Parameters

The parent key for all of the following parameters is loki.

namespace

type

dict
default 
namespace:
  name: ${_instance} (1)
  create: true (2)
  metadata: {} (3)
1 The name of the namespace to deploy component into.
2 Should the namespace be created by the component.
3 Metadata to add to the namespace.

The namespace in which to deploy this component.

charts

type

dict
default 
charts:
  loki:
    source: https://grafana-community.github.io/helm-charts
    version: v13.5.0

Holds the reference to the used version of the charts. See class/defaults.yml for the current version.

images

type

dict
default 
images:
  loki:
    registry: docker.io
    repository: grafana/loki
  memcached:
    registry: docker.io
    repository: library/memcached
  memcachedExporter:
    registry: docker.io
    repository: prom/memcached-exporter
  nginx:
    registry: docker.io
    repository: nginxinc/nginx-unprivileged
example 
images:
  loki:
    registry: my-docker-cache.example.org
    tag: latest
  memcached:
    tag: latest
  memcachedExporter:
    tag: latest
  nginx:
    tag: latest

Configures the image registry, repository and tag.

If the tag parameter is not set, the one from the Helm chart will be used.

preset

type

string
default

legacy

Choose a preset for scaling the Loki components.

Available options: none, legacy, extra-small.

Only use legacy if you are updating from v0.3.x of this component.

components

Configuration of the different Loki components.

The values of each component reflect the corresponding sections in the Helm charts values.yaml file.

Read path: querier, queryFrontend, queryScheduler. Write path: distributor, ingester. Backend: compactor, indexGateway. Ingress: gateway. Optional: alertmanager, overridesExporter, patternIngester, ruler. Experimental: bloomGateway, bloomPlanner, bloomBuilder

components.querier

type

dict
default 
components:
  querier:
    enabled: true

The querier service is responsible for executing Log Query Language (LogQL) queries. The querier can handle HTTP requests from the client directly or pull subqueries from the query frontend or query scheduler.

components.queryFrontend

type

dict
default 
components:
  queryFrontend:
    enabled: true

The query frontend is an optional service providing the querier’s API endpoints and can be used to accelerate the read path. When the query frontend is in place, incoming query requests should be directed to the query frontend instead of the queriers. The querier service will be still required within the cluster, in order to execute the actual queries.

components.queryScheduler

type

dict
default 
components:
  queryScheduler:
    enabled: true

The query scheduler is an optional service providing more advanced queuing functionality than the query frontend. When using this component in the Loki deployment, query frontend pushes split up queries to the query scheduler which enqueues them in an internal in-memory queue.

components.distributor

type

dict
default 
components:
  distributor:
    enabled: true

The distributor service is responsible for handling incoming push requests from clients. It’s the first step in the write path for log data.

components.ingester

type

dict
default 
components:
  ingester:
    enabled: true

The ingester service is responsible for persisting data and shipping it to long-term S3 storage on the write path, and returning recently ingested, in-memory log data for queries on the read path.

components.compactor

type

dict
default 
components:
  compactor:
    enabled: true

The compactor service is used to compact the multiple index files produced by the ingesters and shipped to object storage into single index files per day and tenant. This makes index lookups more efficient.

components.indexGateway

type

dict
default 
components:
  indexGateway:
    enabled: true

The index gateway service is responsible for handling and serving metadata queries. Metadata queries are queries that look up data from the index.

components.gateway

type

dict
default 
components:
  gateway:
    enabled: true

The Loki gateway is a critical component for query, write, and alert paths. It improves performance and simplifies deployments by acting as a single entry point for all Loki requests.

components.alertmanager

type

dict
default 
components:
  alertmanager:
    enabled: true

The Loki Alertmanager is an optional component that accepts alert notifications from the Loki ruler.

components.overridesExporter

type

dict
default 
components:
  overridesExporter:
    enabled: true

Grafana Loki supports applying overrides on a per-tenant basis. A number of overrides configure limits that prevent a single tenant from using too many resources. The overrides-exporter component exposes limits as Prometheus metrics so that operators can understand how close tenants are to their limits.

components.patternIngester

type

dict
default 
components:
  patternIngester:
    enabled: false

The optional pattern ingester component receives log data from the ingesters and scans the logs to detect and aggregate patterns. This can be useful for understanding the structure of your logs at scale. The pattern ingester is used by the pattern feature in Logs Drilldown, which lets you detect similar log lines and add or exclude them from your search.

components.ruler

type

dict
default 
components:
  ruler:
    enabled: false

The ruler service manages and evaluates rule and/or alert expressions provided in a rule configuration.

caches

Configuration of the cache components of Loki. Caching is optional, but highly recommended in a production environment.

The values of each component reflect the corresponding sections in the Helm charts values.yaml file.

caches.chunks

type

dict
default 
caches:
  chunks:
    enabled: true

The chunks are cached using the chunkRef as the cache key, which is the unique reference to a chunk when it’s cut in the Loki ingesters. The chunk cache is consulted by queriers each time a set of chunkRefs are calculated to serve the query, before going to the storage layer.

caches.results

type

dict
default 
caches:
  results:
    enabled: true

The results cache stores the results for index-stat, instant-metric, label and volume queries and it supports negative caching for log queries. It is sometimes called frontend cache in some configurations.

experimental

Configuration of the experimental components of Loki.

This is are experimental features, use at your own discretion.

The values of each component reflect the corresponding sections in the Helm charts values.yaml file.

experimental.bloomPlanner

type

dict
default 
caches:
  bloomPlanner:
    enabled: false

The Bloom Planner service is responsible for planning the tasks for blooms creation. It runs as a singleton and provides a queue from which tasks are pulled by the Bloom Builders. The planning runs periodically and takes into account what blooms have already been built for a given day and tenant and what series need to be newly added.

experimental.bloomBuilder

type

dict
default 
caches:
  bloomBuilder:
    enabled: false

The Bloom Builder service is responsible for processing the tasks created by the Bloom Planner. The Bloom Builder creates bloom blocks from structured metadata of log entries. The resulting blooms are grouped in bloom blocks spanning multiple series and chunks from a given day. This component also builds metadata files to track which blocks are available for each series and TSDB index file.

experimental.bloomGateway

type

dict
default 
caches:
  bloomGateway:
    enabled: false

The Bloom Gateway service is responsible for handling and serving chunks filtering requests. The index gateway queries the Bloom Gateway when computing chunk references, or when computing shards for a given query. The gateway service takes a list of chunks and a filtering expression and matches them against the blooms, filtering out any chunks that do not match the given label filter expression.

global

Configure global settings.

global.nodeSelector

type

dict
default 
global:
  nodeSelector: {}
example 
global:
  nodeSelector:
    appuio.io/node-class: plus

Node selector configuration which is used for each component’s nodeSelector field in parameter helm_values.

This value is used verbatim as a Kubernetes node selector.

global.retention

type

string
default 
global:
  retention: 30d

Global logs retention.

global.zoneAwareReplication

type

dict
default 
global:
  zoneAwareReplication:
    enabled: false
    topologyKey: 'kubernetes.io/hostname'
example 
global:
  zoneAwareReplication:
    enabled: true
    zones:
      - name: zone-a
        nodeSelector:
          topology.kubernetes.io/zone: 'zone-a'
      - name: zone-b
        nodeSelector:
          topology.kubernetes.io/zone: 'zone-b'
      - name: zone-c
        nodeSelector:
          topology.kubernetes.io/zone: 'zone-c'

Zone-aware replication is the replication of data across failure domains. Zone-aware replication helps to avoid data loss during a domain outage. Grafana Loki defines failure domains as zones.

s3

Configure S3 for storage.

s3.bucketPrefix

type

string
default

${_instance}

Set the prefix for the buckets used to store logs.

s3.endpoint

type

string
default

``
example 
s3:
  endpoint: 'objects.rma.cloudscale.ch'

Conigure the endpoint for the S3 storage.

s3.region

type

string
default

null
example 
s3:
  region: 'us-east-1'

Conigure the region for the S3 storage.

For Cloudscale and Exoscale the region will be calculated from cluster facts.

s3.forcePathStyle

type

boolean
default

true

Force path-style S3 URLs for the endpoint.

s3.insecure

type

boolean
default

false

Wether or not to check the certificate for the endpoint.

s3.auth

type

dict
default 
s3:
  auth:
    accessKeyId: '?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/s3_access_key}'
    secretAccessKey: '?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/s3_secret_key}'
    #increase if auth credentials change
    secretVersion: 0

Configure access- and secret key for the S3 storage.

networkPolicy

Configure the NetworkPolicy if necessary.

networkPolicy.enabled

type

boolean
default 
networkPolicy:
  enabled: true

Enables or disables NetworkPolicy.

The NetworkPolicy will only be deployed if it is enabled and has at least 1 entry in allowedNamespaces and exposedComponents.

networkPolicy.enabled

type

boolean
default

true

Enable or disable the creation of NetworkPolicies.

networkPolicy.exposedComponents

type

dict
default 
networkPolicy:
  exposedComponents:
    - query-frontend
    - gateway
example 
networkPolicy:
  exposedComponents:
    - ~query-frontend

Define what components this NetworkPolicy should allow access to.

The components prefixed with a tilde ~ are removed from the resulting list.

networkPolicy.allowedNamespaces

type

dict
default 
networkPolicy:
  allowedNamespaces: []
example 
networkPolicy:
  allowedNamespaces:
    - vshn-grafana

Define the namespaces that should be able to access this instance.

The namespaces prefixed with a tilde ~ are removed from the resulting list.

ingress

Ingress configuration

ingress.enabled

type

boolean
default 
ingress:
  enabled: false

Enables ingress.

ingress.tls.enabled

type

dict
default 
ingress:
  tls:
    enabled: true

Enables using TLS for ingress.

ingress.tls.clusterIssuer

type

dict
default 
ingress:
  tls:
    clusterIssuer: letsencrypt-production

Configures the annotation for the cert-manager ClusterIssuer, this component assumes cert-manager is installed.

ingress.tls.key and ingress.tls.cert

type

dict
default 
ingress:
  tls:
    key: null
    cert: null
default 
ingress:
  tls:
    clusterIssuer: null
    key: |
      -----BEGIN PRIVATE KEY-----
      ...
      -----END PRIVATE KEY-----
    cert: |
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----

Configures private key and certificate for TLS. The secret will automatically be created.

This requires ingress.tls.clusterIssuer to be null. If both are enabled, ingress.tls.clusterIssuer takes precedence.

ingress.url

type

dict
default 
ingress:
  url: ''

The URL for witch the ingress is configured.

ingress.annotations and ingress.labels

type

dict
default 
ingress:
  annotations: {}
  labels: {}
example 
ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-staging

Add custom annotations and labels.

basicAuth

Configures basic authentication for nginx.

basicAuth.enabled

type

boolean
default 
basicAuth:
  enabled: false

Enables basic authentication for nginx.

basicAuth.htpasswd

type

boolean
default 
basicAuth:
  htpasswd: '?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/htpasswd}'

The content of the .htpasswd file.

If you set the basicAuth.htpasswd: null, you can use the basicAuth.existingSecret to inlcude an existing secret.

monitoring

type

dict
default 
monitoring: true

Enable the service monitors, rules, and alerts from the Helm chart.

alerts

Configurations related to alerts.

Upstream service monitors, rules, and alerts can be enabled by setting the following Helm values:

helm_values:
  monitoring:
    serviceMonitor:
      enabled: true
    rules:
      enabled: true

alerts.additionalRules

type

dict
default

See class/defaults.yml
example 
additionalRules:
  "alert:CustomTestAlert":
    expr: vector(1) == 0
    for: 1h
    annotations:
      summary: Test alert
    labels:
      severity: warning

This parameter allows users to configure additional alerting and recording rules. All rules defined in this parameter will be added to rule group loki-custom.rules.

alerts.patchRules

type

dict
default

See class/defaults.yml
example 
patchRules:
  ignoreNames:
    - LokiContinuousTestNotRunningOnWrites
  patches:
    LokiInconsistentRuntimeConfig:
      for: 15m

This parameter allows users to patch or remove alerts provided by the upstream Loki chart.

The values in the ignoreNames parameter correspond to the field alert of the alert to ignore.

The keys in the patches parameter correspond to the field alert of the alert to patch. The component expects valid partial Prometheus alert rule objects as values.

The provided values aren’t validated, they’re applied to the corresponding upstream alert as-is.

secrets

type

dict
default

{}
example 
secrets:
  loki-bucket-secret:
    stringData:
      S3_ACCESS_KEY_ID: null
      S3_SECRET_ACCESS_KEY: null
      S3_ENDPOINT: null

A dict of secrets to create in the namespace. The key is the name of the secret, the value is the content of the secret. The value must be a dict with a key stringData which is a dict of key/value pairs to add to the secret.

helm_values

type

dict
default

see class/defaults.yml

Holds the values for the helm chart.

The defaults are close to the upstream defaults, with HA enabled, and the bucket secret added.

Example

name: example-loki
namespace:
  name: example-loki
  create: true
  metadata:
    labels:
      example.com/organization: example