Merge changes I1ba3967a,Id55095c3

* changes:
  Describe infrastructure dependencies
  Use object store to store chunks created by Loki
diff --git a/README.md b/README.md
index 25566c7..241f29d 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,8 @@
 
 ## Dependencies
 
+### Software
+
 - Gerrit \
 Gerrit requires the following plugin to be installed:
   - [metrics-reporter-prometheus](https://gerrit.googlesource.com/plugins/metrics-reporter-prometheus/)
@@ -43,6 +45,20 @@
 yq is a commandline processor for yaml-files. Installation instructions can be
 found [here](https://mikefarah.gitbook.io/yq/).
 
+### Infrastructure
+
+- Kubernetes Cluster \
+A cluster with at least 3 free CPUs and 4 GB of free memory are required. In
+addition persistent storage of about 30 GB will be used.
+
+- Ingress Controller \
+The charts currently expect a Nginx ingress controller to be installed in the
+cluster.
+
+- Object store \
+Loki will store the data chunks in an object store. This store has to be callable
+via the S3 API.
+
 ## Add dashboards
 
 To have dashboards deployed automatically during installation, export the dashboards
@@ -78,6 +94,12 @@
 | `loki.host`                             | Loki ingress hostname                                                              |
 | `loki.username`                         | Username for Loki                                                                  |
 | `loki.password`                         | Password for Loki                                                                  |
+| `loki.s3.protocol`                      | Protocol used for communicating with S3                                            |
+| `loki.s3.host`                          | Hostname of the S3 object store                                                    |
+| `loki.s3.accessToken`                   | The EC2 accessToken used for authentication with S3                                |
+| `loki.s3.secret`                        | The secret associated with the accessToken                                         |
+| `loki.s3.bucket`                        | The name of the S3 bucket                                                          |
+| `loki.s3.region`                        | The region in which the S3 bucket is hosted                                        |
 | `loki.tls.cert`                         | TLS certificate                                                                    |
 | `loki.tls.key`                          | TLS key                                                                            |
 | `grafana.host`                          | Grafana ingress hostname                                                           |
diff --git a/charts/loki/loki.yaml b/charts/loki/loki.yaml
index e29b8e9..f3f63c5 100644
--- a/charts/loki/loki.yaml
+++ b/charts/loki/loki.yaml
@@ -73,7 +73,7 @@
     configs:
     - from: 2018-04-15
       store: boltdb
-      object_store: filesystem
+      object_store: s3
       schema: v9
       index:
         prefix: index_
@@ -86,8 +86,9 @@
   storage_config:
     boltdb:
       directory: /data/loki/index
-    filesystem:
-      directory: /data/loki/chunks
+    aws:
+      s3: #@ "{}://{}:{}@{}/{}".format(data.values.loki.s3.protocol, data.values.loki.s3.accessToken, data.values.loki.s3.secret, data.values.loki.s3.host, data.values.loki.s3.bucket)
+      s3forcepathstyle: true
   chunk_store_config:
     max_look_back_period: 0
   table_manager:
@@ -240,4 +241,6 @@
 #   targetPort: http
 
 # Extra env variables to pass to the loki container
-env: []
+env:
+- name: AWS_REGION
+  value: #@ data.values.loki.s3.region
diff --git a/config.yaml b/config.yaml
index 5f1c301..c7b9840 100644
--- a/config.yaml
+++ b/config.yaml
@@ -25,6 +25,13 @@
   host: loki.example.com
   username:
   password:
+  s3:
+    protocol: https
+    host: s3.eu-de-1.example.com
+    accessToken: abcd
+    secret: "1234"
+    bucket: bucket
+    region: eu-de-1
   tls:
     cert:
     key:
diff --git a/documentation/config-management.md b/documentation/config-management.md
index 037f9af..4a6c5e8 100644
--- a/documentation/config-management.md
+++ b/documentation/config-management.md
@@ -48,7 +48,7 @@
 sops \
   --encrypt \
   --in-place \
-  --encrypted-regex '(password|htpasswd|cert|key|apiUrl|caCert)$' \
+  --encrypted-regex '(password|htpasswd|cert|key|apiUrl|caCert|secret|accessToken)$' \
   --pgp \
     `gpg --fingerprint "$EMAIL" | \
      grep pub -A 1 | \
diff --git a/encrypt.sh b/encrypt.sh
index 6b0172b..1ae94e4 100755
--- a/encrypt.sh
+++ b/encrypt.sh
@@ -53,6 +53,6 @@
 sops \
   --encrypt \
   --in-place \
-  --encrypted-regex '(password|htpasswd|cert|key|apiUrl|caCert)$' \
+  --encrypted-regex '(password|htpasswd|cert|key|apiUrl|caCert|secret|accessToken)$' \
   --pgp $FINGERPRINT \
   $CONFIG