global: image: # -- Overrides the Docker registry globally for all images registry: null # -- Overrides the priorityClassName for all pods priorityClassName: null # -- configures cluster domain ("cluster.local" by default) clusterDomain: "cluster.local" # -- configures DNS service name dnsService: "kube-dns" # -- configures DNS service namespace dnsNamespace: "kube-system" # -- Overrides the chart's name nameOverride: null # -- Overrides the chart's computed fullname fullnameOverride: null # -- Overrides the chart's cluster label clusterLabelOverride: null # -- Image pull secrets for Docker images imagePullSecrets: [] kubectlImage: # -- The Docker registry registry: docker.io # -- Docker image repository repository: bitnami/kubectl # -- Overrides the image tag whose default is the chart's appVersion tag: null # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent loki: # Configures the readiness probe for all of the Loki pods readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 image: # -- The Docker registry registry: docker.io # -- Docker image repository repository: grafana/loki # -- Overrides the image tag whose default is the chart's appVersion # TODO: needed for 3rd target backend functionality # revert to null or latest once this behavior is relased tag: null # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent # -- Common annotations for all deployments/StatefulSets annotations: {} # -- Common annotations for all pods podAnnotations: {} # -- Common labels for all pods podLabels: {} # -- The number of old ReplicaSets to retain to allow rollback revisionHistoryLimit: 10 # -- The SecurityContext for Loki pods podSecurityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 # -- The SecurityContext for Loki containers containerSecurityContext: readOnlyRootFilesystem: true capabilities: drop: - ALL allowPrivilegeEscalation: false # -- Should enableServiceLinks be enabled. Default to enable enableServiceLinks: true # -- Specify an existing secret containing loki configuration. If non-empty, overrides `loki.config` existingSecretForConfig: "" # -- Defines what kind of object stores the configuration, a ConfigMap or a Secret. # In order to move sensitive information (such as credentials) from the ConfigMap/Secret to a more secure location (e.g. vault), it is possible to use [environment variables in the configuration](https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration). # Such environment variables can be then stored in a separate Secret and injected via the global.extraEnvFrom value. For details about environment injection from a Secret please see [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables). configStorageType: ConfigMap # -- Name of the Secret or ConfigMap that contains the configuration (used for naming even if config is internal). externalConfigSecretName: '{{ include "loki.name" . }}' # -- Config file contents for Loki # @default -- See values.yaml config: | {{- if .Values.enterprise.enabled}} {{- tpl .Values.enterprise.config . }} {{- else }} auth_enabled: {{ .Values.loki.auth_enabled }} {{- end }} {{- with .Values.loki.server }} server: {{- toYaml . | nindent 2}} {{- end}} memberlist: {{- if .Values.loki.extraMemberlistConfig}} {{- toYaml .Values.loki.extraMemberlistConfig | nindent 2}} {{- end }} join_members: - {{ include "loki.memberlist" . }} {{- with .Values.migrate.fromDistributed }} {{- if .enabled }} - {{ .memberlistService }} {{- end }} {{- end }} {{- with .Values.loki.ingester }} ingester: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- if .Values.loki.commonConfig}} common: {{- toYaml .Values.loki.commonConfig | nindent 2}} storage: {{- include "loki.commonStorageConfig" . | nindent 4}} {{- end}} {{- with .Values.loki.limits_config }} limits_config: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} runtime_config: file: /etc/loki/runtime-config/runtime-config.yaml {{- with .Values.loki.memcached.chunk_cache }} {{- if and .enabled (or .host .addresses) }} chunk_store_config: chunk_cache_config: memcached: batch_size: {{ .batch_size }} parallelism: {{ .parallelism }} memcached_client: {{- if .host }} host: {{ .host }} {{- end }} {{- if .addresses }} addresses: {{ .addresses }} {{- end }} service: {{ .service }} {{- end }} {{- end }} {{- if .Values.loki.schemaConfig}} schema_config: {{- toYaml .Values.loki.schemaConfig | nindent 2}} {{- else }} schema_config: configs: - from: 2022-01-11 store: boltdb-shipper object_store: {{ .Values.loki.storage.type }} schema: v12 index: prefix: loki_index_ period: 24h {{- end }} {{ include "loki.rulerConfig" . }} table_manager: retention_deletes_enabled: {{ .Values.tableManager.retention_deletes_enabled }} retention_period: {{ .Values.tableManager.retention_period }} {{- with .Values.loki.memcached.results_cache }} query_range: align_queries_with_step: true {{- if and .enabled (or .host .addresses) }} cache_results: {{ .enabled }} results_cache: cache: default_validity: {{ .default_validity }} memcached_client: {{- if .host }} host: {{ .host }} {{- end }} {{- if .addresses }} addresses: {{ .addresses }} {{- end }} service: {{ .service }} timeout: {{ .timeout }} {{- end }} {{- end }} {{- with .Values.loki.storage_config }} storage_config: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.query_scheduler }} query_scheduler: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.compactor }} compactor: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.analytics }} analytics: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.querier }} querier: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.index_gateway }} index_gateway: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.frontend }} frontend: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.frontend_worker }} frontend_worker: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} # Should authentication be enabled auth_enabled: false # Extra memberlist configuration extraMemberlistConfig: {} # -- Tenants list to be created on nginx htpasswd file, with name and password keys tenants: [] # -- Check https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration. server: http_listen_port: 3100 grpc_listen_port: 9095 # -- Limits config limits_config: enforce_metric_name: false reject_old_samples: true reject_old_samples_max_age: 168h retention_period: 336h retention_stream: - selector: '{namespace="ingress-nginx"}' priority: 1 period: 24h - selector: '{app="abios-sync"}' priority: 1 period: 24h - selector: '{app="ingress-nginx"}' priority: 1 period: 24h - selector: '{app="matches"}' priority: 1 period: 24h - selector: '{app="socket-server"}' priority: 1 period: 24h # -- Provides a reloadable runtime configuration file for some specific configuration runtimeConfig: {} # -- Check https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration commonConfig: path_prefix: /var/loki replication_factor: 1 compactor_address: '{{ include "loki.compactorAddress" . }}' # -- Storage config. Providing this will automatically populate all necessary storage configs in the templated config. storage: bucketNames: chunks: chunks ruler: ruler admin: admin type: filesystem s3: s3: null endpoint: null region: null secretAccessKey: null accessKeyId: null signatureVersion: null s3ForcePathStyle: false insecure: false http_config: {} gcs: chunkBufferSize: 0 requestTimeout: "0s" enableHttp2: true azure: accountName: null accountKey: null useManagedIdentity: false useFederatedToken: false userAssignedId: null requestTimeout: null filesystem: chunks_directory: /var/loki/chunks rules_directory: /var/loki/rules boltdb_shipper: active_index_directory: /var/loki/boltdb-shipper-active cache_location: /var/loki/boltdb-shipper-cache cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space shared_store: filesystem # -- Configure memcached as an external cache for chunk and results cache. Disabled by default # must enable and specify a host for each cache you would like to use. memcached: chunk_cache: enabled: false host: "" service: "memcached-client" batch_size: 256 parallelism: 10 results_cache: enabled: false host: "" service: "memcached-client" timeout: "500ms" default_validity: "12h" # -- Check https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas schemaConfig: configs: - from: 2020-10-24 store: boltdb-shipper object_store: filesystem schema: v11 index: prefix: index_ period: 24h - from: 2023-06-13 store: boltdb-shipper object_store: filesystem schema: v12 index: prefix: index_ period: 24h # -- Check https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler rulerConfig: {} # -- Structured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig` structuredConfig: {} # -- Additional query scheduler config query_scheduler: {} # -- Additional storage config storage_config: hedging: at: "250ms" max_per_second: 20 up_to: 3 # -- Optional compactor configuration compactor: working_directory: /var/loki/boltdb-shipper-compactor shared_store: filesystem retention_enabled: true # -- Optional analytics configuration analytics: {} # -- Optional querier configuration querier: {} # -- Optional ingester configuration ingester: chunk_idle_period: 3m chunk_block_size: 262144 chunk_retain_period: 1m max_transfer_retries: 0 wal: dir: /var/loki/wal lifecycler: ring: kvstore: store: inmemory replication_factor: 1 # -- Optional index gateway configuration index_gateway: mode: ring frontend: scheduler_address: '{{ include "loki.querySchedulerAddress" . }}' frontend_worker: scheduler_address: '{{ include "loki.querySchedulerAddress" . }}' enterprise: # Enable enterprise features, license must be provided enabled: false # Default verion of GEL to deploy version: v1.7.2 # -- Optional name of the GEL cluster, otherwise will use .Release.Name # The cluster name must match what is in your GEL license cluster_name: null # -- Grafana Enterprise Logs license # In order to use Grafana Enterprise Logs features, you will need to provide # the contents of your Grafana Enterprise Logs license, either by providing the # contents of the license.jwt, or the name Kubernetes Secret that contains your # license.jwt. # To set the license contents, use the flag `--set-file 'enterprise.license.contents=./license.jwt'` license: contents: "NOTAVALIDLICENSE" # -- Set to true when providing an external license useExternalLicense: false # -- Name of external license secret to use externalLicenseName: null # -- Name of the external config secret to use externalConfigName: "" # -- If enabled, the correct admin_client storage will be configured. If disabled while running enterprise, # make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`. adminApi: enabled: true # enterprise specific sections of the config.yaml file config: | {{- if .Values.enterprise.adminApi.enabled }} {{- if or .Values.minio.enabled (eq .Values.loki.storage.type "s3") (eq .Values.loki.storage.type "gcs") (eq .Values.loki.storage.type "azure") }} admin_client: storage: s3: bucket_name: {{ .Values.loki.storage.bucketNames.admin }} {{- end }} {{- end }} auth: type: {{ .Values.enterprise.adminApi.enabled | ternary "enterprise" "trust" }} auth_enabled: {{ .Values.loki.auth_enabled }} cluster_name: {{ include "loki.clusterName" . }} license: path: /etc/loki/license/license.jwt image: # -- The Docker registry registry: docker.io # -- Docker image repository repository: grafana/enterprise-logs # -- Docker image tag tag: null # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent adminToken: # -- Alternative name for admin token secret, needed by tokengen and provisioner jobs secret: null # -- Additional namespace to also create the token in. Useful if your Grafana instance # is in a different namespace additionalNamespaces: [] # -- Alternative name of the secret to store token for the canary canarySecret: null # -- Configuration for `tokengen` target tokengen: # -- Whether the job should be part of the deployment enabled: true # -- Comma-separated list of Loki modules to load for tokengen targetModule: "tokengen" # -- Additional CLI arguments for the `tokengen` target extraArgs: [] # -- Additional Kubernetes environment env: [] # -- Additional labels for the `tokengen` Job labels: {} # -- Additional annotations for the `tokengen` Job annotations: {} # -- Tolerations for tokengen Job tolerations: [] # -- Additional volumes for Pods extraVolumes: [] # -- Additional volume mounts for Pods extraVolumeMounts: [] # -- Run containers as user `enterprise-logs(uid=10001)` securityContext: runAsNonRoot: true runAsGroup: 10001 runAsUser: 10001 fsGroup: 10001 # -- Environment variables from secrets or configmaps to add to the tokengen pods extraEnvFrom: [] # -- The name of the PriorityClass for tokengen Pods priorityClassName: "" # -- Configuration for `provisioner` target provisioner: # -- Whether the job should be part of the deployment enabled: true # -- Name of the secret to store provisioned tokens in provisionedSecretPrefix: null # -- Additional tenants to be created. Each tenant will get a read and write policy # and associated token. Tenant must have a name and a namespace for the secret containting # the token to be created in. For example # additionalTenants: # - name: loki # secretNamespace: grafana additionalTenants: [] # -- Additional Kubernetes environment env: [] # -- Additional labels for the `provisioner` Job labels: {} # -- Additional annotations for the `provisioner` Job annotations: {} # -- The name of the PriorityClass for provisioner Job priorityClassName: null # -- Run containers as user `enterprise-logs(uid=10001)` securityContext: runAsNonRoot: true runAsGroup: 10001 runAsUser: 10001 fsGroup: 10001 # -- Provisioner image to Utilize image: # -- The Docker registry registry: docker.io # -- Docker image repository repository: grafana/enterprise-logs-provisioner # -- Overrides the image tag whose default is the chart's appVersion tag: null # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent # -- Volume mounts to add to the provisioner pods extraVolumeMounts: [] # -- Options that may be necessary when performing a migration from another helm chart migrate: # -- When migrating from a distributed chart like loki-distributed or enterprise-logs fromDistributed: # -- Set to true if migrating from a distributed helm chart enabled: false # -- If migrating from a distributed service, provide the distributed deployment's # memberlist service DNS so the new deployment can join its ring. memberlistService: "" serviceAccount: # -- Specifies whether a ServiceAccount should be created create: true # -- The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: null # -- Image pull secrets for the service account imagePullSecrets: [] # -- Annotations for the service account annotations: {} # -- Labels for the service account labels: {} # -- Set this toggle to false to opt out of automounting API credentials for the service account automountServiceAccountToken: true # RBAC configuration rbac: # -- If pspEnabled true, a PodSecurityPolicy is created for K8s that use psp. pspEnabled: false # -- For OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints. sccEnabled: false # -- Section for configuring optional Helm test test: enabled: false # -- Address of the prometheus server to query for the test prometheusAddress: "http://prometheus:9090" # -- Number of times to retry the test before failing timeout: 1m # -- Additional labels for the test pods labels: {} # -- Additional annotations for test pods annotations: {} # -- Image to use for loki canary image: # -- The Docker registry registry: docker.io # -- Docker image repository repository: grafana/loki-helm-test # -- Overrides the image tag whose default is the chart's appVersion tag: null # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent # Monitoring section determines which monitoring features to enable monitoring: # Dashboards for monitoring Loki dashboards: # -- If enabled, create configmap with dashboards for monitoring Loki enabled: false # -- Alternative namespace to create dashboards ConfigMap in namespace: null # -- Additional annotations for the dashboards ConfigMap annotations: {} # -- Labels for the dashboards ConfigMap labels: grafana_dashboard: "1" # Recording rules for monitoring Loki, required for some dashboards rules: # -- If enabled, create PrometheusRule resource with Loki recording rules enabled: false # -- Include alerting rules alerting: true # -- Alternative namespace to create PrometheusRule resources in namespace: null # -- Additional annotations for the rules PrometheusRule resource annotations: {} # -- Additional labels for the rules PrometheusRule resource labels: {} # -- Additional groups to add to the rules file additionalGroups: [] # - name: additional-loki-rules # rules: # - record: job:loki_request_duration_seconds_bucket:sum_rate # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job) # - record: job_route:loki_request_duration_seconds_bucket:sum_rate # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route) # - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate # expr: sum(rate(container_cpu_usage_seconds_total[1m])) by (node, namespace, pod, container) # ServiceMonitor configuration serviceMonitor: # -- If enabled, ServiceMonitor resources for Prometheus Operator are created enabled: false # -- Namespace selector for ServiceMonitor resources namespaceSelector: {} # -- ServiceMonitor annotations annotations: {} # -- Additional ServiceMonitor labels labels: {} # -- ServiceMonitor scrape interval # Default is 15s because included recording rules use a 1m rate, and scrape interval needs to be at # least 1/4 rate interval. interval: 15s # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s) scrapeTimeout: null # -- ServiceMonitor relabel configs to apply to samples before scraping # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig relabelings: [] # -- ServiceMonitor will use http by default, but you can pick https as well scheme: http # -- ServiceMonitor will use these tlsConfig settings to make the health check requests tlsConfig: null # -- If defined, will create a MetricsInstance for the Grafana Agent Operator. metricsInstance: # -- If enabled, MetricsInstance resources for Grafana Agent Operator are created enabled: true # -- MetricsInstance annotations annotations: {} # -- Additional MetricsInstance labels labels: {} # -- If defined a MetricsInstance will be created to remote write metrics. remoteWrite: null # Self monitoring determines whether Loki should scrape its own logs. # This feature currently relies on the Grafana Agent Operator being installed, # which is installed by default using the grafana-agent-operator sub-chart. # It will create custom resources for GrafanaAgent, LogsInstance, and PodLogs to configure # scrape configs to scrape its own logs with the labels expected by the included dashboards. selfMonitoring: enabled: false # -- Tenant to use for self monitoring tenant: # -- Name of the tenant name: "self-monitoring" # -- Namespace to create additional tenant token secret in. Useful if your Grafana instance # is in a separate namespace. Token will still be created in the canary namespace. secretNamespace: "{{ .Release.Namespace }}" # Grafana Agent configuration grafanaAgent: # -- Controls whether to install the Grafana Agent Operator and its CRDs. # Note that helm will not install CRDs if this flag is enabled during an upgrade. # In that case install the CRDs manually from https://github.com/grafana/agent/tree/main/production/operator/crds installOperator: true # -- Grafana Agent annotations annotations: {} # -- Additional Grafana Agent labels labels: {} # -- Enable the config read api on port 8080 of the agent enableConfigReadAPI: false # PodLogs configuration podLogs: # -- PodLogs annotations annotations: {} # -- Additional PodLogs labels labels: {} # -- PodLogs relabel configs to apply to samples before scraping # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig relabelings: [] # LogsInstance configuration logsInstance: # -- LogsInstance annotations annotations: {} # -- Additional LogsInstance labels labels: {} # -- Additional clients for remote write clients: null # The Loki canary pushes logs to and queries from this loki installation to test # that it's working correctly lokiCanary: enabled: false # -- Additional annotations for the `loki-canary` Daemonset annotations: {} # -- Additional CLI arguments for the `loki-canary' command extraArgs: [] # -- Environment variables to add to the canary pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the canary pods extraEnvFrom: [] # -- Resource requests and limits for the canary resources: {} # -- Node selector for canary pods nodeSelector: {} # -- Tolerations for canary pods tolerations: [] # -- Image to use for loki canary image: # -- The Docker registry registry: docker.io # -- Docker image repository repository: grafana/loki-canary # -- Overrides the image tag whose default is the chart's appVersion tag: null # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent # Configuration for the write pod(s) write: # -- Number of replicas for the write replicas: 0 autoscaling: # -- Enable autoscaling for the write. enabled: false # -- Minimum autoscaling replicas for the write. minReplicas: 1 # -- Maximum autoscaling replicas for the write. maxReplicas: 3 # -- Target CPU utilisation percentage for the write. targetCPUUtilizationPercentage: 60 # -- Target memory utilization percentage for the write. targetMemoryUtilizationPercentage: # -- Behavior policies while scaling. behavior: # -- see https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown for scaledown details scaleUp: policies: - type: Pods value: 1 periodSeconds: 900 scaleDown: policies: - type: Pods value: 1 periodSeconds: 1800 stabilizationWindowSeconds: 3600 image: # -- The Docker registry for the write image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the write image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the write image. Overrides `loki.image.tag` tag: null # -- The name of the PriorityClass for write pods priorityClassName: null # -- Annotations for write StatefulSet annotations: {} # -- Annotations for write pods podAnnotations: {} # -- Additional labels for each `write` pod podLabels: {} # -- Additional selector labels for each `write` pod selectorLabels: {} # -- Labels for ingester service serviceLabels: {} # -- Comma-separated list of Loki modules to load for the write targetModule: "write" # -- Additional CLI args for the write extraArgs: [] # -- Environment variables to add to the write pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the write pods extraEnvFrom: [] # -- Lifecycle for the write container lifecycle: {} # -- The default /flush_shutdown preStop hook is recommended as part of the ingester # scaledown process so it's added to the template by default when autoscaling is enabled, # but it's disabled to optimize rolling restarts in instances that will never be scaled # down or when using chunks storage with WAL disabled. # https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown # -- Init containers to add to the write pods initContainers: [] # -- Volume mounts to add to the write pods extraVolumeMounts: [] # -- Volumes to add to the write pods extraVolumes: [] # -- volumeClaimTemplates to add to StatefulSet extraVolumeClaimTemplates: [] # -- Resource requests and limits for the write resources: {} # -- Grace period to allow the write to shutdown before it is killed. Especially for the ingester, # this must be increased. It must be long enough so writes can be gracefully shutdown flushing/transferring # all data and to successfully leave the member ring on shutdown. terminationGracePeriodSeconds: 300 # -- Affinity for write pods. Passed through `tpl` and, thus, to be configured as string # @default -- Hard node and soft zone anti-affinity affinity: | podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: {{- include "loki.writeSelectorLabels" . | nindent 10 }} topologyKey: kubernetes.io/hostname # -- Node selector for write pods nodeSelector: {} # -- Tolerations for write pods tolerations: [] # -- The default is to deploy all pods in parallel. podManagementPolicy: "Parallel" persistence: # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: false # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Selector for persistent disk selector: null # Configuration for the table-manager tableManager: # -- Specifies whether the table-manager should be enabled enabled: false image: # -- The Docker registry for the table-manager image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the table-manager image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the table-manager image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null # -- The name of the PriorityClass for table-manager pods priorityClassName: null # -- Labels for table-manager pods podLabels: {} # -- Annotations for table-manager deployment annotations: {} # -- Annotations for table-manager pods podAnnotations: {} # -- Labels for table-manager service serviceLabels: {} # -- Additional CLI args for the table-manager extraArgs: [] # -- Environment variables to add to the table-manager pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the table-manager pods extraEnvFrom: [] # -- Volume mounts to add to the table-manager pods extraVolumeMounts: [] # -- Volumes to add to the table-manager pods extraVolumes: [] # -- Resource requests and limits for the table-manager resources: {} # -- Containers to add to the table-manager pods extraContainers: [] # -- Grace period to allow the table-manager to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for table-manager pods. Passed through `tpl` and, thus, to be configured as string # @default -- Hard node and soft zone anti-affinity affinity: | podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: {{- include "loki.tableManagerSelectorLabels" . | nindent 10 }} topologyKey: kubernetes.io/hostname preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchLabels: {{- include "loki.tableManagerSelectorLabels" . | nindent 12 }} topologyKey: failure-domain.beta.kubernetes.io/zone # -- Node selector for table-manager pods nodeSelector: {} # -- Tolerations for table-manager pods tolerations: [] # -- Enable deletes by retention retention_deletes_enabled: true # -- Set retention period retention_period: 336h # Configuration for the read pod(s) read: # -- Number of replicas for the read replicas: 0 autoscaling: # -- Enable autoscaling for the read, this is only used if `queryIndex.enabled: true` enabled: false # -- Minimum autoscaling replicas for the read minReplicas: 1 # -- Maximum autoscaling replicas for the read maxReplicas: 3 # -- Target CPU utilisation percentage for the read targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the read targetMemoryUtilizationPercentage: # -- Behavior policies while scaling. behavior: {} # scaleUp: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 60 # scaleDown: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 180 image: # -- The Docker registry for the read image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the read image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the read image. Overrides `loki.image.tag` tag: null # -- The name of the PriorityClass for read pods priorityClassName: null # -- Annotations for read deployment annotations: {} # -- Annotations for read pods podAnnotations: {} # -- Additional labels for each `read` pod podLabels: {} # -- Additional selector labels for each `read` pod selectorLabels: {} # -- Labels for read service serviceLabels: {} # -- Comma-separated list of Loki modules to load for the read targetModule: "read" # -- Whether or not to use the 2 target type simple scalable mode (read, write) or the # 3 target type (read, write, backend). Legacy refers to the 2 target type, so true will # run two targets, false will run 3 targets. legacyReadTarget: false # -- Additional CLI args for the read extraArgs: [] # -- Environment variables to add to the read pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the read pods extraEnvFrom: [] # -- Lifecycle for the read container lifecycle: {} # -- Volume mounts to add to the read pods extraVolumeMounts: [] # -- Volumes to add to the read pods extraVolumes: [] # -- Resource requests and limits for the read resources: {} # -- Grace period to allow the read to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for read pods. Passed through `tpl` and, thus, to be configured as string # @default -- Hard node and soft zone anti-affinity affinity: | podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: {{- include "loki.readSelectorLabels" . | nindent 10 }} topologyKey: kubernetes.io/hostname # -- Node selector for read pods nodeSelector: {} # -- Tolerations for read pods tolerations: [] # -- The default is to deploy all pods in parallel. podManagementPolicy: "Parallel" persistence: # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: true # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Selector for persistent disk selector: null # Configuration for the backend pod(s) backend: # -- Number of replicas for the backend replicas: 0 autoscaling: # -- Enable autoscaling for the backend. enabled: false # -- Minimum autoscaling replicas for the backend. minReplicas: 1 # -- Maximum autoscaling replicas for the backend. maxReplicas: 3 # -- Target CPU utilization percentage for the backend. targetCPUUtilizationPercentage: 60 # -- Target memory utilization percentage for the backend. targetMemoryUtilizationPercentage: # -- Behavior policies while scaling. behavior: {} # scaleUp: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 60 # scaleDown: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 180 image: # -- The Docker registry for the backend image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the backend image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the backend image. Overrides `loki.image.tag` tag: null # -- The name of the PriorityClass for backend pods priorityClassName: null # -- Annotations for backend StatefulSet annotations: {} # -- Annotations for backend pods podAnnotations: {} # -- Additional labels for each `backend` pod podLabels: {} # -- Additional selector labels for each `backend` pod selectorLabels: {} # -- Labels for ingester service serviceLabels: {} # -- Comma-separated list of Loki modules to load for the read targetModule: "backend" # -- Additional CLI args for the backend extraArgs: [] # -- Environment variables to add to the backend pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the backend pods extraEnvFrom: [] # -- Init containers to add to the backend pods initContainers: [] # -- Volume mounts to add to the backend pods extraVolumeMounts: [] # -- Volumes to add to the backend pods extraVolumes: [] # -- Resource requests and limits for the backend resources: {} # -- Grace period to allow the backend to shutdown before it is killed. Especially for the ingester, # this must be increased. It must be long enough so backends can be gracefully shutdown flushing/transferring # all data and to successfully leave the member ring on shutdown. terminationGracePeriodSeconds: 300 # -- Affinity for backend pods. Passed through `tpl` and, thus, to be configured as string # @default -- Hard node and soft zone anti-affinity affinity: | podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: {{- include "loki.backendSelectorLabels" . | nindent 10 }} topologyKey: kubernetes.io/hostname # -- Node selector for backend pods nodeSelector: {} # -- Tolerations for backend pods tolerations: [] # -- The default is to deploy all pods in parallel. podManagementPolicy: "Parallel" persistence: # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: true # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Selector for persistent disk selector: null # Configuration for the single binary node(s) singleBinary: # -- Number of replicas for the single binary replicas: 1 autoscaling: # -- Enable autoscaling enabled: false # -- Minimum autoscaling replicas for the single binary minReplicas: 1 # -- Maximum autoscaling replicas for the single binary maxReplicas: 3 # -- Target CPU utilisation percentage for the single binary targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the single binary targetMemoryUtilizationPercentage: image: # -- The Docker registry for the single binary image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the single binary image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the single binary image. Overrides `loki.image.tag` tag: null # -- The name of the PriorityClass for single binary pods priorityClassName: null # -- Annotations for single binary StatefulSet annotations: {} # -- Annotations for single binary pods podAnnotations: {} # -- Additional labels for each `single binary` pod podLabels: {} # -- Additional selector labels for each `single binary` pod selectorLabels: {} # -- Comma-separated list of Loki modules to load for the single binary targetModule: "all" # -- Labels for single binary service extraArgs: [] # -- Environment variables to add to the single binary pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the single binary pods extraEnvFrom: [] # -- Extra containers to add to the single binary loki pod extraContainers: [] # -- Init containers to add to the single binary pods initContainers: [] # -- Volume mounts to add to the single binary pods extraVolumeMounts: [] # -- Volumes to add to the single binary pods extraVolumes: [] # -- Resource requests and limits for the single binary resources: {} # -- Grace period to allow the single binary to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for single binary pods. Passed through `tpl` and, thus, to be configured as string # @default -- Hard node and soft zone anti-affinity affinity: | podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: {{- include "loki.singleBinarySelectorLabels" . | nindent 10 }} topologyKey: kubernetes.io/hostname # -- Node selector for single binary pods nodeSelector: {} # -- Tolerations for single binary pods tolerations: [] persistence: # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: true # -- Enable persistent disk enabled: true # -- Size of persistent disk size: 32Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Selector for persistent disk selector: null # Use either this ingress or the gateway, but not both at once. # If you enable this, make sure to disable the gateway. # You'll need to supply authn configuration for your ingress controller. ingress: enabled: false ingressClassName: "" annotations: {} # nginx.ingress.kubernetes.io/auth-type: basic # nginx.ingress.kubernetes.io/auth-secret: loki-distributed-basic-auth # nginx.ingress.kubernetes.io/auth-secret-type: auth-map # nginx.ingress.kubernetes.io/configuration-snippet: | # proxy_set_header X-Scope-OrgID $remote_user; paths: write: - /api/prom/push - /loki/api/v1/push read: - /api/prom/tail - /loki/api/v1/tail - /loki/api - /api/prom/rules - /loki/api/v1/rules - /prometheus/api/v1/rules - /prometheus/api/v1/alerts singleBinary: - /api/prom/push - /loki/api/v1/push - /api/prom/tail - /loki/api/v1/tail - /loki/api - /api/prom/rules - /loki/api/v1/rules - /prometheus/api/v1/rules - /prometheus/api/v1/alerts hosts: - loki.example.com tls: [] # - hosts: # - loki.example.com # secretName: loki-distributed-tls # Configuration for the memberlist service memberlist: service: publishNotReadyAddresses: true # Configuration for the gateway gateway: # -- Specifies whether the gateway should be enabled enabled: false # -- Number of replicas for the gateway replicas: 1 # -- Enable logging of 2xx and 3xx HTTP requests verboseLogging: true autoscaling: # -- Enable autoscaling for the gateway enabled: false # -- Minimum autoscaling replicas for the gateway minReplicas: 1 # -- Maximum autoscaling replicas for the gateway maxReplicas: 3 # -- Target CPU utilisation percentage for the gateway targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the gateway targetMemoryUtilizationPercentage: # -- See `kubectl explain deployment.spec.strategy` for more # -- ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy # -- Behavior policies while scaling. behavior: {} # scaleUp: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 60 # scaleDown: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 180 deploymentStrategy: type: RollingUpdate image: # -- The Docker registry for the gateway image registry: docker.io # -- The gateway image repository repository: nginxinc/nginx-unprivileged # -- The gateway image tag tag: 1.19-alpine # -- Overrides the gateway image tag with an image digest digest: null # -- The gateway image pull policy pullPolicy: IfNotPresent # -- The name of the PriorityClass for gateway pods priorityClassName: null # -- Annotations for gateway deployment annotations: {} # -- Annotations for gateway pods podAnnotations: {} # -- Additional labels for gateway pods podLabels: {} # -- Additional CLI args for the gateway extraArgs: [] # -- Environment variables to add to the gateway pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the gateway pods extraEnvFrom: [] # -- Lifecycle for the gateway container lifecycle: {} # -- Volumes to add to the gateway pods extraVolumes: [] # -- Volume mounts to add to the gateway pods extraVolumeMounts: [] # -- The SecurityContext for gateway containers podSecurityContext: fsGroup: 101 runAsGroup: 101 runAsNonRoot: true runAsUser: 101 # -- The SecurityContext for gateway containers containerSecurityContext: readOnlyRootFilesystem: true capabilities: drop: - ALL allowPrivilegeEscalation: false # -- Resource requests and limits for the gateway resources: {} # -- Grace period to allow the gateway to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for gateway pods. Passed through `tpl` and, thus, to be configured as string # @default -- Hard node and soft zone anti-affinity affinity: | podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: {{- include "loki.gatewaySelectorLabels" . | nindent 10 }} topologyKey: kubernetes.io/hostname # -- Node selector for gateway pods nodeSelector: {} # -- Tolerations for gateway pods tolerations: [] # Gateway service configuration service: # -- Port of the gateway service port: 80 # -- Type of the gateway service type: ClusterIP # -- ClusterIP of the gateway service clusterIP: null # -- (int) Node port if service type is NodePort nodePort: null # -- Load balancer IPO address if service type is LoadBalancer loadBalancerIP: null # -- Annotations for the gateway service annotations: {} # -- Labels for gateway service labels: {} # Gateway ingress configuration ingress: # -- Specifies whether an ingress for the gateway should be created enabled: false # -- Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 ingressClassName: "" # -- Annotations for the gateway ingress annotations: {} # -- Labels for the gateway ingress labels: {} # -- Hosts configuration for the gateway ingress hosts: - host: gateway.loki.example.com paths: - path: / # -- pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers # pathType: Prefix # -- TLS configuration for the gateway ingress tls: - secretName: loki-gateway-tls hosts: - gateway.loki.example.com # Basic auth configuration basicAuth: # -- Enables basic authentication for the gateway enabled: false # -- The basic auth username for the gateway username: null # -- The basic auth password for the gateway password: null # -- Uses the specified users from the `loki.tenants` list to create the htpasswd file # if `loki.tenants` is not set, the `gateway.basicAuth.username` and `gateway.basicAuth.password` are used # The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes # high CPU load. htpasswd: >- {{ if .Values.loki.tenants }} {{- range $t := .Values.loki.tenants }} {{ htpasswd (required "All tenants must have a 'name' set" $t.name) (required "All tenants must have a 'password' set" $t.password) }} {{- end }} {{ else }} {{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }} {{ end }} # -- Existing basic auth secret to use. Must contain '.htpasswd' existingSecret: null # Configures the readiness probe for the gateway readinessProbe: httpGet: path: / port: http initialDelaySeconds: 15 timeoutSeconds: 1 nginxConfig: # -- NGINX log format logFormat: |- main '$remote_addr - $remote_user [$time_local] $status ' '"$request" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; # -- Allows appending custom configuration to the server block serverSnippet: "" # -- Allows appending custom configuration to the http block, passed through the `tpl` function to allow templating httpSnippet: >- {{ if .Values.loki.tenants }}proxy_set_header X-Scope-OrgID $remote_user;{{ end }} # -- Override Read URL customReadUrl: null # -- Override Write URL customWriteUrl: null # -- Override Backend URL customBackendUrl: null # -- Config file contents for Nginx. Passed through the `tpl` function to allow templating # @default -- See values.yaml file: | {{- include "loki.nginxFile" . | indent 2 -}} networkPolicy: # -- Specifies whether Network Policies should be created enabled: false metrics: # -- Specifies the Pods which are allowed to access the metrics port. # As this is cross-namespace communication, you also need the namespaceSelector. podSelector: {} # -- Specifies the namespaces which are allowed to access the metrics port namespaceSelector: {} # -- Specifies specific network CIDRs which are allowed to access the metrics port. # In case you use namespaceSelector, you also have to specify your kubelet networks here. # The metrics ports are also used for probes. cidrs: [] ingress: # -- Specifies the Pods which are allowed to access the http port. # As this is cross-namespace communication, you also need the namespaceSelector. podSelector: {} # -- Specifies the namespaces which are allowed to access the http port namespaceSelector: {} alertmanager: # -- Specify the alertmanager port used for alerting port: 9093 # -- Specifies the alertmanager Pods. # As this is cross-namespace communication, you also need the namespaceSelector. podSelector: {} # -- Specifies the namespace the alertmanager is running in namespaceSelector: {} externalStorage: # -- Specify the port used for external storage, e.g. AWS S3 ports: [] # -- Specifies specific network CIDRs you want to limit access to cidrs: [] discovery: # -- (int) Specify the port used for discovery port: null # -- Specifies the Pods labels used for discovery. # As this is cross-namespace communication, you also need the namespaceSelector. podSelector: {} # -- Specifies the namespace the discovery Pods are running in namespaceSelector: {} tracing: jaegerAgentHost: "" # ------------------------------------- # Configuration for `minio` child chart # ------------------------------------- minio: enabled: false replicas: 1 # Minio requires 2 to 16 drives for erasure code (drivesPerNode * replicas) # https://docs.min.io/docs/minio-erasure-code-quickstart-guide # Since we only have 1 replica, that means 2 drives must be used. drivesPerNode: 2 rootUser: enterprise-logs rootPassword: supersecret buckets: - name: chunks policy: none purge: false - name: ruler policy: none purge: false - name: admin policy: none purge: false persistence: size: 5Gi resources: requests: cpu: 100m memory: 128Mi # Create extra manifests via values. Would be passed through `tpl` for templating extraObjects: [] # - apiVersion: v1 # kind: ConfigMap # metadata: # name: loki-alerting-rules # data: # loki-alerting-rules.yaml: |- # groups: # - name: example # rules: # - alert: example # expr: | # sum(count_over_time({app="loki"} |~ "error")) > 0 # for: 3m # labels: # severity: warning # category: logs # annotations: # message: "loki has encountered errors"