| #@ load("@ytt:data", "data") |
| |
| image: |
| repository: grafana/loki |
| tag: v1.3.0 |
| pullPolicy: IfNotPresent |
| |
| ingress: |
| enabled: #@ not data.values.istio.enabled |
| annotations: |
| kubernetes.io/ingress.class: nginx |
| nginx.ingress.kubernetes.io/auth-type: basic |
| nginx.ingress.kubernetes.io/auth-secret: loki-basic-auth |
| nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' |
| # kubernetes.io/tls-acme: "true" |
| hosts: |
| - host: #@ data.values.logging.loki.host |
| paths: |
| - / |
| tls: |
| - secretName: loki-server-tls |
| hosts: |
| - #@ data.values.logging.loki.host |
| |
| ## Affinity for pod assignment |
| ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
| affinity: {} |
| # podAntiAffinity: |
| # requiredDuringSchedulingIgnoredDuringExecution: |
| # - labelSelector: |
| # matchExpressions: |
| # - key: app |
| # operator: In |
| # values: |
| # - loki |
| # topologyKey: "kubernetes.io/hostname" |
| |
| ## StatefulSet annotations |
| annotations: {} |
| |
| # enable tracing for debug, need install jaeger and specify right jaeger_agent_host |
| tracing: |
| jaegerAgentHost: |
| |
| config: |
| auth_enabled: false |
| ingester: |
| chunk_idle_period: 3m |
| chunk_block_size: 262144 |
| chunk_retain_period: 15m |
| max_transfer_retries: 0 |
| lifecycler: |
| ring: |
| kvstore: |
| store: inmemory |
| replication_factor: 1 |
| |
| ## Different ring configs can be used. E.g. Consul |
| # ring: |
| # store: consul |
| # replication_factor: 1 |
| # consul: |
| # host: "consul:8500" |
| # prefix: "" |
| # httpclienttimeout: "20s" |
| # consistentreads: true |
| limits_config: |
| enforce_metric_name: false |
| max_streams_per_user: 1000000 |
| reject_old_samples: true |
| reject_old_samples_max_age: 168h |
| schema_config: |
| configs: |
| - from: 2018-04-15 |
| store: boltdb |
| object_store: s3 |
| schema: v9 |
| index: |
| prefix: index_ |
| period: 24h |
| chunks: |
| prefix: chunk_ |
| period: 24h |
| server: |
| http_listen_port: 3100 |
| storage_config: |
| boltdb: |
| directory: /data/loki/index |
| aws: |
| s3: #@ "{}://{}:{}@{}/{}".format(data.values.logging.loki.s3.protocol, data.values.logging.loki.s3.accessToken, data.values.logging.loki.s3.secret, data.values.logging.loki.s3.host, data.values.logging.loki.s3.bucket) |
| s3forcepathstyle: true |
| chunk_store_config: |
| max_look_back_period: 0 |
| table_manager: |
| retention_deletes_enabled: true |
| retention_period: 336h |
| |
| ## Additional Loki container arguments, e.g. log level (debug, info, warn, error) |
| extraArgs: {} |
| # log.level: debug |
| |
| livenessProbe: |
| httpGet: |
| path: /ready |
| port: http-metrics |
| initialDelaySeconds: 45 |
| |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ |
| networkPolicy: |
| enabled: false |
| |
| ## The app name of loki clients |
| client: {} |
| # name: |
| |
| ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
| nodeSelector: {} |
| |
| ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ |
| ## If you set enabled as "True", you need : |
| ## - create a pv which above 10Gi and has same namespace with loki |
| ## - keep storageClassName same with below setting |
| persistence: |
| enabled: true |
| accessModes: |
| - ReadWriteOnce |
| size: 10Gi |
| annotations: {} |
| # subPath: "" |
| # existingClaim: |
| |
| ## Pod Labels |
| podLabels: |
| istio-jwt: enabled |
| |
| ## Pod Annotations |
| podAnnotations: |
| prometheus.io/scrape: "true" |
| prometheus.io/port: "http-metrics" |
| |
| podManagementPolicy: OrderedReady |
| |
| ## Assign a PriorityClassName to pods if set |
| # priorityClassName: |
| |
| rbac: |
| create: true |
| pspEnabled: false |
| |
| readinessProbe: |
| httpGet: |
| path: /ready |
| port: http-metrics |
| initialDelaySeconds: 45 |
| |
| replicas: 1 |
| |
| resources: |
| limits: |
| cpu: 2 |
| memory: 3Gi |
| requests: |
| cpu: 1 |
| memory: 2Gi |
| |
| securityContext: |
| fsGroup: 10001 |
| runAsGroup: 10001 |
| runAsNonRoot: true |
| runAsUser: 10001 |
| |
| service: |
| type: ClusterIP |
| nodePort: |
| port: 3100 |
| annotations: {} |
| labels: {} |
| |
| serviceAccount: |
| create: true |
| name: |
| annotations: {} |
| |
| terminationGracePeriodSeconds: 4800 |
| |
| ## Tolerations for pod assignment |
| ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
| tolerations: [] |
| |
| # The values to set in the PodDisruptionBudget spec |
| # If not set then a PodDisruptionBudget will not be created |
| podDisruptionBudget: {} |
| # minAvailable: 1 |
| # maxUnavailable: 1 |
| |
| updateStrategy: |
| type: RollingUpdate |
| |
| serviceMonitor: |
| enabled: false |
| interval: "" |
| additionalLabels: {} |
| # scrapeTimeout: 10s |
| |
| initContainers: [] |
| ## Init containers to be added to the loki pod. |
| # - name: my-init-container |
| # image: busybox:latest |
| # command: ['sh', '-c', 'echo hello'] |
| |
| extraContainers: [] |
| ## Additional containers to be added to the loki pod. |
| # - name: reverse-proxy |
| # image: angelbarrera92/basic-auth-reverse-proxy:dev |
| # args: |
| # - "serve" |
| # - "--upstream=http://localhost:3100" |
| # - "--auth-config=/etc/reverse-proxy-conf/authn.yaml" |
| # ports: |
| # - name: http |
| # containerPort: 11811 |
| # protocol: TCP |
| # volumeMounts: |
| # - name: reverse-proxy-auth-config |
| # mountPath: /etc/reverse-proxy-conf |
| |
| |
| extraVolumes: [] |
| ## Additional volumes to the loki pod. |
| # - name: reverse-proxy-auth-config |
| # secret: |
| # secretName: reverse-proxy-auth-config |
| |
| ## Extra volume mounts that will be added to the loki container |
| extraVolumeMounts: [] |
| |
| extraPorts: [] |
| ## Additional ports to the loki services. Useful to expose extra container ports. |
| # - port: 11811 |
| # protocol: TCP |
| # name: http |
| # targetPort: http |
| |
| # Extra env variables to pass to the loki container |
| env: |
| - name: AWS_REGION |
| value: #@ data.values.logging.loki.s3.region |