonitor will use http by default, but you can pick https as well
3240 scheme: http
3241 # -- ServiceMonitor will use these tlsConfig settings to make the health check requests
3242 tlsConfig: null
3243 # -- If defined, will create a MetricsInstance for the Grafana Agent Operator.
3244 metricsInstance:
3245 # -- If enabled, MetricsInstance resources for Grafana Agent Operator are created
3246 enabled: true
3247 # -- MetricsInstance annotations
3248 annotations: {}
3249 # -- Additional MetricsInstance labels
3250 labels: {}
3251 # -- If defined a MetricsInstance will be created to remote write metrics.
3252 remoteWrite: null
3253 # Self monitoring determines whether Loki should scrape its own logs.
3254 # This feature currently relies on the Grafana Agent Operator being installed,
3255 # which is installed by default using the grafana-agent-operator sub-chart.
3256 # It will create custom resources for GrafanaAgent, LogsInstance, and PodLogs to configure
3257 # scrape configs to scrape its own logs with the labels expected by the included dashboards.
3258 selfMonitoring:
3259 enabled: false
3260 # -- Tenant to use for self monitoring
3261 tenant:
3262 # -- Name of the tenant
3263 name: "self-monitoring"
3264 # -- Password of the gateway for Basic auth
3265 password: null
3266 # -- Namespace to create additional tenant token secret in. Useful if your Grafana instance
3267 # is in a separate namespace. Token will still be created in the canary namespace.
3268 secretNamespace: "{{ .Release.Namespace }}"
3269 # Grafana Agent configuration
3270 grafanaAgent:
3271 # -- Controls whether to install the Grafana Agent Operator and its CRDs.
3272 # Note that helm will not install CRDs if this flag is enabled during an upgrade.
3273 # In that case install the CRDs manually from https://github.com/grafana/agent/tree/main/production/operator/crds
3274 installOperator: false
3275 # -- Grafana Agent annotations
3276 annotations: {}
3277 # -- Additional Grafana Agent labels
3278 labels: {}
3279 # -- Enable the config read api on port 8080 of the agent
3280 enableConfigReadAPI: false
3281 # -- The name of the PriorityClass for GrafanaAgent pods
3282 priorityClassName: null
3283 # -- Resource requests and limits for the grafanaAgent pods
3284 resources: {}
3285 # limits:
3286 # memory: 200Mi
3287 # requests:
3288 # cpu: 50m
3289 # memory: 100Mi
3290 # -- Tolerations for GrafanaAgent pods
3291 tolerations: []
3292 # PodLogs configuration
3293 podLogs:
3294 # -- PodLogs version
3295 apiVersion: monitoring.grafana.com/v1alpha1
3296 # -- PodLogs annotations
3297 annotations: {}
3298 # -- Additional PodLogs labels
3299 labels: {}
3300 # -- PodLogs relabel configs to apply to samples before scraping
3301 # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
3302 relabelings: []
3303 # -- Additional pipeline stages to process logs after scraping
3304 # https://grafana.com/docs/agent/latest/operator/api/#pipelinestagespec-a-namemonitoringgrafanacomv1alpha1pipelinestagespeca
3305 additionalPipelineStages: []
3306 # LogsInstance configuration
3307 logsInstance:
3308 # -- LogsInstance annotations
3309 annotations: {}
3310 # -- Additional LogsInstance labels
3311 labels: {}
3312 # -- Additional clients for remote write
3313 clients: null
3314# -- DEPRECATED Configuration for the table-manager. The table-manager is only necessary when using a deprecated
3315# index type such as Cassandra, Bigtable, or DynamoDB, it has not been necessary since loki introduced self-
3316# contained index types like 'boltdb-shipper' and 'tsdb'. This will be removed in a future helm chart.
3317tableManager:
3318 # -- Specifies whether the table-manager should be enabled
3319 enabled: false
3320 image:
3321 # -- The Docker registry for the table-manager image. Overrides `loki.image.registry`
3322 registry: null
3323 # -- Docker image repository for the table-manager image. Overrides `loki.image.repository`
3324 repository: null
3325 # -- Docker image tag for the table-manager image. Overrides `loki.image.tag`
3326 tag: null
3327 # -- Command to execute instead of defined in Docker image
3328 command: null
3329 # -- The name of the PriorityClass for table-manager pods
3330 priorityClassName: null
3331 # -- Labels for table-manager pods
3332 podLabels: {}
3333 # -- Annotations for table-manager deployment
3334 annotations: {}
3335 # -- Annotations for table-manager pods
3336 podAnnotations: {}
3337 service:
3338 # -- Annotations for table-manager Service
3339 annotations: {}
3340 # -- Additional labels for table-manager Service
3341 labels: {}
3342 # -- Additional CLI args for the table-manager
3343 extraArgs: []
3344 # -- Environment variables to add to the table-manager pods
3345 extraEnv: []
3346 # -- Environment variables from secrets or configmaps to add to the table-manager pods
3347 extraEnvFrom: []
3348 # -- Volume mounts to add to the table-manager pods
3349 extraVolumeMounts: []
3350 # -- Volumes to add to the table-manager pods
3351 extraVolumes: []
3352 # -- Resource requests and limits for the table-manager
3353 resources: {}
3354 # -- Containers to add to the table-manager pods
3355 extraContainers: []
3356 # -- Grace period to allow the table-manager to shutdown before it is killed
3357 terminationGracePeriodSeconds: 30
3358 # -- Affinity for table-manager pods.
3359 # @default -- Hard node and anti-affinity
3360 affinity:
3361 podAntiAffinity:
3362 requiredDuringSchedulingIgnoredDuringExecution:
3363 - labelSelector:
3364 matchLabels:
3365 app.kubernetes.io/component: table-manager
3366 topologyKey: kubernetes.io/hostname
3367 # -- DNS config table-manager pods
3368 dnsConfig: {}
3369 # -- Node selector for table-manager pods
3370 nodeSelector: {}
3371 # -- Tolerations for table-manager pods
3372 tolerations: []
3373 # -- Enable deletes by retention
3374 retention_deletes_enabled: false
3375 # -- Set retention period
3376 retention_period: 0