loki

Helm chart

Last changed

Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Tag:

# -- Overrides the version used to determine compatibility of resources with the target Kubernetes cluster.

# This is useful when using `helm template`, because then helm will use the client version of kubectl as the Kubernetes version,

# which may or may not match your cluster's server version. Example: 'v1.24.4'. Set to null to use the version that helm

# devises.

kubeVersionOverride: null

global:

# -- Overrides the Docker registry globally for all images (standard format)

imageRegistry: null

image:

# -- Overrides the Docker registry globally for all images (deprecated, use global.imageRegistry)

registry: null

# -- Overrides the priorityClassName for all pods

priorityClassName: null

# -- configures cluster domain ("cluster.local" by default)

clusterDomain: "cluster.local"

# -- configures DNS service name

dnsService: "kube-dns"

# -- configures DNS service namespace

dnsNamespace: "kube-system"

# -- Common additional CLI arguments for all jobs (that is, -log.level debug, -config.expand-env=true or -log-config-reverse-order)

# scope: admin-api, backend, bloom-builder, bloom-gateway, bloom-planner, compactor, distributor, index-gateway, ingester, overrides-exporter, pattern-ingester, querier, query-frontend, query-scheduler, read, ruler, write.

extraArgs: []

# -- Common environment variables to add to all pods directly managed by this chart.

extraEnv: []

# -- Common source of environment injections to add to all pods directly managed by this chart.

# For example to inject values from a Secret, use:

# extraEnvFrom:

# - secretRef:

# name: mysecret

extraEnvFrom: []

# -- Common volumes to add to all pods directly managed by this chart.

extraVolumes: []

# -- Common mount points to add to all pods directly managed by this chart.

extraVolumeMounts: []

# -- Overrides the chart's name

nameOverride: null

# -- Overrides the chart's computed fullname

fullnameOverride: null

# -- Overrides the chart's namespace

namespaceOverride: null

# -- Overrides the chart's cluster label

clusterLabelOverride: null

# -- Image pull secrets for Docker images

imagePullSecrets: []

# -- Deployment mode lets you specify how to deploy Loki.

# There are 3 options:

# - SingleBinary: Loki is deployed as a single binary, useful for small installs typically without HA, up to a few tens of GB/day.

# - SimpleScalable: Loki is deployed as 3 targets: read, write, and backend. Useful for medium installs easier to manage than distributed, up to a about 1TB/day.

# - Distributed: Loki is deployed as individual microservices. The most complicated but most capable, useful for large installs, typically over 1TB/day.

# There are also 2 additional modes used for migrating between deployment modes:

# - SingleBinary<->SimpleScalable: Migrate from SingleBinary to SimpleScalable (or vice versa)

# - SimpleScalable<->Distributed: Migrate from SimpleScalable to Distributed (or vice versa)

# Note: SimpleScalable and Distributed REQUIRE the use of object storage.

deploymentMode: SimpleScalable

# -- Labels to be added to resources

commonLabels: {}

######################################################################################################################

# Base Loki Configs including kubernetes configurations and configurations for Loki itself,

# see below for more specifics on Loki's configuration.

######################################################################################################################

# -- Configuration for running Loki

# @default -- See values.yaml

loki:

# Configures the liveness probe for all of the Loki pods

livenessProbe: {}

# Configures the readiness probe for all of the Loki pods

readinessProbe:

httpGet:

path: /ready

port: http-metrics

periodSeconds: 10

initialDelaySeconds: 15

successThreshold: 1

failureThreshold: 3

timeoutSeconds: 1

# Configures the startup probe for all of the Loki pods

startupProbe: {}

image:

# -- The Docker registry

registry: cgr.dev

# -- Docker image repository

repository: chainguard-private/loki

# -- Overrides the image tag whose default is the chart's appVersion

tag: latest

# -- Overrides the image tag with an image digest

digest: sha256:b8e21e2f50cb8489a38339551160ecce5e22a7e2b7b1ad8dcd82b4ad7a4c3cb9

# -- Docker image pull policy

pullPolicy: IfNotPresent

# -- Common annotations for all deployments/StatefulSets

annotations: {}

# -- Common annotations for all pods

podAnnotations: {}

# -- Common labels for all pods

100

podLabels: {}

101

# -- Common annotations for all services

102

serviceAnnotations: {}

103

# -- Common labels for all services

104

serviceLabels: {}

105

# -- The number of old ReplicaSets to retain to allow rollback

106

revisionHistoryLimit: 10

107

# -- The SecurityContext for Loki pods

108

podSecurityContext:

109

fsGroup: 10001

110

fsGroupChangePolicy: OnRootMismatch

111

runAsGroup: 10001

112

runAsNonRoot: true

113

runAsUser: 10001

114

# -- The SecurityContext for Loki containers

115

containerSecurityContext:

116

readOnlyRootFilesystem: true

117

capabilities:

118

drop:

119

- ALL

120

allowPrivilegeEscalation: false

121

# -- Should enableServiceLinks be enabled. Default to enable

122

enableServiceLinks: true

123

# -- DNS config for Loki pods

124

dnsConfig: {}

125

######################################################################################################################

126

127

# Loki Configuration

128

129

# There are several ways to pass configuration to Loki, listing them here in order of our preference for how

130

# you should use this chart.

131

# 1. Use the templated value of loki.config below and the corresponding override sections which follow.

132

# This allows us to set a lot of important Loki configurations and defaults and also allows us to maintain them

133

# over time as Loki changes and evolves.

134

# 2. Use the loki.structuredConfig section.

135

# This will completely override the templated value of loki.config, so you MUST provide the entire Loki config

136

# including any configuration that we set in loki.config unless you explicitly are trying to change one of those

137

# values and are not able to do so with the templated sections.

138

# If you choose this approach the burden is on you to maintain any changes we make to the templated config.

139

# 3. Use an existing secret or configmap to provide the configuration.

140

# This option is mostly provided for folks who have external processes which provide or modify the configuration.

141

# When using this option you can specify a different name for loki.generatedConfigObjectName and configObjectName

142

# if you have a process which takes the generated config and modifies it, or you can stop the chart from generating

143

# a config entirely by setting loki.generatedConfigObjectName to

144

145

######################################################################################################################

146

147

# -- Defines what kind of object stores the configuration, a ConfigMap or a Secret.

148

# In order to move sensitive information (such as credentials) from the ConfigMap/Secret to a more secure location (e.g. vault), it is possible to use [environment variables in the configuration](https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration).

149

# Such environment variables can be then stored in a separate Secret and injected via the global.extraEnvFrom value. For details about environment injection from a Secret please see [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables).

150

configStorageType: ConfigMap

151

# -- The name of the object which Loki will mount as a volume containing the config.

152

# If the configStorageType is Secret, this will be the name of the Secret, if it is ConfigMap, this will be the name of the ConfigMap.

153

# The value will be passed through tpl.

154

configObjectName: '{{ include "loki.name" . }}'

155

# -- The name of the Secret or ConfigMap that will be created by this chart.

156

# If empty, no configmap or secret will be created.

157

# The value will be passed through tpl.

158

generatedConfigObjectName: '{{ include "loki.name" . }}'

159

# -- Config file contents for Loki

160

# @default -- See values.yaml

161

config: |

162

163

164

165

auth_enabled: {{ .Values.loki.auth_enabled }}

166

167

168

169

server:

170

171

172

173

174

pattern_ingester:

175

176

177

178

memberlist:

179

180

181

182

183

184

185

join_members:

186

- {{ include "loki.memberlist" . }}.{{ include "loki.namespace" $ }}.svc.{{ .Values.global.clusterDomain }}

187

188

189

- {{ .memberlistService }}

190

191

192

193

194

195

ingester:

196

197

198

199

200

ingester_client:

201

202

203

204

205

block_builder:

206

207

208

209

210

common:

211

212

storage:

213

214

215

216

217

limits_config:

218

219

220

221

runtime_config:

222

file: /etc/loki/runtime-config/runtime-config.yaml

223

224

225

226

chunk_store_config:

227

chunk_cache_config:

228

default_validity: {{ .defaultValidity }}

229

background:

230

writeback_goroutines: {{ .writebackParallelism }}

231

writeback_buffer: {{ .writebackBuffer }}

232

writeback_size_limit: {{ .writebackSizeLimit }}

233

memcached:

234

batch_size: {{ .batchSize }}

235

parallelism: {{ .parallelism }}

236

memcached_client:

237

addresses: {{ .addresses }}

238

consistent_hash: true

239

timeout: {{ .timeout }}

240

max_idle_conns: 72

241

242

243

244

l2_chunk_cache_handoff: {{ .l2ChunkCacheHandoff }}

245

chunk_cache_config_l2:

246

default_validity: {{ .defaultValidity }}

247

background:

248

writeback_goroutines: {{ .writebackParallelism }}

249

writeback_buffer: {{ .writebackBuffer }}

250

writeback_size_limit: {{ .writebackSizeLimit }}

251

memcached:

252

batch_size: {{ .batchSize }}

253

parallelism: {{ .parallelism }}

254

memcached_client:

255

addresses: {{ .addresses }}

256

consistent_hash: true

257

timeout: {{ .timeout }}

258

max_idle_conns: 72

259

260

261

262

263

264

schema_config:

265

266

267

268

269

schema_config:

270

271

272

273

274

275

276

277

{{- if and .Values.loki.storage.use_thanos_objstore .Values.ruler.enabled}}

278

ruler_storage:

279

280

281

282

{{- if or .Values.tableManager.retention_deletes_enabled .Values.tableManager.retention_period }}

283

table_manager:

284

retention_deletes_enabled: {{ .Values.tableManager.retention_deletes_enabled }}

285

retention_period: {{ .Values.tableManager.retention_period }}

286

287

288

query_range:

289

align_queries_with_step: true

290

291

292

293

294

295

cache_results: true

296

results_cache:

297

cache:

298

default_validity: {{ .defaultValidity }}

299

background:

300

writeback_goroutines: {{ .writebackParallelism }}

301

writeback_buffer: {{ .writebackBuffer }}

302

writeback_size_limit: {{ .writebackSizeLimit }}

303

memcached_client:

304

addresses: {{ .addresses }}

305

consistent_hash: true

306

timeout: {{ .timeout }}

307

update_interval: 1m

308

309

310

311

312

storage_config:

313

{{- if not (hasKey $.Values.loki.storage_config "use_thanos_objstore") }}

314

use_thanos_objstore: {{ $.Values.loki.storage.use_thanos_objstore }}

315

316

317

318

319

320

query_scheduler:

321

322

323

324

325

compactor:

326

327

328

329

330

compactor_grpc_client:

331

332

333

334

335

analytics:

336

337

338

339

340

ui:

341

enabled: true

342

343

344

querier:

345

346

347

348

349

index_gateway:

350

351

352

353

354

frontend:

355

356

357

358

359

frontend_worker:

360

361

362

363

364

distributor:

365

366

367

368

tracing:

369

enabled: {{ .Values.loki.tracing.enabled }}

370

371

372

bloom_build:

373

374

375

376

377

bloom_gateway:

378

379

380

381

382

operational_config:

383

384

385

# Should authentication be enabled

386

auth_enabled: true

387

# -- memberlist configuration (overrides embedded default)

388

memberlistConfig: {}

389

# -- Extra memberlist configuration

390

extraMemberlistConfig: {}

391

# -- Tenants list to be created on nginx htpasswd file, with name and password or passwordHash keys

392

# Example:

393

# <pre>

394

# tenants:

395

# - name: "test-user-1"

396

# password: "test-password-1"

397

# - name: "test-user-2"

398

# passwordHash: "$2y$10$7O40CaY1yz7fu9O24k2/u.ct/wELYHRBsn25v/7AyuQ8E8hrLqpva" # generated using `htpasswd -nbBC10 test-user-2 test-password-2`

399

# </pre>

400

tenants: []

401

# -- Check https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration.

402

server:

403

http_listen_port: 3100

404

grpc_listen_port: 9095

405

http_server_read_timeout: 600s

406

http_server_write_timeout: 600s

407

service:

408

# -- trafficDistribution for services

409

# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution

410

trafficDistribution: ""

411

# -- Limits config

412

limits_config:

413

reject_old_samples: true

414

reject_old_samples_max_age: 168h

415

max_cache_freshness_per_query: 10m

416

split_queries_by_interval: 15m

417

query_timeout: 300s

418

volume_enabled: true

419

# -- Provides a reloadable runtime configuration file for some specific configuration

420

runtimeConfig: {}

421

# -- Check https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration

422

commonConfig:

423

path_prefix: /var/loki

424

replication_factor: 3

425

# -- The gRPC address of the compactor. The use of compactor_grpc_address is prefered over compactor_address.

426

# If a customized compactor_address is set, compactor_grpc_address should be set to an empty string.

427

compactor_grpc_address: '{{ include "loki.compactorAddress" . }}'

428

# -- Storage config. Providing this will automatically populate all necessary storage configs in the templated config.

429

# -- In case of using thanos storage, enable use_thanos_objstore and the configuration should be done inside the object_store section.

430

storage:

431

# Loki requires a bucket for chunks and the ruler. GEL requires a third bucket for the admin API.

432

# Please provide these values if you are using object storage.

433

# bucketNames:

434

# chunks: FIXME

435

# ruler: FIXME

436

# admin: FIXME

437

type: s3

438

s3:

439

s3: null

440

endpoint: null

441

region: null

442

secretAccessKey: null

443

accessKeyId: null

444

signatureVersion: null

445

s3ForcePathStyle: false

446

insecure: false

447

http_config: {}

448

# -- Check https://grafana.com/docs/loki/latest/configure/#s3_storage_config for more info on how to provide a backoff_config

449

backoff_config: {}

450

disable_dualstack: false

451

gcs:

452

chunkBufferSize: 0

453

requestTimeout: "0s"

454

enableHttp2: true

455

azure:

456

accountName: null

457

accountKey: null

458

connectionString: null

459

useManagedIdentity: false

460

useFederatedToken: false

461

userAssignedId: null

462

requestTimeout: null

463

endpointSuffix: null

464

chunkDelimiter: null

465

swift:

466

auth_version: null

467

auth_url: null

468

internal: null

469

username: null

470

user_domain_name: null

471

user_domain_id: null

472

user_id: null

473

password: null

474

domain_id: null

475

domain_name: null

476

project_id: null

477

project_name: null

478

project_domain_id: null

479

project_domain_name: null

480

region_name: null

481

container_name: null

482

max_retries: null

483

connect_timeout: null

484

request_timeout: null

485

filesystem:

486

chunks_directory: /var/loki/chunks

487

rules_directory: /var/loki/rules

488

# Loki now supports using thanos storage clients for connecting to object storage backend.

489

# This will become the default way to configure storage in a future releases.

490

use_thanos_objstore: false

491

object_store:

492

# Type of object store. Valid options are: s3, gcs, azure

493

type: s3

494

# Optional prefix for storage keys

495

storage_prefix: null

496

# S3 configuration (when type is "s3")

497

s3:

498

# S3 endpoint URL

499

endpoint: null

500

# Optional region

501

region: null

502

# Optional access key

503

access_key_id: null

504

# Optional secret key

505

secret_access_key: null

506

# Optional. Enable if using self-signed TLS

507

insecure: false

508

# Optional server-side encryption configuration

509

sse: {}

510

# Optional HTTP client configuration

511

http: {}

512

# GCS configuration (when type is "gcs")

513

gcs:

514

# Name of the bucket

515

bucket_name: null

516

# Optional service account JSON

517

service_account: null

518

# Azure configuration (when type is "azure")

519

azure:

520

# Storage account name

521

account_name: null

522

# Optional storage account key

523

account_key: null

524

# -- Check https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas

525

schemaConfig: {}

526

# -- a real Loki install requires a proper schemaConfig defined above this, however for testing or playing around

527

# you can enable useTestSchema

528

useTestSchema: false

529

testSchemaConfig:

530

configs:

531

- from: 2024-04-01

532

store: tsdb

533

object_store: '{{ include "loki.testSchemaObjectStore" . }}'

534

schema: v13

535

index:

536

prefix: index_

537

period: 24h

538

## A separate loki ruler storage configuration can be provided via rulerStorage.storage section:

539

## rulerConfig:

540

## storage:

541

## type: local

542

# -- Check https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler

543

rulerConfig:

544

wal:

545

dir: /var/loki/ruler-wal

546

# -- Storage for the ruler. If defining rules in `ruler.directories`, this must be configured to use local storage as shown below.

547

# storage:

548

# type: local

549

# local:

550

# directory: /etc/loki/rules

551

# -- Structured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig`

552

structuredConfig: {}

553

# -- Additional query scheduler config

554

query_scheduler: {}

555

# -- Additional storage config

556

storage_config:

557

boltdb_shipper:

558

index_gateway_client:

559

server_address: '{{ include "loki.indexGatewayAddress" . }}'

560

tsdb_shipper:

561

index_gateway_client:

562

server_address: '{{ include "loki.indexGatewayAddress" . }}'

563

bloom_shipper:

564

working_directory: /var/loki/data/bloomshipper

565

hedging:

566

at: "250ms"

567

max_per_second: 20

568

up_to: 3

569

# -- Optional compactor configuration

570

compactor: {}

571

# -- Optional compactor grpc client configuration

572

compactor_grpc_client: {}

573

# -- Optional pattern ingester configuration

574

pattern_ingester:

575

enabled: false

576

# -- Optional analytics configuration

577

analytics: {}

578

# -- Optional Loki UI: Provides access to a operators UI for Loki distributed. When enabled UI will be available at /ui/ of loki-gateway

579

ui:

580

# Disabled by default for backwards compatibility. Enable to use the Loki UI.

581

enabled: false

582

gateway:

583

# enable gateway proxying to UI under /ui

584

enabled: true

585

# -- Optional querier configuration

586

query_range: {}

587

# -- Optional querier configuration

588

querier: {}

589

# -- Optional ingester configuration

590

ingester: {}

591

# -- Optional ingester client configuration

592

ingester_client: {}

593

# -- Optional block builder configuration

594

block_builder: {}

595

# -- Optional index gateway configuration

596

index_gateway:

597

mode: simple

598

frontend:

599

scheduler_address: '{{ include "loki.querySchedulerAddress" . }}'

600

tail_proxy_url: '{{ include "loki.querierAddress" . }}'

601

frontend_worker:

602

scheduler_address: '{{ include "loki.querySchedulerAddress" . }}'

603

# -- Optional distributor configuration

604

distributor: {}

605

# -- Enable tracing

606

tracing:

607

enabled: false

608

bloom_build:

609

enabled: false

610

builder:

611

planner_address: '{{ include "loki.bloomPlannerAddress" . }}'

612

bloom_gateway:

613

enabled: false

614

client:

615

addresses: '{{ include "loki.bloomGatewayAddresses" . }}'

616

# -- Optional operational configuration

617

operational_config: {}

618

######################################################################################################################

619

620

# Enterprise Loki Configs

621

622

######################################################################################################################

623

624

# -- Configuration for running Enterprise Loki

625

enterprise:

626

# Enterprise features are disabled by default.

627

# Set to `true` to deploy Grafana Enterprise Logs (GEL) with a valid license via

628

# `enterprise.license.contents` or `enterprise.useExternalLicense`/`enterprise.externalLicenseName`.

629

enabled: false

630

# Default version of GEL to deploy

631

version: 3.6.6

632

# -- Optional name of the GEL cluster, otherwise will use .Release.Name

633

# The cluster name must match what is in your GEL license

634

cluster_name: null

635

# -- Grafana Enterprise Logs license

636

# In order to use Grafana Enterprise Logs features, you will need to provide

637

# the contents of your Grafana Enterprise Logs license, either by providing the

638

# contents of the license.jwt, or the name Kubernetes Secret that contains your

639

# license.jwt.

640

# To set the license contents, use the flag `--set-file 'enterprise.license.contents=./license.jwt'`

641

license:

642

contents: "NOTAVALIDLICENSE"

643

# -- Set to true when providing an external license

644

useExternalLicense: false

645

# -- Name of external license secret to use

646

externalLicenseName: null

647

# -- Name of the external config secret to use

648

externalConfigName: ""

649

# -- Use GEL gateway, if false will use the default nginx gateway

650

gelGateway: true

651

# -- If enabled, the correct admin_client storage will be configured. If disabled while running enterprise,

652

# make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`.

653

adminApi:

654

enabled: true

655

# enterprise specific sections of the config.yaml file

656

config: |

657

658

admin_client:

659

{{ include "enterprise-logs.adminAPIStorageConfig" . | nindent 2 }}

660

661

auth:

662

type: {{ .Values.enterprise.adminApi.enabled | ternary "enterprise" "trust" }}

663

auth_enabled: {{ .Values.loki.auth_enabled }}

664

cluster_name: {{ include "loki.clusterName" . }}

665

license:

666

path: /etc/loki/license/license.jwt

667

image:

668

# -- The Docker registry

669

registry: cgr.dev

670

# -- Docker image repository

671

repository: chainguard-private/loki

672

# -- Docker image tag

673

tag: latest

674

# -- Overrides the image tag with an image digest

675

digest: sha256:b8e21e2f50cb8489a38339551160ecce5e22a7e2b7b1ad8dcd82b4ad7a4c3cb9

676

# -- Docker image pull policy

677

pullPolicy: IfNotPresent

678

adminToken:

679

# -- Name of external secret containing the admin token for enterprise provisioner

680

# This secret must exist before deploying and must contain a key named 'token'

681

secret: null

682

# -- Alternative name of the secret to store token for the canary

683

canarySecret: null

684

# -- Configuration for `provisioner` target

685

# Note: Uses enterprise.adminToken.secret value to mount the admin token used to call the admin api.

686

# The provisioner is disabled by default because it requires an out-of-band admin token secret

687

# (created via GEL `tokengen`) referenced by `enterprise.adminToken.secret`. After creating that

688

# secret, set both `enterprise.adminToken.secret` and `enterprise.provisioner.enabled: true`.

689

# See production/helm/loki/docs/examples/enterprise/README.md for the full procedure.

690

provisioner:

691

# -- Whether the job should be part of the deployment

692

enabled: false

693

# -- Name of the secret to store provisioned tokens in

694

provisionedSecretPrefix: null

695

# -- Hook type(s) to customize when the job runs. defaults to post-install

696

hookType: "post-install"

697

# -- url of the admin api to use for the provisioner

698

apiUrl: '{{ include "loki.address" . }}'

699

# -- Additional tenants to be created. Each tenant will get a read and write policy

700

# and associated token. Tenant must have a name and a namespace for the secret containting

701

# the token to be created in. For example

702

# additionalTenants:

703

# - name: loki

704

# secretNamespace: grafana

705

additionalTenants: []

706

# -- Additional Kubernetes environment

707

env: []

708

# -- Additional labels for the `provisioner` Job

709

labels: {}

710

# -- Additional annotations for the `provisioner` Job

711

annotations: {}

712

# -- Affinity for provisioner Pods

713

# The value will be passed through tpl.

714

affinity: {}

715

# -- Node selector for provisioner Pods

716

nodeSelector: {}

717

# -- Tolerations for provisioner Pods

718

tolerations: []

719

# -- The name of the PriorityClass for provisioner Job

720

priorityClassName: null

721

# -- Use the host's user namespace in provisioner pods

722

hostUsers: nil

723

# -- Run containers as user `enterprise-logs(uid=10001)`

724

securityContext:

725

runAsNonRoot: true

726

runAsGroup: 10001

727

runAsUser: 10001

728

fsGroup: 10001

729

# -- Provisioner image to Utilize

730

image:

731

# -- The Docker registry

732

registry: cgr.dev

733

# -- Docker image repository

734

repository: chainguard-private/loki

735

# -- Overrides the image tag whose default is the chart's appVersion

736

tag: latest

737

# -- Overrides the image tag with an image digest

738

digest: sha256:b8e21e2f50cb8489a38339551160ecce5e22a7e2b7b1ad8dcd82b4ad7a4c3cb9

739

# -- Docker image pull policy

740

pullPolicy: IfNotPresent

741

# -- Volume mounts to add to the provisioner pods

742

extraVolumeMounts: []

743

# -- Additional volumes for Pods

744

extraVolumes: []

745

######################################################################################################################

746

747

# Chart Testing

748

749

######################################################################################################################

750

751

# -- Section for configuring optional Helm test

752

test:

753

enabled: true

754

# -- Used to directly query the metrics endpoint of the canary for testing, this approach avoids needing prometheus for testing.

755

# This in a newer approach to using prometheusAddress such that tests do not have a dependency on prometheus

756

canaryServiceAddress: 'http://{{ include "loki-canary.fullname" $ }}.{{ include "loki.namespace" $ }}.svc.{{ .Values.global.clusterDomain }}:3500/metrics'

757

# -- Address of the prometheus server to query for the test. This overrides any value set for canaryServiceAddress.

758

# This is kept for backward compatibility and may be removed in future releases. Previous value was 'http://prometheus:9090'

759

prometheusAddress: ""

760

# -- Number of times to retry the test before failing

761

timeout: 1m

762

# -- Additional labels for the test pods

763

labels: {}

764

# -- Additional annotations for test pods

765

annotations: {}

766

# -- Image to use for loki canary

767

image:

768

# -- The Docker registry

769

registry: docker.io

770

# -- Docker image repository

771

repository: grafana/loki-helm-test

772

# -- Overrides the image tag whose default is the chart's appVersion

773

tag: "latest"

774

# -- Overrides the image tag with an image digest

775

digest: null

776

# -- Docker image pull policy

777

pullPolicy: IfNotPresent

778

# -- Use the host's user namespace in test pods

779

hostUsers: nil

780

# The Loki canary pushes logs to and queries from this loki installation to test

781

# that it's working correctly

782

lokiCanary:

783

enabled: true

784

# -- The type of the loki canary k8s rollout. This can be a DaemonSet or Deployment.

785

kind: DaemonSet

786

# -- If true, the canary will send directly to Loki via the address configured for verification --

787

# -- If false, it will write to stdout and an Agent will be needed to scrape and send the logs --

788

push: true

789

# -- If set overwrites the default value set by loki.host helper function. Use this if gateway not enabled.

790

lokiurl: null

791

# -- The name of the label to look for at loki when doing the checks.

792

labelname: pod

793

# -- Additional annotations for the `loki-canary` Daemonset

794

annotations: {}

795

# -- Additional labels for each `loki-canary` pod

796

podLabels: {}

797

service:

798

# -- Annotations for loki-canary Service

799

annotations: {}

800

# -- Additional labels for loki-canary Service

801

labels: {}

802

# -- Additional CLI arguments for the `loki-canary' command

803

extraArgs: []

804

# -- Environment variables to add to the canary pods

805

extraEnv: []

806

# -- Environment variables from secrets or configmaps to add to the canary pods

807

extraEnvFrom: []

808

# -- Volume mounts to add to the canary pods

809

extraVolumeMounts: []

810

# -- Volumes to add to the canary pods

811

extraVolumes: []

812

# -- Resource requests and limits for the canary

813

resources: {}

814

# -- DNS config for canary pods

815

dnsConfig: {}

816

# -- Node selector for canary pods

817

nodeSelector: {}

818

# -- Tolerations for canary pods

819

tolerations: []

820

# -- Affinity for canary pods

821

affinity: {}

822

# -- The name of the PriorityClass for loki-canary pods

823

priorityClassName: null

824

# -- Use the host's user namespace in loki-canary pods

825

hostUsers: nil

826

# -- Image to use for loki canary

827

image:

828

# -- The Docker registry

829

registry: cgr.dev

830

# -- Docker image repository

831

repository: chainguard-private/loki-canary

832

# -- Overrides the image tag whose default is the chart's appVersion

833

tag: latest

834

# -- Overrides the image tag with an image digest

835

digest: sha256:93086bdba80550b745cda4114a51819734c41fdb6db608db3dd9407ebc839e9e

836

# -- Docker image pull policy

837

pullPolicy: IfNotPresent

838

# -- Liveness probe

839

livenessProbe:

840

# -- Readiness probe

841

readinessProbe:

842

httpGet:

843

path: /metrics

844

port: http-metrics

845

initialDelaySeconds: 15

846

timeoutSeconds: 1

847

# -- Startup probe

848

startupProbe:

849

# -- Update strategy for the `loki-canary` Daemonset pods

850

updateStrategy:

851

type: RollingUpdate

852

rollingUpdate:

853

maxUnavailable: 1

854

# -- Replicas for `loki-canary` when using a Deployment

855

replicas: 1

856

######################################################################################################################

857

858

# Service Accounts and Kubernetes RBAC

859

860

######################################################################################################################

861

serviceAccount:

862

# -- Specifies whether a ServiceAccount should be created

863

create: true

864

# -- The name of the ServiceAccount to use.

865

# If not set and create is true, a name is generated using the fullname template

866

867

# -- Image pull secrets for the service account

868

imagePullSecrets: []

869

# -- Annotations for the service account

870

annotations: {}

871

# -- Labels for the service account

872

labels: {}

873

# -- Set this toggle to false to opt out of automounting API credentials for the service account

874

automountServiceAccountToken: true

875

# RBAC configuration

876

rbac:

877

# -- If pspEnabled true, a PodSecurityPolicy is created for K8s that use psp.

878

pspEnabled: false

879

# -- For OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints.

880

sccEnabled: false

881

# -- Toggle this to true to allow the use of hostPath volumes on OpenShift

882

sccAllowHostDirVolumePlugin: false

883

# -- Specify PSP annotations

884

# Ref: https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/#podsecuritypolicy-annotations

885

pspAnnotations: {}

886

# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'

887

# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'

888

# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'

889

# -- Whether to install RBAC in the namespace only or cluster-wide. Useful if you want to watch ConfigMap globally.

890

namespaced: false

891

######################################################################################################################

892

893

# Network Policy configuration

894

895

######################################################################################################################

896

networkPolicy:

897

# -- Specifies whether Network Policies should be created

898

enabled: false

899

# -- Specifies whether the policies created will be standard Network Policies (flavor: kubernetes)

900

# or Cilium Network Policies (flavor: cilium)

901

flavor: kubernetes

902

metrics:

903

# -- Specifies the Pods which are allowed to access the metrics port.

904

# As this is cross-namespace communication, you also need the namespaceSelector.

905

podSelector: {}

906

# -- Specifies the namespaces which are allowed to access the metrics port

907

namespaceSelector: {}

908

# -- Specifies specific network CIDRs which are allowed to access the metrics port.

909

# In case you use namespaceSelector, you also have to specify your kubelet networks here.

910

# The metrics ports are also used for probes.

911

cidrs: []

912

ingress:

913

# -- Specifies the Pods which are allowed to access the http port.

914

# As this is cross-namespace communication, you also need the namespaceSelector.

915

podSelector: {}

916

# -- Specifies the namespaces which are allowed to access the http port

917

namespaceSelector: {}

918

alertmanager:

919

# -- Specify the alertmanager port used for alerting

920

port: 9093

921

# -- Specifies the alertmanager Pods.

922

# As this is cross-namespace communication, you also need the namespaceSelector.

923

podSelector: {}

924

# -- Specifies the namespace the alertmanager is running in

925

namespaceSelector: {}

926

externalStorage:

927

# -- Specify the port used for external storage, e.g. AWS S3

928

ports: []

929

# -- Specifies specific network CIDRs you want to limit access to

930

cidrs: []

931

discovery:

932

# -- (int) Specify the port used for discovery

933

port: null

934

# -- Specifies the Pods labels used for discovery.

935

# As this is cross-namespace communication, you also need the namespaceSelector.

936

podSelector: {}

937

# -- Specifies the namespace the discovery Pods are running in

938

namespaceSelector: {}

939

egressWorld:

940

# -- Enable additional cilium egress rules to external world for write, read and backend.

941

enabled: false

942

egressKubeApiserver:

943

# -- Enable additional cilium egress rules to kube-apiserver for backend.

944

enabled: false

945

######################################################################################################################

946

947

# Global memberlist configuration

948

949

######################################################################################################################

950

951

# Configuration for the memberlist service

952

memberlist:

953

service:

954

publishNotReadyAddresses: false

955

annotations: {}

956

######################################################################################################################

957

958

# adminAPI configuration, enterprise only.

959

960

######################################################################################################################

961

962

# -- Configuration for the `admin-api` target

963

adminApi:

964

# -- Define the amount of instances

965

replicas: 1

966

# -- hostAliases to add

967

hostAliases: []

968

# - ip: 1.2.3.4

969

# hostnames:

970

# - domain.tld

971

# -- Additional CLI arguments for the `admin-api` target

972

extraArgs: {}

973

# -- Environment variables to add to the admin-api pods

974

extraEnv: []

975

# -- Environment variables from secrets or configmaps to add to the admin-api pods

976

extraEnvFrom: []

977

# -- Additional labels for the `admin-api` Deployment

978

labels: {}

979

# -- Additional annotations for the `admin-api` Deployment

980

annotations: {}

981

# -- DNSConfig for `admin-api` pods

982

dnsConfig: {}

983

# -- Additional labels and annotations for the `admin-api` Service

984

service:

985

labels: {}

986

annotations: {}

987

# -- Run container as user `enterprise-logs(uid=10001)`

988

# `fsGroup` must not be specified, because these security options are applied

989

# on container level not on Pod level.

990

podSecurityContext:

991

runAsNonRoot: true

992

runAsGroup: 10001

993

runAsUser: 10001

994

containerSecurityContext:

995

readOnlyRootFilesystem: true

996

capabilities:

997

drop:

998

- ALL

999

allowPrivilegeEscalation: false

1000

# -- Update strategy

1001

strategy:

1002

type: RollingUpdate

1003

# -- Liveness probe

1004

livenessProbe: {}

1005

# -- Readiness probe

1006

readinessProbe:

1007

httpGet:

1008

path: /ready

1009

port: http-metrics

1010

initialDelaySeconds: 45

1011

# -- Startup probe

1012

startupProbe: {}

1013

# -- Request and limit Kubernetes resources

1014

# -- Values are defined in small.yaml and large.yaml

1015

resources: {}

1016

# -- Configure optional environment variables

1017

env: []

1018

# -- Configure optional initContainers

1019

initContainers: []

1020

# -- Configure optional extraContainers

1021

extraContainers: []

1022

# -- Additional volumes for Pods

1023

extraVolumes: []

1024

# -- Additional volume mounts for Pods

1025

extraVolumeMounts: []

1026

# -- Affinity for admin-api Pods

1027

# The value will be passed through tpl.

1028

affinity: {}

1029

# -- Node selector for admin-api Pods

1030

nodeSelector: {}

1031

# -- Topology Spread Constraints for admin-api pods

1032

# The value will be passed through tpl.

1033

topologySpreadConstraints: []

1034

# -- Tolerations for admin-api Pods

1035

tolerations: []

1036

# -- Grace period to allow the admin-api to shutdown before it is killed

1037

terminationGracePeriodSeconds: 60

1038

# -- Use the host's user namespace in admin-api pods

1039

hostUsers: nil

1040

######################################################################################################################

1041

1042

# Gateway and Ingress

1043

1044

# By default this chart will deploy a Nginx container to act as a gateway which handles routing of traffic

1045

# and can also do auth.

1046

1047

# If you would prefer you can optionally disable this and enable using k8s ingress to do the incoming routing.

1048

1049

######################################################################################################################

1050

1051

# Configuration for the gateway

1052

gateway:

1053

# -- Specifies whether the gateway should be enabled

1054

enabled: true

1055

# -- Number of replicas for the gateway

1056

replicas: 1

1057

# -- Default container port

1058

containerPort: 8080

1059

# -- Enable logging of 2xx and 3xx HTTP requests

1060

verboseLogging: true

1061

autoscaling:

1062

# -- Enable autoscaling for the gateway

1063

enabled: false

1064

# -- Minimum autoscaling replicas for the gateway

1065

minReplicas: 1

1066

# -- Maximum autoscaling replicas for the gateway

1067

maxReplicas: 3

1068

# -- Target CPU utilisation percentage for the gateway

1069

targetCPUUtilizationPercentage: 60

1070

# -- Target memory utilisation percentage for the gateway

1071

targetMemoryUtilizationPercentage:

1072

# -- See `kubectl explain deployment.spec.strategy` for more

1073

# -- ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy

1074

# -- Behavior policies while scaling.

1075

behavior: {}

1076

# scaleUp:

1077

# stabilizationWindowSeconds: 300

1078

# policies:

1079

# - type: Pods

1080

# value: 1

1081

# periodSeconds: 60

1082

# scaleDown:

1083

# stabilizationWindowSeconds: 300

1084

# policies:

1085

# - type: Pods

1086

# value: 1

1087

# periodSeconds: 180

1088

deploymentStrategy:

1089

type: RollingUpdate

1090

image:

1091

# -- The Docker registry for the gateway image

1092

registry: cgr.dev

1093

# -- The gateway image repository

1094

repository: chainguard-private/nginx

1095

# -- The gateway image tag

1096

tag: latest

1097

# -- Overrides the gateway image tag with an image digest

1098

digest: sha256:45bb775f6ffd04f0a6e7f650e1170ec9131f33dc3408e097ca12c69f99af2fa0

1099

# -- The gateway image pull policy

1100

pullPolicy: IfNotPresent

1101

# -- The name of the PriorityClass for gateway pods

1102

priorityClassName: null

1103

# -- Annotations for gateway deployment

1104

annotations: {}

1105

# -- Annotations for gateway pods

1106

podAnnotations: {}

1107

# -- Additional labels for gateway pods

1108

podLabels: {}

1109

# -- Additional CLI args for the gateway

1110

extraArgs: []

1111

# -- Environment variables to add to the gateway pods

1112

extraEnv: []

1113

# -- Environment variables from secrets or configmaps to add to the gateway pods

1114

extraEnvFrom: []

1115

# -- Lifecycle for the gateway container

1116

lifecycle: {}

1117

# -- Volumes to add to the gateway pods

1118

extraVolumes: []

1119

# -- Volume mounts to add to the gateway pods

1120

extraVolumeMounts: []

1121

# -- The SecurityContext for gateway containers

1122

podSecurityContext:

1123

fsGroup: 101

1124

runAsGroup: 101

1125

runAsNonRoot: true

1126

runAsUser: 101

1127

# -- The SecurityContext for gateway containers

1128

containerSecurityContext:

1129

readOnlyRootFilesystem: true

1130

capabilities:

1131

drop:

1132

- ALL

1133

allowPrivilegeEscalation: false

1134

# -- Use the host's user namespace in the gateway

1135

hostUsers: nil

1136

# -- Resource requests and limits for the gateway

1137

resources: {}

1138

# -- Containers to add to the gateway pods

1139

extraContainers: []

1140

# -- Grace period to allow the gateway to shutdown before it is killed

1141

terminationGracePeriodSeconds: 30

1142

# -- Affinity for gateway pods.

1143

# @default -- Hard node anti-affinity

1144

# The value will be passed through tpl.

1145

affinity:

1146

podAntiAffinity:

1147

requiredDuringSchedulingIgnoredDuringExecution:

1148

- labelSelector:

1149

matchLabels:

1150

app.kubernetes.io/component: gateway

1151

app.kubernetes.io/name: '{{ include "loki.name" . }}'

1152

app.kubernetes.io/instance: '{{ .Release.Name }}'

1153

topologyKey: kubernetes.io/hostname

1154

# -- DNS config for gateway pods

1155

dnsConfig: {}

1156

# -- Node selector for gateway pods

1157

nodeSelector: {}

1158

# -- Topology Spread Constraints for gateway pods

1159

# The value will be passed through tpl.

1160

topologySpreadConstraints: []

1161

# -- Tolerations for gateway pods

1162

tolerations: []

1163

# Gateway service configuration

1164

service:

1165

# -- Port of the gateway service

1166

port: 80

1167

# -- Type of the gateway service

1168

type: ClusterIP

1169

# -- ClusterIP of the gateway service

1170

clusterIP: null

1171

# -- (int) Node port if service type is NodePort

1172

nodePort: null

1173

# -- Load balancer IPO address if service type is LoadBalancer

1174

loadBalancerIP: null

1175

# -- Annotations for the gateway service

1176

annotations: {}

1177

# -- Labels for gateway service

1178

labels: {}

1179

# -- trafficDistribution for gateway service

1180

trafficDistribution: ""

1181

# Gateway ingress configuration

1182

ingress:

1183

# -- Specifies whether an ingress for the gateway should be created

1184

enabled: false

1185

# -- Ingress Class Name. MAY be required for Kubernetes versions >= 1.18

1186

ingressClassName: ""

1187

# -- Annotations for the gateway ingress

1188

annotations: {}

1189

# -- Labels for the gateway ingress

1190

labels: {}

1191

# -- Hosts configuration for the gateway ingress, passed through the `tpl` function to allow templating

1192

hosts:

1193

- host: gateway.loki.example.com

1194

paths:

1195

- path: /

1196

# -- pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers

1197

# pathType: Prefix

1198

# -- TLS configuration for the gateway ingress. Hosts passed through the `tpl` function to allow templating

1199

tls:

1200

- secretName: loki-gateway-tls

1201

hosts:

1202

- gateway.loki.example.com

1203

# Basic auth configuration

1204

basicAuth:

1205

# -- Enables basic authentication for the gateway

1206

enabled: false

1207

# -- The basic auth username for the gateway

1208

username: null

1209

# -- The basic auth password for the gateway

1210

password: null

1211

# -- Uses the specified users from the `loki.tenants` list to create the htpasswd file.

1212

# if `loki.tenants` is not set, the `gateway.basicAuth.username` and `gateway.basicAuth.password` are used.

1213

# The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes

1214

# high CPU load.

1215

# @default -- Either `loki.tenants` or `gateway.basicAuth.username` and `gateway.basicAuth.password`.

1216

htpasswd: |

1217

1218

1219

{{- $username := required "All tenants must have a 'name' set" $t.name }}

1220

1221

1222

1223

1224

1225

{{- fail "All tenants must have a 'password' or 'passwordHash' set" }}

1226

1227

1228

1229

{{- printf "%s\n" (htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password)) }}

1230

1231

# -- Existing basic auth secret to use. Must contain '.htpasswd'

1232

existingSecret: null

1233

# -- liveness probe for the nginx container in the gateway pods.

1234

livenessProbe: {}

1235

# Configures the readiness probe for the gateway

1236

readinessProbe:

1237

httpGet:

1238

path: /

1239

port: http-metrics

1240

initialDelaySeconds: 15

1241

timeoutSeconds: 1

1242

# -- startup probe for the nginx container in the gateway pods.

1243

startupProbe: {}

1244

nginxConfig:

1245

# -- Which schema to be used when building URLs. Can be 'http' or 'https'.

1246

schema: http

1247

# -- Enable listener for IPv6, disable on IPv4-only systems

1248

enableIPv6: true

1249

# -- NGINX log format

1250

logFormat: |-

1251

main '$remote_addr - $remote_user [$time_local] $status '

1252

'"$request" $body_bytes_sent "$http_referer" '

1253

'"$http_user_agent" "$http_x_forwarded_for"';

1254

# -- Allows appending custom configuration to the server block

1255

serverSnippet: ""

1256

# -- Allows appending custom configuration to the http block, passed through the `tpl` function to allow templating

1257

httpSnippet: ""

1258

# -- Allows appending custom configuration inside every location block, useful for authentication or setting headers that are not inherited from the server block, passed through the `tpl` function to allow templating.

1259

locationSnippet: >-

1260

{{ if .Values.loki.tenants }}proxy_set_header X-Scope-OrgID $remote_user;{{ end }}

1261

# -- Allows customizing the `client_max_body_size` directive

1262

clientMaxBodySize: 4M

1263

# -- Whether ssl should be appended to the listen directive of the server block or not.

1264

ssl: false

1265

# -- Override Read URL

1266

customReadUrl: null

1267

# -- Override Write URL

1268

customWriteUrl: null

1269

# -- Override Backend URL

1270

customBackendUrl: null

1271

# -- Allows overriding the DNS resolver address nginx will use.

1272

resolver: ""

1273

# -- Config file contents for Nginx. Passed through the `tpl` function to allow templating

1274

# @default -- See values.yaml

1275

file: |

1276

1277

# -- If running enterprise and using the default enterprise gateway, configs go here.

1278

enterpriseGateway:

1279

# -- Define the amount of instances

1280

replicas: 1

1281

# -- hostAliases to add

1282

hostAliases: []

1283

# - ip: 1.2.3.4

1284

# hostnames:

1285

# - domain.tld

1286

# -- Use the host's user namespace in the `gateway` pod

1287

hostUsers: nil

1288

# -- Additional CLI arguments for the `gateway` target

1289

extraArgs: {}

1290

# -- Environment variables from secrets or configmaps to add to the enterprise gateway pods

1291

extraEnvFrom: []

1292

# -- Additional labels for the `gateway` Pod

1293

labels: {}

1294

# -- Additional annotations for the `gateway` Pod

1295

annotations: {}

1296

# -- Additional labels and annotations for the `gateway` Service

1297

# -- Service overriding service type

1298

service:

1299

type: ClusterIP

1300

labels: {}

1301

annotations: {}

1302

# -- Run container as user `enterprise-logs(uid=10001)`

1303

podSecurityContext:

1304

runAsNonRoot: true

1305

runAsGroup: 10001

1306

runAsUser: 10001

1307

fsGroup: 10001

1308

containerSecurityContext:

1309

readOnlyRootFilesystem: true

1310

capabilities:

1311

drop:

1312

- ALL

1313

allowPrivilegeEscalation: false

1314

# -- If you want to use your own proxy URLs, set this to false.

1315

useDefaultProxyURLs: true

1316

# -- update strategy

1317

strategy:

1318

type: RollingUpdate

1319

# -- Liveness probe

1320

livenessProbe: {}

1321

# -- Readiness probe

1322

readinessProbe:

1323

httpGet:

1324

path: /ready

1325

port: http-metrics

1326

initialDelaySeconds: 45

1327

# -- Startup probe

1328

startupProbe: {}

1329

# -- Request and limit Kubernetes resources

1330

# -- Values are defined in small.yaml and large.yaml

1331

resources: {}

1332

# -- Configure optional environment variables

1333

env: []

1334

# -- Configure optional initContainers

1335

initContainers: []

1336

# -- Conifgure optional extraContainers

1337

extraContainers: []

1338

# -- Additional volumes for Pods

1339

extraVolumes: []

1340

# -- Additional volume mounts for Pods

1341

extraVolumeMounts: []

1342

# -- Affinity for gateway Pods

1343

# The value will be passed through tpl.

1344

affinity: {}

1345

# -- Node selector for gateway Pods

1346

nodeSelector: {}

1347

# -- Topology Spread Constraints for enterprise-gateway pods

1348

# The value will be passed through tpl.

1349

topologySpreadConstraints: []

1350

# -- Tolerations for gateway Pods

1351

tolerations: []

1352

# -- Grace period to allow the gateway to shutdown before it is killed

1353

terminationGracePeriodSeconds: 60

1354

# -- Ingress configuration Use either this ingress or the gateway, but not both at once.

1355

# If you enable this, make sure to disable the gateway.

1356

# You'll need to supply authn configuration for your ingress controller.

1357

ingress:

1358

enabled: false

1359

ingressClassName: ""

1360

annotations: {}

1361

# nginx.ingress.kubernetes.io/auth-type: basic

1362

# nginx.ingress.kubernetes.io/auth-secret: loki-distributed-basic-auth

1363

# nginx.ingress.kubernetes.io/auth-secret-type: auth-map

1364

# nginx.ingress.kubernetes.io/configuration-snippet: |

1365

# proxy_set_header X-Scope-OrgID $remote_user;

1366

labels: {}

1367

# blackbox.monitoring.exclude: "true"

1368

paths:

1369

# -- Paths that are exposed by Loki Distributor.

1370

# If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.distributorFullname"}}`.

1371

# If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.writeFullname"}}`.

1372

# If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`

1373

distributor:

1374

- /api/prom/push

1375

- /loki/api/v1/push

1376

- /otlp/v1/logs

1377

- /ui

1378

# -- Paths that are exposed by Loki Query Frontend.

1379

# If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.queryFrontendFullname"}}`.

1380

# If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.readFullname"}}`.

1381

# If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`

1382

queryFrontend:

1383

- /api/prom/query

1384

# this path covers labels and labelValues endpoints

1385

- /api/prom/label

1386

- /api/prom/series

1387

- /api/prom/tail

1388

- /loki/api/v1/query

1389

- /loki/api/v1/query_range

1390

- /loki/api/v1/tail

1391

# this path covers labels and labelValues endpoints

1392

- /loki/api/v1/label

1393

- /loki/api/v1/labels

1394

- /loki/api/v1/series

1395

- /loki/api/v1/index/stats

1396

- /loki/api/v1/index/volume

1397

- /loki/api/v1/index/volume_range

1398

- /loki/api/v1/format_query

1399

- /loki/api/v1/detected_field

1400

- /loki/api/v1/detected_fields

1401

- /loki/api/v1/detected_labels

1402

- /loki/api/v1/patterns

1403

# -- Paths that are exposed by Loki Ruler.

1404

# If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.rulerFullname"}}`.

1405

# If deployment mode is SimpleScalable, the requests are forwarded to k8s service: `{{"loki.backendFullname"}}`.

1406

# If deployment mode is SimpleScalable but `read.legacyReadTarget` is `true`, the requests are forwarded to k8s service: `{{"loki.readFullname"}}`.

1407

# If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`

1408

ruler:

1409

- /api/prom/rules

1410

- /api/prom/api/v1/rules

1411

- /api/prom/api/v1/alerts

1412

- /loki/api/v1/rules

1413

- /prometheus/api/v1/rules

1414

- /prometheus/api/v1/alerts

1415

# -- Paths that are exposed by Loki Compactor.

1416

# If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.compactorFullname"}}`.

1417

# If deployment mode is SimpleScalable, the requests are forwarded to k8s service: `{{"loki.backendFullname"}}`.

1418

# If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`

1419

compactor:

1420

- /loki/api/v1/delete

1421

# -- Hosts configuration for the ingress, passed through the `tpl` function to allow templating

1422

hosts:

1423

- loki.example.com

1424

# -- TLS configuration for the ingress. Hosts passed through the `tpl` function to allow templating

1425

tls: []

1426

# - hosts:

1427

# - loki.example.com

1428

# secretName: loki-distributed-tls

1429

1430

######################################################################################################################

1431

1432

# Migration

1433

1434

######################################################################################################################

1435

1436

# -- Options that may be necessary when performing a migration from another helm chart

1437

migrate:

1438

# -- When migrating from a distributed chart like loki-distributed or enterprise-logs

1439

fromDistributed:

1440

# -- Set to true if migrating from a distributed helm chart

1441

enabled: false

1442

# -- If migrating from a distributed service, provide the distributed deployment's

1443

# memberlist service DNS so the new deployment can join its ring.

1444

memberlistService: ""

1445

######################################################################################################################

1446

1447

# Single Binary Deployment

1448

1449

# For small Loki installations up to a few 10's of GB per day, or for testing and development.

1450

1451

######################################################################################################################

1452

1453

# Configuration for the single binary node(s)

1454

singleBinary:

1455

# -- Number of replicas for the single binary

1456

replicas: 0

1457

autoscaling:

1458

# -- Enable autoscaling

1459

enabled: false

1460

# -- Minimum autoscaling replicas for the single binary

1461

minReplicas: 1

1462

# -- Maximum autoscaling replicas for the single binary

1463

maxReplicas: 3

1464

# -- Target CPU utilisation percentage for the single binary

1465

targetCPUUtilizationPercentage: 60

1466

# -- Target memory utilisation percentage for the single binary

1467

targetMemoryUtilizationPercentage:

1468

image:

1469

# -- The Docker registry for the single binary image. Overrides `loki.image.registry`

1470

registry: null

1471

# -- Docker image repository for the single binary image. Overrides `loki.image.repository`

1472

repository: null

1473

# -- Docker image tag for the single binary image. Overrides `loki.image.tag`

1474

tag: null

1475

# -- The name of the PriorityClass for single binary pods

1476

priorityClassName: null

1477

# -- Annotations for single binary StatefulSet

1478

annotations: {}

1479

# -- Annotations for single binary pods

1480

podAnnotations: {}

1481

# -- Additional labels for each `single binary` pod

1482

podLabels: {}

1483

# -- Additional selector labels for each `single binary` pod

1484

selectorLabels: {}

1485

service:

1486

# -- Annotations for single binary Service

1487

annotations: {}

1488

# -- Additional labels for single binary Service

1489

labels: {}

1490

# -- Service Type for single binary Service

1491

type: "ClusterIP"

1492

# -- trafficDistribution single binary Service

1493

trafficDistribution: ""

1494

# -- Comma-separated list of Loki modules to load for the single binary

1495

targetModule: "all"

1496

# -- Labels for single binary service

1497

extraArgs: []

1498

# -- Environment variables to add to the single binary pods

1499

extraEnv: []

1500

# -- Environment variables from secrets or configmaps to add to the single binary pods

1501

extraEnvFrom: []

1502

# -- Extra containers to add to the single binary loki pod

1503

extraContainers: []

1504

# -- Init containers to add to the single binary pods

1505

initContainers: []

1506

# -- Volume mounts to add to the single binary pods

1507

extraVolumeMounts: []

1508

# -- Volumes to add to the single binary pods

1509

extraVolumes: []

1510

# -- Resource requests and limits for the single binary

1511

resources: {}

1512

# -- Grace period to allow the single binary to shutdown before it is killed

1513

terminationGracePeriodSeconds: 30

1514

# -- Use the host's user namespace in the single binary pods

1515

hostUsers: nil

1516

# -- Affinity for single binary pods.

1517

# @default -- Hard node anti-affinity

1518

# The value will be passed through tpl.

1519

affinity:

1520

podAntiAffinity:

1521

requiredDuringSchedulingIgnoredDuringExecution:

1522

- labelSelector:

1523

matchLabels:

1524

app.kubernetes.io/component: single-binary

1525

app.kubernetes.io/name: '{{ include "loki.name" . }}'

1526

app.kubernetes.io/instance: '{{ .Release.Name }}'

1527

topologyKey: kubernetes.io/hostname

1528

# -- Topology Spread Constraints for single binary pods

1529

# The value will be passed through tpl.

1530

topologySpreadConstraints: []

1531

# -- DNS config for single binary pods

1532

dnsConfig: {}

1533

# -- Node selector for single binary pods

1534

nodeSelector: {}

1535

# -- Tolerations for single binary pods

1536

tolerations: []

1537

persistence:

1538

# -- What to do with the volume when the StatefulSet is scaled down.

1539

whenScaled: Delete

1540

# -- What to do with the volumes when the StatefulSet is deleted.

1541

whenDeleted: Delete

1542

# -- Enable StatefulSetAutoDeletePVC feature

1543

enableStatefulSetAutoDeletePVC: true

1544

# -- Enable StatefulSetRecreation for changes to PVC size.

1545

# This means that the StatefulSet will be deleted, recreated (with the same name) and rolled when a change to the

1546

# PVC size is detected. That way the PVC can be resized without manual intervention.

1547

enableStatefulSetRecreationForSizeChange: false

1548

# -- Enable persistent disk

1549

enabled: true

1550

# -- Set access modes on the PersistentVolumeClaim

1551

accessModes:

1552

- ReadWriteOnce

1553

# -- Size of persistent disk

1554

size: 10Gi

1555

# -- Storage class to be used.

1556

# If defined, storageClassName: <storageClass>.

1557

# If set to "-", storageClassName: "", which disables dynamic provisioning.

1558

# If empty or set to null, no storageClassName spec is

1559

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

1560

storageClass: null

1561

# -- Selector for persistent disk

1562

selector: null

1563

# -- Annotations for volume claim

1564

annotations: {}

1565

# -- Labels for volume claim

1566

labels: {}

1567

######################################################################################################################

1568

1569

# Simple Scalable Deployment (SSD) Mode

1570

1571

# For small to medium size Loki deployments up to around 1 TB/day, this is the default mode for this helm chart

1572

1573

######################################################################################################################

1574

1575

# Configuration for the write pod(s)

1576

write:

1577

# -- Number of replicas for the write

1578

replicas: 3

1579

autoscaling:

1580

# -- Enable autoscaling for the write.

1581

enabled: false

1582

# -- Minimum autoscaling replicas for the write.

1583

minReplicas: 2

1584

# -- Maximum autoscaling replicas for the write.

1585

maxReplicas: 6

1586

# -- Target CPU utilisation percentage for the write.

1587

targetCPUUtilizationPercentage: 60

1588

# -- Target memory utilization percentage for the write.

1589

targetMemoryUtilizationPercentage:

1590

# -- Behavior policies while scaling.

1591

behavior:

1592

# -- see https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown for scaledown details

1593

scaleUp:

1594

policies:

1595

- type: Pods

1596

value: 1

1597

periodSeconds: 900

1598

scaleDown:

1599

policies:

1600

- type: Pods

1601

value: 1

1602

periodSeconds: 1800

1603

stabilizationWindowSeconds: 3600

1604

image:

1605

# -- The Docker registry for the write image. Overrides `loki.image.registry`

1606

registry: null

1607

# -- Docker image repository for the write image. Overrides `loki.image.repository`

1608

repository: null

1609

# -- Docker image tag for the write image. Overrides `loki.image.tag`

1610

tag: null

1611

# -- The name of the PriorityClass for write pods

1612

priorityClassName: null

1613

# -- Annotations for write StatefulSet

1614

annotations: {}

1615

# -- Annotations for write pods

1616

podAnnotations: {}

1617

# -- Additional labels for each `write` pod

1618

podLabels: {}

1619

# -- Additional selector labels for each `write` pod

1620

selectorLabels: {}

1621

service:

1622

# -- Annotations for write Service

1623

annotations: {}

1624

# -- Additional labels for write Service

1625

labels: {}

1626

# -- Service Type for write Service

1627

type: "ClusterIP"

1628

# -- trafficDistribution for write service

1629

trafficDistribution: ""

1630

# -- Comma-separated list of Loki modules to load for the write

1631

targetModule: "write"

1632

# -- Additional CLI args for the write

1633

extraArgs: []

1634

# -- Environment variables to add to the write pods

1635

extraEnv: []

1636

# -- Environment variables from secrets or configmaps to add to the write pods

1637

extraEnvFrom: []

1638

# -- Lifecycle for the write container

1639

lifecycle: {}

1640

# -- The default /flush_shutdown preStop hook is recommended as part of the ingester

1641

# scaledown process so it's added to the template by default when autoscaling is enabled,

1642

# but it's disabled to optimize rolling restarts in instances that will never be scaled

1643

# down or when using chunks storage with WAL disabled.

1644

# https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown

1645

# -- Init containers to add to the write pods

1646

initContainers: []

1647

# -- Containers to add to the write pods

1648

extraContainers: []

1649

# -- Volume mounts to add to the write pods

1650

extraVolumeMounts: []

1651

# -- Volumes to add to the write pods

1652

extraVolumes: []

1653

# -- volumeClaimTemplates to add to StatefulSet

1654

extraVolumeClaimTemplates: []

1655

# -- Resource requests and limits for the write

1656

resources: {}

1657

# -- Grace period to allow the write to shutdown before it is killed. Especially for the ingester,

1658

# this must be increased. It must be long enough so writes can be gracefully shutdown flushing/transferring

1659

# all data and to successfully leave the member ring on shutdown.

1660

terminationGracePeriodSeconds: 300

1661

# -- Use the host's user namespace in the write pods.

1662

hostUsers: nil

1663

# -- Affinity for write pods.

1664

# @default -- Hard node anti-affinity

1665

# The value will be passed through tpl.

1666

affinity:

1667

podAntiAffinity:

1668

requiredDuringSchedulingIgnoredDuringExecution:

1669

- labelSelector:

1670

matchLabels:

1671

app.kubernetes.io/component: write

1672

app.kubernetes.io/name: '{{ include "loki.name" . }}'

1673

app.kubernetes.io/instance: '{{ .Release.Name }}'

1674

topologyKey: kubernetes.io/hostname

1675

# -- DNS config for write pods

1676

dnsConfig: {}

1677

# -- Pod Disruption Budget maxUnavailable

1678

maxUnavailable: 1

1679

# -- Node selector for write pods

1680

nodeSelector: {}

1681

# -- Topology Spread Constraints for write pods

1682

# The value will be passed through tpl.

1683

topologySpreadConstraints: []

1684

# -- Tolerations for write pods

1685

tolerations: []

1686

# -- The default is to deploy all pods in parallel.

1687

podManagementPolicy: "Parallel"

1688

persistence:

1689

# -- Enable volume claims in pod spec

1690

volumeClaimsEnabled: true

1691

# -- Set access modes on the PersistentVolumeClaim

1692

accessModes:

1693

- ReadWriteOnce

1694

# -- Parameters used for the `data` volume when volumeClaimEnabled if false

1695

dataVolumeParameters:

1696

emptyDir: {}

1697

# -- Enable StatefulSetAutoDeletePVC feature

1698

enableStatefulSetAutoDeletePVC: false

1699

# -- Size of persistent disk

1700

size: 10Gi

1701

# -- Storage class to be used.

1702

# If defined, storageClassName: <storageClass>.

1703

# If set to "-", storageClassName: "", which disables dynamic provisioning.

1704

# If empty or set to null, no storageClassName spec is

1705

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

1706

storageClass: null

1707

# -- Volume attributes class name to be used.

1708

# If empty or set to null, no volumeAttributesClassName spec is set.

1709

# Requires Kubernetes 1.31

1710

volumeAttributesClassName: null

1711

# -- Selector for persistent disk

1712

selector: null

1713

# -- Annotations for volume claim

1714

annotations: {}

1715

# -- Labels for volume claim

1716

labels: {}

1717

# -- Configuration for the read pod(s)

1718

read:

1719

# -- Number of replicas for the read

1720

replicas: 3

1721

autoscaling:

1722

# -- Enable autoscaling for the read, this is only used if `queryIndex.enabled: true`

1723

enabled: false

1724

# -- Minimum autoscaling replicas for the read

1725

minReplicas: 2

1726

# -- Maximum autoscaling replicas for the read

1727

maxReplicas: 6

1728

# -- Target CPU utilisation percentage for the read

1729

targetCPUUtilizationPercentage: 60

1730

# -- Target memory utilisation percentage for the read

1731

targetMemoryUtilizationPercentage:

1732

# -- Behavior policies while scaling.

1733

behavior: {}

1734

# scaleUp:

1735

# stabilizationWindowSeconds: 300

1736

# policies:

1737

# - type: Pods

1738

# value: 1

1739

# periodSeconds: 60

1740

# scaleDown:

1741

# stabilizationWindowSeconds: 300

1742

# policies:

1743

# - type: Pods

1744

# value: 1

1745

# periodSeconds: 180

1746

image:

1747

# -- The Docker registry for the read image. Overrides `loki.image.registry`

1748

registry: null

1749

# -- Docker image repository for the read image. Overrides `loki.image.repository`

1750

repository: null

1751

# -- Docker image tag for the read image. Overrides `loki.image.tag`

1752

tag: null

1753

# -- The name of the PriorityClass for read pods

1754

priorityClassName: null

1755

# -- Annotations for read deployment

1756

annotations: {}

1757

# -- Annotations for read pods

1758

podAnnotations: {}

1759

# -- Additional labels for each `read` pod

1760

podLabels: {}

1761

# -- Additional selector labels for each `read` pod

1762

selectorLabels: {}

1763

service:

1764

# -- Annotations for read Service

1765

annotations: {}

1766

# -- Additional labels for read Service

1767

labels: {}

1768

# -- Service Type for read Service

1769

type: ClusterIP

1770

# -- trafficDistribution for read service

1771

trafficDistribution: ""

1772

# -- Comma-separated list of Loki modules to load for the read

1773

targetModule: "read"

1774

# -- Whether or not to use the 2 target type simple scalable mode (read, write) or the

1775

# 3 target type (read, write, backend). Legacy refers to the 2 target type, so true will

1776

# run two targets, false will run 3 targets.

1777

legacyReadTarget: false

1778

# -- Additional CLI args for the read

1779

extraArgs: []

1780

# -- init containers to add to the read pods

1781

initContainers: []

1782

# -- Containers to add to the read pods

1783

extraContainers: []

1784

# -- Environment variables to add to the read pods

1785

extraEnv: []

1786

# -- Environment variables from secrets or configmaps to add to the read pods

1787

extraEnvFrom: []

1788

# -- Lifecycle for the read container

1789

lifecycle: {}

1790

# -- Volume mounts to add to the read pods

1791

extraVolumeMounts: []

1792

# -- Volumes to add to the read pods

1793

extraVolumes: []

1794

# -- Resource requests and limits for the read

1795

resources: {}

1796

# -- liveness probe settings for read pods. If empty, applies no livenessProbe

1797

livenessProbe: {}

1798

# -- statup probe for the read pods. If empty, applies no startupProbe

1799

startupProbe: {}

1800

# -- Grace period to allow the read to shutdown before it is killed

1801

terminationGracePeriodSeconds: 30

1802

# -- Use the host's user namespace in the read pods.

1803

hostUsers: nil

1804

# -- Affinity for read pods.

1805

# @default -- Hard node anti-affinity

1806

# The value will be passed through tpl.

1807

affinity:

1808

podAntiAffinity:

1809

requiredDuringSchedulingIgnoredDuringExecution:

1810

- labelSelector:

1811

matchLabels:

1812

app.kubernetes.io/component: read

1813

app.kubernetes.io/name: '{{ include "loki.name" . }}'

1814

app.kubernetes.io/instance: '{{ .Release.Name }}'

1815

topologyKey: kubernetes.io/hostname

1816

# -- DNS config for read pods

1817

dnsConfig: {}

1818

# -- Pod Disruption Budget maxUnavailable

1819

maxUnavailable: 1

1820

# -- Node selector for read pods

1821

nodeSelector: {}

1822

# -- Topology Spread Constraints for read pods

1823

# The value will be passed through tpl.

1824

topologySpreadConstraints: []

1825

# -- Tolerations for read pods

1826

tolerations: []

1827

# -- The default is to deploy all pods in parallel.

1828

podManagementPolicy: "Parallel"

1829

# -- read.persistence is used only if legacyReadTarget is set to true

1830

persistence:

1831

# -- Enable StatefulSetAutoDeletePVC feature

1832

enableStatefulSetAutoDeletePVC: true

1833

# -- Set access modes on the PersistentVolumeClaim

1834

accessModes:

1835

- ReadWriteOnce

1836

# -- Size of persistent disk

1837

size: 10Gi

1838

# -- Storage class to be used.

1839

# If defined, storageClassName: <storageClass>.

1840

# If set to "-", storageClassName: "", which disables dynamic provisioning.

1841

# If empty or set to null, no storageClassName spec is

1842

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

1843

storageClass: null

1844

# -- Volume attributes class name to be used.

1845

# If empty or set to null, no volumeAttributesClassName spec is set.

1846

# Requires Kubernetes 1.31

1847

volumeAttributesClassName: null

1848

# -- Selector for persistent disk

1849

selector: null

1850

# -- Annotations for volume claim

1851

annotations: {}

1852

# -- Labels for volume claim

1853

labels: {}

1854

# -- Configuration for the backend pod(s)

1855

backend:

1856

# -- Number of replicas for the backend

1857

replicas: 3

1858

autoscaling:

1859

# -- Enable autoscaling for the backend.

1860

enabled: false

1861

# -- Minimum autoscaling replicas for the backend.

1862

minReplicas: 3

1863

# -- Maximum autoscaling replicas for the backend.

1864

maxReplicas: 6

1865

# -- Target CPU utilization percentage for the backend.

1866

targetCPUUtilizationPercentage: 60

1867

# -- Target memory utilization percentage for the backend.

1868

targetMemoryUtilizationPercentage:

1869

# -- Behavior policies while scaling.

1870

behavior: {}

1871

# scaleUp:

1872

# stabilizationWindowSeconds: 300

1873

# policies:

1874

# - type: Pods

1875

# value: 1

1876

# periodSeconds: 60

1877

# scaleDown:

1878

# stabilizationWindowSeconds: 300

1879

# policies:

1880

# - type: Pods

1881

# value: 1

1882

# periodSeconds: 180

1883

image:

1884

# -- The Docker registry for the backend image. Overrides `loki.image.registry`

1885

registry: null

1886

# -- Docker image repository for the backend image. Overrides `loki.image.repository`

1887

repository: null

1888

# -- Docker image tag for the backend image. Overrides `loki.image.tag`

1889

tag: null

1890

# -- The name of the PriorityClass for backend pods

1891

priorityClassName: null

1892

# -- Annotations for backend StatefulSet

1893

annotations: {}

1894

# -- Annotations for backend pods

1895

podAnnotations: {}

1896

# -- Additional labels for each `backend` pod

1897

podLabels: {}

1898

# -- Additional selector labels for each `backend` pod

1899

selectorLabels: {}

1900

service:

1901

# -- Annotations for backend Service

1902

annotations: {}

1903

# -- Additional labels for backend Service

1904

labels: {}

1905

# -- Service type for backend Service

1906

type: ClusterIP

1907

# -- trafficDistribution for backend Service

1908

trafficDistribution: ""

1909

# -- Comma-separated list of Loki modules to load for the backend

1910

targetModule: "backend"

1911

# -- Additional CLI args for the backend

1912

extraArgs: []

1913

# -- Environment variables to add to the backend pods

1914

extraEnv: []

1915

# -- Environment variables from secrets or configmaps to add to the backend pods

1916

extraEnvFrom: []

1917

# -- Init containers to add to the backend pods

1918

initContainers: []

1919

# -- Containers to add to the backend pods

1920

extraContainers: []

1921

# -- Volume mounts to add to the backend pods

1922

extraVolumeMounts: []

1923

# -- Volumes to add to the backend pods

1924

extraVolumes: []

1925

# -- Resource requests and limits for the backend

1926

resources: {}

1927

# -- Grace period to allow the backend to shutdown before it is killed. Especially for the ingester,

1928

# this must be increased. It must be long enough so backends can be gracefully shutdown flushing/transferring

1929

# all data and to successfully leave the member ring on shutdown.

1930

terminationGracePeriodSeconds: 300

1931

# -- Use the host's user namespace in the backend pods.

1932

hostUsers: nil

1933

# -- Affinity for backend pods.

1934

# @default -- Hard node anti-affinity

1935

# The value will be passed through tpl.

1936

affinity:

1937

podAntiAffinity:

1938

requiredDuringSchedulingIgnoredDuringExecution:

1939

- labelSelector:

1940

matchLabels:

1941

app.kubernetes.io/component: backend

1942

app.kubernetes.io/name: '{{ include "loki.name" . }}'

1943

app.kubernetes.io/instance: '{{ .Release.Name }}'

1944

topologyKey: kubernetes.io/hostname

1945

# -- DNS config for backend pods

1946

dnsConfig: {}

1947

# -- Pod Disruption Budget maxUnavailable

1948

maxUnavailable: 1

1949

# -- Node selector for backend pods

1950

nodeSelector: {}

1951

# -- Topology Spread Constraints for backend pods

1952

# The value will be passed through tpl.

1953

topologySpreadConstraints: []

1954

# -- Tolerations for backend pods

1955

tolerations: []

1956

# -- The default is to deploy all pods in parallel.

1957

podManagementPolicy: "Parallel"

1958

persistence:

1959

# -- Enable volume claims in pod spec

1960

volumeClaimsEnabled: true

1961

# -- Set access modes on the PersistentVolumeClaim

1962

accessModes:

1963

- ReadWriteOnce

1964

# -- Parameters used for the `data` volume when volumeClaimEnabled if false

1965

dataVolumeParameters:

1966

emptyDir: {}

1967

# -- Enable StatefulSetAutoDeletePVC feature

1968

enableStatefulSetAutoDeletePVC: true

1969

# -- Size of persistent disk

1970

size: 10Gi

1971

# -- Storage class to be used.

1972

# If defined, storageClassName: <storageClass>.

1973

# If set to "-", storageClassName: "", which disables dynamic provisioning.

1974

# If empty or set to null, no storageClassName spec is

1975

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

1976

storageClass: null

1977

# -- Volume attributes class name to be used.

1978

# If empty or set to null, no volumeAttributesClassName spec is set.

1979

# Requires Kubernetes 1.31

1980

volumeAttributesClassName: null

1981

# -- Selector for persistent disk

1982

selector: null

1983

# -- Annotations for volume claim

1984

annotations: {}

1985

# -- Labels for volume claim

1986

labels: {}

1987

######################################################################################################################

1988

1989

# Microservices Mode

1990

1991

# For large Loki deployments ingesting more than 1 TB/day

1992

1993

######################################################################################################################

1994

1995

# -- Configuration for the ingester

1996

ingester:

1997

# -- Number of replicas for the ingester, when zoneAwareReplication.enabled is true, the total

1998

# number of replicas will match this value with each zone having 1/3rd of the total replicas.

1999

replicas: 0

2000

# -- DNSConfig for ingester pods

2001

dnsConfig: {}

2002

# -- hostAliases to add

2003

hostAliases: []

2004

# - ip: 1.2.3.4

2005

# hostnames:

2006

# - domain.tld

2007

# -- Use the host's user namespace in the ingester

2008

hostUsers: nil

2009

autoscaling:

2010

# -- Enable autoscaling for the ingester

2011

enabled: false

2012

# -- Minimum autoscaling replicas for the ingester

2013

minReplicas: 1

2014

# -- Maximum autoscaling replicas for the ingester

2015

maxReplicas: 3

2016

# -- Target CPU utilisation percentage for the ingester

2017

targetCPUUtilizationPercentage: 60

2018

# -- Target memory utilisation percentage for the ingester

2019

targetMemoryUtilizationPercentage: null

2020

# -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics)

2021

customMetrics: []

2022

# - type: Pods

2023

# pods:

2024

# metric:

2025

# name: loki_lines_total

2026

# target:

2027

# type: AverageValue

2028

# averageValue: 10k

2029

behavior:

2030

# -- Enable autoscaling behaviours

2031

enabled: false

2032

# -- define scale down policies, must conform to HPAScalingRules

2033

scaleDown: {}

2034

# -- define scale up policies, must conform to HPAScalingRules

2035

scaleUp: {}

2036

image:

2037

# -- The Docker registry for the ingester image. Overrides `loki.image.registry`

2038

registry: null

2039

# -- Docker image repository for the ingester image. Overrides `loki.image.repository`

2040

repository: null

2041

# -- Docker image tag for the ingester image. Overrides `loki.image.tag`

2042

tag: null

2043

# -- Command to execute instead of defined in Docker image

2044

command: null

2045

labels: {}

2046

priorityClassName: null

2047

# -- Labels for ingester pods

2048

podLabels: {}

2049

# -- Annotations for ingester pods

2050

podAnnotations: {}

2051

# -- The name of the PriorityClass for ingester pods

2052

# -- Labels for ingester service

2053

serviceLabels: {}

2054

# -- Annotations for ingester service

2055

serviceAnnotations: {}

2056

# -- Service type for ingester service

2057

serviceType: "ClusterIP"

2058

# -- Additional CLI args for the ingester

2059

extraArgs: []

2060

# -- Environment variables to add to the ingester pods

2061

extraEnv: []

2062

# -- Environment variables from secrets or configmaps to add to the ingester pods

2063

extraEnvFrom: []

2064

# -- Volume mounts to add to the ingester pods

2065

extraVolumeMounts: []

2066

# -- Volumes to add to the ingester pods

2067

extraVolumes: []

2068

# -- Resource requests and limits for the ingester

2069

resources: {}

2070

# -- Containers to add to the ingester pods

2071

extraContainers: []

2072

# -- Init containers to add to the ingester pods

2073

initContainers: []

2074

# -- Grace period to allow the ingester to shutdown before it is killed. Especially for the ingestor,

2075

# this must be increased. It must be long enough so ingesters can be gracefully shutdown flushing/transferring

2076

# all data and to successfully leave the member ring on shutdown.

2077

terminationGracePeriodSeconds: 300

2078

# -- Lifecycle for the ingester container

2079

lifecycle: {}

2080

# -- topologySpread for ingester pods.

2081

# @default -- Defaults to allow skew no more than 1 node

2082

# The value will be passed through tpl.

2083

topologySpreadConstraints:

2084

- maxSkew: 1

2085

topologyKey: kubernetes.io/hostname

2086

whenUnsatisfiable: ScheduleAnyway

2087

labelSelector:

2088

matchLabels:

2089

app.kubernetes.io/component: ingester

2090

app.kubernetes.io/name: '{{ include "loki.name" . }}'

2091

app.kubernetes.io/instance: '{{ .Release.Name }}'

2092

# -- Affinity for ingester pods. Ignored if zoneAwareReplication is enabled.

2093

# @default -- Hard node anti-affinity

2094

# The value will be passed through tpl.

2095

affinity:

2096

podAntiAffinity:

2097

requiredDuringSchedulingIgnoredDuringExecution:

2098

- labelSelector:

2099

matchLabels:

2100

app.kubernetes.io/component: ingester

2101

app.kubernetes.io/name: '{{ include "loki.name" . }}'

2102

app.kubernetes.io/instance: '{{ .Release.Name }}'

2103

topologyKey: kubernetes.io/hostname

2104

# -- Pod Disruption Budget maxUnavailable

2105

maxUnavailable: 1

2106

# -- Node selector for ingester pods

2107

nodeSelector: {}

2108

# -- Tolerations for ingester pods

2109

tolerations: []

2110

# -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe`

2111

readinessProbe: {}

2112

# -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe`

2113

livenessProbe: {}

2114

# -- startup probe settings for ingester pods. If empty use `loki.startupProbe`

2115

startupProbe: {}

2116

# -- UpdateStrategy for the ingester StatefulSets.

2117

updateStrategy:

2118

# -- One of 'OnDelete' or 'RollingUpdate'

2119

type: RollingUpdate

2120

# -- Optional for updateStrategy.type=RollingUpdate. See [Partitioned rolling updates](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions) in the StatefulSet docs for details.

2121

# rollingUpdate:

2122

# partition: 0

2123

persistence:

2124

# -- Enable creating PVCs which is required when using boltdb-shipper

2125

enabled: false

2126

# -- Use emptyDir with ramdisk for storage. **Please note that all data in ingester will be lost on pod restart**

2127

inMemory: false

2128

# -- List of the ingester PVCs

2129

# @notationType -- list

2130

claims:

2131

- name: data

2132

# -- Set access modes on the PersistentVolumeClaim

2133

accessModes:

2134

- ReadWriteOnce

2135

size: 10Gi

2136

# -- Storage class to be used.

2137

# If defined, storageClassName: <storageClass>.

2138

# If set to "-", storageClassName: "", which disables dynamic provisioning.

2139

# If empty or set to null, no storageClassName spec is

2140

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

2141

storageClass: null

2142

# -- Volume attributes class name to be used.

2143

# If empty or set to null, no volumeAttributesClassName spec is set.

2144

# Requires Kubernetes 1.31

2145

volumeAttributesClassName: null

2146

# - name: wal

2147

# size: 150Gi

2148

# -- Enable StatefulSetAutoDeletePVC feature

2149

enableStatefulSetAutoDeletePVC: false

2150

whenDeleted: Retain

2151

whenScaled: Retain

2152

# -- Adds the appProtocol field to the ingester service. This allows ingester to work with istio protocol selection.

2153

appProtocol:

2154

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

2155

grpc: ""

2156

# -- trafficDistribution for ingester service

2157

trafficDistribution: ""

2158

# -- Enabling zone awareness on ingesters will create 3 statefulests where all writes will send a replica to each zone.

2159

# This is primarily intended to accelerate rollout operations by allowing for multiple ingesters within a single

2160

# zone to be shutdown and restart simultaneously (the remaining 2 zones will be guaranteed to have at least one copy

2161

# of the data).

2162

# Note: This can be used to run Loki over multiple cloud provider availability zones however this is not currently

2163

# recommended as Loki is not optimized for this and cross zone network traffic costs can become extremely high

2164

# extremely quickly. Even with zone awareness enabled, it is recommended to run Loki in a single availability zone.

2165

zoneAwareReplication:

2166

# -- Enable zone awareness.

2167

enabled: true

2168

# -- The percent of replicas in each zone that will be restarted at once. In a value of 0-100

2169

maxUnavailablePct: 33

2170

# -- zoneA configuration

2171

zoneA:

2172

# -- optionally define a node selector for this zone

2173

nodeSelector: null

2174

# -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host

2175

# The value will be passed through tpl.

2176

extraAffinity: {}

2177

# -- Specific annotations to add to zone A statefulset

2178

annotations: {}

2179

# -- Specific annotations to add to zone A pods

2180

podAnnotations: {}

2181

zoneB:

2182

# -- optionally define a node selector for this zone

2183

nodeSelector: null

2184

# -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host

2185

# The value will be passed through tpl.

2186

extraAffinity: {}

2187

# -- Specific annotations to add to zone B statefulset

2188

annotations: {}

2189

# -- Specific annotations to add to zone B pods

2190

podAnnotations: {}

2191

zoneC:

2192

# -- optionally define a node selector for this zone

2193

nodeSelector: null

2194

# -- optionally define extra affinity rules, by default different zones are not allowed to schedule on the same host

2195

# The value will be passed through tpl.

2196

extraAffinity: {}

2197

# -- Specific annotations to add to zone C statefulset

2198

annotations: {}

2199

# -- Specific annotations to add to zone C pods

2200

podAnnotations: {}

2201

# -- The migration block allows migrating non zone aware ingesters to zone aware ingesters.

2202

migration:

2203

enabled: false

2204

excludeDefaultZone: false

2205

readPath: false

2206

writePath: false

2207

# optionally allow adding arbitrary prefix to the ingester rollout-group label

2208

rolloutGroupPrefix: null

2209

# optionally allow adding 'loki-' prefix to ingester name label

2210

addIngesterNamePrefix: false

2211

# -- Configuration for the distributor

2212

distributor:

2213

# -- Number of replicas for the distributor

2214

replicas: 0

2215

# -- hostAliases to add

2216

hostAliases: []

2217

# - ip: 1.2.3.4

2218

# hostnames:

2219

# - domain.tld

2220

# -- Use the host's user namespace in the distributor

2221

hostUsers: nil

2222

# -- DNSConfig for distributor pods

2223

dnsConfig: {}

2224

autoscaling:

2225

# -- Enable autoscaling for the distributor

2226

enabled: false

2227

# -- Minimum autoscaling replicas for the distributor

2228

minReplicas: 1

2229

# -- Maximum autoscaling replicas for the distributor

2230

maxReplicas: 3

2231

# -- Target CPU utilisation percentage for the distributor

2232

targetCPUUtilizationPercentage: 60

2233

# -- Target memory utilisation percentage for the distributor

2234

targetMemoryUtilizationPercentage: null

2235

# -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics)

2236

customMetrics: []

2237

# - type: Pods

2238

# pods:

2239

# metric:

2240

# name: loki_lines_total

2241

# target:

2242

# type: AverageValue

2243

# averageValue: 10k

2244

behavior:

2245

# -- Enable autoscaling behaviours

2246

enabled: false

2247

# -- define scale down policies, must conform to HPAScalingRules

2248

scaleDown: {}

2249

# -- define scale up policies, must conform to HPAScalingRules

2250

scaleUp: {}

2251

image:

2252

# -- The Docker registry for the distributor image. Overrides `loki.image.registry`

2253

registry: null

2254

# -- Docker image repository for the distributor image. Overrides `loki.image.repository`

2255

repository: null

2256

# -- Docker image tag for the distributor image. Overrides `loki.image.tag`

2257

tag: null

2258

# -- Command to execute instead of defined in Docker image

2259

command: null

2260

# -- The name of the PriorityClass for distributor pods

2261

priorityClassName: null

2262

# -- Labels for distributor pods

2263

podLabels: {}

2264

# -- Annotations for distributor pods

2265

podAnnotations: {}

2266

# -- Labels for distributor service

2267

serviceLabels: {}

2268

# -- Annotations for distributor service

2269

serviceAnnotations: {}

2270

# -- Service type for distributor service

2271

serviceType: ClusterIP

2272

# -- Additional CLI args for the distributor

2273

extraArgs: []

2274

# -- Environment variables to add to the distributor pods

2275

extraEnv: []

2276

# -- Environment variables from secrets or configmaps to add to the distributor pods

2277

extraEnvFrom: []

2278

# -- Volume mounts to add to the distributor pods

2279

extraVolumeMounts: []

2280

# -- Volumes to add to the distributor pods

2281

extraVolumes: []

2282

# -- Resource requests and limits for the distributor

2283

resources: {}

2284

# -- Init containers to add to the distributor pods

2285

initContainers: []

2286

# -- Containers to add to the distributor pods

2287

extraContainers: []

2288

# -- Grace period to allow the distributor to shutdown before it is killed

2289

terminationGracePeriodSeconds: 30

2290

# -- Affinity for distributor pods.

2291

# @default -- Hard node anti-affinity

2292

# The value will be passed through tpl.

2293

affinity:

2294

podAntiAffinity:

2295

requiredDuringSchedulingIgnoredDuringExecution:

2296

- labelSelector:

2297

matchLabels:

2298

app.kubernetes.io/component: distributor

2299

app.kubernetes.io/name: '{{ include "loki.name" . }}'

2300

app.kubernetes.io/instance: '{{ .Release.Name }}'

2301

topologyKey: kubernetes.io/hostname

2302

# -- Pod Disruption Budget maxUnavailable

2303

maxUnavailable: null

2304

# -- Max Surge for distributor pods

2305

maxSurge: 0

2306

# -- Node selector for distributor pods

2307

nodeSelector: {}

2308

# -- Topology Spread Constraints for distributor pods

2309

# The value will be passed through tpl.

2310

topologySpreadConstraints: []

2311

# -- Tolerations for distributor pods

2312

tolerations: []

2313

# -- Adds the appProtocol field to the distributor service. This allows distributor to work with istio protocol selection.

2314

appProtocol:

2315

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

2316

grpc: ""

2317

# -- trafficDistribution for distributor service

2318

trafficDistribution: ""

2319

# -- Configuration for the querier

2320

querier:

2321

# -- Number of replicas for the querier

2322

replicas: 0

2323

# -- hostAliases to add

2324

hostAliases: []

2325

# - ip: 1.2.3.4

2326

# hostnames:

2327

# - domain.tld

2328

# -- Use the host's user namespace in the querier

2329

hostUsers: nil

2330

autoscaling:

2331

# -- Enable autoscaling for the querier, this is only used if `indexGateway.enabled: true`

2332

enabled: false

2333

# -- Minimum autoscaling replicas for the querier

2334

minReplicas: 1

2335

# -- Maximum autoscaling replicas for the querier

2336

maxReplicas: 3

2337

# -- Target CPU utilisation percentage for the querier

2338

targetCPUUtilizationPercentage: 60

2339

# -- Target memory utilisation percentage for the querier

2340

targetMemoryUtilizationPercentage: null

2341

# -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics)

2342

customMetrics: []

2343

# - type: External

2344

# external:

2345

# metric:

2346

# name: loki_inflight_queries

2347

# target:

2348

# type: AverageValue

2349

# averageValue: 12

2350

behavior:

2351

# -- Enable autoscaling behaviours

2352

enabled: false

2353

# -- define scale down policies, must conform to HPAScalingRules

2354

scaleDown: {}

2355

# -- define scale up policies, must conform to HPAScalingRules

2356

scaleUp: {}

2357

image:

2358

# -- The Docker registry for the querier image. Overrides `loki.image.registry`

2359

registry: null

2360

# -- Docker image repository for the querier image. Overrides `loki.image.repository`

2361

repository: null

2362

# -- Docker image tag for the querier image. Overrides `loki.image.tag`

2363

tag: null

2364

# -- Command to execute instead of defined in Docker image

2365

command: null

2366

# -- The name of the PriorityClass for querier pods

2367

priorityClassName: null

2368

# -- Labels for querier pods

2369

podLabels: {}

2370

# -- Annotations for querier pods

2371

podAnnotations: {}

2372

# -- Labels for querier service

2373

serviceLabels: {}

2374

# -- Annotations for querier service

2375

serviceAnnotations: {}

2376

# -- Service Type for querier service

2377

serviceType: "ClusterIP"

2378

# -- Additional CLI args for the querier

2379

extraArgs: []

2380

# -- Environment variables to add to the querier pods

2381

extraEnv: []

2382

# -- Environment variables from secrets or configmaps to add to the querier pods

2383

extraEnvFrom: []

2384

# -- Volume mounts to add to the querier pods

2385

extraVolumeMounts: []

2386

# -- Volumes to add to the querier pods

2387

extraVolumes: []

2388

# -- Resource requests and limits for the querier

2389

resources: {}

2390

# -- Containers to add to the querier pods

2391

extraContainers: []

2392

# -- Init containers to add to the querier pods

2393

initContainers: []

2394

# -- Grace period to allow the querier to shutdown before it is killed

2395

terminationGracePeriodSeconds: 30

2396

# -- topologySpread for querier pods.

2397

# @default -- Defaults to allow skew no more then 1 node

2398

# The value will be passed through tpl.

2399

topologySpreadConstraints:

2400

- maxSkew: 1

2401

topologyKey: kubernetes.io/hostname

2402

whenUnsatisfiable: ScheduleAnyway

2403

labelSelector:

2404

matchLabels:

2405

app.kubernetes.io/component: querier

2406

app.kubernetes.io/name: '{{ include "loki.name" . }}'

2407

app.kubernetes.io/instance: '{{ .Release.Name }}'

2408

# -- Affinity for querier pods.

2409

# @default -- Hard node anti-affinity

2410

# The value will be passed through tpl.

2411

affinity:

2412

podAntiAffinity:

2413

requiredDuringSchedulingIgnoredDuringExecution:

2414

- labelSelector:

2415

matchLabels:

2416

app.kubernetes.io/component: querier

2417

app.kubernetes.io/name: '{{ include "loki.name" . }}'

2418

app.kubernetes.io/instance: '{{ .Release.Name }}'

2419

topologyKey: kubernetes.io/hostname

2420

# -- Pod Disruption Budget maxUnavailable

2421

maxUnavailable: null

2422

# -- Max Surge for querier pods

2423

maxSurge: 0

2424

# -- Node selector for querier pods

2425

nodeSelector: {}

2426

# -- Tolerations for querier pods

2427

tolerations: []

2428

# -- DNSConfig for querier pods

2429

dnsConfig: {}

2430

# -- Adds the appProtocol field to the querier service. This allows querier to work with istio protocol selection.

2431

appProtocol:

2432

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

2433

grpc: ""

2434

# -- trafficDistribution for querier service

2435

trafficDistribution: ""

2436

# -- Configuration for the query-frontend

2437

queryFrontend:

2438

# -- Number of replicas for the query-frontend

2439

replicas: 0

2440

# -- hostAliases to add

2441

hostAliases: []

2442

# - ip: 1.2.3.4

2443

# hostnames:

2444

# - domain.tld

2445

# -- Use the host's user namespace in the query-frontend

2446

hostUsers: nil

2447

autoscaling:

2448

# -- Enable autoscaling for the query-frontend

2449

enabled: false

2450

# -- Minimum autoscaling replicas for the query-frontend

2451

minReplicas: 1

2452

# -- Maximum autoscaling replicas for the query-frontend

2453

maxReplicas: 3

2454

# -- Target CPU utilisation percentage for the query-frontend

2455

targetCPUUtilizationPercentage: 60

2456

# -- Target memory utilisation percentage for the query-frontend

2457

targetMemoryUtilizationPercentage: null

2458

# -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics)

2459

customMetrics: []

2460

# - type: Pods

2461

# pods:

2462

# metric:

2463

# name: loki_query_rate

2464

# target:

2465

# type: AverageValue

2466

# averageValue: 100

2467

behavior:

2468

# -- Enable autoscaling behaviours

2469

enabled: false

2470

# -- define scale down policies, must conform to HPAScalingRules

2471

scaleDown: {}

2472

# -- define scale up policies, must conform to HPAScalingRules

2473

scaleUp: {}

2474

image:

2475

# -- The Docker registry for the query-frontend image. Overrides `loki.image.registry`

2476

registry: null

2477

# -- Docker image repository for the query-frontend image. Overrides `loki.image.repository`

2478

repository: null

2479

# -- Docker image tag for the query-frontend image. Overrides `loki.image.tag`

2480

tag: null

2481

# -- Command to execute instead of defined in Docker image

2482

command: null

2483

# -- The name of the PriorityClass for query-frontend pods

2484

priorityClassName: null

2485

# -- Labels for query-frontend pods

2486

podLabels: {}

2487

# -- Annotations for query-frontend pods

2488

podAnnotations: {}

2489

# -- Labels for query-frontend service

2490

serviceLabels: {}

2491

# -- Annotations for query-frontend service

2492

serviceAnnotations: {}

2493

# -- Service Type for query-frontend service

2494

serviceType: ClusterIP

2495

# -- Additional CLI args for the query-frontend

2496

extraArgs: []

2497

# -- Environment variables to add to the query-frontend pods

2498

extraEnv: []

2499

# -- Environment variables from secrets or configmaps to add to the query-frontend pods

2500

extraEnvFrom: []

2501

# -- Volume mounts to add to the query-frontend pods

2502

extraVolumeMounts: []

2503

# -- Volumes to add to the query-frontend pods

2504

extraVolumes: []

2505

# -- Resource requests and limits for the query-frontend

2506

resources: {}

2507

# -- init containers to add to the query-frontend pods

2508

initContainers: []

2509

# -- Containers to add to the query-frontend pods

2510

extraContainers: []

2511

# -- Grace period to allow the query-frontend to shutdown before it is killed

2512

terminationGracePeriodSeconds: 30

2513

# -- Affinity for query-frontend pods.

2514

# @default -- Hard node anti-affinity

2515

# The value will be passed through tpl.

2516

affinity:

2517

podAntiAffinity:

2518

requiredDuringSchedulingIgnoredDuringExecution:

2519

- labelSelector:

2520

matchLabels:

2521

app.kubernetes.io/component: query-frontend

2522

app.kubernetes.io/name: '{{ include "loki.name" . }}'

2523

app.kubernetes.io/instance: '{{ .Release.Name }}'

2524

topologyKey: kubernetes.io/hostname

2525

# -- Pod Disruption Budget maxUnavailable

2526

maxUnavailable: null

2527

# -- Node selector for query-frontend pods

2528

nodeSelector: {}

2529

# -- Topology Spread Constraints for query-frontend pods

2530

# The value will be passed through tpl.

2531

topologySpreadConstraints: []

2532

# -- Tolerations for query-frontend pods

2533

tolerations: []

2534

# -- Adds the appProtocol field to the queryFrontend service. This allows queryFrontend to work with istio protocol selection.

2535

appProtocol:

2536

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

2537

grpc: ""

2538

# -- Enable load balancer port for query-frontend

2539

loadBalancer:

2540

enabled: true

2541

# -- trafficDistribution for query-frontend service

2542

trafficDistribution: ""

2543

# -- Configuration for the query-scheduler

2544

queryScheduler:

2545

# -- Number of replicas for the query-scheduler.

2546

# It should be lower than `-querier.max-concurrent` to avoid generating back-pressure in queriers;

2547

# it's also recommended that this value evenly divides the latter

2548

replicas: 0

2549

# -- DNSConfig for query-scheduler

2550

dnsConfig: {}

2551

# -- hostAliases to add

2552

hostAliases: []

2553

# - ip: 1.2.3.4

2554

# hostnames:

2555

# - domain.tld

2556

# -- Use the host's user namespace in the query-scheduler

2557

hostUsers: nil

2558

image:

2559

# -- The Docker registry for the query-scheduler image. Overrides `loki.image.registry`

2560

registry: null

2561

# -- Docker image repository for the query-scheduler image. Overrides `loki.image.repository`

2562

repository: null

2563

# -- Docker image tag for the query-scheduler image. Overrides `loki.image.tag`

2564

tag: null

2565

# -- The name of the PriorityClass for query-scheduler pods

2566

priorityClassName: null

2567

# -- Labels for query-scheduler pods

2568

podLabels: {}

2569

# -- Annotations for query-scheduler pods

2570

podAnnotations: {}

2571

# -- Labels for query-scheduler service

2572

serviceLabels: {}

2573

# -- Annotations for query-scheduler service

2574

serviceAnnotations: {}

2575

# -- Additional CLI args for the query-scheduler

2576

extraArgs: []

2577

# -- Environment variables to add to the query-scheduler pods

2578

extraEnv: []

2579

# -- Environment variables from secrets or configmaps to add to the query-scheduler pods

2580

extraEnvFrom: []

2581

# -- Volume mounts to add to the query-scheduler pods

2582

extraVolumeMounts: []

2583

# -- Volumes to add to the query-scheduler pods

2584

extraVolumes: []

2585

# -- Resource requests and limits for the query-scheduler

2586

resources: {}

2587

# -- init containers to add to the query-scheduler pods

2588

initContainers: []

2589

# -- Containers to add to the query-scheduler pods

2590

extraContainers: []

2591

# -- Grace period to allow the query-scheduler to shutdown before it is killed

2592

terminationGracePeriodSeconds: 30

2593

# -- Affinity for query-scheduler pods.

2594

# @default -- Hard node anti-affinity

2595

# The value will be passed through tpl.

2596

affinity:

2597

podAntiAffinity:

2598

requiredDuringSchedulingIgnoredDuringExecution:

2599

- labelSelector:

2600

matchLabels:

2601

app.kubernetes.io/component: query-scheduler

2602

app.kubernetes.io/name: '{{ include "loki.name" . }}'

2603

app.kubernetes.io/instance: '{{ .Release.Name }}'

2604

topologyKey: kubernetes.io/hostname

2605

# -- Pod Disruption Budget maxUnavailable

2606

maxUnavailable: 1

2607

# -- Node selector for query-scheduler pods

2608

nodeSelector: {}

2609

# -- Topology Spread Constraints for query-scheduler pods

2610

# The value will be passed through tpl.

2611

topologySpreadConstraints: []

2612

# -- Tolerations for query-scheduler pods

2613

tolerations: []

2614

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

2615

appProtocol:

2616

grpc: ""

2617

# -- trafficDistribution for query-scheduler service

2618

trafficDistribution: ""

2619

# -- Configuration for the index-gateway

2620

indexGateway:

2621

# -- Number of replicas for the index-gateway

2622

replicas: 0

2623

# -- Whether the index gateway should join the memberlist hashring

2624

joinMemberlist: true

2625

# -- DNSConfig for index-gateway pods

2626

dnsConfig: {}

2627

# -- hostAliases to add

2628

hostAliases: []

2629

# - ip: 1.2.3.4

2630

# hostnames:

2631

# - domain.tld

2632

# -- Use the host's user namespace in the index-gateway

2633

hostUsers: nil

2634

image:

2635

# -- The Docker registry for the index-gateway image. Overrides `loki.image.registry`

2636

registry: null

2637

# -- Docker image repository for the index-gateway image. Overrides `loki.image.repository`

2638

repository: null

2639

# -- Docker image tag for the index-gateway image. Overrides `loki.image.tag`

2640

tag: null

2641

# -- The name of the PriorityClass for index-gateway pods

2642

priorityClassName: null

2643

# -- Labels for index-gateway pods

2644

podLabels: {}

2645

# -- Annotations for index-gateway pods

2646

podAnnotations: {}

2647

# -- Labels for index-gateway service

2648

serviceLabels: {}

2649

# -- Annotations for index-gateway service

2650

serviceAnnotations: {}

2651

# -- Service type for index-gateway service

2652

serviceType: "ClusterIP"

2653

# -- Additional CLI args for the index-gateway

2654

extraArgs: []

2655

# -- Environment variables to add to the index-gateway pods

2656

extraEnv: []

2657

# -- Environment variables from secrets or configmaps to add to the index-gateway pods

2658

extraEnvFrom: []

2659

# -- Volume mounts to add to the index-gateway pods

2660

extraVolumeMounts: []

2661

# -- Volumes to add to the index-gateway pods

2662

extraVolumes: []

2663

# -- Resource requests and limits for the index-gateway

2664

resources: {}

2665

# -- Containers to add to the index-gateway pods

2666

extraContainers: []

2667

# -- Init containers to add to the index-gateway pods

2668

initContainers: []

2669

# -- Grace period to allow the index-gateway to shutdown before it is killed.

2670

terminationGracePeriodSeconds: 300

2671

# -- Lifecycle for the index-gateway container

2672

lifecycle: {}

2673

# -- Affinity for index-gateway pods.

2674

# @default -- Hard node anti-affinity

2675

# The value will be passed through tpl.

2676

affinity:

2677

podAntiAffinity:

2678

requiredDuringSchedulingIgnoredDuringExecution:

2679

- labelSelector:

2680

matchLabels:

2681

app.kubernetes.io/component: index-gateway

2682

app.kubernetes.io/name: '{{ include "loki.name" . }}'

2683

app.kubernetes.io/instance: '{{ .Release.Name }}'

2684

topologyKey: kubernetes.io/hostname

2685

# -- Pod Disruption Budget maxUnavailable

2686

maxUnavailable: null

2687

# -- Node selector for index-gateway pods

2688

nodeSelector: {}

2689

# -- Topology Spread Constraints for index-gateway pods

2690

# The value will be passed through tpl.

2691

topologySpreadConstraints: []

2692

# -- Tolerations for index-gateway pods

2693

tolerations: []

2694

persistence:

2695

# -- Enable creating PVCs which is required when using boltdb-shipper

2696

enabled: false

2697

# -- Set access modes on the PersistentVolumeClaim

2698

accessModes:

2699

- ReadWriteOnce

2700

# -- Use emptyDir with ramdisk for storage. **Please note that all data in indexGateway will be lost on pod restart**

2701

inMemory: false

2702

# -- Size of persistent or memory disk

2703

size: 10Gi

2704

# -- Storage class to be used.

2705

# If defined, storageClassName: <storageClass>.

2706

# If set to "-", storageClassName: "", which disables dynamic provisioning.

2707

# If empty or set to null, no storageClassName spec is

2708

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

2709

storageClass: null

2710

# -- Volume attributes class name to be used.

2711

# If empty or set to null, no volumeAttributesClassName spec is set.

2712

# Requires Kubernetes 1.31

2713

volumeAttributesClassName: null

2714

# -- Annotations for index gateway PVCs

2715

annotations: {}

2716

# -- Labels for index gateway PVCs

2717

labels: {}

2718

# -- Enable StatefulSetAutoDeletePVC feature

2719

enableStatefulSetAutoDeletePVC: false

2720

whenDeleted: Retain

2721

whenScaled: Retain

2722

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

2723

appProtocol:

2724

grpc: ""

2725

# -- trafficDistribution for index-gateway service

2726

trafficDistribution: ""

2727

# -- UpdateStrategy for the indexGateway StatefulSet.

2728

updateStrategy:

2729

# -- One of 'OnDelete' or 'RollingUpdate'

2730

type: RollingUpdate

2731

2732

# rollingUpdate:

2733

# partition: 0

2734

# -- Configuration for the compactor

2735

compactor:

2736

# -- Number of replicas for the compactor

2737

replicas: 0

2738

# -- hostAliases to add

2739

hostAliases: []

2740

# - ip: 1.2.3.4

2741

# hostnames:

2742

# - domain.tld

2743

# -- Use the host's user namespace in the compactor

2744

hostUsers: nil

2745

# -- DNSConfig for compactor pods

2746

dnsConfig: {}

2747

image:

2748

# -- The Docker registry for the compactor image. Overrides `loki.image.registry`

2749

registry: null

2750

# -- Docker image repository for the compactor image. Overrides `loki.image.repository`

2751

repository: null

2752

# -- Docker image tag for the compactor image. Overrides `loki.image.tag`

2753

tag: null

2754

# -- Command to execute instead of defined in Docker image

2755

command: null

2756

# -- The name of the PriorityClass for compactor pods

2757

priorityClassName: null

2758

# -- Labels for compactor pods

2759

podLabels: {}

2760

# -- Annotations for compactor pods

2761

podAnnotations: {}

2762

# -- Affinity for compactor pods.

2763

# @default -- Hard node anti-affinity

2764

# The value will be passed through tpl.

2765

affinity:

2766

podAntiAffinity:

2767

requiredDuringSchedulingIgnoredDuringExecution:

2768

- labelSelector:

2769

matchLabels:

2770

app.kubernetes.io/component: compactor

2771

app.kubernetes.io/name: '{{ include "loki.name" . }}'

2772

app.kubernetes.io/instance: '{{ .Release.Name }}'

2773

topologyKey: kubernetes.io/hostname

2774

# -- Labels for compactor service

2775

serviceLabels: {}

2776

# -- Annotations for compactor service

2777

serviceAnnotations: {}

2778

# -- Service type for compactor service

2779

serviceType: "ClusterIP"

2780

# -- Additional CLI args for the compactor

2781

extraArgs: []

2782

# -- Environment variables to add to the compactor pods

2783

extraEnv: []

2784

# -- Environment variables from secrets or configmaps to add to the compactor pods

2785

extraEnvFrom: []

2786

# -- Volume mounts to add to the compactor pods

2787

extraVolumeMounts: []

2788

# -- Volumes to add to the compactor pods

2789

extraVolumes: []

2790

# -- readiness probe settings for compactor pods. If empty, use `loki.readinessProbe`

2791

readinessProbe: {}

2792

# -- liveness probe settings for compactor pods. If empty use `loki.livenessProbe`

2793

livenessProbe: {}

2794

# -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe`

2795

startupProbe: {}

2796

# -- Resource requests and limits for the compactor

2797

resources: {}

2798

# -- Containers to add to the compactor pods

2799

extraContainers: []

2800

# -- Init containers to add to the compactor pods

2801

initContainers: []

2802

# -- Grace period to allow the compactor to shutdown before it is killed

2803

terminationGracePeriodSeconds: 30

2804

# -- Node selector for compactor pods

2805

nodeSelector: {}

2806

# -- Tolerations for compactor pods

2807

tolerations: []

2808

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

2809

appProtocol:

2810

grpc: ""

2811

persistence:

2812

# -- Enable creating PVCs for the compactor

2813

enabled: false

2814

# -- List of the compactor PVCs

2815

# @notationType -- list

2816

claims:

2817

- name: data

2818

# -- Set access modes on the PersistentVolumeClaim

2819

accessModes:

2820

- ReadWriteOnce

2821

size: 10Gi

2822

# -- Storage class to be used.

2823

# If defined, storageClassName: <storageClass>.

2824

# If set to "-", storageClassName: "", which disables dynamic provisioning.

2825

# If empty or set to null, no storageClassName spec is

2826

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

2827

storageClass: null

2828

# -- Volume attributes class name to be used.

2829

# If empty or set to null, no volumeAttributesClassName spec is set.

2830

# Requires Kubernetes 1.31

2831

volumeAttributesClassName: null

2832

# -- Annotations for compactor PVCs

2833

annotations: {}

2834

# -- Labels for compactor PVCs

2835

labels: {}

2836

# - name: wal

2837

# size: 150Gi

2838

# -- Enable StatefulSetAutoDeletePVC feature

2839

enableStatefulSetAutoDeletePVC: false

2840

whenDeleted: Retain

2841

whenScaled: Retain

2842

serviceAccount:

2843

create: false

2844

# -- The name of the ServiceAccount to use for the compactor.

2845

# If not set and create is true, a name is generated by appending

2846

# "-compactor" to the common ServiceAccount.

2847

2848

# -- Image pull secrets for the compactor service account

2849

imagePullSecrets: []

2850

# -- Annotations for the compactor service account

2851

annotations: {}

2852

# -- Set this toggle to false to opt out of automounting API credentials for the service account

2853

automountServiceAccountToken: true

2854

# -- Configuration for the bloom-gateway

2855

bloomGateway:

2856

# -- Number of replicas for the bloom-gateway

2857

replicas: 0

2858

# -- hostAliases to add

2859

hostAliases: []

2860

# - ip: 1.2.3.4

2861

# hostnames:

2862

# - domain.tld

2863

# -- Use the host's user namespace in the bloom-gateway

2864

hostUsers: nil

2865

# -- DNSConfig for bloom-gateway pods

2866

dnsConfig: {}

2867

image:

2868

# -- The Docker registry for the bloom-gateway image. Overrides `loki.image.registry`

2869

registry: null

2870

# -- Docker image repository for the bloom-gateway image. Overrides `loki.image.repository`

2871

repository: null

2872

# -- Docker image tag for the bloom-gateway image. Overrides `loki.image.tag`

2873

tag: null

2874

# -- Command to execute instead of defined in Docker image

2875

command: null

2876

# -- The name of the PriorityClass for bloom-gateway pods

2877

priorityClassName: null

2878

# -- Labels for bloom-gateway pods

2879

podLabels: {}

2880

# -- Annotations for bloom-gateway pods

2881

podAnnotations: {}

2882

# -- Affinity for bloom-gateway pods.

2883

# @default -- Hard node anti-affinity

2884

# The value will be passed through tpl.

2885

affinity:

2886

podAntiAffinity:

2887

requiredDuringSchedulingIgnoredDuringExecution:

2888

- labelSelector:

2889

matchLabels:

2890

app.kubernetes.io/component: bloom-gateway

2891

app.kubernetes.io/name: '{{ include "loki.name" . }}'

2892

app.kubernetes.io/instance: '{{ .Release.Name }}'

2893

topologyKey: kubernetes.io/hostname

2894

# -- Labels for bloom-gateway service

2895

serviceLabels: {}

2896

# -- Annotations for bloom-gateway service

2897

serviceAnnotations: {}

2898

# -- Additional CLI args for the bloom-gateway

2899

extraArgs: []

2900

# -- Environment variables to add to the bloom-gateway pods

2901

extraEnv: []

2902

# -- Environment variables from secrets or configmaps to add to the bloom-gateway pods

2903

extraEnvFrom: []

2904

# -- Volume mounts to add to the bloom-gateway pods

2905

extraVolumeMounts: []

2906

# -- Volumes to add to the bloom-gateway pods

2907

extraVolumes: []

2908

# -- readiness probe settings for bloom-gateway pods. If empty, use `loki.readinessProbe`

2909

readinessProbe: {}

2910

# -- liveness probe settings for bloom-gateway pods. If empty use `loki.livenessProbe`

2911

livenessProbe: {}

2912

# -- startup probe settings for bloom-gateway pods. If empty, use `loki.startupProbe`

2913

startupProbe: {}

2914

# -- Resource requests and limits for the bloom-gateway

2915

resources: {}

2916

# -- Containers to add to the bloom-gateway pods

2917

extraContainers: []

2918

# -- Init containers to add to the bloom-gateway pods

2919

initContainers: []

2920

# -- Grace period to allow the bloom-gateway to shutdown before it is killed

2921

terminationGracePeriodSeconds: 30

2922

# -- Node selector for bloom-gateway pods

2923

nodeSelector: {}

2924

# -- Tolerations for bloom-gateway pods

2925

tolerations: []

2926

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

2927

appProtocol:

2928

grpc: ""

2929

persistence:

2930

# -- Enable creating PVCs for the bloom-gateway

2931

enabled: false

2932

# -- Annotations for bloom-gateway PVCs

2933

annotations: {}

2934

# -- Labels for bloom gateway PVCs

2935

labels: {}

2936

# -- List of the bloom-gateway PVCs

2937

# @notationType -- list

2938

claims:

2939

- name: data

2940

# -- Set access modes on the PersistentVolumeClaim

2941

accessModes:

2942

- ReadWriteOnce

2943

# -- Size of persistent disk

2944

size: 10Gi

2945

# -- Storage class to be used.

2946

# If defined, storageClassName: <storageClass>.

2947

# If set to "-", storageClassName: "", which disables dynamic provisioning.

2948

# If empty or set to null, no storageClassName spec is

2949

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

2950

storageClass: null

2951

# -- Volume attributes class name to be used.

2952

# If empty or set to null, no volumeAttributesClassName spec is set.

2953

# Requires Kubernetes 1.31

2954

volumeAttributesClassName: null

2955

# -- Enable StatefulSetAutoDeletePVC feature

2956

enableStatefulSetAutoDeletePVC: false

2957

whenDeleted: Retain

2958

whenScaled: Retain

2959

serviceAccount:

2960

create: false

2961

# -- The name of the ServiceAccount to use for the bloom-gateway.

2962

# If not set and create is true, a name is generated by appending

2963

# "-bloom-gateway" to the common ServiceAccount.

2964

2965

# -- Image pull secrets for the bloom-gateway service account

2966

imagePullSecrets: []

2967

# -- Annotations for the bloom-gateway service account

2968

annotations: {}

2969

# -- Set this toggle to false to opt out of automounting API credentials for the service account

2970

automountServiceAccountToken: true

2971

# -- Configuration for the bloom-planner

2972

bloomPlanner:

2973

# -- Number of replicas for the bloom-planner

2974

replicas: 0

2975

# -- hostAliases to add

2976

hostAliases: []

2977

# - ip: 1.2.3.4

2978

# hostnames:

2979

# - domain.tld

2980

# -- Use the host's user namespace in the bloom-planner

2981

hostUsers: nil

2982

# -- DNSConfig for bloom-planner pods

2983

dnsConfig: {}

2984

image:

2985

# -- The Docker registry for the bloom-planner image. Overrides `loki.image.registry`

2986

registry: null

2987

# -- Docker image repository for the bloom-planner image. Overrides `loki.image.repository`

2988

repository: null

2989

# -- Docker image tag for the bloom-planner image. Overrides `loki.image.tag`

2990

tag: null

2991

# -- Command to execute instead of defined in Docker image

2992

command: null

2993

# -- The name of the PriorityClass for bloom-planner pods

2994

priorityClassName: null

2995

# -- Labels for bloom-planner pods

2996

podLabels: {}

2997

# -- Annotations for bloom-planner pods

2998

podAnnotations: {}

2999

# -- Affinity for bloom-planner pods.

3000

# @default -- Hard node anti-affinity

3001

# The value will be passed through tpl.

3002

affinity:

3003

podAntiAffinity:

3004

requiredDuringSchedulingIgnoredDuringExecution:

3005

- labelSelector:

3006

matchLabels:

3007

app.kubernetes.io/component: bloom-planner

3008

app.kubernetes.io/name: '{{ include "loki.name" . }}'

3009

app.kubernetes.io/instance: '{{ .Release.Name }}'

3010

topologyKey: kubernetes.io/hostname

3011

# -- Labels for bloom-planner service

3012

serviceLabels: {}

3013

# -- Annotations for bloom-planner service

3014

serviceAnnotations: {}

3015

# -- Additional CLI args for the bloom-planner

3016

extraArgs: []

3017

# -- Environment variables to add to the bloom-planner pods

3018

extraEnv: []

3019

# -- Environment variables from secrets or configmaps to add to the bloom-planner pods

3020

extraEnvFrom: []

3021

# -- Volume mounts to add to the bloom-planner pods

3022

extraVolumeMounts: []

3023

# -- Volumes to add to the bloom-planner pods

3024

extraVolumes: []

3025

# -- readiness probe settings for bloom-planner pods. If empty, use `loki.readinessProbe`

3026

readinessProbe: {}

3027

# -- liveness probe settings for bloom-planner pods. If empty use `loki.livenessProbe`

3028

livenessProbe: {}

3029

# -- startup probe settings for bloom-planner pods. If empty use `loki.startupProbe`

3030

startupProbe: {}

3031

# -- Resource requests and limits for the bloom-planner

3032

resources: {}

3033

# -- Containers to add to the bloom-planner pods

3034

extraContainers: []

3035

# -- Init containers to add to the bloom-planner pods

3036

initContainers: []

3037

# -- Grace period to allow the bloom-planner to shutdown before it is killed

3038

terminationGracePeriodSeconds: 30

3039

# -- Node selector for bloom-planner pods

3040

nodeSelector: {}

3041

# -- Tolerations for bloom-planner pods

3042

tolerations: []

3043

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

3044

appProtocol:

3045

grpc: ""

3046

persistence:

3047

# -- Enable creating PVCs for the bloom-planner

3048

enabled: false

3049

# -- List of the bloom-planner PVCs

3050

# @notationType -- list

3051

claims:

3052

- name: data

3053

# -- Set access modes on the PersistentVolumeClaim

3054

accessModes:

3055

- ReadWriteOnce

3056

# -- Size of persistent disk

3057

size: 10Gi

3058

# -- Storage class to be used.

3059

# If defined, storageClassName: <storageClass>.

3060

# If set to "-", storageClassName: "", which disables dynamic provisioning.

3061

# If empty or set to null, no storageClassName spec is

3062

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

3063

storageClass: null

3064

# -- Volume attributes class name to be used.

3065

# If empty or set to null, no volumeAttributesClassName spec is set.

3066

# Requires Kubernetes 1.31

3067

volumeAttributesClassName: null

3068

# -- Annotations for bloom-planner PVCs

3069

annotations: {}

3070

# -- Labels for bloom planner PVCs

3071

labels: {}

3072

# -- Enable StatefulSetAutoDeletePVC feature

3073

enableStatefulSetAutoDeletePVC: false

3074

whenDeleted: Retain

3075

whenScaled: Retain

3076

serviceAccount:

3077

create: false

3078

# -- The name of the ServiceAccount to use for the bloom-planner.

3079

# If not set and create is true, a name is generated by appending

3080

# "-bloom-planner" to the common ServiceAccount.

3081

3082

# -- Image pull secrets for the bloom-planner service account

3083

imagePullSecrets: []

3084

# -- Annotations for the bloom-planner service account

3085

annotations: {}

3086

# -- Set this toggle to false to opt out of automounting API credentials for the service account

3087

automountServiceAccountToken: true

3088

# -- Configuration for the bloom-builder

3089

bloomBuilder:

3090

# -- Number of replicas for the bloom-builder

3091

replicas: 0

3092

# -- hostAliases to add

3093

hostAliases: []

3094

# - ip: 1.2.3.4

3095

# hostnames:

3096

# - domain.tld

3097

# -- Use the host's user namespace in the boom-builder

3098

hostUsers: nil

3099

# -- DNSConfig for bloom-builder pods

3100

dnsConfig: {}

3101

autoscaling:

3102

# -- Enable autoscaling for the bloom-builder

3103

enabled: false

3104

# -- Minimum autoscaling replicas for the bloom-builder

3105

minReplicas: 1

3106

# -- Maximum autoscaling replicas for the bloom-builder

3107

maxReplicas: 3

3108

# -- Target CPU utilisation percentage for the bloom-builder

3109

targetCPUUtilizationPercentage: 60

3110

# -- Target memory utilisation percentage for the bloom-builder

3111

targetMemoryUtilizationPercentage: null

3112

# -- Allows one to define custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics)

3113

customMetrics: []

3114

# - type: Pods

3115

# pods:

3116

# metric:

3117

# name: loki_query_rate

3118

# target:

3119

# type: AverageValue

3120

# averageValue: 100

3121

behavior:

3122

# -- Enable autoscaling behaviours

3123

enabled: false

3124

# -- define scale down policies, must conform to HPAScalingRules

3125

scaleDown: {}

3126

# -- define scale up policies, must conform to HPAScalingRules

3127

scaleUp: {}

3128

image:

3129

# -- The Docker registry for the bloom-builder image. Overrides `loki.image.registry`

3130

registry: null

3131

# -- Docker image repository for the bloom-builder image. Overrides `loki.image.repository`

3132

repository: null

3133

# -- Docker image tag for the bloom-builder image. Overrides `loki.image.tag`

3134

tag: null

3135

# -- Command to execute instead of defined in Docker image

3136

command: null

3137

# -- The name of the PriorityClass for bloom-builder pods

3138

priorityClassName: null

3139

# -- Labels for bloom-builder pods

3140

podLabels: {}

3141

# -- Annotations for bloom-builder pods

3142

podAnnotations: {}

3143

# -- Labels for bloom-builder service

3144

serviceLabels: {}

3145

# -- Annotations for bloom-builder service

3146

serviceAnnotations: {}

3147

# -- Additional CLI args for the bloom-builder

3148

extraArgs: []

3149

# -- Environment variables to add to the bloom-builder pods

3150

extraEnv: []

3151

# -- Environment variables from secrets or configmaps to add to the bloom-builder pods

3152

extraEnvFrom: []

3153

# -- Volume mounts to add to the bloom-builder pods

3154

extraVolumeMounts: []

3155

# -- Volumes to add to the bloom-builder pods

3156

extraVolumes: []

3157

# -- Resource requests and limits for the bloom-builder

3158

resources: {}

3159

# -- Init containers to add to the bloom-builder pods

3160

initContainers: []

3161

# -- Containers to add to the bloom-builder pods

3162

extraContainers: []

3163

# -- Grace period to allow the bloom-builder to shutdown before it is killed

3164

terminationGracePeriodSeconds: 30

3165

# -- Affinity for bloom-builder pods.

3166

# @default -- Hard node anti-affinity

3167

# The value will be passed through tpl.

3168

affinity:

3169

podAntiAffinity:

3170

requiredDuringSchedulingIgnoredDuringExecution:

3171

- labelSelector:

3172

matchLabels:

3173

app.kubernetes.io/component: bloom-builder

3174

app.kubernetes.io/name: '{{ include "loki.name" . }}'

3175

app.kubernetes.io/instance: '{{ .Release.Name }}'

3176

topologyKey: kubernetes.io/hostname

3177

# -- Pod Disruption Budget maxUnavailable

3178

maxUnavailable: null

3179

# -- Node selector for bloom-builder pods

3180

nodeSelector: {}

3181

# -- Tolerations for bloom-builder pods

3182

tolerations: []

3183

# -- Adds the appProtocol field to the queryFrontend service. This allows bloomBuilder to work with istio protocol selection.

3184

appProtocol:

3185

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

3186

grpc: ""

3187

# -- Configuration for the pattern ingester

3188

patternIngester:

3189

# -- Number of replicas for the pattern ingester

3190

replicas: 0

3191

# -- DNSConfig for pattern ingester pods

3192

dnsConfig: {}

3193

# -- hostAliases to add

3194

hostAliases: []

3195

# - ip: 1.2.3.4

3196

# hostnames:

3197

# - domain.tld

3198

# -- Use the host's user namespace in the pattern ingester

3199

hostUsers: nil

3200

image:

3201

# -- The Docker registry for the pattern ingester image. Overrides `loki.image.registry`

3202

registry: null

3203

# -- Docker image repository for the pattern ingester image. Overrides `loki.image.repository`

3204

repository: null

3205

# -- Docker image tag for the pattern ingester image. Overrides `loki.image.tag`

3206

tag: null

3207

# -- Command to execute instead of defined in Docker image

3208

command: null

3209

# -- The name of the PriorityClass for pattern ingester pods

3210

priorityClassName: null

3211

# -- Labels for pattern ingester pods

3212

podLabels: {}

3213

# -- Annotations for pattern ingester pods

3214

podAnnotations: {}

3215

# -- Affinity for pattern ingester pods.

3216

# @default -- Hard node anti-affinity

3217

# The value will be passed through tpl.

3218

affinity:

3219

podAntiAffinity:

3220

requiredDuringSchedulingIgnoredDuringExecution:

3221

- labelSelector:

3222

matchLabels:

3223

app.kubernetes.io/component: pattern-ingester

3224

app.kubernetes.io/name: '{{ include "loki.name" . }}'

3225

app.kubernetes.io/instance: '{{ .Release.Name }}'

3226

topologyKey: kubernetes.io/hostname

3227

# -- Pod Disruption Budget maxUnavailable

3228

maxUnavailable: null

3229

# -- Labels for pattern ingester service

3230

serviceLabels: {}

3231

# -- Annotations for pattern ingester service

3232

serviceAnnotations: {}

3233

# -- Additional CLI args for the pattern ingester

3234

extraArgs: []

3235

# -- Environment variables to add to the pattern ingester pods

3236

extraEnv: []

3237

# -- Environment variables from secrets or configmaps to add to the pattern ingester pods

3238

extraEnvFrom: []

3239

# -- Volume mounts to add to the pattern ingester pods

3240

extraVolumeMounts: []

3241

# -- Volumes to add to the pattern ingester pods

3242

extraVolumes: []

3243

# -- readiness probe settings for pattern ingester pods. If empty, use `loki.readinessProbe`

3244

readinessProbe: {}

3245

# -- liveness probe settings for pattern ingester pods. If empty use `loki.livenessProbe`

3246

livenessProbe: {}

3247

# -- startup probe settings for pattern ingester pods. If empty use `loki.startupProbe`

3248

startupProbe: {}

3249

# -- Resource requests and limits for the pattern ingester

3250

resources: {}

3251

# -- Containers to add to the pattern ingester pods

3252

extraContainers: []

3253

# -- Init containers to add to the pattern ingester pods

3254

initContainers: []

3255

# -- Grace period to allow the pattern ingester to shutdown before it is killed

3256

terminationGracePeriodSeconds: 30

3257

# -- Node selector for pattern ingester pods

3258

nodeSelector: {}

3259

# -- Topology Spread Constraints for pattern ingester pods

3260

# The value will be passed through tpl.

3261

topologySpreadConstraints: []

3262

# -- Tolerations for pattern ingester pods

3263

tolerations: []

3264

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

3265

appProtocol:

3266

grpc: ""

3267

persistence:

3268

# -- Enable creating PVCs for the pattern ingester

3269

enabled: false

3270

# -- Size of persistent disk

3271

size: 10Gi

3272

# -- Storage class to be used.

3273

# If defined, storageClassName: <storageClass>.

3274

# If set to "-", storageClassName: "", which disables dynamic provisioning.

3275

# If empty or set to null, no storageClassName spec is

3276

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

3277

storageClass: null

3278

# -- List of the pattern ingester PVCs

3279

# @notationType -- list

3280

claims:

3281

- name: data

3282

# -- Set access modes on the PersistentVolumeClaim

3283

accessModes:

3284

- ReadWriteOnce

3285

size: 10Gi

3286

# -- Storage class to be used.

3287

# If defined, storageClassName: <storageClass>.

3288

# If set to "-", storageClassName: "", which disables dynamic provisioning.

3289

# If empty or set to null, no storageClassName spec is

3290

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

3291

storageClass: null

3292

# -- Volume attributes class name to be used.

3293

# If empty or set to null, no volumeAttributesClassName spec is set.

3294

# Requires Kubernetes 1.31

3295

volumeAttributesClassName: null

3296

# -- Annotations for pattern ingester PVCs

3297

annotations: {}

3298

# -- Labels for pattern ingester PVCs

3299

labels: {}

3300

# - name: wal

3301

# size: 150Gi

3302

# -- Enable StatefulSetAutoDeletePVC feature

3303

enableStatefulSetAutoDeletePVC: false

3304

whenDeleted: Retain

3305

whenScaled: Retain

3306

serviceAccount:

3307

create: false

3308

# -- The name of the ServiceAccount to use for the pattern ingester.

3309

# If not set and create is true, a name is generated by appending

3310

# "-pattern-ingester" to the common ServiceAccount.

3311

3312

# -- Image pull secrets for the pattern ingester service account

3313

imagePullSecrets: []

3314

# -- Annotations for the pattern ingester service account

3315

annotations: {}

3316

# -- Set this toggle to false to opt out of automounting API credentials for the service account

3317

automountServiceAccountToken: true

3318

# -- Configuration for the ruler

3319

ruler:

3320

# -- The ruler component is optional and can be disabled if desired.

3321

enabled: true

3322

# -- Whether to enable the rules sidecar

3323

sidecar: false

3324

# -- Number of replicas for the ruler

3325

replicas: 0

3326

# -- hostAliases to add

3327

hostAliases: []

3328

# - ip: 1.2.3.4

3329

# hostnames:

3330

# - domain.tld

3331

# -- Use the host's user namespace in the ruler

3332

hostUsers: nil

3333

image:

3334

# -- The Docker registry for the ruler image. Overrides `loki.image.registry`

3335

registry: null

3336

# -- Docker image repository for the ruler image. Overrides `loki.image.repository`

3337

repository: null

3338

# -- Docker image tag for the ruler image. Overrides `loki.image.tag`

3339

tag: null

3340

# -- Command to execute instead of defined in Docker image

3341

command: null

3342

# -- The name of the PriorityClass for ruler pods

3343

priorityClassName: null

3344

# -- Labels for compactor pods

3345

podLabels: {}

3346

# -- Annotations for ruler pods

3347

podAnnotations: {}

3348

# -- Labels for ruler service

3349

serviceLabels: {}

3350

# -- Annotations for ruler service

3351

serviceAnnotations: {}

3352

# -- Additional CLI args for the ruler

3353

extraArgs: []

3354

# -- Environment variables to add to the ruler pods

3355

extraEnv: []

3356

# -- Environment variables from secrets or configmaps to add to the ruler pods

3357

extraEnvFrom: []

3358

# -- Volume mounts to add to the ruler pods

3359

extraVolumeMounts: []

3360

# -- Volumes to add to the ruler pods

3361

extraVolumes: []

3362

# -- Resource requests and limits for the ruler

3363

resources: {}

3364

# -- Containers to add to the ruler pods

3365

extraContainers: []

3366

# -- Init containers to add to the ruler pods

3367

initContainers: []

3368

# -- Grace period to allow the ruler to shutdown before it is killed

3369

terminationGracePeriodSeconds: 300

3370

# -- Affinity for ruler pods.

3371

# @default -- Hard node anti-affinity

3372

# The value will be passed through tpl.

3373

affinity:

3374

podAntiAffinity:

3375

requiredDuringSchedulingIgnoredDuringExecution:

3376

- labelSelector:

3377

matchLabels:

3378

app.kubernetes.io/component: ruler

3379

app.kubernetes.io/name: '{{ include "loki.name" . }}'

3380

app.kubernetes.io/instance: '{{ .Release.Name }}'

3381

topologyKey: kubernetes.io/hostname

3382

# -- Pod Disruption Budget maxUnavailable

3383

maxUnavailable: null

3384

# -- Node selector for ruler pods

3385

nodeSelector: {}

3386

# -- Topology Spread Constraints for ruler pods

3387

# The value will be passed through tpl.

3388

topologySpreadConstraints: []

3389

# -- Tolerations for ruler pods

3390

tolerations: []

3391

# -- DNSConfig for ruler pods

3392

dnsConfig: {}

3393

persistence:

3394

# -- Enable creating PVCs which is required when using recording rules

3395

enabled: false

3396

# -- Set access modes on the PersistentVolumeClaim

3397

accessModes:

3398

- ReadWriteOnce

3399

# -- Size of persistent disk

3400

size: 10Gi

3401

# -- Storage class to be used.

3402

# If defined, storageClassName: <storageClass>.

3403

# If set to "-", storageClassName: "", which disables dynamic provisioning.

3404

# If empty or set to null, no storageClassName spec is

3405

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

3406

storageClass: null

3407

# -- Volume attributes class name to be used.

3408

# If empty or set to null, no volumeAttributesClassName spec is set.

3409

# Requires Kubernetes 1.31

3410

volumeAttributesClassName: null

3411

# -- Annotations for ruler PVCs

3412

annotations: {}

3413

# -- Labels for ruler PVCs

3414

labels: {}

3415

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

3416

appProtocol:

3417

grpc: ""

3418

# -- Directories containing rules files. If used, you must also configure `loki.rulerConfig.storage` to use local storage.

3419

directories: {}

3420

# tenant_foo:

3421

# rules1.txt: |

3422

# groups:

3423

# - name: should_fire

3424

# rules:

3425

# - alert: HighPercentageError

3426

# expr: |

3427

# sum(rate({app="foo", env="production"} |= "error" [5m])) by (job)

3428

# /

3429

# sum(rate({app="foo", env="production"}[5m])) by (job)

3430

# > 0.05

3431

# for: 10m

3432

# labels:

3433

# severity: warning

3434

# annotations:

3435

# summary: High error rate

3436

# - name: credentials_leak

3437

# rules:

3438

# - alert: http-credentials-leaked

3439

# annotations:

3440

# message: "{{ $labels.job }} is leaking http basic auth credentials."

3441

# expr: 'sum by (cluster, job, pod) (count_over_time({namespace="prod"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)'

3442

# for: 10m

3443

# labels:

3444

# severity: critical

3445

# rules2.txt: |

3446

# groups:

3447

# - name: example

3448

# rules:

3449

# - alert: HighThroughputLogStreams

3450

# expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000

3451

# for: 2m

3452

# tenant_bar:

3453

# rules1.txt: |

3454

# groups:

3455

# - name: should_fire

3456

# rules:

3457

# - alert: HighPercentageError

3458

# expr: |

3459

# sum(rate({app="foo", env="production"} |= "error" [5m])) by (job)

3460

# /

3461

# sum(rate({app="foo", env="production"}[5m])) by (job)

3462

# > 0.05

3463

# for: 10m

3464

# labels:

3465

# severity: warning

3466

# annotations:

3467

# summary: High error rate

3468

# - name: credentials_leak

3469

# rules:

3470

# - alert: http-credentials-leaked

3471

# annotations:

3472

# message: "{{ $labels.job }} is leaking http basic auth credentials."

3473

# expr: 'sum by (cluster, job, pod) (count_over_time({namespace="prod"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)'

3474

# for: 10m

3475

# labels:

3476

# severity: critical

3477

# rules2.txt: |

3478

# groups:

3479

# - name: example

3480

# rules:

3481

# - alert: HighThroughputLogStreams

3482

# expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000

3483

# for: 2m

3484

# -- Configuration for the overrides-exporter

3485

overridesExporter:

3486

# -- The overrides-exporter component is optional and can be disabled if desired.

3487

enabled: false

3488

# -- Number of replicas for the overrides-exporter

3489

replicas: 0

3490

# -- DNSConfig for overrides-exporter

3491

dnsConfig: {}

3492

# -- hostAliases to add

3493

hostAliases: []

3494

# - ip: 1.2.3.4

3495

# hostnames:

3496

# - domain.tld

3497

# -- Use the host's user namespace in the overrides-exporter

3498

hostUsers: nil

3499

image:

3500

# -- The Docker registry for the overrides-exporter image. Overrides `loki.image.registry`

3501

registry: null

3502

# -- Docker image repository for the overrides-exporter image. Overrides `loki.image.repository`

3503

repository: null

3504

# -- Docker image tag for the overrides-exporter image. Overrides `loki.image.tag`

3505

tag: null

3506

# -- Command to execute instead of defined in Docker image

3507

command: null

3508

# -- The name of the PriorityClass for overrides-exporter pods

3509

priorityClassName: null

3510

# -- Labels for overrides-exporter pods

3511

podLabels: {}

3512

# -- Annotations for overrides-exporter pods

3513

podAnnotations: {}

3514

# -- Labels for overrides-exporter service

3515

serviceLabels: {}

3516

# -- Annotations for overrides-exporter service

3517

serviceAnnotations: {}

3518

# -- Additional CLI args for the overrides-exporter

3519

extraArgs: []

3520

# -- Environment variables to add to the overrides-exporter pods

3521

extraEnv: []

3522

# -- Environment variables from secrets or configmaps to add to the overrides-exporter pods

3523

extraEnvFrom: []

3524

# -- Volume mounts to add to the overrides-exporter pods

3525

extraVolumeMounts: []

3526

# -- Volumes to add to the overrides-exporter pods

3527

extraVolumes: []

3528

# -- Resource requests and limits for the overrides-exporter

3529

resources: {}

3530

# -- Containers to add to the overrides-exporter pods

3531

extraContainers: []

3532

# -- Init containers to add to the overrides-exporter pods

3533

initContainers: []

3534

# -- Grace period to allow the overrides-exporter to shutdown before it is killed

3535

terminationGracePeriodSeconds: 300

3536

# -- Affinity for overrides-exporter pods.

3537

# @default -- Hard node anti-affinity

3538

# The value will be passed through tpl.

3539

affinity:

3540

podAntiAffinity:

3541

requiredDuringSchedulingIgnoredDuringExecution:

3542

- labelSelector:

3543

matchLabels:

3544

app.kubernetes.io/component: overrides-exporter

3545

app.kubernetes.io/name: '{{ include "loki.name" . }}'

3546

app.kubernetes.io/instance: '{{ .Release.Name }}'

3547

topologyKey: kubernetes.io/hostname

3548

# -- Pod Disruption Budget maxUnavailable

3549

maxUnavailable: null

3550

# -- Node selector for overrides-exporter pods

3551

nodeSelector: {}

3552

# -- Topology Spread Constraints for overrides-exporter pods

3553

# The value will be passed through tpl.

3554

topologySpreadConstraints: []

3555

# -- Tolerations for overrides-exporter pods

3556

tolerations: []

3557

# -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https"

3558

appProtocol:

3559

grpc: ""

3560

# You can use a self hosted memcached by setting enabled to false and providing addresses.

3561

memcached:

3562

# -- Enable the built in memcached server provided by the chart

3563

enabled: true

3564

image:

3565

# -- Memcached Docker image repository

3566

repository: cgr.dev/chainguard-private/memcached

3567

# -- Memcached Docker image tag

3568

tag: latest@sha256:bd210cf8f8a6ffd8de945078ead55e064e37e33bd4f25663f086d4f49ef31aee

3569

# -- Memcached Docker image pull policy

3570

pullPolicy: IfNotPresent

3571

# -- The SecurityContext override for memcached pods

3572

podSecurityContext:

3573

runAsNonRoot: true

3574

runAsUser: 11211

3575

runAsGroup: 11211

3576

fsGroup: 11211

3577

# -- The name of the PriorityClass for memcached pods

3578

priorityClassName: null

3579

# -- The SecurityContext for memcached containers

3580

containerSecurityContext:

3581

readOnlyRootFilesystem: true

3582

capabilities:

3583

drop: [ALL]

3584

allowPrivilegeEscalation: false

3585

# -- Readiness probe for memcached pods (probe port defaults to container port)

3586

readinessProbe:

3587

tcpSocket:

3588

port: client

3589

initialDelaySeconds: 5

3590

periodSeconds: 5

3591

timeoutSeconds: 3

3592

failureThreshold: 6

3593

# -- Liveness probe for memcached pods

3594

livenessProbe:

3595

tcpSocket:

3596

port: client

3597

initialDelaySeconds: 30

3598

periodSeconds: 10

3599

timeoutSeconds: 5

3600

failureThreshold: 3

3601

# -- Startup probe for memcached pods

3602

startupProbe: {}

3603

memcachedExporter:

3604

# -- Whether memcached metrics should be exported

3605

enabled: true

3606

image:

3607

repository: cgr.dev/chainguard-private/memcached-exporter

3608

tag: latest@sha256:e1cd7504768dd8a717140d147dc177e2b41351c5ce7a082740747796ed3f8ca6

3609

pullPolicy: IfNotPresent

3610

resources:

3611

requests: {}

3612

limits: {}

3613

# -- The SecurityContext for memcached exporter containers

3614

containerSecurityContext:

3615

readOnlyRootFilesystem: true

3616

capabilities:

3617

drop: [ALL]

3618

allowPrivilegeEscalation: false

3619

# -- Extra args to add to the exporter container.

3620

# Example:

3621

# extraArgs:

3622

# memcached.tls.enable: true

3623

# memcached.tls.cert-file: /certs/cert.crt

3624

# memcached.tls.key-file: /certs/cert.key

3625

# memcached.tls.ca-file: /certs/ca.crt

3626

# memcached.tls.insecure-skip-verify: false

3627

# memcached.tls.server-name: memcached

3628

extraArgs: {}

3629

# -- Liveness probe for memcached exporter

3630

livenessProbe:

3631

httpGet:

3632

path: /metrics

3633

port: http-metrics

3634

initialDelaySeconds: 30

3635

periodSeconds: 10

3636

timeoutSeconds: 5

3637

failureThreshold: 3

3638

# -- Readiness probe for memcached exporter

3639

readinessProbe:

3640

httpGet:

3641

path: /metrics

3642

port: http-metrics

3643

initialDelaySeconds: 5

3644

periodSeconds: 5

3645

timeoutSeconds: 3

3646

failureThreshold: 3

3647

# -- Startup probe for memcached exporter

3648

startupProbe: {}

3649

resultsCache:

3650

# -- Specifies whether memcached based results-cache should be enabled

3651

enabled: true

3652

# -- Comma separated addresses list in DNS Service Discovery format

3653

addresses: dnssrvnoa+_memcached-client._tcp.{{ include "loki.resourceName" (dict "ctx" $ "component" "results-cache") }}.{{ include "loki.namespace" $ }}.svc.{{ .Values.global.clusterDomain }}

3654

# -- Specify how long cached results should be stored in the results-cache before being expired

3655

defaultValidity: 12h

3656

# -- Memcached operation timeout

3657

timeout: 500ms

3658

# -- Total number of results-cache replicas

3659

replicas: 1

3660

# -- Port of the results-cache service

3661

port: 11211

3662

# -- Amount of memory allocated to results-cache for object storage (in MB).

3663

allocatedMemory: 1024

3664

# -- Amount of cpu allocated to results-cache for object storage (in integer or millicores).

3665

allocatedCPU: 500m

3666

# -- Maximum item results-cache for memcached (in MB).

3667

maxItemMemory: 5

3668

# -- Maximum number of connections allowed

3669

connectionLimit: 16384

3670

# -- Max memory to use for cache write back

3671

writebackSizeLimit: 500MB

3672

# -- Max number of objects to use for cache write back

3673

writebackBuffer: 500000

3674

# -- Number of parallel threads for cache write back

3675

writebackParallelism: 1

3676

# -- Extra init containers for results-cache pods

3677

initContainers: []

3678

# -- Annotations for the results-cache pods

3679

annotations: {}

3680

# -- Node selector for results-cache pods

3681

nodeSelector: {}

3682

# -- Affinity for results-cache pods

3683

affinity: {}

3684

# -- topologySpreadConstraints allows to customize the default topologySpreadConstraints. This can be either a single dict as shown below or a slice of topologySpreadConstraints.

3685

# labelSelector is taken from the constraint itself (if it exists) or is generated by the chart using the same selectors as for services.

3686

topologySpreadConstraints: []

3687

# maxSkew: 1

3688

# topologyKey: kubernetes.io/hostname

3689

# whenUnsatisfiable: ScheduleAnyway

3690

# -- Tolerations for results-cache pods

3691

tolerations: []

3692

# -- Pod Disruption Budget maxUnavailable

3693

maxUnavailable: 1

3694

# -- DNSConfig for results-cache

3695

dnsConfig: {}

3696

# -- The name of the PriorityClass for results-cache pods

3697

priorityClassName: null

3698

# -- Use the host's user namespace in results-cache pods

3699

hostUsers: nil

3700

# -- Labels for results-cache pods

3701

podLabels: {}

3702

# -- Annotations for results-cache pods

3703

podAnnotations: {}

3704

# -- Management policy for results-cache pods

3705

podManagementPolicy: Parallel

3706

# -- Grace period to allow the results-cache to shutdown before it is killed

3707

terminationGracePeriodSeconds: 60

3708

# -- Stateful results-cache strategy

3709

statefulStrategy:

3710

type: RollingUpdate

3711

# -- Add extended options for results-cache memcached container. The format is the same as for the memcached -o/--extend flag.

3712

# Example:

3713

# extraExtendedOptions: 'tls,modern,track_sizes'

3714

extraExtendedOptions: ""

3715

# -- Additional CLI args for results-cache

3716

extraArgs: {}

3717

# -- Additional containers to be added to the results-cache pod.

3718

extraContainers: []

3719

# -- Additional volumes to be added to the results-cache pod (applies to both memcached and exporter containers).

3720

# Example:

3721

# extraVolumes:

3722

# - name: extra-volume

3723

# secret:

3724

# secretName: extra-volume-secret

3725

extraVolumes: []

3726

# -- Additional volume mounts to be added to the results-cache pod (applies to both memcached and exporter containers).

3727

# Example:

3728

# extraVolumeMounts:

3729

# - name: extra-volume

3730

# mountPath: /etc/extra-volume

3731

# readOnly: true

3732

extraVolumeMounts: []

3733

# -- Resource requests and limits for the results-cache

3734

# By default a safe memory limit will be requested based on allocatedMemory value (floor (* 1.2 allocatedMemory)).

3735

resources: null

3736

# -- Service annotations and labels

3737

service:

3738

annotations: {}

3739

labels: {}

3740

# -- Persistence settings for the results-cache

3741

persistence:

3742

# -- Enable creating PVCs for the results-cache

3743

enabled: false

3744

# -- Size of persistent disk, must be in G or Gi

3745

storageSize: 10G

3746

# -- Storage class to be used.

3747

# If defined, storageClassName: <storageClass>.

3748

# If set to "-", storageClassName: "", which disables dynamic provisioning.

3749

# If empty or set to null, no storageClassName spec is

3750

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

3751

storageClass: null

3752

# -- Volume attributes class name to be used.

3753

# If empty or set to null, no volumeAttributesClassName spec is set.

3754

# Requires Kubernetes 1.31

3755

volumeAttributesClassName: null

3756

# -- Volume mount path

3757

mountPath: /data

3758

# -- PVC additional labels

3759

labels: {}

3760

chunksCache:

3761

# -- Append to the name of the resources to make names different for l1 and l2

3762

suffix: ""

3763

# -- Specifies whether memcached based chunks-cache should be enabled

3764

enabled: true

3765

# -- Comma separated addresses list in DNS Service Discovery format

3766

addresses: 'dnssrvnoa+_memcached-client._tcp.{{ include "loki.resourceName" (dict "ctx" $ "component" "chunks-cache" "suffix" $.Values.chunksCache.suffix ) }}.{{ include "loki.namespace" $ }}.svc.{{ .Values.global.clusterDomain }}'

3767

# -- Batchsize for sending and receiving chunks from chunks cache

3768

batchSize: 4

3769

# -- Parallel threads for sending and receiving chunks from chunks cache

3770

parallelism: 5

3771

# -- Memcached operation timeout

3772

timeout: 2000ms

3773

# -- Specify how long cached chunks should be stored in the chunks-cache before being expired

3774

defaultValidity: 0s

3775

# -- Specify how long cached chunks should be stored in the chunks-cache before being expired

3776

replicas: 1

3777

# -- Port of the chunks-cache service

3778

port: 11211

3779

# -- Amount of memory allocated to chunks-cache for object storage (in MB).

3780

allocatedMemory: 8192

3781

# -- Amount of cpu allocated to chunks-cache for object storage (in integer or millicores).

3782

allocatedCPU: 500m

3783

# -- Maximum item memory for chunks-cache (in MB).

3784

maxItemMemory: 5

3785

# -- Maximum number of connections allowed

3786

connectionLimit: 16384

3787

# -- Max memory to use for cache write back

3788

writebackSizeLimit: 500MB

3789

# -- Max number of objects to use for cache write back

3790

writebackBuffer: 500000

3791

# -- Number of parallel threads for cache write back

3792

writebackParallelism: 1

3793

# -- Extra init containers for chunks-cache pods

3794

initContainers: []

3795

# -- Annotations for the chunks-cache pods

3796

annotations: {}

3797

# -- Node selector for chunks-cache pods

3798

nodeSelector: {}

3799

# -- Affinity for chunks-cache pods

3800

affinity: {}

3801

# -- topologySpreadConstraints allows to customize the default topologySpreadConstraints. This can be either a single dict as shown below or a slice of topologySpreadConstraints.

3802

# labelSelector is taken from the constraint itself (if it exists) or is generated by the chart using the same selectors as for services.

3803

topologySpreadConstraints: []

3804

# maxSkew: 1

3805

# topologyKey: kubernetes.io/hostname

3806

# whenUnsatisfiable: ScheduleAnyway

3807

# -- Tolerations for chunks-cache pods

3808

tolerations: []

3809

# -- Pod Disruption Budget maxUnavailable

3810

maxUnavailable: 1

3811

# -- DNSConfig for chunks-cache

3812

dnsConfig: {}

3813

# -- The name of the PriorityClass for chunks-cache pods

3814

priorityClassName: null

3815

# -- Use the host's user namespace in chunks-cache pods

3816

hostUsers: nil

3817

# -- Labels for chunks-cache pods

3818

podLabels: {}

3819

# -- Annotations for chunks-cache pods

3820

podAnnotations: {}

3821

# -- Management policy for chunks-cache pods

3822

podManagementPolicy: Parallel

3823

# -- Grace period to allow the chunks-cache to shutdown before it is killed

3824

terminationGracePeriodSeconds: 60

3825

# -- Stateful chunks-cache strategy

3826

statefulStrategy:

3827

type: RollingUpdate

3828

# -- Add extended options for chunks-cache memcached container. The format is the same as for the memcached -o/--extend flag.

3829

# Example:

3830

# extraExtendedOptions: 'tls,no_hashexpand'

3831

extraExtendedOptions: ""

3832

# -- Additional CLI args for chunks-cache

3833

extraArgs: {}

3834

# -- Additional containers to be added to the chunks-cache pod.

3835

extraContainers: []

3836

# -- Additional volumes to be added to the chunks-cache pod (applies to both memcached and exporter containers).

3837

# Example:

3838

# extraVolumes:

3839

# - name: extra-volume

3840

# secret:

3841

# secretName: extra-volume-secret

3842

extraVolumes: []

3843

# -- Additional volume mounts to be added to the chunks-cache pod (applies to both memcached and exporter containers).

3844

# Example:

3845

# extraVolumeMounts:

3846

# - name: extra-volume

3847

# mountPath: /etc/extra-volume

3848

# readOnly: true

3849

extraVolumeMounts: []

3850

# -- Resource requests and limits for the chunks-cache

3851

# By default a safe memory limit will be requested based on allocatedMemory value (floor (* 1.2 allocatedMemory)).

3852

resources: null

3853

# -- Service annotations and labels

3854

service:

3855

annotations: {}

3856

labels: {}

3857

# -- Persistence settings for the chunks-cache

3858

persistence:

3859

# -- Enable creating PVCs for the chunks-cache

3860

enabled: false

3861

# -- Size of persistent disk, must be in G or Gi

3862

storageSize: 10G

3863

# -- Storage class to be used.

3864

# If defined, storageClassName: <storageClass>.

3865

# If set to "-", storageClassName: "", which disables dynamic provisioning.

3866

# If empty or set to null, no storageClassName spec is

3867

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

3868

storageClass: null

3869

# -- Volume attributes class name to be used.

3870

# If empty or set to null, no volumeAttributesClassName spec is set.

3871

# Requires Kubernetes 1.31

3872

volumeAttributesClassName: null

3873

# -- Volume mount path

3874

mountPath: /data

3875

labels: {}

3876

# -- l2 memcache configuration

3877

l2:

3878

# -- Append to the name of the resources to make names different for l1 and l2

3879

suffix: "l2"

3880

# -- The age of chunks should be transfered from l1 cache to l2

3881

# 4 days

3882

l2ChunkCacheHandoff: 345600s

3883

# -- Specifies whether memcached based chunks-cache-l2 should be enabled

3884

enabled: false

3885

# -- Comma separated addresses list in DNS Service Discovery format

3886

addresses: 'dnssrvnoa+_memcached-client._tcp.{{ include "loki.resourceName" (dict "ctx" $ "component" "chunks-cache" "suffix" $.Values.chunksCache.l2.suffix ) }}.{{ include "loki.namespace" $ }}.svc.{{ .Values.global.clusterDomain }}'

3887

# -- Batchsize for sending and receiving chunks from chunks cache

3888

batchSize: 4

3889

# -- Parallel threads for sending and receiving chunks from chunks cache

3890

parallelism: 5

3891

# -- Memcached operation timeout

3892

timeout: 2000ms

3893

# -- Specify how long cached chunks should be stored in the chunks-cache-l2 before being expired

3894

defaultValidity: 0s

3895

# -- Specify how long cached chunks should be stored in the chunks-cache-l2 before being expired

3896

replicas: 1

3897

# -- Port of the chunks-cache-l2 service

3898

port: 11211

3899

# -- Amount of memory allocated to chunks-cache-l2 for object storage (in MB).

3900

allocatedMemory: 8192

3901

# -- Amount of cpu allocated to chunks-cache-l2 for object storage (in integer or millicores).

3902

allocatedCPU: 500m

3903

# -- Maximum item memory for chunks-cache-l2 (in MB).

3904

maxItemMemory: 5

3905

# -- Maximum number of connections allowed

3906

connectionLimit: 16384

3907

# -- Max memory to use for cache write back

3908

writebackSizeLimit: 500MB

3909

# -- Max number of objects to use for cache write back

3910

writebackBuffer: 500000

3911

# -- Number of parallel threads for cache write back

3912

writebackParallelism: 1

3913

# -- Extra init containers for chunks-cache-l2 pods

3914

initContainers: []

3915

# -- Annotations for the chunks-cache-l2 pods

3916

annotations: {}

3917

# -- Node selector for chunks-cach-l2 pods

3918

nodeSelector: {}

3919

# -- Affinity for chunks-cache-l2 pods

3920

affinity: {}

3921

# -- topologySpreadConstraints allows to customize the default topologySpreadConstraints. This can be either a single dict as shown below or a slice of topologySpreadConstraints.

3922

# labelSelector is taken from the constraint itself (if it exists) or is generated by the chart using the same selectors as for services.

3923

topologySpreadConstraints: []

3924

# maxSkew: 1

3925

# topologyKey: kubernetes.io/hostname

3926

# whenUnsatisfiable: ScheduleAnyway

3927

# -- Tolerations for chunks-cache-l2 pods

3928

tolerations: []

3929

# -- Pod Disruption Budget maxUnavailable

3930

maxUnavailable: 1

3931

# -- DNSConfig for chunks-cache-l2

3932

dnsConfig: {}

3933

# -- The name of the PriorityClass for chunks-cache-l2 pods

3934

priorityClassName: null

3935

# -- Use the host's user namespace in chunks-cache-l2 pods

3936

hostUsers: nil

3937

# -- Labels for chunks-cache-l2 pods

3938

podLabels: {}

3939

# -- Annotations for chunks-cache-l2 pods

3940

podAnnotations: {}

3941

# -- Management policy for chunks-cache-l2 pods

3942

podManagementPolicy: Parallel

3943

# -- Grace period to allow the chunks-cache-l2 to shutdown before it is killed

3944

terminationGracePeriodSeconds: 60

3945

# -- Stateful chunks-cache strategy

3946

statefulStrategy:

3947

type: RollingUpdate

3948

# -- Add extended options for chunks-cache-l2 memcached container. The format is the same as for the memcached -o/--extend flag.

3949

# Example:

3950

# extraExtendedOptions: 'tls,no_hashexpand'

3951

extraExtendedOptions: ""

3952

# -- Additional CLI args for chunks-cache-l2

3953

extraArgs: {}

3954

# -- Additional containers to be added to the chunks-cache-l2 pod.

3955

extraContainers: []

3956

# -- Additional volumes to be added to the chunks-cache-l2 pod (applies to both memcached and exporter containers).

3957

# Example:

3958

# extraVolumes:

3959

# - name: extra-volume

3960

# secret:

3961

# secretName: extra-volume-secret

3962

extraVolumes: []

3963

# -- Additional volume mounts to be added to the chunks-cache-l2 pod (applies to both memcached and exporter containers).

3964

# Example:

3965

# extraVolumeMounts:

3966

# - name: extra-volume

3967

# mountPath: /etc/extra-volume

3968

# readOnly: true

3969

extraVolumeMounts: []

3970

# -- Resource requests and limits for the chunks-cache-l2

3971

# By default a safe memory limit will be requested based on allocatedMemory value (floor (* 1.2 allocatedMemory)).

3972

resources: null

3973

# -- Service annotations and labels

3974

service:

3975

annotations: {}

3976

labels: {}

3977

# -- Persistence settings for the chunks-cache-l2

3978

persistence:

3979

# -- Enable creating PVCs for the chunks-cache-l2

3980

enabled: false

3981

# -- Size of persistent disk, must be in G or Gi

3982

storageSize: 10G

3983

# -- Storage class to be used.

3984

# If defined, storageClassName: <storageClass>.

3985

# If set to "-", storageClassName: "", which disables dynamic provisioning.

3986

# If empty or set to null, no storageClassName spec is

3987

# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).

3988

storageClass: null

3989

# -- Volume attributes class name to be used.

3990

# If empty or set to null, no volumeAttributesClassName spec is set.

3991

# Requires Kubernetes 1.31

3992

volumeAttributesClassName: null

3993

# -- Volume mount path

3994

mountPath: /data

3995

labels: {}

3996

######################################################################################################################

3997

3998

# Subchart configurations

3999

4000

######################################################################################################################

4001

# -- Setting for the Grafana Rollout Operator https://github.com/grafana/helm-charts/tree/main/charts/rollout-operator

4002

rollout_operator:

4003

enabled: false

4004

# -- podSecurityContext is the pod security context for the rollout operator.

4005

# When installing on OpenShift, override podSecurityContext settings with

4006

4007

# rollout_operator:

4008

# podSecurityContext:

4009

# fsGroup: null

4010

# runAsGroup: null

4011

# runAsUser: null

4012

podSecurityContext:

4013

fsGroup: 10001

4014

runAsGroup: 10001

4015

runAsNonRoot: true

4016

runAsUser: 10001

4017

seccompProfile:

4018

type: RuntimeDefault

4019

# Set the container security context

4020

securityContext:

4021

readOnlyRootFilesystem: true

4022

capabilities:

4023

drop: [ALL]

4024

allowPrivilegeEscalation: false

4025

# -- Configuration for the minio subchart

4026

minio:

4027

enabled: false

4028

# Override the upstream MinIO, Inc. images with the Pigsty (pgsty) community

4029

# fork to mitigate the unresolved CVE in the abandoned MinIO images.

4030

# See https://github.com/pgsty/minio for details.

4031

image:

4032

repository: docker.io/pgsty/minio

4033

tag: RELEASE.2026-03-14T12-00-00Z

4034

pullPolicy: IfNotPresent

4035

mcImage:

4036

repository: docker.io/pgsty/mc

4037

tag: RELEASE.2026-03-13T08-57-32Z

4038

pullPolicy: IfNotPresent

4039

replicas: 1

4040

# Minio requires 2 to 16 drives for erasure code (drivesPerNode * replicas)

4041

# https://docs.min.io/docs/minio-erasure-code-quickstart-guide

4042

# Since we only have 1 replica, that means 2 drives must be used.

4043

drivesPerNode: 2

4044

# root user; not used for GEL authentication

4045

rootUser: root-user

4046

rootPassword: supersecretpassword

4047

# The first user in the list below is used for Loki/GEL authentication.

4048

# You can add additional users if desired; they will not impact Loki/GEL.

4049

# `accessKey` = username, `secretKey` = password

4050

users:

4051

- accessKey: logs-user

4052

secretKey: supersecretpassword

4053

policy: readwrite

4054

buckets:

4055

- name: chunks

4056

policy: none

4057

purge: false

4058

- name: ruler

4059

policy: none

4060

purge: false

4061

- name: admin

4062

policy: none

4063

purge: false

4064

persistence:

4065

size: 5Gi

4066

annotations: {}

4067

resources:

4068

requests:

4069

cpu: 100m

4070

memory: 128Mi

4071

# Allow the address used by Loki to refer to Minio to be overridden

4072

address: null

4073

# Create extra manifests via values

4074

# Can be a list or dictionary, both are passed through `tpl`. If dict, keys are ignored and only values are used.

4075

# Objects can also be defined as multiline strings, useful for templating field names

4076

extraObjects: null

4077

# - apiVersion: v1

4078

# kind: ConfigMap

4079

# metadata:

4080

# name: loki-alerting-rules

4081

# data:

4082

# loki-alerting-rules.yaml: |-

4083

# groups:

4084

# - name: example

4085

# rules:

4086

# - alert: example

4087

# expr: |

4088

# sum(count_over_time({app="loki"} |~ "error")) > 0

4089

# for: 3m

4090

# labels:

4091

# severity: warning

4092

# category: logs

4093

# annotations:

4094

# message: "loki has encountered errors"

4095

# - |

4096

# apiVersion: v1

4097

# kind: Secret

4098

# type: Opaque

4099

# metadata:

4100

# name: loki-distributed-basic-auth

4101

# data:

4102

# {{- range .Values.loki.tenants }}

4103

# {{ .name }}: {{ b64enc .password | quote }}

4104

# {{- end }}

4105

4106

sidecar:

4107

image:

4108

registry: docker.io

4109

# -- The Docker registry and image for the k8s sidecar

4110

repository: cgr.dev/chainguard-private/k8s-sidecar

4111

# -- Docker image tag

4112

tag: latest

4113

# -- Docker image sha. If empty, no sha will be used

4114

sha: sha256:3e75b2ef05a41f5f590eb50c34e0d14bdefc4b0d1eda22c6f0cffd845015cc59

4115

# -- Docker image pull policy

4116

pullPolicy: IfNotPresent

4117

# -- Resource requests and limits for the sidecar

4118

resources: {}

4119

# limits:

4120

# cpu: 100m

4121

# memory: 100Mi

4122

# requests:

4123

# cpu: 50m

4124

# memory: 50Mi

4125

# -- The SecurityContext for the sidecar.

4126

securityContext:

4127

readOnlyRootFilesystem: true

4128

capabilities:

4129

drop:

4130

- ALL

4131

allowPrivilegeEscalation: false

4132

# -- Set to true to skip tls verification for kube api calls.

4133

skipTlsVerify: false

4134

# -- Set to true to disable strict x509 verification for kube api calls.

4135

disableX509StrictVerification: false

4136

# -- Ensure that rule files aren't conflicting and being overwritten by prefixing their name with the namespace they are defined in.

4137

enableUniqueFilenames: false

4138

# -- Readiness probe definition. Probe is disabled on the sidecar by default.

4139

readinessProbe: {}

4140

# -- Liveness probe definition. Probe is disabled on the sidecar by default.

4141

livenessProbe: {}

4142

# -- Startup probe definition. Probe is disabled on the sidecar by default.

4143

startupProbe: {}

4144

rules:

4145

# -- Whether or not to create a sidecar to ingest rule from specific ConfigMaps and/or Secrets.

4146

enabled: true

4147

# -- Label that the configmaps/secrets with rules will be marked with.

4148

label: loki_rule

4149

# -- Label value that the configmaps/secrets with rules will be set to.

4150

labelValue: ""

4151

# -- Folder into which the rules will be placed.

4152

folder: /rules

4153

# -- The annotation overwriting the folder value.

4154

# The annotation value can be either an absolute or a relative path. Relative paths will be relative to FOLDER.

4155

# Useful for multi-tenancy setups.

4156

folderAnnotation: null

4157

# -- Comma separated list of namespaces. If specified, the sidecar will search for config-maps/secrets inside these namespaces.

4158

# Otherwise the namespace in which the sidecar is running will be used.

4159

# It's also possible to specify 'ALL' to search in all namespaces.

4160

searchNamespace: null

4161

# -- Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH request, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.

4162

watchMethod: WATCH

4163

# -- Search in configmap, secret, or both.

4164

resource: both

4165

# -- Absolute path to the shell script to execute after a configmap or secret has been reloaded.

4166

script: null

4167

# -- WatchServerTimeout: request to the server, asking it to cleanly close the connection after that.

4168

# defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S.

4169

watchServerTimeout: 60

4170

4171

# -- WatchClientTimeout: is a client-side timeout, configuring your local socket.

4172

# If you have a network outage dropping all packets with no RST/FIN,

4173

# this is how long your client waits before realizing & dropping the connection.

4174

# Defaults to 66sec.

4175

watchClientTimeout: 60

4176

# -- Log level of the sidecar container.

4177

logLevel: INFO

4178

# -- Monitoring section determines which monitoring features to enable

4179

monitoring:

4180

# Dashboards for monitoring Loki

4181

dashboards:

4182

# -- If enabled, create configmap with dashboards for monitoring Loki

4183

enabled: false

4184

# -- Alternative namespace to create dashboards ConfigMap in

4185

namespace: null

4186

# -- Additional annotations for the dashboards ConfigMap

4187

annotations: {}

4188

# -- Labels for the dashboards ConfigMap

4189

labels:

4190

grafana_dashboard: "1"

4191

# -- Recording rules for monitoring Loki, required for some dashboards

4192

rules:

4193

# -- If enabled, create PrometheusRule resource with Loki recording rules

4194

enabled: false

4195

# -- Include alerting rules

4196

alerting: true

4197

# -- Specify which individual alerts should be disabled

4198

# -- Instead of turning off each alert one by one, set the .monitoring.rules.alerting value to false instead.

4199

# -- If you disable all the alerts and keep .monitoring.rules.alerting set to true, the chart will fail to render.

4200

4201

# -- DEPRECATED: use monitoring.rules.configs.*.enabled instead

4202

disabled: {}

4203

# LokiRequestErrors: true

4204

# LokiRequestPanics: true

4205

4206

configs:

4207

LokiRequestErrors:

4208

enabled: true

4209

for: 15m

4210

lookbackPeriod: 2m

4211

severity: critical

4212

threshold: 10

4213

LokiRequestPanics:

4214

enabled: true

4215

lookbackPeriod: 10m

4216

severity: critical

4217

threshold: 0

4218

LokiRequestLatency:

4219

enabled: true

4220

for: 15m

4221

severity: critical

4222

threshold: 1

4223

LokiTooManyCompactorsRunning:

4224

enabled: true

4225

for: 5m

4226

severity: warning

4227

LokiCanaryLatency:

4228

enabled: true

4229

for: 15m

4230

lookbackPeriod: 5m

4231

severity: warning

4232

threshold: 5

4233

# -- Alternative namespace to create PrometheusRule resources in

4234

namespace: null

4235

# -- Additional annotations for the rules PrometheusRule resource

4236

annotations: {}

4237

# -- Additional labels for the rules PrometheusRule resource

4238

labels: {}

4239

# -- Additional annotations for PrometheusRule alerts

4240

additionalRuleAnnotations: {}

4241

# e.g.:

4242

# additionalRuleAnnotations:

4243

# runbook_url: "https://runbooks.example.com/oncall/loki"

4244

# summary: "What this alert means and how to respond"

4245

# -- Additional labels for PrometheusRule alerts

4246

additionalRuleLabels: {}

4247

# -- Additional groups to add to the rules file

4248

additionalGroups: []

4249

# - name: additional-loki-rules

4250

# rules:

4251

# - record: job:loki_request_duration_seconds_bucket:sum_rate

4252

# expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job)

4253

# - record: job_route:loki_request_duration_seconds_bucket:sum_rate

4254

# expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route)

4255

# - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate

4256

# expr: sum(rate(container_cpu_usage_seconds_total[1m])) by (node, namespace, pod, container)

4257

# -- ServiceMonitor configuration

4258

serviceMonitor:

4259

# -- If enabled, ServiceMonitor resources for Prometheus Operator are created

4260

enabled: false

4261

# -- Namespace selector for ServiceMonitor resources

4262

namespaceSelector: {}

4263

# -- ServiceMonitor annotations

4264

annotations: {}

4265

# -- Additional ServiceMonitor labels

4266

labels: {}

4267

# -- ServiceMonitor scrape interval

4268

# Default is 15s because included recording rules use a 1m rate, and scrape interval needs to be at

4269

# least 1/4 rate interval.

4270

interval: 15s

4271

# -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s)

4272

scrapeTimeout: null

4273

# -- ServiceMonitor relabel configs to apply to samples before scraping

4274

# https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

4275

relabelings: []

4276

# -- ServiceMonitor metric relabel configs to apply to samples before ingestion

4277

# https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint

4278

metricRelabelings: []

4279

# -- ServiceMonitor will use http by default, but you can pick https as well

4280

scheme: http

4281

# -- ServiceMonitor will use these tlsConfig settings to make the health check requests

4282

tlsConfig: null

4283

# -- DEPRECATED If defined, will create a MetricsInstance for the Grafana Agent Operator.

4284

metricsInstance:

4285

# -- If enabled, MetricsInstance resources for Grafana Agent Operator are created

4286

enabled: true

4287

# -- MetricsInstance annotations

4288

annotations: {}

4289

# -- Additional MetricsInstance labels

4290

labels: {}

4291

# -- If defined a MetricsInstance will be created to remote write metrics.

4292

remoteWrite: null

4293

# -- DEPRECATED Self monitoring determines whether Loki should scrape its own logs.

4294

# This feature relies on Grafana Agent Operator, which is deprecated.

4295

# It will create custom resources for GrafanaAgent, LogsInstance, and PodLogs to configure

4296

# scrape configs to scrape its own logs with the labels expected by the included dashboards.

4297

selfMonitoring:

4298

enabled: false

4299

# -- Tenant to use for self monitoring

4300

tenant:

4301

# -- Name of the tenant

4302

4303

# -- Password of the gateway for Basic auth

4304

password: null

4305

# -- Namespace to create additional tenant token secret in. Useful if your Grafana instance

4306

# is in a separate namespace. Token will still be created in the canary namespace.

4307

# @default -- The same namespace as the loki chart is installed in.

4308

secretNamespace: '{{ include "loki.namespace" . }}'

4309

# -- DEPRECATED Grafana Agent configuration

4310

grafanaAgent:

4311

# -- DEPRECATED Controls whether to install the Grafana Agent Operator and its CRDs.

4312

# Note that helm will not install CRDs if this flag is enabled during an upgrade.

4313

# In that case install the CRDs manually from https://github.com/grafana/agent/tree/main/production/operator/crds

4314

installOperator: false

4315

# -- Grafana Agent annotations

4316

annotations: {}

4317

# -- Additional Grafana Agent labels

4318

labels: {}

4319

# -- Enable the config read api on port 8080 of the agent

4320

enableConfigReadAPI: false

4321

# -- The name of the PriorityClass for GrafanaAgent pods

4322

priorityClassName: null

4323

# -- Resource requests and limits for the grafanaAgent pods

4324

resources: {}

4325

# limits:

4326

# memory: 200Mi

4327

# requests:

4328

# cpu: 50m

4329

# memory: 100Mi

4330

# -- Tolerations for GrafanaAgent pods

4331

tolerations: []

4332

# PodLogs configuration

4333

podLogs:

4334

# -- PodLogs version

4335

apiVersion: monitoring.grafana.com/v1alpha1

4336

# -- PodLogs annotations

4337

annotations: {}

4338

# -- Additional PodLogs labels

4339

labels: {}

4340

# -- PodLogs relabel configs to apply to samples before scraping

4341

# https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

4342

relabelings: []

4343

# -- Additional pipeline stages to process logs after scraping

4344

# https://grafana.com/docs/agent/latest/operator/api/#pipelinestagespec-a-namemonitoringgrafanacomv1alpha1pipelinestagespeca

4345

additionalPipelineStages: []

4346

# LogsInstance configuration

4347

logsInstance:

4348

# -- LogsInstance annotations

4349

annotations: {}

4350

# -- Additional LogsInstance labels

4351

labels: {}

4352

# -- Additional clients for remote write

4353

clients: null

4354

# -- DEPRECATED Configuration for the table-manager. The table-manager is only necessary when using a deprecated

4355

# index type such as Cassandra, Bigtable, or DynamoDB, it has not been necessary since loki introduced self-

4356

# contained index types like 'boltdb-shipper' and 'tsdb'. This will be removed in a future helm chart.

4357

tableManager:

4358

# -- Specifies whether the table-manager should be enabled

4359

enabled: false

4360

image:

4361

# -- The Docker registry for the table-manager image. Overrides `loki.image.registry`

4362

registry: null

4363

# -- Docker image repository for the table-manager image. Overrides `loki.image.repository`

4364

repository: null

4365

# -- Docker image tag for the table-manager image. Overrides `loki.image.tag`

4366

tag: null

4367

# -- Command to execute instead of defined in Docker image

4368

command: null

4369

# -- The name of the PriorityClass for table-manager pods

4370

priorityClassName: null

4371

# -- Labels for table-manager pods

4372

podLabels: {}

4373

# -- Annotations for table-manager deployment

4374

annotations: {}

4375

# -- Annotations for table-manager pods

4376

podAnnotations: {}

4377

service:

4378

# -- Annotations for table-manager Service

4379

annotations: {}

4380

# -- Additional labels for table-manager Service

4381

labels: {}

4382

# -- Additional CLI args for the table-manager

4383

extraArgs: []

4384

# -- Environment variables to add to the table-manager pods

4385

extraEnv: []

4386

# -- Environment variables from secrets or configmaps to add to the table-manager pods

4387

extraEnvFrom: []

4388

# -- Volume mounts to add to the table-manager pods

4389

extraVolumeMounts: []

4390

# -- Volumes to add to the table-manager pods

4391

extraVolumes: []

4392

# -- Resource requests and limits for the table-manager

4393

resources: {}

4394

# -- Containers to add to the table-manager pods

4395

extraContainers: []

4396

# -- Grace period to allow the table-manager to shutdown before it is killed

4397

terminationGracePeriodSeconds: 30

4398

# -- Use the host's user namespace in table-manager pods

4399

hostUsers: nil

4400

# -- Affinity for table-manager pods.

4401

# @default -- Hard node and anti-affinity

4402

# The value will be passed through tpl.

4403

affinity:

4404

podAntiAffinity:

4405

requiredDuringSchedulingIgnoredDuringExecution:

4406

- labelSelector:

4407

matchLabels:

4408

app.kubernetes.io/component: table-manager

4409

app.kubernetes.io/name: '{{ include "loki.name" . }}'

4410

app.kubernetes.io/instance: '{{ .Release.Name }}'

4411

topologyKey: kubernetes.io/hostname

4412

# -- DNS config table-manager pods

4413

dnsConfig: {}

4414

# -- Node selector for table-manager pods

4415

nodeSelector: {}

4416

# -- Tolerations for table-manager pods

4417

tolerations: []

4418

# -- Enable deletes by retention

4419

retention_deletes_enabled: false

4420

# -- Set retention period

4421

retention_period: 0

4422

The trusted source for open source

Talk to an expert

Privacy

Terms

© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.

loki

The trusted source for open source

Product

Solutions

Customers

Resources

Company