# -- Overrides the version used to determine compatibility of resources with the target Kubernetes cluster. # This is useful when using `helm template`, because then helm will use the client version of kubectl as the Kubernetes version, # which may or may not match your cluster's server version. Example: 'v1.24.4'. Set to null to use the version that helm # devises. kubeVersionOverride: null global: image: # -- Overrides the Docker registry globally for all images registry: null # -- Overrides the priorityClassName for all pods priorityClassName: null # -- configures cluster domain ("cluster.local" by default) clusterDomain: "cluster.local" # -- configures DNS service name dnsService: "kube-dns" # -- configures DNS service namespace dnsNamespace: "kube-system" # -- Overrides the chart's name nameOverride: null # -- Overrides the chart's computed fullname fullnameOverride: null # -- Overrides the chart's cluster label clusterLabelOverride: null # -- Image pull secrets for Docker images imagePullSecrets: [] # -- Deployment mode lets you specify how to deploy Loki. # There are 3 options: # - SingleBinary: Loki is deployed as a single binary, useful for small installs typically without HA, up to a few tens of GB/day. # - SimpleScalable: Loki is deployed as 3 targets: read, write, and backend. Useful for medium installs easier to manage than distributed, up to a about 1TB/day. # - Distributed: Loki is deployed as individual microservices. The most complicated but most capable, useful for large installs, typically over 1TB/day. # There are also 2 additional modes used for migrating between deployment modes: # - SingleBinary<->SimpleScalable: Migrate from SingleBinary to SimpleScalable (or vice versa) # - SimpleScalable<->Distributed: Migrate from SimpleScalable to Distributed (or vice versa) # Note: SimpleScalable and Distributed REQUIRE the use of object storage. deploymentMode: SimpleScalable ###################################################################################################################### # # Base Loki Configs including kubernetes configurations and configurations for Loki itself, # see below for more specifics on Loki's configuration. # ###################################################################################################################### # -- Configuration for running Loki # @default -- See values.yaml loki: # Configures the readiness probe for all of the Loki pods readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 image: # -- The Docker registry registry: docker.io # -- Docker image repository repository: grafana/loki # -- Overrides the image tag whose default is the chart's appVersion tag: 3.3.1 # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent # -- Common annotations for all deployments/StatefulSets annotations: {} # -- Common annotations for all pods podAnnotations: {} # -- Common labels for all pods podLabels: {} # -- Common annotations for all services serviceAnnotations: {} # -- Common labels for all services serviceLabels: {} # -- The number of old ReplicaSets to retain to allow rollback revisionHistoryLimit: 10 # -- The SecurityContext for Loki pods podSecurityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 # -- The SecurityContext for Loki containers containerSecurityContext: readOnlyRootFilesystem: true capabilities: drop: - ALL allowPrivilegeEscalation: false # -- Should enableServiceLinks be enabled. Default to enable enableServiceLinks: true ###################################################################################################################### # # Loki Configuration # # There are several ways to pass configuration to Loki, listing them here in order of our preference for how # you should use this chart. # 1. Use the templated value of loki.config below and the corresponding override sections which follow. # This allows us to set a lot of important Loki configurations and defaults and also allows us to maintain them # over time as Loki changes and evolves. # 2. Use the loki.structuredConfig section. # This will completely override the templated value of loki.config, so you MUST provide the entire Loki config # including any configuration that we set in loki.config unless you explicitly are trying to change one of those # values and are not able to do so with the templated sections. # If you choose this approach the burden is on you to maintain any changes we make to the templated config. # 3. Use an existing secret or configmap to provide the configuration. # This option is mostly provided for folks who have external processes which provide or modify the configuration. # When using this option you can specify a different name for loki.generatedConfigObjectName and configObjectName # if you have a process which takes the generated config and modifies it, or you can stop the chart from generating # a config entirely by setting loki.generatedConfigObjectName to # ###################################################################################################################### # -- Defines what kind of object stores the configuration, a ConfigMap or a Secret. # In order to move sensitive information (such as credentials) from the ConfigMap/Secret to a more secure location (e.g. vault), it is possible to use [environment variables in the configuration](https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration). # Such environment variables can be then stored in a separate Secret and injected via the global.extraEnvFrom value. For details about environment injection from a Secret please see [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables). configStorageType: ConfigMap # -- The name of the object which Loki will mount as a volume containing the config. # If the configStorageType is Secret, this will be the name of the Secret, if it is ConfigMap, this will be the name of the ConfigMap. # The value will be passed through tpl. configObjectName: '{{ include "loki.name" . }}' # -- The name of the Secret or ConfigMap that will be created by this chart. # If empty, no configmap or secret will be created. # The value will be passed through tpl. generatedConfigObjectName: '{{ include "loki.name" . }}' # -- Config file contents for Loki # @default -- See values.yaml config: | {{- if .Values.enterprise.enabled}} {{- tpl .Values.enterprise.config . }} {{- else }} auth_enabled: {{ .Values.loki.auth_enabled }} {{- end }} {{- with .Values.loki.server }} server: {{- toYaml . | nindent 2}} {{- end}} pattern_ingester: enabled: {{ .Values.loki.pattern_ingester.enabled }} memberlist: {{- if .Values.loki.memberlistConfig }} {{- toYaml .Values.loki.memberlistConfig | nindent 2 }} {{- else }} {{- if .Values.loki.extraMemberlistConfig}} {{- toYaml .Values.loki.extraMemberlistConfig | nindent 2}} {{- end }} join_members: - {{ include "loki.memberlist" . }} {{- with .Values.migrate.fromDistributed }} {{- if .enabled }} - {{ .memberlistService }} {{- end }} {{- end }} {{- end }} {{- with .Values.loki.ingester }} ingester: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- if .Values.loki.commonConfig}} common: {{- toYaml .Values.loki.commonConfig | nindent 2}} storage: {{- include "loki.commonStorageConfig" . | nindent 4}} {{- end}} {{- with .Values.loki.limits_config }} limits_config: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} runtime_config: file: /etc/loki/runtime-config/runtime-config.yaml {{- with .Values.chunksCache }} {{- if .enabled }} chunk_store_config: chunk_cache_config: default_validity: {{ .defaultValidity }} background: writeback_goroutines: {{ .writebackParallelism }} writeback_buffer: {{ .writebackBuffer }} writeback_size_limit: {{ .writebackSizeLimit }} memcached: batch_size: {{ .batchSize }} parallelism: {{ .parallelism }} memcached_client: addresses: dnssrvnoa+_memcached-client._tcp.{{ template "loki.fullname" $ }}-chunks-cache.{{ $.Release.Namespace }}.svc consistent_hash: true timeout: {{ .timeout }} max_idle_conns: 72 {{- end }} {{- end }} {{- if .Values.loki.schemaConfig }} schema_config: {{- toYaml .Values.loki.schemaConfig | nindent 2}} {{- end }} {{- if .Values.loki.useTestSchema }} schema_config: {{- toYaml .Values.loki.testSchemaConfig | nindent 2}} {{- end }} {{ include "loki.rulerConfig" . }} {{- if or .Values.tableManager.retention_deletes_enabled .Values.tableManager.retention_period }} table_manager: retention_deletes_enabled: {{ .Values.tableManager.retention_deletes_enabled }} retention_period: {{ .Values.tableManager.retention_period }} {{- end }} query_range: align_queries_with_step: true {{- with .Values.loki.query_range }} {{- tpl (. | toYaml) $ | nindent 2 }} {{- end }} {{- if .Values.resultsCache.enabled }} {{- with .Values.resultsCache }} cache_results: true results_cache: cache: default_validity: {{ .defaultValidity }} background: writeback_goroutines: {{ .writebackParallelism }} writeback_buffer: {{ .writebackBuffer }} writeback_size_limit: {{ .writebackSizeLimit }} memcached_client: consistent_hash: true addresses: dnssrvnoa+_memcached-client._tcp.{{ template "loki.fullname" $ }}-results-cache.{{ $.Release.Namespace }}.svc timeout: {{ .timeout }} update_interval: 1m {{- end }} {{- end }} {{- with .Values.loki.storage_config }} storage_config: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.query_scheduler }} query_scheduler: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.compactor }} compactor: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.analytics }} analytics: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.querier }} querier: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.index_gateway }} index_gateway: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.frontend }} frontend: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.frontend_worker }} frontend_worker: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.distributor }} distributor: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} tracing: enabled: {{ .Values.loki.tracing.enabled }} {{- with .Values.loki.bloom_build }} bloom_build: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} {{- with .Values.loki.bloom_gateway }} bloom_gateway: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} # Should authentication be enabled auth_enabled: true # -- memberlist configuration (overrides embedded default) memberlistConfig: {} # -- Extra memberlist configuration extraMemberlistConfig: {} # -- Tenants list to be created on nginx htpasswd file, with name and password keys tenants: [] # -- Check https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration. server: http_listen_port: 3100 grpc_listen_port: 9095 http_server_read_timeout: 600s http_server_write_timeout: 600s # -- Limits config limits_config: reject_old_samples: true reject_old_samples_max_age: 168h max_cache_freshness_per_query: 10m split_queries_by_interval: 15m query_timeout: 300s volume_enabled: true # -- Provides a reloadable runtime configuration file for some specific configuration runtimeConfig: {} # -- Check https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration commonConfig: path_prefix: /var/loki replication_factor: 3 compactor_address: '{{ include "loki.compactorAddress" . }}' # -- Storage config. Providing this will automatically populate all necessary storage configs in the templated config. storage: # Loki requires a bucket for chunks and the ruler. GEL requires a third bucket for the admin API. # Please provide these values if you are using object storage. # bucketNames: # chunks: FIXME # ruler: FIXME # admin: FIXME type: s3 s3: s3: null endpoint: null region: null secretAccessKey: null accessKeyId: null signatureVersion: null s3ForcePathStyle: false insecure: false http_config: {} # -- Check https://grafana.com/docs/loki/latest/configure/#s3_storage_config for more info on how to provide a backoff_config backoff_config: {} disable_dualstack: false gcs: chunkBufferSize: 0 requestTimeout: "0s" enableHttp2: true azure: accountName: null accountKey: null connectionString: null useManagedIdentity: false useFederatedToken: false userAssignedId: null requestTimeout: null endpointSuffix: null chunkDelimiter: null swift: auth_version: null auth_url: null internal: null username: null user_domain_name: null user_domain_id: null user_id: null password: null domain_id: null domain_name: null project_id: null project_name: null project_domain_id: null project_domain_name: null region_name: null container_name: null max_retries: null connect_timeout: null request_timeout: null filesystem: chunks_directory: /var/loki/chunks rules_directory: /var/loki/rules admin_api_directory: /var/loki/admin # -- Configure memcached as an external cache for chunk and results cache. Disabled by default # must enable and specify a host for each cache you would like to use. memcached: chunk_cache: enabled: false host: "" service: "memcached-client" batch_size: 256 parallelism: 10 results_cache: enabled: false host: "" service: "memcached-client" timeout: "500ms" default_validity: "12h" # -- Check https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas schemaConfig: {} # -- a real Loki install requires a proper schemaConfig defined above this, however for testing or playing around # you can enable useTestSchema useTestSchema: false testSchemaConfig: configs: - from: 2024-04-01 store: tsdb object_store: '{{ include "loki.testSchemaObjectStore" . }}' schema: v13 index: prefix: index_ period: 24h # -- Check https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler rulerConfig: wal: dir: /var/loki/ruler-wal # -- Structured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig` structuredConfig: {} # -- Additional query scheduler config query_scheduler: {} # -- Additional storage config storage_config: boltdb_shipper: index_gateway_client: server_address: '{{ include "loki.indexGatewayAddress" . }}' tsdb_shipper: index_gateway_client: server_address: '{{ include "loki.indexGatewayAddress" . }}' bloom_shipper: working_directory: /var/loki/data/bloomshipper hedging: at: "250ms" max_per_second: 20 up_to: 3 # -- Optional compactor configuration compactor: {} # -- Optional pattern ingester configuration pattern_ingester: enabled: false # -- Optional analytics configuration analytics: {} # -- Optional querier configuration query_range: {} # -- Optional querier configuration querier: {} # -- Optional ingester configuration ingester: {} # -- Optional index gateway configuration index_gateway: mode: simple frontend: scheduler_address: '{{ include "loki.querySchedulerAddress" . }}' tail_proxy_url: '{{ include "loki.querierAddress" . }}' frontend_worker: scheduler_address: '{{ include "loki.querySchedulerAddress" . }}' # -- Optional distributor configuration distributor: {} # -- Enable tracing tracing: enabled: false bloom_build: enabled: false builder: planner_address: '{{ include "loki.bloomPlannerAddress" . }}' bloom_gateway: enabled: false client: addresses: '{{ include "loki.bloomGatewayAddresses" . }}' ###################################################################################################################### # # Enterprise Loki Configs # ###################################################################################################################### # -- Configuration for running Enterprise Loki enterprise: # Enable enterprise features, license must be provided enabled: false # Default verion of GEL to deploy version: 3.1.1 # -- Optional name of the GEL cluster, otherwise will use .Release.Name # The cluster name must match what is in your GEL license cluster_name: null # -- Grafana Enterprise Logs license # In order to use Grafana Enterprise Logs features, you will need to provide # the contents of your Grafana Enterprise Logs license, either by providing the # contents of the license.jwt, or the name Kubernetes Secret that contains your # license.jwt. # To set the license contents, use the flag `--set-file 'enterprise.license.contents=./license.jwt'` license: contents: "NOTAVALIDLICENSE" # -- Set to true when providing an external license useExternalLicense: false # -- Name of external license secret to use externalLicenseName: null # -- Name of the external config secret to use externalConfigName: "" # -- Use GEL gateway, if false will use the default nginx gateway gelGateway: true # -- If enabled, the correct admin_client storage will be configured. If disabled while running enterprise, # make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`. adminApi: enabled: true # enterprise specific sections of the config.yaml file config: | {{- if .Values.enterprise.adminApi.enabled }} admin_client: {{ include "enterprise-logs.adminAPIStorageConfig" . | nindent 2 }} {{ end }} auth: type: {{ .Values.enterprise.adminApi.enabled | ternary "enterprise" "trust" }} auth_enabled: {{ .Values.loki.auth_enabled }} cluster_name: {{ include "loki.clusterName" . }} license: path: /etc/loki/license/license.jwt image: # -- The Docker registry registry: docker.io # -- Docker image repository repository: grafana/enterprise-logs # -- Docker image tag tag: 3.3.1 # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent adminToken: # -- Alternative name for admin token secret, needed by tokengen and provisioner jobs secret: null # -- Additional namespace to also create the token in. Useful if your Grafana instance # is in a different namespace additionalNamespaces: [] # -- Alternative name of the secret to store token for the canary canarySecret: null # -- Configuration for `tokengen` target tokengen: # -- Whether the job should be part of the deployment enabled: true # -- Comma-separated list of Loki modules to load for tokengen targetModule: "tokengen" # -- Additional CLI arguments for the `tokengen` target extraArgs: [] # -- Additional Kubernetes environment env: [] # -- Additional labels for the `tokengen` Job labels: {} # -- Additional annotations for the `tokengen` Job annotations: {} # -- Affinity for tokengen Pods affinity: {} # -- Node selector for tokengen Pods nodeSelector: {} # -- Tolerations for tokengen Job tolerations: [] # -- Additional volumes for Pods extraVolumes: [] # -- Additional volume mounts for Pods extraVolumeMounts: [] # -- Run containers as user `enterprise-logs(uid=10001)` securityContext: runAsNonRoot: true runAsGroup: 10001 runAsUser: 10001 fsGroup: 10001 # -- Environment variables from secrets or configmaps to add to the tokengen pods extraEnvFrom: [] # -- The name of the PriorityClass for tokengen Pods priorityClassName: "" # -- Configuration for `provisioner` target provisioner: # -- Whether the job should be part of the deployment enabled: true # -- Name of the secret to store provisioned tokens in provisionedSecretPrefix: null # -- Additional tenants to be created. Each tenant will get a read and write policy # and associated token. Tenant must have a name and a namespace for the secret containting # the token to be created in. For example # additionalTenants: # - name: loki # secretNamespace: grafana additionalTenants: [] # -- Additional Kubernetes environment env: [] # -- Additional labels for the `provisioner` Job labels: {} # -- Additional annotations for the `provisioner` Job annotations: {} # -- Affinity for tokengen Pods affinity: {} # -- Node selector for tokengen Pods nodeSelector: {} # -- Tolerations for tokengen Pods tolerations: [] # -- The name of the PriorityClass for provisioner Job priorityClassName: null # -- Run containers as user `enterprise-logs(uid=10001)` securityContext: runAsNonRoot: true runAsGroup: 10001 runAsUser: 10001 fsGroup: 10001 # -- Provisioner image to Utilize image: # -- The Docker registry registry: docker.io # -- Docker image repository repository: grafana/enterprise-logs-provisioner # -- Overrides the image tag whose default is the chart's appVersion tag: null # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent # -- Volume mounts to add to the provisioner pods extraVolumeMounts: [] # -- kubetclImage is used in the enterprise provisioner and tokengen jobs kubectlImage: # -- The Docker registry registry: docker.io # -- Docker image repository repository: bitnami/kubectl # -- Overrides the image tag whose default is the chart's appVersion tag: null # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent ###################################################################################################################### # # Chart Testing # ###################################################################################################################### # -- Section for configuring optional Helm test test: enabled: true # -- Used to directly query the metrics endpoint of the canary for testing, this approach avoids needing prometheus for testing. # This in a newer approach to using prometheusAddress such that tests do not have a dependency on prometheus canaryServiceAddress: "http://loki-canary:3500/metrics" # -- Address of the prometheus server to query for the test. This overrides any value set for canaryServiceAddress. # This is kept for backward compatibility and may be removed in future releases. Previous value was 'http://prometheus:9090' prometheusAddress: "" # -- Number of times to retry the test before failing timeout: 1m # -- Additional labels for the test pods labels: {} # -- Additional annotations for test pods annotations: {} # -- Image to use for loki canary image: # -- The Docker registry registry: docker.io # -- Docker image repository repository: grafana/loki-helm-test # -- Overrides the image tag whose default is the chart's appVersion tag: "ewelch-distributed-helm-chart-17db5ee" # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent # The Loki canary pushes logs to and queries from this loki installation to test # that it's working correctly lokiCanary: enabled: true # -- If true, the canary will send directly to Loki via the address configured for verification -- # -- If false, it will write to stdout and an Agent will be needed to scrape and send the logs -- push: true # -- The name of the label to look for at loki when doing the checks. labelname: pod # -- Additional annotations for the `loki-canary` Daemonset annotations: {} # -- Additional labels for each `loki-canary` pod podLabels: {} service: # -- Annotations for loki-canary Service annotations: {} # -- Additional labels for loki-canary Service labels: {} # -- Additional CLI arguments for the `loki-canary' command extraArgs: [] # -- Environment variables to add to the canary pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the canary pods extraEnvFrom: [] # -- Volume mounts to add to the canary pods extraVolumeMounts: [] # -- Volumes to add to the canary pods extraVolumes: [] # -- Resource requests and limits for the canary resources: {} # -- DNS config for canary pods dnsConfig: {} # -- Node selector for canary pods nodeSelector: {} # -- Tolerations for canary pods tolerations: [] # -- The name of the PriorityClass for loki-canary pods priorityClassName: null # -- Image to use for loki canary image: # -- The Docker registry registry: docker.io # -- Docker image repository repository: grafana/loki-canary # -- Overrides the image tag whose default is the chart's appVersion tag: null # -- Overrides the image tag with an image digest digest: null # -- Docker image pull policy pullPolicy: IfNotPresent # -- Update strategy for the `loki-canary` Daemonset pods updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 ###################################################################################################################### # # Service Accounts and Kubernetes RBAC # ###################################################################################################################### serviceAccount: # -- Specifies whether a ServiceAccount should be created create: true # -- The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: null # -- Image pull secrets for the service account imagePullSecrets: [] # -- Annotations for the service account annotations: {} # -- Labels for the service account labels: {} # -- Set this toggle to false to opt out of automounting API credentials for the service account automountServiceAccountToken: true # RBAC configuration rbac: # -- If pspEnabled true, a PodSecurityPolicy is created for K8s that use psp. pspEnabled: false # -- For OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints. sccEnabled: false # -- Specify PSP annotations # Ref: https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/#podsecuritypolicy-annotations pspAnnotations: {} # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' # -- Whether to install RBAC in the namespace only or cluster-wide. Useful if you want to watch ConfigMap globally. namespaced: false ###################################################################################################################### # # Network Policy configuration # ###################################################################################################################### networkPolicy: # -- Specifies whether Network Policies should be created enabled: false # -- Specifies whether the policies created will be standard Network Policies (flavor: kubernetes) # or Cilium Network Policies (flavor: cilium) flavor: kubernetes metrics: # -- Specifies the Pods which are allowed to access the metrics port. # As this is cross-namespace communication, you also need the namespaceSelector. podSelector: {} # -- Specifies the namespaces which are allowed to access the metrics port namespaceSelector: {} # -- Specifies specific network CIDRs which are allowed to access the metrics port. # In case you use namespaceSelector, you also have to specify your kubelet networks here. # The metrics ports are also used for probes. cidrs: [] ingress: # -- Specifies the Pods which are allowed to access the http port. # As this is cross-namespace communication, you also need the namespaceSelector. podSelector: {} # -- Specifies the namespaces which are allowed to access the http port namespaceSelector: {} alertmanager: # -- Specify the alertmanager port used for alerting port: 9093 # -- Specifies the alertmanager Pods. # As this is cross-namespace communication, you also need the namespaceSelector. podSelector: {} # -- Specifies the namespace the alertmanager is running in namespaceSelector: {} externalStorage: # -- Specify the port used for external storage, e.g. AWS S3 ports: [] # -- Specifies specific network CIDRs you want to limit access to cidrs: [] discovery: # -- (int) Specify the port used for discovery port: null # -- Specifies the Pods labels used for discovery. # As this is cross-namespace communication, you also need the namespaceSelector. podSelector: {} # -- Specifies the namespace the discovery Pods are running in namespaceSelector: {} egressWorld: # -- Enable additional cilium egress rules to external world for write, read and backend. enabled: false egressKubeApiserver: # -- Enable additional cilium egress rules to kube-apiserver for backend. enabled: false ###################################################################################################################### # # Global memberlist configuration # ###################################################################################################################### # Configuration for the memberlist service memberlist: service: publishNotReadyAddresses: false annotations: {} ###################################################################################################################### # # adminAPI configuration, enterprise only. # ###################################################################################################################### # -- Configuration for the `admin-api` target adminApi: # -- Define the amount of instances replicas: 1 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld # -- Additional CLI arguments for the `admin-api` target extraArgs: {} # -- Environment variables from secrets or configmaps to add to the admin-api pods extraEnvFrom: [] # -- Additional labels for the `admin-api` Deployment labels: {} # -- Additional annotations for the `admin-api` Deployment annotations: {} # -- Additional labels and annotations for the `admin-api` Service service: labels: {} annotations: {} # -- Run container as user `enterprise-logs(uid=10001)` # `fsGroup` must not be specified, because these security options are applied # on container level not on Pod level. podSecurityContext: runAsNonRoot: true runAsGroup: 10001 runAsUser: 10001 containerSecurityContext: readOnlyRootFilesystem: true capabilities: drop: - ALL allowPrivilegeEscalation: false # -- Update strategy strategy: type: RollingUpdate # -- Readiness probe readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 45 # -- Request and limit Kubernetes resources # -- Values are defined in small.yaml and large.yaml resources: {} # -- Configure optional environment variables env: [] # -- Configure optional initContainers initContainers: [] # -- Conifgure optional extraContainers extraContainers: [] # -- Additional volumes for Pods extraVolumes: [] # -- Additional volume mounts for Pods extraVolumeMounts: [] # -- Affinity for admin-api Pods affinity: {} # -- Node selector for admin-api Pods nodeSelector: {} # -- Topology Spread Constraints for admin-api pods topologySpreadConstraints: [] # -- Tolerations for admin-api Pods tolerations: [] # -- Grace period to allow the admin-api to shutdown before it is killed terminationGracePeriodSeconds: 60 ###################################################################################################################### # # Gateway and Ingress # # By default this chart will deploy a Nginx container to act as a gateway which handles routing of traffic # and can also do auth. # # If you would prefer you can optionally disable this and enable using k8s ingress to do the incoming routing. # ###################################################################################################################### # Configuration for the gateway gateway: # -- Specifies whether the gateway should be enabled enabled: true # -- Number of replicas for the gateway replicas: 1 # -- Default container port containerPort: 8080 # -- Enable logging of 2xx and 3xx HTTP requests verboseLogging: true autoscaling: # -- Enable autoscaling for the gateway enabled: false # -- Minimum autoscaling replicas for the gateway minReplicas: 1 # -- Maximum autoscaling replicas for the gateway maxReplicas: 3 # -- Target CPU utilisation percentage for the gateway targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the gateway targetMemoryUtilizationPercentage: # -- See `kubectl explain deployment.spec.strategy` for more # -- ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy # -- Behavior policies while scaling. behavior: {} # scaleUp: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 60 # scaleDown: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 180 deploymentStrategy: type: RollingUpdate image: # -- The Docker registry for the gateway image registry: docker.io # -- The gateway image repository repository: nginxinc/nginx-unprivileged # -- The gateway image tag tag: 1.27-alpine # -- Overrides the gateway image tag with an image digest digest: null # -- The gateway image pull policy pullPolicy: IfNotPresent # -- The name of the PriorityClass for gateway pods priorityClassName: null # -- Annotations for gateway deployment annotations: {} # -- Annotations for gateway pods podAnnotations: {} # -- Additional labels for gateway pods podLabels: {} # -- Additional CLI args for the gateway extraArgs: [] # -- Environment variables to add to the gateway pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the gateway pods extraEnvFrom: [] # -- Lifecycle for the gateway container lifecycle: {} # -- Volumes to add to the gateway pods extraVolumes: [] # -- Volume mounts to add to the gateway pods extraVolumeMounts: [] # -- The SecurityContext for gateway containers podSecurityContext: fsGroup: 101 runAsGroup: 101 runAsNonRoot: true runAsUser: 101 # -- The SecurityContext for gateway containers containerSecurityContext: readOnlyRootFilesystem: true capabilities: drop: - ALL allowPrivilegeEscalation: false # -- Resource requests and limits for the gateway resources: {} # -- Containers to add to the gateway pods extraContainers: [] # -- Grace period to allow the gateway to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for gateway pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: gateway topologyKey: kubernetes.io/hostname # -- DNS config for gateway pods dnsConfig: {} # -- Node selector for gateway pods nodeSelector: {} # -- Topology Spread Constraints for gateway pods topologySpreadConstraints: [] # -- Tolerations for gateway pods tolerations: [] # Gateway service configuration service: # -- Port of the gateway service port: 80 # -- Type of the gateway service type: ClusterIP # -- ClusterIP of the gateway service clusterIP: null # -- (int) Node port if service type is NodePort nodePort: null # -- Load balancer IPO address if service type is LoadBalancer loadBalancerIP: null # -- Annotations for the gateway service annotations: {} # -- Labels for gateway service labels: {} # Gateway ingress configuration ingress: # -- Specifies whether an ingress for the gateway should be created enabled: false # -- Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 ingressClassName: "" # -- Annotations for the gateway ingress annotations: {} # -- Labels for the gateway ingress labels: {} # -- Hosts configuration for the gateway ingress, passed through the `tpl` function to allow templating hosts: - host: gateway.loki.example.com paths: - path: / # -- pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers # pathType: Prefix # -- TLS configuration for the gateway ingress. Hosts passed through the `tpl` function to allow templating tls: - secretName: loki-gateway-tls hosts: - gateway.loki.example.com # Basic auth configuration basicAuth: # -- Enables basic authentication for the gateway enabled: false # -- The basic auth username for the gateway username: null # -- The basic auth password for the gateway password: null # -- Uses the specified users from the `loki.tenants` list to create the htpasswd file. # if `loki.tenants` is not set, the `gateway.basicAuth.username` and `gateway.basicAuth.password` are used. # The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes # high CPU load. # @default -- Either `loki.tenants` or `gateway.basicAuth.username` and `gateway.basicAuth.password`. htpasswd: >- {{ if .Values.loki.tenants }} {{- range $t := .Values.loki.tenants }} {{ htpasswd (required "All tenants must have a 'name' set" $t.name) (required "All tenants must have a 'password' set" $t.password) }} {{- end }} {{ else }} {{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }} {{ end }} # -- Existing basic auth secret to use. Must contain '.htpasswd' existingSecret: null # Configures the readiness probe for the gateway readinessProbe: httpGet: path: / port: http-metrics initialDelaySeconds: 15 timeoutSeconds: 1 nginxConfig: # -- Which schema to be used when building URLs. Can be 'http' or 'https'. schema: http # -- Enable listener for IPv6, disable on IPv4-only systems enableIPv6: true # -- NGINX log format logFormat: |- main '$remote_addr - $remote_user [$time_local] $status ' '"$request" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; # -- Allows appending custom configuration to the server block serverSnippet: "" # -- Allows appending custom configuration to the http block, passed through the `tpl` function to allow templating httpSnippet: >- {{ if .Values.loki.tenants }}proxy_set_header X-Scope-OrgID $remote_user;{{ end }} # -- Allows customizing the `client_max_body_size` directive clientMaxBodySize: 4M # -- Whether ssl should be appended to the listen directive of the server block or not. ssl: false # -- Override Read URL customReadUrl: null # -- Override Write URL customWriteUrl: null # -- Override Backend URL customBackendUrl: null # -- Allows overriding the DNS resolver address nginx will use. resolver: "" # -- Config file contents for Nginx. Passed through the `tpl` function to allow templating # @default -- See values.yaml file: | {{- include "loki.nginxFile" . | indent 2 -}} # -- If running enterprise and using the default enterprise gateway, configs go here. enterpriseGateway: # -- Define the amount of instances replicas: 1 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld # -- Additional CLI arguments for the `gateway` target extraArgs: {} # -- Environment variables from secrets or configmaps to add to the enterprise gateway pods extraEnvFrom: [] # -- Additional labels for the `gateway` Pod labels: {} # -- Additional annotations for the `gateway` Pod annotations: {} # -- Additional labels and annotations for the `gateway` Service # -- Service overriding service type service: type: ClusterIP labels: {} annotations: {} # -- Run container as user `enterprise-logs(uid=10001)` podSecurityContext: runAsNonRoot: true runAsGroup: 10001 runAsUser: 10001 fsGroup: 10001 containerSecurityContext: readOnlyRootFilesystem: true capabilities: drop: - ALL allowPrivilegeEscalation: false # -- If you want to use your own proxy URLs, set this to false. useDefaultProxyURLs: true # -- update strategy strategy: type: RollingUpdate # -- Readiness probe readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 45 # -- Request and limit Kubernetes resources # -- Values are defined in small.yaml and large.yaml resources: {} # -- Configure optional environment variables env: [] # -- Configure optional initContainers initContainers: [] # -- Conifgure optional extraContainers extraContainers: [] # -- Additional volumes for Pods extraVolumes: [] # -- Additional volume mounts for Pods extraVolumeMounts: [] # -- Affinity for gateway Pods affinity: {} # -- Node selector for gateway Pods nodeSelector: {} # -- Topology Spread Constraints for enterprise-gateway pods topologySpreadConstraints: [] # -- Tolerations for gateway Pods tolerations: [] # -- Grace period to allow the gateway to shutdown before it is killed terminationGracePeriodSeconds: 60 # -- Ingress configuration Use either this ingress or the gateway, but not both at once. # If you enable this, make sure to disable the gateway. # You'll need to supply authn configuration for your ingress controller. ingress: enabled: false ingressClassName: "" annotations: {} # nginx.ingress.kubernetes.io/auth-type: basic # nginx.ingress.kubernetes.io/auth-secret: loki-distributed-basic-auth # nginx.ingress.kubernetes.io/auth-secret-type: auth-map # nginx.ingress.kubernetes.io/configuration-snippet: | # proxy_set_header X-Scope-OrgID $remote_user; labels: {} # blackbox.monitoring.exclude: "true" paths: # -- Paths that are exposed by Loki Distributor. # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.distributorFullname"}}`. # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.writeFullname"}}`. # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` distributor: - /api/prom/push - /loki/api/v1/push - /otlp/v1/logs # -- Paths that are exposed by Loki Query Frontend. # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.queryFrontendFullname"}}`. # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.readFullname"}}`. # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` queryFrontend: - /api/prom/query # this path covers labels and labelValues endpoints - /api/prom/label - /api/prom/series - /api/prom/tail - /loki/api/v1/query - /loki/api/v1/query_range - /loki/api/v1/tail # this path covers labels and labelValues endpoints - /loki/api/v1/label - /loki/api/v1/labels - /loki/api/v1/series - /loki/api/v1/index/stats - /loki/api/v1/index/volume - /loki/api/v1/index/volume_range - /loki/api/v1/format_query - /loki/api/v1/detected_field - /loki/api/v1/detected_fields - /loki/api/v1/detected_labels - /loki/api/v1/patterns # -- Paths that are exposed by Loki Ruler. # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.rulerFullname"}}`. # If deployment mode is SimpleScalable, the requests are forwarded to k8s service: `{{"loki.backendFullname"}}`. # If deployment mode is SimpleScalable but `read.legacyReadTarget` is `true`, the requests are forwarded to k8s service: `{{"loki.readFullname"}}`. # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` ruler: - /api/prom/rules - /api/prom/api/v1/rules - /api/prom/api/v1/alerts - /loki/api/v1/rules - /prometheus/api/v1/rules - /prometheus/api/v1/alerts # -- Hosts configuration for the ingress, passed through the `tpl` function to allow templating hosts: - loki.example.com # -- TLS configuration for the ingress. Hosts passed through the `tpl` function to allow templating tls: [] # - hosts: # - loki.example.com # secretName: loki-distributed-tls ###################################################################################################################### # # Migration # ###################################################################################################################### # -- Options that may be necessary when performing a migration from another helm chart migrate: # -- When migrating from a distributed chart like loki-distributed or enterprise-logs fromDistributed: # -- Set to true if migrating from a distributed helm chart enabled: false # -- If migrating from a distributed service, provide the distributed deployment's # memberlist service DNS so the new deployment can join its ring. memberlistService: "" ###################################################################################################################### # # Single Binary Deployment # # For small Loki installations up to a few 10's of GB per day, or for testing and development. # ###################################################################################################################### # Configuration for the single binary node(s) singleBinary: # -- Number of replicas for the single binary replicas: 0 autoscaling: # -- Enable autoscaling enabled: false # -- Minimum autoscaling replicas for the single binary minReplicas: 1 # -- Maximum autoscaling replicas for the single binary maxReplicas: 3 # -- Target CPU utilisation percentage for the single binary targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the single binary targetMemoryUtilizationPercentage: image: # -- The Docker registry for the single binary image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the single binary image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the single binary image. Overrides `loki.image.tag` tag: null # -- The name of the PriorityClass for single binary pods priorityClassName: null # -- Annotations for single binary StatefulSet annotations: {} # -- Annotations for single binary pods podAnnotations: {} # -- Additional labels for each `single binary` pod podLabels: {} # -- Additional selector labels for each `single binary` pod selectorLabels: {} service: # -- Annotations for single binary Service annotations: {} # -- Additional labels for single binary Service labels: {} # -- Comma-separated list of Loki modules to load for the single binary targetModule: "all" # -- Labels for single binary service extraArgs: [] # -- Environment variables to add to the single binary pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the single binary pods extraEnvFrom: [] # -- Extra containers to add to the single binary loki pod extraContainers: [] # -- Init containers to add to the single binary pods initContainers: [] # -- Volume mounts to add to the single binary pods extraVolumeMounts: [] # -- Volumes to add to the single binary pods extraVolumes: [] # -- Resource requests and limits for the single binary resources: {} # -- Grace period to allow the single binary to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for single binary pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: single-binary topologyKey: kubernetes.io/hostname # -- DNS config for single binary pods dnsConfig: {} # -- Node selector for single binary pods nodeSelector: {} # -- Tolerations for single binary pods tolerations: [] persistence: # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: true # -- Enable persistent disk enabled: true # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Selector for persistent disk selector: null # -- Annotations for volume claim annotations: {} ###################################################################################################################### # # Simple Scalable Deployment (SSD) Mode # # For small to medium size Loki deployments up to around 1 TB/day, this is the default mode for this helm chart # ###################################################################################################################### # Configuration for the write pod(s) write: # -- Number of replicas for the write replicas: 3 autoscaling: # -- Enable autoscaling for the write. enabled: false # -- Minimum autoscaling replicas for the write. minReplicas: 2 # -- Maximum autoscaling replicas for the write. maxReplicas: 6 # -- Target CPU utilisation percentage for the write. targetCPUUtilizationPercentage: 60 # -- Target memory utilization percentage for the write. targetMemoryUtilizationPercentage: # -- Behavior policies while scaling. behavior: # -- see https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown for scaledown details scaleUp: policies: - type: Pods value: 1 periodSeconds: 900 scaleDown: policies: - type: Pods value: 1 periodSeconds: 1800 stabilizationWindowSeconds: 3600 image: # -- The Docker registry for the write image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the write image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the write image. Overrides `loki.image.tag` tag: null # -- The name of the PriorityClass for write pods priorityClassName: null # -- Annotations for write StatefulSet annotations: {} # -- Annotations for write pods podAnnotations: {} # -- Additional labels for each `write` pod podLabels: {} # -- Additional selector labels for each `write` pod selectorLabels: {} service: # -- Annotations for write Service annotations: {} # -- Additional labels for write Service labels: {} # -- Comma-separated list of Loki modules to load for the write targetModule: "write" # -- Additional CLI args for the write extraArgs: [] # -- Environment variables to add to the write pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the write pods extraEnvFrom: [] # -- Lifecycle for the write container lifecycle: {} # -- The default /flush_shutdown preStop hook is recommended as part of the ingester # scaledown process so it's added to the template by default when autoscaling is enabled, # but it's disabled to optimize rolling restarts in instances that will never be scaled # down or when using chunks storage with WAL disabled. # https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown # -- Init containers to add to the write pods initContainers: [] # -- Containers to add to the write pods extraContainers: [] # -- Volume mounts to add to the write pods extraVolumeMounts: [] # -- Volumes to add to the write pods extraVolumes: [] # -- volumeClaimTemplates to add to StatefulSet extraVolumeClaimTemplates: [] # -- Resource requests and limits for the write resources: {} # -- Grace period to allow the write to shutdown before it is killed. Especially for the ingester, # this must be increased. It must be long enough so writes can be gracefully shutdown flushing/transferring # all data and to successfully leave the member ring on shutdown. terminationGracePeriodSeconds: 300 # -- Affinity for write pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: write topologyKey: kubernetes.io/hostname # -- DNS config for write pods dnsConfig: {} # -- Node selector for write pods nodeSelector: {} # -- Topology Spread Constraints for write pods topologySpreadConstraints: [] # -- Tolerations for write pods tolerations: [] # -- The default is to deploy all pods in parallel. podManagementPolicy: "Parallel" persistence: # -- Enable volume claims in pod spec volumeClaimsEnabled: true # -- Parameters used for the `data` volume when volumeClaimEnabled if false dataVolumeParameters: emptyDir: {} # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: false # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Selector for persistent disk selector: null # -- Annotations for volume claim annotations: {} # -- Configuration for the read pod(s) read: # -- Number of replicas for the read replicas: 3 autoscaling: # -- Enable autoscaling for the read, this is only used if `queryIndex.enabled: true` enabled: false # -- Minimum autoscaling replicas for the read minReplicas: 2 # -- Maximum autoscaling replicas for the read maxReplicas: 6 # -- Target CPU utilisation percentage for the read targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the read targetMemoryUtilizationPercentage: # -- Behavior policies while scaling. behavior: {} # scaleUp: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 60 # scaleDown: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 180 image: # -- The Docker registry for the read image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the read image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the read image. Overrides `loki.image.tag` tag: null # -- The name of the PriorityClass for read pods priorityClassName: null # -- Annotations for read deployment annotations: {} # -- Annotations for read pods podAnnotations: {} # -- Additional labels for each `read` pod podLabels: {} # -- Additional selector labels for each `read` pod selectorLabels: {} service: # -- Annotations for read Service annotations: {} # -- Additional labels for read Service labels: {} # -- Comma-separated list of Loki modules to load for the read targetModule: "read" # -- Whether or not to use the 2 target type simple scalable mode (read, write) or the # 3 target type (read, write, backend). Legacy refers to the 2 target type, so true will # run two targets, false will run 3 targets. legacyReadTarget: false # -- Additional CLI args for the read extraArgs: [] # -- Containers to add to the read pods extraContainers: [] # -- Environment variables to add to the read pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the read pods extraEnvFrom: [] # -- Lifecycle for the read container lifecycle: {} # -- Volume mounts to add to the read pods extraVolumeMounts: [] # -- Volumes to add to the read pods extraVolumes: [] # -- Resource requests and limits for the read resources: {} # -- Grace period to allow the read to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for read pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: read topologyKey: kubernetes.io/hostname # -- DNS config for read pods dnsConfig: {} # -- Node selector for read pods nodeSelector: {} # -- Topology Spread Constraints for read pods topologySpreadConstraints: [] # -- Tolerations for read pods tolerations: [] # -- The default is to deploy all pods in parallel. podManagementPolicy: "Parallel" persistence: # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: true # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Selector for persistent disk selector: null # -- Annotations for volume claim annotations: {} # -- Configuration for the backend pod(s) backend: # -- Number of replicas for the backend replicas: 3 autoscaling: # -- Enable autoscaling for the backend. enabled: false # -- Minimum autoscaling replicas for the backend. minReplicas: 3 # -- Maximum autoscaling replicas for the backend. maxReplicas: 6 # -- Target CPU utilization percentage for the backend. targetCPUUtilizationPercentage: 60 # -- Target memory utilization percentage for the backend. targetMemoryUtilizationPercentage: # -- Behavior policies while scaling. behavior: {} # scaleUp: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 60 # scaleDown: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 180 image: # -- The Docker registry for the backend image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the backend image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the backend image. Overrides `loki.image.tag` tag: null # -- The name of the PriorityClass for backend pods priorityClassName: null # -- Annotations for backend StatefulSet annotations: {} # -- Annotations for backend pods podAnnotations: {} # -- Additional labels for each `backend` pod podLabels: {} # -- Additional selector labels for each `backend` pod selectorLabels: {} service: # -- Annotations for backend Service annotations: {} # -- Additional labels for backend Service labels: {} # -- Comma-separated list of Loki modules to load for the backend targetModule: "backend" # -- Additional CLI args for the backend extraArgs: [] # -- Environment variables to add to the backend pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the backend pods extraEnvFrom: [] # -- Init containers to add to the backend pods initContainers: [] # -- Volume mounts to add to the backend pods extraVolumeMounts: [] # -- Volumes to add to the backend pods extraVolumes: [] # -- Resource requests and limits for the backend resources: {} # -- Grace period to allow the backend to shutdown before it is killed. Especially for the ingester, # this must be increased. It must be long enough so backends can be gracefully shutdown flushing/transferring # all data and to successfully leave the member ring on shutdown. terminationGracePeriodSeconds: 300 # -- Affinity for backend pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: backend topologyKey: kubernetes.io/hostname # -- DNS config for backend pods dnsConfig: {} # -- Node selector for backend pods nodeSelector: {} # -- Topology Spread Constraints for backend pods topologySpreadConstraints: [] # -- Tolerations for backend pods tolerations: [] # -- The default is to deploy all pods in parallel. podManagementPolicy: "Parallel" persistence: # -- Enable volume claims in pod spec volumeClaimsEnabled: true # -- Parameters used for the `data` volume when volumeClaimEnabled if false dataVolumeParameters: emptyDir: {} # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: true # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Selector for persistent disk selector: null # -- Annotations for volume claim annotations: {} ###################################################################################################################### # # Microservices Mode # # For large Loki deployments ingesting more than 1 TB/day # ###################################################################################################################### # -- Configuration for the ingester ingester: # -- Number of replicas for the ingester, when zoneAwareReplication.enabled is true, the total # number of replicas will match this value with each zone having 1/3rd of the total replicas. replicas: 0 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld autoscaling: # -- Enable autoscaling for the ingester enabled: false # -- Minimum autoscaling replicas for the ingester minReplicas: 1 # -- Maximum autoscaling replicas for the ingester maxReplicas: 3 # -- Target CPU utilisation percentage for the ingester targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the ingester targetMemoryUtilizationPercentage: null # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) customMetrics: [] # - type: Pods # pods: # metric: # name: loki_lines_total # target: # type: AverageValue # averageValue: 10k behavior: # -- Enable autoscaling behaviours enabled: false # -- define scale down policies, must conform to HPAScalingRules scaleDown: {} # -- define scale up policies, must conform to HPAScalingRules scaleUp: {} image: # -- The Docker registry for the ingester image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the ingester image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the ingester image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null priorityClassName: null # -- Labels for ingester pods podLabels: {} # -- Annotations for ingester pods podAnnotations: {} # -- The name of the PriorityClass for ingester pods # -- Labels for ingestor service serviceLabels: {} # -- Annotations for ingestor service serviceAnnotations: {} # -- Additional CLI args for the ingester extraArgs: [] # -- Environment variables to add to the ingester pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the ingester pods extraEnvFrom: [] # -- Volume mounts to add to the ingester pods extraVolumeMounts: [] # -- Volumes to add to the ingester pods extraVolumes: [] # -- Resource requests and limits for the ingester resources: {} # -- Containers to add to the ingester pods extraContainers: [] # -- Init containers to add to the ingester pods initContainers: [] # -- Grace period to allow the ingester to shutdown before it is killed. Especially for the ingestor, # this must be increased. It must be long enough so ingesters can be gracefully shutdown flushing/transferring # all data and to successfully leave the member ring on shutdown. terminationGracePeriodSeconds: 300 # -- Lifecycle for the ingester container lifecycle: {} # -- topologySpread for ingester pods. # @default -- Defaults to allow skew no more than 1 node topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app.kubernetes.io/component: ingester # -- Affinity for ingester pods. Ignored if zoneAwareReplication is enabled. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: ingester topologyKey: kubernetes.io/hostname # -- Pod Disruption Budget maxUnavailable maxUnavailable: 1 # -- Node selector for ingester pods nodeSelector: {} # -- Tolerations for ingester pods tolerations: [] # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` readinessProbe: {} # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` livenessProbe: {} # -- UpdateStrategy for the ingester StatefulSets. updateStrategy: # -- One of 'OnDelete' or 'RollingUpdate' type: RollingUpdate # -- Optional for updateStrategy.type=RollingUpdate. See [Partitioned rolling updates](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions) in the StatefulSet docs for details. # rollingUpdate: # partition: 0 persistence: # -- Enable creating PVCs which is required when using boltdb-shipper enabled: false # -- Use emptyDir with ramdisk for storage. **Please note that all data in ingester will be lost on pod restart** inMemory: false # -- List of the ingester PVCs # @notationType -- list claims: - name: data size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # - name: wal # size: 150Gi # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: false whenDeleted: Retain whenScaled: Retain # -- Adds the appProtocol field to the ingester service. This allows ingester to work with istio protocol selection. appProtocol: # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" grpc: "" # -- Enabling zone awareness on ingesters will create 3 statefulests where all writes will send a replica to each zone. # This is primarily intended to accelerate rollout operations by allowing for multiple ingesters within a single # zone to be shutdown and restart simultaneously (the remaining 2 zones will be guaranteed to have at least one copy # of the data). # Note: This can be used to run Loki over multiple cloud provider availability zones however this is not currently # recommended as Loki is not optimized for this and cross zone network traffic costs can become extremely high # extremely quickly. Even with zone awareness enabled, it is recommended to run Loki in a single availability zone. zoneAwareReplication: # -- Enable zone awareness. enabled: true # -- The percent of replicas in each zone that will be restarted at once. In a value of 0-100 maxUnavailablePct: 33 # -- zoneA configuration zoneA: # -- optionally define a node selector for this zone nodeSelector: null # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host extraAffinity: {} # -- Specific annotations to add to zone A statefulset annotations: {} # -- Specific annotations to add to zone A pods podAnnotations: {} zoneB: # -- optionally define a node selector for this zone nodeSelector: null # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host extraAffinity: {} # -- Specific annotations to add to zone B statefulset annotations: {} # -- Specific annotations to add to zone B pods podAnnotations: {} zoneC: # -- optionally define a node selector for this zone nodeSelector: null # -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host extraAffinity: {} # -- Specific annotations to add to zone C statefulset annotations: {} # -- Specific annotations to add to zone C pods podAnnotations: {} # -- The migration block allows migrating non zone aware ingesters to zone aware ingesters. migration: enabled: false excludeDefaultZone: false readPath: false writePath: false # -- Configuration for the distributor distributor: # -- Number of replicas for the distributor replicas: 0 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld autoscaling: # -- Enable autoscaling for the distributor enabled: false # -- Minimum autoscaling replicas for the distributor minReplicas: 1 # -- Maximum autoscaling replicas for the distributor maxReplicas: 3 # -- Target CPU utilisation percentage for the distributor targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the distributor targetMemoryUtilizationPercentage: null # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) customMetrics: [] # - type: Pods # pods: # metric: # name: loki_lines_total # target: # type: AverageValue # averageValue: 10k behavior: # -- Enable autoscaling behaviours enabled: false # -- define scale down policies, must conform to HPAScalingRules scaleDown: {} # -- define scale up policies, must conform to HPAScalingRules scaleUp: {} image: # -- The Docker registry for the distributor image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the distributor image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the distributor image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null # -- The name of the PriorityClass for distributor pods priorityClassName: null # -- Labels for distributor pods podLabels: {} # -- Annotations for distributor pods podAnnotations: {} # -- Labels for distributor service serviceLabels: {} # -- Annotations for distributor service serviceAnnotations: {} # -- Additional CLI args for the distributor extraArgs: [] # -- Environment variables to add to the distributor pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the distributor pods extraEnvFrom: [] # -- Volume mounts to add to the distributor pods extraVolumeMounts: [] # -- Volumes to add to the distributor pods extraVolumes: [] # -- Resource requests and limits for the distributor resources: {} # -- Containers to add to the distributor pods extraContainers: [] # -- Grace period to allow the distributor to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for distributor pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: distributor topologyKey: kubernetes.io/hostname # -- Pod Disruption Budget maxUnavailable maxUnavailable: null # -- Max Surge for distributor pods maxSurge: 0 # -- Node selector for distributor pods nodeSelector: {} # -- Topology Spread Constraints for distributor pods topologySpreadConstraints: [] # -- Tolerations for distributor pods tolerations: [] # -- Adds the appProtocol field to the distributor service. This allows distributor to work with istio protocol selection. appProtocol: # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" grpc: "" # -- Configuration for the querier querier: # -- Number of replicas for the querier replicas: 0 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld autoscaling: # -- Enable autoscaling for the querier, this is only used if `indexGateway.enabled: true` enabled: false # -- Minimum autoscaling replicas for the querier minReplicas: 1 # -- Maximum autoscaling replicas for the querier maxReplicas: 3 # -- Target CPU utilisation percentage for the querier targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the querier targetMemoryUtilizationPercentage: null # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) customMetrics: [] # - type: External # external: # metric: # name: loki_inflight_queries # target: # type: AverageValue # averageValue: 12 behavior: # -- Enable autoscaling behaviours enabled: false # -- define scale down policies, must conform to HPAScalingRules scaleDown: {} # -- define scale up policies, must conform to HPAScalingRules scaleUp: {} image: # -- The Docker registry for the querier image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the querier image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the querier image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null # -- The name of the PriorityClass for querier pods priorityClassName: null # -- Labels for querier pods podLabels: {} # -- Annotations for querier pods podAnnotations: {} # -- Labels for querier service serviceLabels: {} # -- Annotations for querier service serviceAnnotations: {} # -- Additional CLI args for the querier extraArgs: [] # -- Environment variables to add to the querier pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the querier pods extraEnvFrom: [] # -- Volume mounts to add to the querier pods extraVolumeMounts: [] # -- Volumes to add to the querier pods extraVolumes: [] # -- Resource requests and limits for the querier resources: {} # -- Containers to add to the querier pods extraContainers: [] # -- Init containers to add to the querier pods initContainers: [] # -- Grace period to allow the querier to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- topologySpread for querier pods. # @default -- Defaults to allow skew no more then 1 node topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app.kubernetes.io/component: querier # -- Affinity for querier pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: querier topologyKey: kubernetes.io/hostname # -- Pod Disruption Budget maxUnavailable maxUnavailable: null # -- Max Surge for querier pods maxSurge: 0 # -- Node selector for querier pods nodeSelector: {} # -- Tolerations for querier pods tolerations: [] # -- DNSConfig for querier pods dnsConfig: {} persistence: # -- Enable creating PVCs for the querier cache enabled: false # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Annotations for querier PVCs annotations: {} # -- Adds the appProtocol field to the querier service. This allows querier to work with istio protocol selection. appProtocol: # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" grpc: "" # -- Configuration for the query-frontend queryFrontend: # -- Number of replicas for the query-frontend replicas: 0 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld autoscaling: # -- Enable autoscaling for the query-frontend enabled: false # -- Minimum autoscaling replicas for the query-frontend minReplicas: 1 # -- Maximum autoscaling replicas for the query-frontend maxReplicas: 3 # -- Target CPU utilisation percentage for the query-frontend targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the query-frontend targetMemoryUtilizationPercentage: null # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) customMetrics: [] # - type: Pods # pods: # metric: # name: loki_query_rate # target: # type: AverageValue # averageValue: 100 behavior: # -- Enable autoscaling behaviours enabled: false # -- define scale down policies, must conform to HPAScalingRules scaleDown: {} # -- define scale up policies, must conform to HPAScalingRules scaleUp: {} image: # -- The Docker registry for the query-frontend image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the query-frontend image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the query-frontend image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null # -- The name of the PriorityClass for query-frontend pods priorityClassName: null # -- Labels for query-frontend pods podLabels: {} # -- Annotations for query-frontend pods podAnnotations: {} # -- Labels for query-frontend service serviceLabels: {} # -- Annotations for query-frontend service serviceAnnotations: {} # -- Additional CLI args for the query-frontend extraArgs: [] # -- Environment variables to add to the query-frontend pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the query-frontend pods extraEnvFrom: [] # -- Volume mounts to add to the query-frontend pods extraVolumeMounts: [] # -- Volumes to add to the query-frontend pods extraVolumes: [] # -- Resource requests and limits for the query-frontend resources: {} # -- Containers to add to the query-frontend pods extraContainers: [] # -- Grace period to allow the query-frontend to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for query-frontend pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: query-frontend topologyKey: kubernetes.io/hostname # -- Pod Disruption Budget maxUnavailable maxUnavailable: null # -- Node selector for query-frontend pods nodeSelector: {} # -- Topology Spread Constraints for query-frontend pods topologySpreadConstraints: [] # -- Tolerations for query-frontend pods tolerations: [] # -- Adds the appProtocol field to the queryFrontend service. This allows queryFrontend to work with istio protocol selection. appProtocol: # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" grpc: "" # -- Configuration for the query-scheduler queryScheduler: # -- Number of replicas for the query-scheduler. # It should be lower than `-querier.max-concurrent` to avoid generating back-pressure in queriers; # it's also recommended that this value evenly divides the latter replicas: 0 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld image: # -- The Docker registry for the query-scheduler image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the query-scheduler image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the query-scheduler image. Overrides `loki.image.tag` tag: null # -- The name of the PriorityClass for query-scheduler pods priorityClassName: null # -- Labels for query-scheduler pods podLabels: {} # -- Annotations for query-scheduler pods podAnnotations: {} # -- Labels for query-scheduler service serviceLabels: {} # -- Annotations for query-scheduler service serviceAnnotations: {} # -- Additional CLI args for the query-scheduler extraArgs: [] # -- Environment variables to add to the query-scheduler pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the query-scheduler pods extraEnvFrom: [] # -- Volume mounts to add to the query-scheduler pods extraVolumeMounts: [] # -- Volumes to add to the query-scheduler pods extraVolumes: [] # -- Resource requests and limits for the query-scheduler resources: {} # -- Containers to add to the query-scheduler pods extraContainers: [] # -- Grace period to allow the query-scheduler to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for query-scheduler pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: query-scheduler topologyKey: kubernetes.io/hostname # -- Pod Disruption Budget maxUnavailable maxUnavailable: 1 # -- Node selector for query-scheduler pods nodeSelector: {} # -- Topology Spread Constraints for query-scheduler pods topologySpreadConstraints: [] # -- Tolerations for query-scheduler pods tolerations: [] # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" appProtocol: grpc: "" # -- Configuration for the index-gateway indexGateway: # -- Number of replicas for the index-gateway replicas: 0 # -- Whether the index gateway should join the memberlist hashring joinMemberlist: true # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld image: # -- The Docker registry for the index-gateway image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the index-gateway image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the index-gateway image. Overrides `loki.image.tag` tag: null # -- The name of the PriorityClass for index-gateway pods priorityClassName: null # -- Labels for index-gateway pods podLabels: {} # -- Annotations for index-gateway pods podAnnotations: {} # -- Labels for index-gateway service serviceLabels: {} # -- Annotations for index-gateway service serviceAnnotations: {} # -- Additional CLI args for the index-gateway extraArgs: [] # -- Environment variables to add to the index-gateway pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the index-gateway pods extraEnvFrom: [] # -- Volume mounts to add to the index-gateway pods extraVolumeMounts: [] # -- Volumes to add to the index-gateway pods extraVolumes: [] # -- Resource requests and limits for the index-gateway resources: {} # -- Containers to add to the index-gateway pods extraContainers: [] # -- Init containers to add to the index-gateway pods initContainers: [] # -- Grace period to allow the index-gateway to shutdown before it is killed. terminationGracePeriodSeconds: 300 # -- Affinity for index-gateway pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: index-gateway topologyKey: kubernetes.io/hostname # -- Pod Disruption Budget maxUnavailable maxUnavailable: null # -- Node selector for index-gateway pods nodeSelector: {} # -- Topology Spread Constraints for index-gateway pods topologySpreadConstraints: [] # -- Tolerations for index-gateway pods tolerations: [] persistence: # -- Enable creating PVCs which is required when using boltdb-shipper enabled: false # -- Use emptyDir with ramdisk for storage. **Please note that all data in indexGateway will be lost on pod restart** inMemory: false # -- Size of persistent or memory disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Annotations for index gateway PVCs annotations: {} # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: false whenDeleted: Retain whenScaled: Retain # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" appProtocol: grpc: "" # -- UpdateStrategy for the indexGateway StatefulSet. updateStrategy: # -- One of 'OnDelete' or 'RollingUpdate' type: RollingUpdate # -- Optional for updateStrategy.type=RollingUpdate. See [Partitioned rolling updates](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions) in the StatefulSet docs for details. # rollingUpdate: # partition: 0 # -- Configuration for the compactor compactor: # -- Number of replicas for the compactor replicas: 0 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld image: # -- The Docker registry for the compactor image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the compactor image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the compactor image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null # -- The name of the PriorityClass for compactor pods priorityClassName: null # -- Labels for compactor pods podLabels: {} # -- Annotations for compactor pods podAnnotations: {} # -- Affinity for compactor pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: compactor topologyKey: kubernetes.io/hostname # -- Labels for compactor service serviceLabels: {} # -- Annotations for compactor service serviceAnnotations: {} # -- Additional CLI args for the compactor extraArgs: [] # -- Environment variables to add to the compactor pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the compactor pods extraEnvFrom: [] # -- Volume mounts to add to the compactor pods extraVolumeMounts: [] # -- Volumes to add to the compactor pods extraVolumes: [] # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` readinessProbe: {} # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` livenessProbe: {} # -- Resource requests and limits for the compactor resources: {} # -- Containers to add to the compactor pods extraContainers: [] # -- Init containers to add to the compactor pods initContainers: [] # -- Grace period to allow the compactor to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Node selector for compactor pods nodeSelector: {} # -- Tolerations for compactor pods tolerations: [] # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" appProtocol: grpc: "" persistence: # -- Enable creating PVCs for the compactor enabled: false # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Annotations for compactor PVCs annotations: {} # -- List of the compactor PVCs # @notationType -- list claims: - name: data size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # - name: wal # size: 150Gi # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: false whenDeleted: Retain whenScaled: Retain serviceAccount: create: false # -- The name of the ServiceAccount to use for the compactor. # If not set and create is true, a name is generated by appending # "-compactor" to the common ServiceAccount. name: null # -- Image pull secrets for the compactor service account imagePullSecrets: [] # -- Annotations for the compactor service account annotations: {} # -- Set this toggle to false to opt out of automounting API credentials for the service account automountServiceAccountToken: true # -- Configuration for the bloom-gateway bloomGateway: # -- Number of replicas for the bloom-gateway replicas: 0 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld image: # -- The Docker registry for the bloom-gateway image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the bloom-gateway image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the bloom-gateway image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null # -- The name of the PriorityClass for bloom-gateway pods priorityClassName: null # -- Labels for bloom-gateway pods podLabels: {} # -- Annotations for bloom-gateway pods podAnnotations: {} # -- Affinity for bloom-gateway pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: bloom-gateway topologyKey: kubernetes.io/hostname # -- Labels for bloom-gateway service serviceLabels: {} # -- Annotations for bloom-gateway service serviceAnnotations: {} # -- Additional CLI args for the bloom-gateway extraArgs: [] # -- Environment variables to add to the bloom-gateway pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the bloom-gateway pods extraEnvFrom: [] # -- Volume mounts to add to the bloom-gateway pods extraVolumeMounts: [] # -- Volumes to add to the bloom-gateway pods extraVolumes: [] # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` readinessProbe: {} # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` livenessProbe: {} # -- Resource requests and limits for the bloom-gateway resources: {} # -- Containers to add to the bloom-gateway pods extraContainers: [] # -- Init containers to add to the bloom-gateway pods initContainers: [] # -- Grace period to allow the bloom-gateway to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Node selector for bloom-gateway pods nodeSelector: {} # -- Tolerations for bloom-gateway pods tolerations: [] # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" appProtocol: grpc: "" persistence: # -- Enable creating PVCs for the bloom-gateway enabled: false # -- Annotations for bloom-gateway PVCs annotations: {} # -- List of the bloom-gateway PVCs # @notationType -- list claims: - name: data # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: false whenDeleted: Retain whenScaled: Retain serviceAccount: create: false # -- The name of the ServiceAccount to use for the bloom-gateway. # If not set and create is true, a name is generated by appending # "-bloom-gateway" to the common ServiceAccount. name: null # -- Image pull secrets for the bloom-gateway service account imagePullSecrets: [] # -- Annotations for the bloom-gateway service account annotations: {} # -- Set this toggle to false to opt out of automounting API credentials for the service account automountServiceAccountToken: true # -- Configuration for the bloom-planner bloomPlanner: # -- Number of replicas for the bloom-planner replicas: 0 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld image: # -- The Docker registry for the bloom-planner image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the bloom-planner image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the bloom-planner image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null # -- The name of the PriorityClass for bloom-planner pods priorityClassName: null # -- Labels for bloom-planner pods podLabels: {} # -- Annotations for bloom-planner pods podAnnotations: {} # -- Affinity for bloom-planner pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: bloom-planner topologyKey: kubernetes.io/hostname # -- Labels for bloom-planner service serviceLabels: {} # -- Annotations for bloom-planner service serviceAnnotations: {} # -- Additional CLI args for the bloom-planner extraArgs: [] # -- Environment variables to add to the bloom-planner pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the bloom-planner pods extraEnvFrom: [] # -- Volume mounts to add to the bloom-planner pods extraVolumeMounts: [] # -- Volumes to add to the bloom-planner pods extraVolumes: [] # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` readinessProbe: {} # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` livenessProbe: {} # -- Resource requests and limits for the bloom-planner resources: {} # -- Containers to add to the bloom-planner pods extraContainers: [] # -- Init containers to add to the bloom-planner pods initContainers: [] # -- Grace period to allow the bloom-planner to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Node selector for bloom-planner pods nodeSelector: {} # -- Tolerations for bloom-planner pods tolerations: [] # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" appProtocol: grpc: "" persistence: # -- Enable creating PVCs for the bloom-planner enabled: false # -- Annotations for bloom-planner PVCs annotations: {} # -- List of the bloom-planner PVCs # @notationType -- list claims: - name: data # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: false whenDeleted: Retain whenScaled: Retain serviceAccount: create: false # -- The name of the ServiceAccount to use for the bloom-planner. # If not set and create is true, a name is generated by appending # "-bloom-planner" to the common ServiceAccount. name: null # -- Image pull secrets for the bloom-planner service account imagePullSecrets: [] # -- Annotations for the bloom-planner service account annotations: {} # -- Set this toggle to false to opt out of automounting API credentials for the service account automountServiceAccountToken: true # -- Configuration for the bloom-builder bloomBuilder: # -- Number of replicas for the bloom-builder replicas: 0 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld autoscaling: # -- Enable autoscaling for the bloom-builder enabled: false # -- Minimum autoscaling replicas for the bloom-builder minReplicas: 1 # -- Maximum autoscaling replicas for the bloom-builder maxReplicas: 3 # -- Target CPU utilisation percentage for the bloom-builder targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the bloom-builder targetMemoryUtilizationPercentage: null # -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) customMetrics: [] # - type: Pods # pods: # metric: # name: loki_query_rate # target: # type: AverageValue # averageValue: 100 behavior: # -- Enable autoscaling behaviours enabled: false # -- define scale down policies, must conform to HPAScalingRules scaleDown: {} # -- define scale up policies, must conform to HPAScalingRules scaleUp: {} image: # -- The Docker registry for the bloom-builder image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the bloom-builder image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the bloom-builder image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null # -- The name of the PriorityClass for bloom-builder pods priorityClassName: null # -- Labels for bloom-builder pods podLabels: {} # -- Annotations for bloom-builder pods podAnnotations: {} # -- Labels for bloom-builder service serviceLabels: {} # -- Annotations for bloom-builder service serviceAnnotations: {} # -- Additional CLI args for the bloom-builder extraArgs: [] # -- Environment variables to add to the bloom-builder pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the bloom-builder pods extraEnvFrom: [] # -- Volume mounts to add to the bloom-builder pods extraVolumeMounts: [] # -- Volumes to add to the bloom-builder pods extraVolumes: [] # -- Resource requests and limits for the bloom-builder resources: {} # -- Containers to add to the bloom-builder pods extraContainers: [] # -- Grace period to allow the bloom-builder to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for bloom-builder pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: bloom-builder topologyKey: kubernetes.io/hostname # -- Pod Disruption Budget maxUnavailable maxUnavailable: null # -- Node selector for bloom-builder pods nodeSelector: {} # -- Tolerations for bloom-builder pods tolerations: [] # -- Adds the appProtocol field to the queryFrontend service. This allows bloomBuilder to work with istio protocol selection. appProtocol: # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" grpc: "" # -- Configuration for the pattern ingester patternIngester: # -- Number of replicas for the pattern ingester replicas: 0 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld image: # -- The Docker registry for the pattern ingester image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the pattern ingester image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the pattern ingester image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null # -- The name of the PriorityClass for pattern ingester pods priorityClassName: null # -- Labels for pattern ingester pods podLabels: {} # -- Annotations for pattern ingester pods podAnnotations: {} # -- Affinity for pattern ingester pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: pattern-ingester topologyKey: kubernetes.io/hostname # -- Labels for pattern ingester service serviceLabels: {} # -- Annotations for pattern ingester service serviceAnnotations: {} # -- Additional CLI args for the pattern ingester extraArgs: [] # -- Environment variables to add to the pattern ingester pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the pattern ingester pods extraEnvFrom: [] # -- Volume mounts to add to the pattern ingester pods extraVolumeMounts: [] # -- Volumes to add to the pattern ingester pods extraVolumes: [] # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` readinessProbe: {} # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` livenessProbe: {} # -- Resource requests and limits for the pattern ingester resources: {} # -- Containers to add to the pattern ingester pods extraContainers: [] # -- Init containers to add to the pattern ingester pods initContainers: [] # -- Grace period to allow the pattern ingester to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Node selector for pattern ingester pods nodeSelector: {} # -- Topology Spread Constraints for pattern ingester pods topologySpreadConstraints: [] # -- Tolerations for pattern ingester pods tolerations: [] # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" appProtocol: grpc: "" persistence: # -- Enable creating PVCs for the pattern ingester enabled: false # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Annotations for pattern ingester PVCs annotations: {} # -- List of the pattern ingester PVCs # @notationType -- list claims: - name: data size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # - name: wal # size: 150Gi # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: false whenDeleted: Retain whenScaled: Retain serviceAccount: create: false # -- The name of the ServiceAccount to use for the pattern ingester. # If not set and create is true, a name is generated by appending # "-pattern-ingester" to the common ServiceAccount. name: null # -- Image pull secrets for the pattern ingester service account imagePullSecrets: [] # -- Annotations for the pattern ingester service account annotations: {} # -- Set this toggle to false to opt out of automounting API credentials for the service account automountServiceAccountToken: true # -- Configuration for the ruler ruler: # -- The ruler component is optional and can be disabled if desired. enabled: true # -- Number of replicas for the ruler replicas: 0 # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 # hostnames: # - domain.tld image: # -- The Docker registry for the ruler image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the ruler image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the ruler image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null # -- The name of the PriorityClass for ruler pods priorityClassName: null # -- Labels for compactor pods podLabels: {} # -- Annotations for ruler pods podAnnotations: {} # -- Labels for ruler service serviceLabels: {} # -- Annotations for ruler service serviceAnnotations: {} # -- Additional CLI args for the ruler extraArgs: [] # -- Environment variables to add to the ruler pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the ruler pods extraEnvFrom: [] # -- Volume mounts to add to the ruler pods extraVolumeMounts: [] # -- Volumes to add to the ruler pods extraVolumes: [] # -- Resource requests and limits for the ruler resources: {} # -- Containers to add to the ruler pods extraContainers: [] # -- Init containers to add to the ruler pods initContainers: [] # -- Grace period to allow the ruler to shutdown before it is killed terminationGracePeriodSeconds: 300 # -- Affinity for ruler pods. # @default -- Hard node anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: ruler topologyKey: kubernetes.io/hostname # -- Pod Disruption Budget maxUnavailable maxUnavailable: null # -- Node selector for ruler pods nodeSelector: {} # -- Topology Spread Constraints for ruler pods topologySpreadConstraints: [] # -- Tolerations for ruler pods tolerations: [] # -- DNSConfig for ruler pods dnsConfig: {} persistence: # -- Enable creating PVCs which is required when using recording rules enabled: false # -- Size of persistent disk size: 10Gi # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Annotations for ruler PVCs annotations: {} # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" appProtocol: grpc: "" # -- Directories containing rules files directories: {} # tenant_foo: # rules1.txt: | # groups: # - name: should_fire # rules: # - alert: HighPercentageError # expr: | # sum(rate({app="foo", env="production"} |= "error" [5m])) by (job) # / # sum(rate({app="foo", env="production"}[5m])) by (job) # > 0.05 # for: 10m # labels: # severity: warning # annotations: # summary: High error rate # - name: credentials_leak # rules: # - alert: http-credentials-leaked # annotations: # message: "{{ $labels.job }} is leaking http basic auth credentials." # expr: 'sum by (cluster, job, pod) (count_over_time({namespace="prod"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)' # for: 10m # labels: # severity: critical # rules2.txt: | # groups: # - name: example # rules: # - alert: HighThroughputLogStreams # expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000 # for: 2m # tenant_bar: # rules1.txt: | # groups: # - name: should_fire # rules: # - alert: HighPercentageError # expr: | # sum(rate({app="foo", env="production"} |= "error" [5m])) by (job) # / # sum(rate({app="foo", env="production"}[5m])) by (job) # > 0.05 # for: 10m # labels: # severity: warning # annotations: # summary: High error rate # - name: credentials_leak # rules: # - alert: http-credentials-leaked # annotations: # message: "{{ $labels.job }} is leaking http basic auth credentials." # expr: 'sum by (cluster, job, pod) (count_over_time({namespace="prod"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)' # for: 10m # labels: # severity: critical # rules2.txt: | # groups: # - name: example # rules: # - alert: HighThroughputLogStreams # expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000 # for: 2m memcached: image: # -- Memcached Docker image repository repository: memcached # -- Memcached Docker image tag tag: 1.6.32-alpine # -- Memcached Docker image pull policy pullPolicy: IfNotPresent # -- The SecurityContext override for memcached pods podSecurityContext: runAsNonRoot: true runAsUser: 11211 runAsGroup: 11211 fsGroup: 11211 # -- The name of the PriorityClass for memcached pods priorityClassName: null # -- The SecurityContext for memcached containers containerSecurityContext: readOnlyRootFilesystem: true capabilities: drop: [ALL] allowPrivilegeEscalation: false memcachedExporter: # -- Whether memcached metrics should be exported enabled: true image: repository: prom/memcached-exporter tag: v0.15.0 pullPolicy: IfNotPresent resources: requests: {} limits: {} # -- The SecurityContext for memcached exporter containers containerSecurityContext: readOnlyRootFilesystem: true capabilities: drop: [ALL] allowPrivilegeEscalation: false # -- Extra args to add to the exporter container. # Example: # extraArgs: # memcached.tls.enable: true # memcached.tls.cert-file: /certs/cert.crt # memcached.tls.key-file: /certs/cert.key # memcached.tls.ca-file: /certs/ca.crt # memcached.tls.insecure-skip-verify: false # memcached.tls.server-name: memcached extraArgs: {} resultsCache: # -- Specifies whether memcached based results-cache should be enabled enabled: true # -- Specify how long cached results should be stored in the results-cache before being expired defaultValidity: 12h # -- Memcached operation timeout timeout: 500ms # -- Total number of results-cache replicas replicas: 1 # -- Port of the results-cache service port: 11211 # -- Amount of memory allocated to results-cache for object storage (in MB). allocatedMemory: 1024 # -- Maximum item results-cache for memcached (in MB). maxItemMemory: 5 # -- Maximum number of connections allowed connectionLimit: 16384 # -- Max memory to use for cache write back writebackSizeLimit: 500MB # -- Max number of objects to use for cache write back writebackBuffer: 500000 # -- Number of parallel threads for cache write back writebackParallelism: 1 # -- Extra init containers for results-cache pods initContainers: [] # -- Annotations for the results-cache pods annotations: {} # -- Node selector for results-cache pods nodeSelector: {} # -- Affinity for results-cache pods affinity: {} # -- topologySpreadConstraints allows to customize the default topologySpreadConstraints. This can be either a single dict as shown below or a slice of topologySpreadConstraints. # labelSelector is taken from the constraint itself (if it exists) or is generated by the chart using the same selectors as for services. topologySpreadConstraints: [] # maxSkew: 1 # topologyKey: kubernetes.io/hostname # whenUnsatisfiable: ScheduleAnyway # -- Tolerations for results-cache pods tolerations: [] # -- Pod Disruption Budget podDisruptionBudget: maxUnavailable: 1 # -- The name of the PriorityClass for results-cache pods priorityClassName: null # -- Labels for results-cache pods podLabels: {} # -- Annotations for results-cache pods podAnnotations: {} # -- Management policy for results-cache pods podManagementPolicy: Parallel # -- Grace period to allow the results-cache to shutdown before it is killed terminationGracePeriodSeconds: 60 # -- Stateful results-cache strategy statefulStrategy: type: RollingUpdate # -- Add extended options for results-cache memcached container. The format is the same as for the memcached -o/--extend flag. # Example: # extraExtendedOptions: 'tls,modern,track_sizes' extraExtendedOptions: "" # -- Additional CLI args for results-cache extraArgs: {} # -- Additional containers to be added to the results-cache pod. extraContainers: [] # -- Additional volumes to be added to the results-cache pod (applies to both memcached and exporter containers). # Example: # extraVolumes: # - name: extra-volume # secret: # secretName: extra-volume-secret extraVolumes: [] # -- Additional volume mounts to be added to the results-cache pod (applies to both memcached and exporter containers). # Example: # extraVolumeMounts: # - name: extra-volume # mountPath: /etc/extra-volume # readOnly: true extraVolumeMounts: [] # -- Resource requests and limits for the results-cache # By default a safe memory limit will be requested based on allocatedMemory value (floor (* 1.2 allocatedMemory)). resources: null # -- Service annotations and labels service: annotations: {} labels: {} # -- Persistence settings for the results-cache persistence: # -- Enable creating PVCs for the results-cache enabled: false # -- Size of persistent disk, must be in G or Gi storageSize: 10G # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Volume mount path mountPath: /data chunksCache: # -- Specifies whether memcached based chunks-cache should be enabled enabled: true # -- Batchsize for sending and receiving chunks from chunks cache batchSize: 4 # -- Parallel threads for sending and receiving chunks from chunks cache parallelism: 5 # -- Memcached operation timeout timeout: 2000ms # -- Specify how long cached chunks should be stored in the chunks-cache before being expired defaultValidity: 0s # -- Total number of chunks-cache replicas replicas: 1 # -- Port of the chunks-cache service port: 11211 # -- Amount of memory allocated to chunks-cache for object storage (in MB). allocatedMemory: 8192 # -- Maximum item memory for chunks-cache (in MB). maxItemMemory: 5 # -- Maximum number of connections allowed connectionLimit: 16384 # -- Max memory to use for cache write back writebackSizeLimit: 500MB # -- Max number of objects to use for cache write back writebackBuffer: 500000 # -- Number of parallel threads for cache write back writebackParallelism: 1 # -- Extra init containers for chunks-cache pods initContainers: [] # -- Annotations for the chunks-cache pods annotations: {} # -- Node selector for chunks-cache pods nodeSelector: {} # -- Affinity for chunks-cache pods affinity: {} # -- topologySpreadConstraints allows to customize the default topologySpreadConstraints. This can be either a single dict as shown below or a slice of topologySpreadConstraints. # labelSelector is taken from the constraint itself (if it exists) or is generated by the chart using the same selectors as for services. topologySpreadConstraints: [] # maxSkew: 1 # topologyKey: kubernetes.io/hostname # whenUnsatisfiable: ScheduleAnyway # -- Tolerations for chunks-cache pods tolerations: [] # -- Pod Disruption Budget podDisruptionBudget: maxUnavailable: 1 # -- The name of the PriorityClass for chunks-cache pods priorityClassName: null # -- Labels for chunks-cache pods podLabels: {} # -- Annotations for chunks-cache pods podAnnotations: {} # -- Management policy for chunks-cache pods podManagementPolicy: Parallel # -- Grace period to allow the chunks-cache to shutdown before it is killed terminationGracePeriodSeconds: 60 # -- Stateful chunks-cache strategy statefulStrategy: type: RollingUpdate # -- Add extended options for chunks-cache memcached container. The format is the same as for the memcached -o/--extend flag. # Example: # extraExtendedOptions: 'tls,no_hashexpand' extraExtendedOptions: "" # -- Additional CLI args for chunks-cache extraArgs: {} # -- Additional containers to be added to the chunks-cache pod. extraContainers: [] # -- Additional volumes to be added to the chunks-cache pod (applies to both memcached and exporter containers). # Example: # extraVolumes: # - name: extra-volume # secret: # secretName: extra-volume-secret extraVolumes: [] # -- Additional volume mounts to be added to the chunks-cache pod (applies to both memcached and exporter containers). # Example: # extraVolumeMounts: # - name: extra-volume # mountPath: /etc/extra-volume # readOnly: true extraVolumeMounts: [] # -- Resource requests and limits for the chunks-cache # By default a safe memory limit will be requested based on allocatedMemory value (floor (* 1.2 allocatedMemory)). resources: null # -- Service annotations and labels service: annotations: {} labels: {} # -- Persistence settings for the chunks-cache persistence: # -- Enable creating PVCs for the chunks-cache enabled: false # -- Size of persistent disk, must be in G or Gi storageSize: 10G # -- Storage class to be used. # If defined, storageClassName: . # If set to "-", storageClassName: "", which disables dynamic provisioning. # If empty or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). storageClass: null # -- Volume mount path mountPath: /data ###################################################################################################################### # # Subchart configurations # ###################################################################################################################### # -- Setting for the Grafana Rollout Operator https://github.com/grafana/helm-charts/tree/main/charts/rollout-operator rollout_operator: enabled: false # -- podSecurityContext is the pod security context for the rollout operator. # When installing on OpenShift, override podSecurityContext settings with # # rollout_operator: # podSecurityContext: # fsGroup: null # runAsGroup: null # runAsUser: null podSecurityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 seccompProfile: type: RuntimeDefault # Set the container security context securityContext: readOnlyRootFilesystem: true capabilities: drop: [ALL] allowPrivilegeEscalation: false # -- Configuration for the minio subchart minio: enabled: false replicas: 1 # Minio requires 2 to 16 drives for erasure code (drivesPerNode * replicas) # https://docs.min.io/docs/minio-erasure-code-quickstart-guide # Since we only have 1 replica, that means 2 drives must be used. drivesPerNode: 2 rootUser: enterprise-logs rootPassword: supersecret buckets: - name: chunks policy: none purge: false - name: ruler policy: none purge: false - name: admin policy: none purge: false persistence: size: 5Gi annotations: {} resources: requests: cpu: 100m memory: 128Mi # Allow the address used by Loki to refer to Minio to be overridden address: null # Create extra manifests via values. Would be passed through `tpl` for templating # objects can also be provided as multiline strings, useful for templating field names extraObjects: [] # - apiVersion: v1 # kind: ConfigMap # metadata: # name: loki-alerting-rules # data: # loki-alerting-rules.yaml: |- # groups: # - name: example # rules: # - alert: example # expr: | # sum(count_over_time({app="loki"} |~ "error")) > 0 # for: 3m # labels: # severity: warning # category: logs # annotations: # message: "loki has encountered errors" # - | # apiVersion: v1 # kind: Secret # type: Opaque # metadata: # name: loki-distributed-basic-auth # data: # {{- range .Values.loki.tenants }} # {{ .name }}: {{ b64enc .password | quote }} # {{- end }} sidecar: image: # -- The Docker registry and image for the k8s sidecar repository: kiwigrid/k8s-sidecar # -- Docker image tag tag: 1.28.0 # -- Docker image sha. If empty, no sha will be used sha: "" # -- Docker image pull policy pullPolicy: IfNotPresent # -- Resource requests and limits for the sidecar resources: {} # limits: # cpu: 100m # memory: 100Mi # requests: # cpu: 50m # memory: 50Mi # -- The SecurityContext for the sidecar. securityContext: {} # -- Set to true to skip tls verification for kube api calls. skipTlsVerify: false # -- Ensure that rule files aren't conflicting and being overwritten by prefixing their name with the namespace they are defined in. enableUniqueFilenames: false # -- Readiness probe definition. Probe is disabled on the sidecar by default. readinessProbe: {} # -- Liveness probe definition. Probe is disabled on the sidecar by default. livenessProbe: {} rules: # -- Whether or not to create a sidecar to ingest rule from specific ConfigMaps and/or Secrets. enabled: true # -- Label that the configmaps/secrets with rules will be marked with. label: loki_rule # -- Label value that the configmaps/secrets with rules will be set to. labelValue: "" # -- Folder into which the rules will be placed. folder: /rules # -- Comma separated list of namespaces. If specified, the sidecar will search for config-maps/secrets inside these namespaces. # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify 'ALL' to search in all namespaces. searchNamespace: null # -- Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH request, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. watchMethod: WATCH # -- Search in configmap, secret, or both. resource: both # -- Absolute path to the shell script to execute after a configmap or secret has been reloaded. script: null # -- WatchServerTimeout: request to the server, asking it to cleanly close the connection after that. # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S. watchServerTimeout: 60 # # -- WatchClientTimeout: is a client-side timeout, configuring your local socket. # If you have a network outage dropping all packets with no RST/FIN, # this is how long your client waits before realizing & dropping the connection. # Defaults to 66sec. watchClientTimeout: 60 # -- Log level of the sidecar container. logLevel: INFO ############################################## WARNING ############################################################### # # DEPRECATED VALUES # # The following values are deprecated and will be removed in a future version of the helm chart! # ############################################## WARNING ############################################################## # -- DEPRECATED Monitoring section determines which monitoring features to enable, this section is being replaced # by https://github.com/grafana/meta-monitoring-chart monitoring: # Dashboards for monitoring Loki dashboards: # -- If enabled, create configmap with dashboards for monitoring Loki enabled: false # -- Alternative namespace to create dashboards ConfigMap in namespace: null # -- Additional annotations for the dashboards ConfigMap annotations: {} # -- Labels for the dashboards ConfigMap labels: grafana_dashboard: "1" # -- DEPRECATED Recording rules for monitoring Loki, required for some dashboards rules: # -- If enabled, create PrometheusRule resource with Loki recording rules enabled: false # -- Include alerting rules alerting: true # -- Specify which individual alerts should be disabled # -- Instead of turning off each alert one by one, set the .monitoring.rules.alerting value to false instead. # -- If you disable all the alerts and keep .monitoring.rules.alerting set to true, the chart will fail to render. disabled: {} # LokiRequestErrors: true # LokiRequestPanics: true # -- Alternative namespace to create PrometheusRule resources in namespace: null # -- Additional annotations for the rules PrometheusRule resource annotations: {} # -- Additional labels for the rules PrometheusRule resource labels: {} # -- Additional labels for PrometheusRule alerts additionalRuleLabels: {} # -- Additional groups to add to the rules file additionalGroups: [] # - name: additional-loki-rules # rules: # - record: job:loki_request_duration_seconds_bucket:sum_rate # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job) # - record: job_route:loki_request_duration_seconds_bucket:sum_rate # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route) # - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate # expr: sum(rate(container_cpu_usage_seconds_total[1m])) by (node, namespace, pod, container) # -- DEPRECATED ServiceMonitor configuration serviceMonitor: # -- If enabled, ServiceMonitor resources for Prometheus Operator are created enabled: false # -- Namespace selector for ServiceMonitor resources namespaceSelector: {} # -- ServiceMonitor annotations annotations: {} # -- Additional ServiceMonitor labels labels: {} # -- ServiceMonitor scrape interval # Default is 15s because included recording rules use a 1m rate, and scrape interval needs to be at # least 1/4 rate interval. interval: 15s # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s) scrapeTimeout: null # -- ServiceMonitor relabel configs to apply to samples before scraping # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig relabelings: [] # -- ServiceMonitor metric relabel configs to apply to samples before ingestion # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint metricRelabelings: [] # -- ServiceMonitor will use http by default, but you can pick https as well scheme: http # -- ServiceMonitor will use these tlsConfig settings to make the health check requests tlsConfig: null # -- If defined, will create a MetricsInstance for the Grafana Agent Operator. metricsInstance: # -- If enabled, MetricsInstance resources for Grafana Agent Operator are created enabled: true # -- MetricsInstance annotations annotations: {} # -- Additional MetricsInstance labels labels: {} # -- If defined a MetricsInstance will be created to remote write metrics. remoteWrite: null # -- DEPRECATED Self monitoring determines whether Loki should scrape its own logs. # This feature currently relies on the Grafana Agent Operator being installed, # which is installed by default using the grafana-agent-operator sub-chart. # It will create custom resources for GrafanaAgent, LogsInstance, and PodLogs to configure # scrape configs to scrape its own logs with the labels expected by the included dashboards. selfMonitoring: enabled: false # -- Tenant to use for self monitoring tenant: # -- Name of the tenant name: "self-monitoring" # -- Password of the gateway for Basic auth password: null # -- Namespace to create additional tenant token secret in. Useful if your Grafana instance # is in a separate namespace. Token will still be created in the canary namespace. secretNamespace: "{{ .Release.Namespace }}" # -- DEPRECATED Grafana Agent configuration grafanaAgent: # -- DEPRECATED Controls whether to install the Grafana Agent Operator and its CRDs. # Note that helm will not install CRDs if this flag is enabled during an upgrade. # In that case install the CRDs manually from https://github.com/grafana/agent/tree/main/production/operator/crds installOperator: false # -- Grafana Agent annotations annotations: {} # -- Additional Grafana Agent labels labels: {} # -- Enable the config read api on port 8080 of the agent enableConfigReadAPI: false # -- The name of the PriorityClass for GrafanaAgent pods priorityClassName: null # -- Resource requests and limits for the grafanaAgent pods resources: {} # limits: # memory: 200Mi # requests: # cpu: 50m # memory: 100Mi # -- Tolerations for GrafanaAgent pods tolerations: [] # PodLogs configuration podLogs: # -- PodLogs version apiVersion: monitoring.grafana.com/v1alpha1 # -- PodLogs annotations annotations: {} # -- Additional PodLogs labels labels: {} # -- PodLogs relabel configs to apply to samples before scraping # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig relabelings: [] # -- Additional pipeline stages to process logs after scraping # https://grafana.com/docs/agent/latest/operator/api/#pipelinestagespec-a-namemonitoringgrafanacomv1alpha1pipelinestagespeca additionalPipelineStages: [] # LogsInstance configuration logsInstance: # -- LogsInstance annotations annotations: {} # -- Additional LogsInstance labels labels: {} # -- Additional clients for remote write clients: null # -- DEPRECATED Configuration for the table-manager. The table-manager is only necessary when using a deprecated # index type such as Cassandra, Bigtable, or DynamoDB, it has not been necessary since loki introduced self- # contained index types like 'boltdb-shipper' and 'tsdb'. This will be removed in a future helm chart. tableManager: # -- Specifies whether the table-manager should be enabled enabled: false image: # -- The Docker registry for the table-manager image. Overrides `loki.image.registry` registry: null # -- Docker image repository for the table-manager image. Overrides `loki.image.repository` repository: null # -- Docker image tag for the table-manager image. Overrides `loki.image.tag` tag: null # -- Command to execute instead of defined in Docker image command: null # -- The name of the PriorityClass for table-manager pods priorityClassName: null # -- Labels for table-manager pods podLabels: {} # -- Annotations for table-manager deployment annotations: {} # -- Annotations for table-manager pods podAnnotations: {} service: # -- Annotations for table-manager Service annotations: {} # -- Additional labels for table-manager Service labels: {} # -- Additional CLI args for the table-manager extraArgs: [] # -- Environment variables to add to the table-manager pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the table-manager pods extraEnvFrom: [] # -- Volume mounts to add to the table-manager pods extraVolumeMounts: [] # -- Volumes to add to the table-manager pods extraVolumes: [] # -- Resource requests and limits for the table-manager resources: {} # -- Containers to add to the table-manager pods extraContainers: [] # -- Grace period to allow the table-manager to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for table-manager pods. # @default -- Hard node and anti-affinity affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: table-manager topologyKey: kubernetes.io/hostname # -- DNS config table-manager pods dnsConfig: {} # -- Node selector for table-manager pods nodeSelector: {} # -- Tolerations for table-manager pods tolerations: [] # -- Enable deletes by retention retention_deletes_enabled: false # -- Set retention period retention_period: 0