Menu

Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.

Open source

Helm Chart Values

This is the generated reference for the Loki Helm Chart values.

Note: This reference is for the Loki Helm chart version 3.0 or greater. If you are using the grafana/loki-stack Helm chart from the community repo, please refer to the values.yaml of the respective Github repository grafana/helm-charts.

KeyTypeDescriptionDefault
backend.affinitystringAffinity for backend pods. Passed through `tpl` and, thus, to be configured as string
Hard node and soft zone anti-affinity
backend.extraArgslistAdditional CLI args for the backend
[]
backend.extraEnvlistEnvironment variables to add to the backend pods
[]
backend.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the backend pods
[]
backend.extraVolumeMountslistVolume mounts to add to the backend pods
[]
backend.extraVolumeslistVolumes to add to the backend pods
[]
backend.image.registrystringThe Docker registry for the backend image. Overrides `loki.image.registry`
null
backend.image.repositorystringDocker image repository for the backend image. Overrides `loki.image.repository`
null
backend.image.tagstringDocker image tag for the backend image. Overrides `loki.image.tag`
null
backend.initContainerslistInit containers to add to the backend pods
[]
backend.nodeSelectorobjectNode selector for backend pods
{}
backend.persistence.enableStatefulSetAutoDeletePVCboolEnable StatefulSetAutoDeletePVC feature
true
backend.persistence.selectorstringSelector for persistent disk
null
backend.persistence.sizestringSize of persistent disk
"10Gi"
backend.persistence.storageClassstringStorage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
null
backend.podAnnotationsobjectAnnotations for backend pods
{}
backend.podLabelsobjectAdditional labels for each `backend` pod
{}
backend.priorityClassNamestringThe name of the PriorityClass for backend pods
null
backend.replicasintNumber of replicas for the backend
3
backend.resourcesobjectResource requests and limits for the backend
{}
backend.selectorLabelsobjectAdditional selector labels for each `backend` pod
{}
backend.serviceLabelsobjectLabels for ingester service
{}
backend.targetModulestringComma-separated list of Loki modules to load for the read
"backend"
backend.terminationGracePeriodSecondsintGrace period to allow the backend to shutdown before it is killed. Especially for the ingester, this must be increased. It must be long enough so backends can be gracefully shutdown flushing/transferring all data and to successfully leave the member ring on shutdown.
300
backend.tolerationslistTolerations for backend pods
[]
enterprise.adminApiobjectIf enabled, the correct admin_client storage will be configured. If disabled while running enterprise, make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`.
{
  "enabled": true
}
enterprise.adminToken.additionalNamespaceslistAdditional namespace to also create the token in. Useful if your Grafana instance is in a different namespace
[]
enterprise.adminToken.secretstringAlternative name for admin token secret, needed by tokengen and provisioner jobs
null
enterprise.canarySecretstringAlternative name of the secret to store token for the canary
null
enterprise.cluster_namestringOptional name of the GEL cluster, otherwise will use .Release.Name The cluster name must match what is in your GEL license
null
enterprise.configstring
"{{- if .Values.enterprise.adminApi.enabled }}\n{{- if or .Values.minio.enabled (eq .Values.loki.storage.type \"s3\") (eq .Values.loki.storage.type \"gcs\") (eq .Values.loki.storage.type \"azure\") }}\nadmin_client:\n  storage:\n    s3:\n      bucket_name: {{ .Values.loki.storage.bucketNames.admin }}\n{{- end }}\n{{- end }}\nauth:\n  type: {{ .Values.enterprise.adminApi.enabled | ternary \"enterprise\" \"trust\" }}\nauth_enabled: {{ .Values.loki.auth_enabled }}\ncluster_name: {{ include \"loki.clusterName\" . }}\nlicense:\n  path: /etc/loki/license/license.jwt\n"
enterprise.enabledbool
false
enterprise.externalConfigNamestringName of the external config secret to use
""
enterprise.externalLicenseNamestringName of external license secret to use
null
enterprise.image.pullPolicystringDocker image pull policy
"IfNotPresent"
enterprise.image.registrystringThe Docker registry
"docker.io"
enterprise.image.repositorystringDocker image repository
"grafana/enterprise-logs"
enterprise.image.tagstringDocker image tag
null
enterprise.licenseobjectGrafana Enterprise Logs license In order to use Grafana Enterprise Logs features, you will need to provide the contents of your Grafana Enterprise Logs license, either by providing the contents of the license.jwt, or the name Kubernetes Secret that contains your license.jwt. To set the license contents, use the flag `--set-file 'license.contents=./license.jwt'`
{
  "contents": "NOTAVALIDLICENSE"
}
enterprise.provisionerobjectConfiguration for `provisioner` target
{
  "additionalTenants": [],
  "annotations": {},
  "enabled": true,
  "env": [],
  "extraVolumeMounts": [],
  "image": {
    "pullPolicy": "IfNotPresent",
    "registry": "docker.io",
    "repository": "grafana/enterprise-logs-provisioner",
    "tag": null
  },
  "labels": {},
  "priorityClassName": null,
  "provisionedSecretPrefix": null,
  "securityContext": {
    "fsGroup": 10001,
    "runAsGroup": 10001,
    "runAsNonRoot": true,
    "runAsUser": 10001
  }
}
enterprise.provisioner.additionalTenantslistAdditional tenants to be created. Each tenant will get a read and write policy and associated token. Tenant must have a name and a namespace for the secret containting the token to be created in. For example additionalTenants: - name: loki secretNamespace: grafana
[]
enterprise.provisioner.annotationsobjectAdditional annotations for the `provisioner` Job
{}
enterprise.provisioner.enabledboolWhether the job should be part of the deployment
true
enterprise.provisioner.envlistAdditional Kubernetes environment
[]
enterprise.provisioner.extraVolumeMountslistVolume mounts to add to the provisioner pods
[]
enterprise.provisioner.imageobjectProvisioner image to Utilize
{
  "pullPolicy": "IfNotPresent",
  "registry": "docker.io",
  "repository": "grafana/enterprise-logs-provisioner",
  "tag": null
}
enterprise.provisioner.image.pullPolicystringDocker image pull policy
"IfNotPresent"
enterprise.provisioner.image.registrystringThe Docker registry
"docker.io"
enterprise.provisioner.image.repositorystringDocker image repository
"grafana/enterprise-logs-provisioner"
enterprise.provisioner.image.tagstringOverrides the image tag whose default is the chart's appVersion
null
enterprise.provisioner.labelsobjectAdditional labels for the `provisioner` Job
{}
enterprise.provisioner.priorityClassNamestringThe name of the PriorityClass for provisioner Job
null
enterprise.provisioner.provisionedSecretPrefixstringName of the secret to store provisioned tokens in
null
enterprise.provisioner.securityContextobjectRun containers as user `enterprise-logs(uid=10001)`
{
  "fsGroup": 10001,
  "runAsGroup": 10001,
  "runAsNonRoot": true,
  "runAsUser": 10001
}
enterprise.tokengenobjectConfiguration for `tokengen` target
{
  "annotations": {},
  "enabled": true,
  "env": [],
  "extraArgs": [],
  "extraEnvFrom": [],
  "extraVolumeMounts": [],
  "extraVolumes": [],
  "labels": {},
  "priorityClassName": "",
  "securityContext": {
    "fsGroup": 10001,
    "runAsGroup": 10001,
    "runAsNonRoot": true,
    "runAsUser": 10001
  },
  "targetModule": "tokengen",
  "tolerations": []
}
enterprise.tokengen.annotationsobjectAdditional annotations for the `tokengen` Job
{}
enterprise.tokengen.enabledboolWhether the job should be part of the deployment
true
enterprise.tokengen.envlistAdditional Kubernetes environment
[]
enterprise.tokengen.extraArgslistAdditional CLI arguments for the `tokengen` target
[]
enterprise.tokengen.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the tokengen pods
[]
enterprise.tokengen.extraVolumeMountslistAdditional volume mounts for Pods
[]
enterprise.tokengen.extraVolumeslistAdditional volumes for Pods
[]
enterprise.tokengen.labelsobjectAdditional labels for the `tokengen` Job
{}
enterprise.tokengen.priorityClassNamestringThe name of the PriorityClass for tokengen Pods
""
enterprise.tokengen.securityContextobjectRun containers as user `enterprise-logs(uid=10001)`
{
  "fsGroup": 10001,
  "runAsGroup": 10001,
  "runAsNonRoot": true,
  "runAsUser": 10001
}
enterprise.tokengen.targetModulestringComma-separated list of Loki modules to load for tokengen
"tokengen"
enterprise.tokengen.tolerationslistTolerations for tokengen Job
[]
enterprise.useExternalLicenseboolSet to true when providing an external license
false
enterprise.versionstring
"v1.6.2"
extraObjectslist
[]
fullnameOverridestringOverrides the chart's computed fullname
null
gateway.affinitystringAffinity for gateway pods. Passed through `tpl` and, thus, to be configured as string
Hard node and soft zone anti-affinity
gateway.autoscaling.enabledboolEnable autoscaling for the gateway
false
gateway.autoscaling.maxReplicasintMaximum autoscaling replicas for the gateway
3
gateway.autoscaling.minReplicasintMinimum autoscaling replicas for the gateway
1
gateway.autoscaling.targetCPUUtilizationPercentageintTarget CPU utilisation percentage for the gateway
60
gateway.autoscaling.targetMemoryUtilizationPercentagestringTarget memory utilisation percentage for the gateway
null
gateway.basicAuth.enabledboolEnables basic authentication for the gateway
false
gateway.basicAuth.existingSecretstringExisting basic auth secret to use. Must contain '.htpasswd'
null
gateway.basicAuth.htpasswdstringUses the specified users from the `loki.tenants` list to create the htpasswd file if `loki.tenants` is not set, the `gateway.basicAuth.username` and `gateway.basicAuth.password` are used The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes high CPU load.
"{{ if .Values.loki.tenants }}\n\n  {{- range $t := .Values.loki.tenants }}\n{{ htpasswd (required \"All tenants must have a 'name' set\" $t.name) (required \"All tenants must have a 'password' set\" $t.password) }}\n\n  {{- end }}\n{{ else }} {{ htpasswd (required \"'gateway.basicAuth.username' is required\" .Values.gateway.basicAuth.username) (required \"'gateway.basicAuth.password' is required\" .Values.gateway.basicAuth.password) }} {{ end }}"
gateway.basicAuth.passwordstringThe basic auth password for the gateway
null
gateway.basicAuth.usernamestringThe basic auth username for the gateway
null
gateway.containerSecurityContextobjectThe SecurityContext for gateway containers
{
  "allowPrivilegeEscalation": false,
  "capabilities": {
    "drop": [
      "ALL"
    ]
  },
  "readOnlyRootFilesystem": true
}
gateway.deploymentStrategyobjectref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
{
  "type": "RollingUpdate"
}
gateway.enabledboolSpecifies whether the gateway should be enabled
true
gateway.extraArgslistAdditional CLI args for the gateway
[]
gateway.extraEnvlistEnvironment variables to add to the gateway pods
[]
gateway.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the gateway pods
[]
gateway.extraVolumeMountslistVolume mounts to add to the gateway pods
[]
gateway.extraVolumeslistVolumes to add to the gateway pods
[]
gateway.image.pullPolicystringThe gateway image pull policy
"IfNotPresent"
gateway.image.registrystringThe Docker registry for the gateway image
"docker.io"
gateway.image.repositorystringThe gateway image repository
"nginxinc/nginx-unprivileged"
gateway.image.tagstringThe gateway image tag
"1.19-alpine"
gateway.ingress.annotationsobjectAnnotations for the gateway ingress
{}
gateway.ingress.enabledboolSpecifies whether an ingress for the gateway should be created
false
gateway.ingress.hostslistHosts configuration for the gateway ingress
[
  {
    "host": "gateway.loki.example.com",
    "paths": [
      {
        "path": "/"
      }
    ]
  }
]
gateway.ingress.ingressClassNamestringIngress Class Name. MAY be required for Kubernetes versions >= 1.18
""
gateway.ingress.tlslistTLS configuration for the gateway ingress
[
  {
    "hosts": [
      "gateway.loki.example.com"
    ],
    "secretName": "loki-gateway-tls"
  }
]
gateway.lifecycleobjectLifecycle for the gateway container
{}
gateway.nginxConfig.customBackendUrlstringOverride Backend URL
null
gateway.nginxConfig.customReadUrlstringOverride Read URL
null
gateway.nginxConfig.customWriteUrlstringOverride Write URL
null
gateway.nginxConfig.filestringConfig file contents for Nginx. Passed through the `tpl` function to allow templating
See values.yaml
gateway.nginxConfig.httpSnippetstringAllows appending custom configuration to the http block, passed through the `tpl` function to allow templating
"{{ if .Values.loki.tenants }}proxy_set_header X-Scope-OrgID $remote_user;{{ end }}"
gateway.nginxConfig.logFormatstringNGINX log format
"main '$remote_addr - $remote_user [$time_local]  $status '\n        '\"$request\" $body_bytes_sent \"$http_referer\" '\n        '\"$http_user_agent\" \"$http_x_forwarded_for\"';"
gateway.nginxConfig.serverSnippetstringAllows appending custom configuration to the server block
""
gateway.nodeSelectorobjectNode selector for gateway pods
{}
gateway.podAnnotationsobjectAnnotations for gateway pods
{}
gateway.podLabelsobjectAdditional labels for gateway pods
{}
gateway.podSecurityContextobjectThe SecurityContext for gateway containers
{
  "fsGroup": 101,
  "runAsGroup": 101,
  "runAsNonRoot": true,
  "runAsUser": 101
}
gateway.priorityClassNamestringThe name of the PriorityClass for gateway pods
null
gateway.readinessProbe.httpGet.pathstring
"/"
gateway.readinessProbe.httpGet.portstring
"http"
gateway.readinessProbe.initialDelaySecondsint
15
gateway.readinessProbe.timeoutSecondsint
1
gateway.replicasintNumber of replicas for the gateway
1
gateway.resourcesobjectResource requests and limits for the gateway
{}
gateway.service.annotationsobjectAnnotations for the gateway service
{}
gateway.service.clusterIPstringClusterIP of the gateway service
null
gateway.service.labelsobjectLabels for gateway service
{}
gateway.service.loadBalancerIPstringLoad balancer IPO address if service type is LoadBalancer
null
gateway.service.nodePortintNode port if service type is NodePort
null
gateway.service.portintPort of the gateway service
80
gateway.service.typestringType of the gateway service
"ClusterIP"
gateway.terminationGracePeriodSecondsintGrace period to allow the gateway to shutdown before it is killed
30
gateway.tolerationslistTolerations for gateway pods
[]
gateway.verboseLoggingboolEnable logging of 2xx and 3xx HTTP requests
true
global.clusterDomainstringconfigures cluster domain ("cluster.local" by default)
"cluster.local"
global.dnsNamespacestringconfigures DNS service namespace
"kube-system"
global.dnsServicestringconfigures DNS service name
"kube-dns"
global.image.registrystringOverrides the Docker registry globally for all images
null
global.priorityClassNamestringOverrides the priorityClassName for all pods
null
imagePullSecretslistImage pull secrets for Docker images
[]
ingress.annotationsobject
{}
ingress.enabledbool
false
ingress.hosts[0]string
"loki.example.com"
ingress.ingressClassNamestring
""
ingress.paths.read[0]string
"/api/prom/tail"
ingress.paths.read[1]string
"/loki/api/v1/tail"
ingress.paths.read[2]string
"/loki/api"
ingress.paths.read[3]string
"/api/prom/rules"
ingress.paths.read[4]string
"/loki/api/v1/rules"
ingress.paths.read[5]string
"/prometheus/api/v1/rules"
ingress.paths.read[6]string
"/prometheus/api/v1/alerts"
ingress.paths.singleBinary[0]string
"/api/prom/push"
ingress.paths.singleBinary[1]string
"/loki/api/v1/push"
ingress.paths.singleBinary[2]string
"/api/prom/tail"
ingress.paths.singleBinary[3]string
"/loki/api/v1/tail"
ingress.paths.singleBinary[4]string
"/loki/api"
ingress.paths.singleBinary[5]string
"/api/prom/rules"
ingress.paths.singleBinary[6]string
"/loki/api/v1/rules"
ingress.paths.singleBinary[7]string
"/prometheus/api/v1/rules"
ingress.paths.singleBinary[8]string
"/prometheus/api/v1/alerts"
ingress.paths.write[0]string
"/api/prom/push"
ingress.paths.write[1]string
"/loki/api/v1/push"
ingress.tlslist
[]
kubectlImage.pullPolicystringDocker image pull policy
"IfNotPresent"
kubectlImage.registrystringThe Docker registry
"docker.io"
kubectlImage.repositorystringDocker image repository
"bitnami/kubectl"
kubectlImage.tagstringOverrides the image tag whose default is the chart's appVersion
null
loki.analyticsobjectOptional analytics configuration
{}
loki.auth_enabledbool
true
loki.commonConfigobjectCheck https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration
{
  "compactor_address": "{{ include \"loki.compactorAddress\" . }}",
  "path_prefix": "/var/loki",
  "replication_factor": 3
}
loki.compactorobjectOptional compactor configuration
{}
loki.configstringConfig file contents for Loki
See values.yaml
loki.containerSecurityContextobjectThe SecurityContext for Loki containers
{
  "allowPrivilegeEscalation": false,
  "capabilities": {
    "drop": [
      "ALL"
    ]
  },
  "readOnlyRootFilesystem": true
}
loki.enableServiceLinksboolShould enableServiceLinks be enabled. Default to enable
true
loki.existingSecretForConfigstringSpecify an existing secret containing loki configuration. If non-empty, overrides `loki.config`
""
loki.image.pullPolicystringDocker image pull policy
"IfNotPresent"
loki.image.registrystringThe Docker registry
"docker.io"
loki.image.repositorystringDocker image repository
"grafana/loki"
loki.image.tagstringOverrides the image tag whose default is the chart's appVersion TODO: needed for 3rd target backend functionality revert to null or latest once this behavior is relased
null
loki.ingesterobjectOptional ingester configuration
{}
loki.limits_configobjectLimits config
{
  "enforce_metric_name": false,
  "max_cache_freshness_per_query": "10m",
  "reject_old_samples": true,
  "reject_old_samples_max_age": "168h",
  "split_queries_by_interval": "15m"
}
loki.memcachedobjectConfigure memcached as an external cache for chunk and results cache. Disabled by default must enable and specify a host for each cache you would like to use.
{
  "chunk_cache": {
    "batch_size": 256,
    "enabled": false,
    "host": "",
    "parallelism": 10,
    "service": "memcached-client"
  },
  "results_cache": {
    "default_validity": "12h",
    "enabled": false,
    "host": "",
    "service": "memcached-client",
    "timeout": "500ms"
  }
}
loki.podAnnotationsobjectCommon annotations for all pods
{}
loki.podLabelsobjectCommon labels for all pods
{}
loki.podSecurityContextobjectThe SecurityContext for Loki pods
{
  "fsGroup": 10001,
  "runAsGroup": 10001,
  "runAsNonRoot": true,
  "runAsUser": 10001
}
loki.querierobjectOptional querier configuration
{}
loki.query_schedulerobjectAdditional query scheduler config
{}
loki.readinessProbe.httpGet.pathstring
"/ready"
loki.readinessProbe.httpGet.portstring
"http-metrics"
loki.readinessProbe.initialDelaySecondsint
30
loki.readinessProbe.timeoutSecondsint
1
loki.revisionHistoryLimitintThe number of old ReplicaSets to retain to allow rollback
10
loki.rulerConfigobjectCheck https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler
{}
loki.runtimeConfigobjectProvides a reloadable runtime configuration file for some specific configuration
{}
loki.schemaConfigobjectCheck https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas
{}
loki.serverobjectCheck https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration.
{
  "grpc_listen_port": 9095,
  "http_listen_port": 3100
}
loki.storageobjectStorage config. Providing this will automatically populate all necessary storage configs in the templated config.
{
  "azure": {
    "accountKey": null,
    "accountName": null,
    "requestTimeout": null,
    "useManagedIdentity": false,
    "userAssignedId": null
  },
  "bucketNames": {
    "admin": "admin",
    "chunks": "chunks",
    "ruler": "ruler"
  },
  "filesystem": {
    "chunks_directory": "/var/loki/chunks",
    "rules_directory": "/var/loki/rules"
  },
  "gcs": {
    "chunkBufferSize": 0,
    "enableHttp2": true,
    "requestTimeout": "0s"
  },
  "s3": {
    "accessKeyId": null,
    "endpoint": null,
    "http_config": {},
    "insecure": false,
    "region": null,
    "s3": null,
    "s3ForcePathStyle": false,
    "secretAccessKey": null
  },
  "type": "s3"
}
loki.storage_configobjectAdditional storage config
{
  "hedging": {
    "at": "250ms",
    "max_per_second": 20,
    "up_to": 3
  }
}
loki.structuredConfigobjectStructured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig`
{}
loki.tenantslistTenants list to be created on nginx htpasswd file, with name and password keys
[]
memberlist.service.publishNotReadyAddressesbool
false
migrateobjectOptions that may be necessary when performing a migration from another helm chart
{
  "fromDistributed": {
    "enabled": false,
    "memberlistService": ""
  }
}
migrate.fromDistributedobjectWhen migrating from a distributed chart like loki-distributed or enterprise-logs
{
  "enabled": false,
  "memberlistService": ""
}
migrate.fromDistributed.enabledboolSet to true if migrating from a distributed helm chart
false
migrate.fromDistributed.memberlistServicestringIf migrating from a distributed service, provide the distributed deployment's memberlist service DNS so the new deployment can join it's ring.
""
minioobject-----------------------------------
{
  "buckets": [
    {
      "name": "chunks",
      "policy": "none",
      "purge": false
    },
    {
      "name": "ruler",
      "policy": "none",
      "purge": false
    },
    {
      "name": "admin",
      "policy": "none",
      "purge": false
    }
  ],
  "drivesPerNode": 2,
  "enabled": false,
  "persistence": {
    "size": "5Gi"
  },
  "replicas": 1,
  "resources": {
    "requests": {
      "cpu": "100m",
      "memory": "128Mi"
    }
  },
  "rootPassword": "supersecret",
  "rootUser": "enterprise-logs"
}
monitoring.dashboards.annotationsobjectAdditional annotations for the dashboards ConfigMap
{}
monitoring.dashboards.enabledboolIf enabled, create configmap with dashboards for monitoring Loki
true
monitoring.dashboards.labelsobjectLabels for the dashboards ConfigMap
{
  "grafana_dashboard": "1"
}
monitoring.dashboards.namespacestringAlternative namespace to create dashboards ConfigMap in
null
monitoring.lokiCanary.annotationsobjectAdditional annotations for the `loki-canary` Daemonset
{}
monitoring.lokiCanary.enabledbool
true
monitoring.lokiCanary.extraArgslistAdditional CLI arguments for the `loki-canary' command
[]
monitoring.lokiCanary.extraEnvlistEnvironment variables to add to the canary pods
[]
monitoring.lokiCanary.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the canary pods
[]
monitoring.lokiCanary.imageobjectImage to use for loki canary
{
  "pullPolicy": "IfNotPresent",
  "registry": "docker.io",
  "repository": "grafana/loki-canary",
  "tag": null
}
monitoring.lokiCanary.image.pullPolicystringDocker image pull policy
"IfNotPresent"
monitoring.lokiCanary.image.registrystringThe Docker registry
"docker.io"
monitoring.lokiCanary.image.repositorystringDocker image repository
"grafana/loki-canary"
monitoring.lokiCanary.image.tagstringOverrides the image tag whose default is the chart's appVersion
null
monitoring.lokiCanary.nodeSelectorobjectNode selector for canary pods
{}
monitoring.lokiCanary.resourcesobjectResource requests and limits for the canary
{}
monitoring.lokiCanary.tolerationslistTolerations for canary pods
[]
monitoring.rules.additionalGroupslistAdditional groups to add to the rules file
[]
monitoring.rules.alertingboolInclude alerting rules
true
monitoring.rules.annotationsobjectAdditional annotations for the rules PrometheusRule resource
{}
monitoring.rules.enabledboolIf enabled, create PrometheusRule resource with Loki recording rules
true
monitoring.rules.labelsobjectAdditional labels for the rules PrometheusRule resource
{}
monitoring.rules.namespacestringAlternative namespace to create PrometheusRule resources in
null
monitoring.selfMonitoring.enabledbool
true
monitoring.selfMonitoring.grafanaAgent.annotationsobjectGrafana Agent annotations
{}
monitoring.selfMonitoring.grafanaAgent.enableConfigReadAPIboolEnable the config read api on port 8080 of the agent
false
monitoring.selfMonitoring.grafanaAgent.installOperatorboolControls whether to install the Grafana Agent Operator and its CRDs. Note that helm will not install CRDs if this flag is enabled during an upgrade. In that case install the CRDs manually from https://github.com/grafana/agent/tree/main/production/operator/crds
true
monitoring.selfMonitoring.grafanaAgent.labelsobjectAdditional Grafana Agent labels
{}
monitoring.selfMonitoring.logsInstance.annotationsobjectLogsInstance annotations
{}
monitoring.selfMonitoring.logsInstance.clientsstringAdditional clients for remote write
null
monitoring.selfMonitoring.logsInstance.labelsobjectAdditional LogsInstance labels
{}
monitoring.selfMonitoring.podLogs.annotationsobjectPodLogs annotations
{}
monitoring.selfMonitoring.podLogs.labelsobjectAdditional PodLogs labels
{}
monitoring.selfMonitoring.podLogs.relabelingslistPodLogs relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
[]
monitoring.selfMonitoring.tenantobjectTenant to use for self monitoring
{
  "name": "self-monitoring",
  "secretNamespace": "{{ .Release.Namespace }}"
}
monitoring.selfMonitoring.tenant.namestringName of the tenant
"self-monitoring"
monitoring.selfMonitoring.tenant.secretNamespacestringNamespace to create additional tenant token secret in. Useful if your Grafana instance is in a separate namespace. Token will still be created in the canary namespace.
"{{ .Release.Namespace }}"
monitoring.serviceMonitor.annotationsobjectServiceMonitor annotations
{}
monitoring.serviceMonitor.enabledboolIf enabled, ServiceMonitor resources for Prometheus Operator are created
true
monitoring.serviceMonitor.intervalstringServiceMonitor scrape interval Default is 15s because included recording rules use a 1m rate, and scrape interval needs to be at least 1/4 rate interval.
"15s"
monitoring.serviceMonitor.labelsobjectAdditional ServiceMonitor labels
{}
monitoring.serviceMonitor.metricsInstanceobjectIf defined, will create a MetricsInstance for the Grafana Agent Operator.
{
  "annotations": {},
  "enabled": true,
  "labels": {},
  "remoteWrite": null
}
monitoring.serviceMonitor.metricsInstance.annotationsobjectMetricsInstance annotations
{}
monitoring.serviceMonitor.metricsInstance.enabledboolIf enabled, MetricsInstance resources for Grafana Agent Operator are created
true
monitoring.serviceMonitor.metricsInstance.labelsobjectAdditional MetricsInstance labels
{}
monitoring.serviceMonitor.metricsInstance.remoteWritestringIf defined a MetricsInstance will be created to remote write metrics.
null
monitoring.serviceMonitor.namespaceSelectorobjectNamespace selector for ServiceMonitor resources
{}
monitoring.serviceMonitor.relabelingslistServiceMonitor relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
[]
monitoring.serviceMonitor.schemestringServiceMonitor will use http by default, but you can pick https as well
"http"
monitoring.serviceMonitor.scrapeTimeoutstringServiceMonitor scrape timeout in Go duration format (e.g. 15s)
null
monitoring.serviceMonitor.tlsConfigstringServiceMonitor will use these tlsConfig settings to make the health check requests
null
nameOverridestringOverrides the chart's name
null
networkPolicy.alertmanager.namespaceSelectorobjectSpecifies the namespace the alertmanager is running in
{}
networkPolicy.alertmanager.podSelectorobjectSpecifies the alertmanager Pods. As this is cross-namespace communication, you also need the namespaceSelector.
{}
networkPolicy.alertmanager.portintSpecify the alertmanager port used for alerting
9093
networkPolicy.discovery.namespaceSelectorobjectSpecifies the namespace the discovery Pods are running in
{}
networkPolicy.discovery.podSelectorobjectSpecifies the Pods labels used for discovery. As this is cross-namespace communication, you also need the namespaceSelector.
{}
networkPolicy.discovery.portintSpecify the port used for discovery
null
networkPolicy.enabledboolSpecifies whether Network Policies should be created
false
networkPolicy.externalStorage.cidrslistSpecifies specific network CIDRs you want to limit access to
[]
networkPolicy.externalStorage.portslistSpecify the port used for external storage, e.g. AWS S3
[]
networkPolicy.ingress.namespaceSelectorobjectSpecifies the namespaces which are allowed to access the http port
{}
networkPolicy.ingress.podSelectorobjectSpecifies the Pods which are allowed to access the http port. As this is cross-namespace communication, you also need the namespaceSelector.
{}
networkPolicy.metrics.cidrslistSpecifies specific network CIDRs which are allowed to access the metrics port. In case you use namespaceSelector, you also have to specify your kubelet networks here. The metrics ports are also used for probes.
[]
networkPolicy.metrics.namespaceSelectorobjectSpecifies the namespaces which are allowed to access the metrics port
{}
networkPolicy.metrics.podSelectorobjectSpecifies the Pods which are allowed to access the metrics port. As this is cross-namespace communication, you also need the namespaceSelector.
{}
rbac.pspEnabledboolIf pspEnabled true, a PodSecurityPolicy is created for K8s that use psp.
false
rbac.sccEnabledboolFor OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints.
false
read.affinitystringAffinity for read pods. Passed through `tpl` and, thus, to be configured as string
Hard node and soft zone anti-affinity
read.autoscaling.enabledboolEnable autoscaling for the read, this is only used if `queryIndex.enabled: true`
false
read.autoscaling.maxReplicasintMaximum autoscaling replicas for the read
3
read.autoscaling.minReplicasintMinimum autoscaling replicas for the read
1
read.autoscaling.targetCPUUtilizationPercentageintTarget CPU utilisation percentage for the read
60
read.autoscaling.targetMemoryUtilizationPercentagestringTarget memory utilisation percentage for the read
null
read.extraArgslistAdditional CLI args for the read
[]
read.extraEnvlistEnvironment variables to add to the read pods
[]
read.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the read pods
[]
read.extraVolumeMountslistVolume mounts to add to the read pods
[]
read.extraVolumeslistVolumes to add to the read pods
[]
read.image.registrystringThe Docker registry for the read image. Overrides `loki.image.registry`
null
read.image.repositorystringDocker image repository for the read image. Overrides `loki.image.repository`
null
read.image.tagstringDocker image tag for the read image. Overrides `loki.image.tag`
null
read.legacyReadTargetboolWhether or not to use the 2 target type simple scalable mode (read, write) or the 3 target type (read, write, backend). Legacy refers to the 2 target type, so true will run two targets, false will run 3 targets.
true
read.lifecycleobjectLifecycle for the read container
{}
read.nodeSelectorobjectNode selector for read pods
{}
read.persistence.enableStatefulSetAutoDeletePVCboolEnable StatefulSetAutoDeletePVC feature
true
read.persistence.selectorstringSelector for persistent disk
null
read.persistence.sizestringSize of persistent disk
"10Gi"
read.persistence.storageClassstringStorage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
null
read.podAnnotationsobjectAnnotations for read pods
{}
read.podLabelsobjectAdditional labels for each `read` pod
{}
read.priorityClassNamestringThe name of the PriorityClass for read pods
null
read.replicasintNumber of replicas for the read
3
read.resourcesobjectResource requests and limits for the read
{}
read.selectorLabelsobjectAdditional selector labels for each `read` pod
{}
read.serviceLabelsobjectLabels for read service
{}
read.targetModulestringComma-separated list of Loki modules to load for the read
"read"
read.terminationGracePeriodSecondsintGrace period to allow the read to shutdown before it is killed
30
read.tolerationslistTolerations for read pods
[]
serviceAccount.annotationsobjectAnnotations for the service account
{}
serviceAccount.automountServiceAccountTokenboolSet this toggle to false to opt out of automounting API credentials for the service account
true
serviceAccount.createboolSpecifies whether a ServiceAccount should be created
true
serviceAccount.imagePullSecretslistImage pull secrets for the service account
[]
serviceAccount.labelsobjectLabels for the service account
{}
serviceAccount.namestringThe name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template
null
singleBinary.affinitystringAffinity for single binary pods. Passed through `tpl` and, thus, to be configured as string
Hard node and soft zone anti-affinity
singleBinary.autoscaling.enabledboolEnable autoscaling, this is only used if `queryIndex.enabled: true`
false
singleBinary.autoscaling.maxReplicasintMaximum autoscaling replicas for the single binary
3
singleBinary.autoscaling.minReplicasintMinimum autoscaling replicas for the single binary
1
singleBinary.autoscaling.targetCPUUtilizationPercentageintTarget CPU utilisation percentage for the single binary
60
singleBinary.autoscaling.targetMemoryUtilizationPercentagestringTarget memory utilisation percentage for the single binary
null
singleBinary.extraArgslistLabels for single binary service
[]
singleBinary.extraEnvlistEnvironment variables to add to the single binary pods
[]
singleBinary.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the single binary pods
[]
singleBinary.extraVolumeMountslistVolume mounts to add to the single binary pods
[]
singleBinary.extraVolumeslistVolumes to add to the single binary pods
[]
singleBinary.image.registrystringThe Docker registry for the single binary image. Overrides `loki.image.registry`
null
singleBinary.image.repositorystringDocker image repository for the single binary image. Overrides `loki.image.repository`
null
singleBinary.image.tagstringDocker image tag for the single binary image. Overrides `loki.image.tag`
null
singleBinary.initContainerslistInit containers to add to the single binary pods
[]
singleBinary.nodeSelectorobjectNode selector for single binary pods
{}
singleBinary.persistence.enableStatefulSetAutoDeletePVCboolEnable StatefulSetAutoDeletePVC feature
true
singleBinary.persistence.enabledboolEnable persistent disk
true
singleBinary.persistence.selectorstringSelector for persistent disk
null
singleBinary.persistence.sizestringSize of persistent disk
"10Gi"
singleBinary.persistence.storageClassstringStorage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
null
singleBinary.podAnnotationsobjectAnnotations for single binary pods
{}
singleBinary.podLabelsobjectAdditional labels for each `single binary` pod
{}
singleBinary.priorityClassNamestringThe name of the PriorityClass for single binary pods
null
singleBinary.replicasintNumber of replicas for the single binary
0
singleBinary.resourcesobjectResource requests and limits for the single binary
{}
singleBinary.selectorLabelsobjectAdditional selector labels for each `single binary` pod
{}
singleBinary.targetModulestringComma-separated list of Loki modules to load for the single binary
"all"
singleBinary.terminationGracePeriodSecondsintGrace period to allow the single binary to shutdown before it is killed
30
singleBinary.tolerationslistTolerations for single binary pods
[]
tableManager.affinitystringAffinity for table-manager pods. Passed through `tpl` and, thus, to be configured as string
Hard node and soft zone anti-affinity
tableManager.commandstringCommand to execute instead of defined in Docker image
null
tableManager.enabledboolSpecifies whether the table-manager should be enabled
false
tableManager.extraArgslistAdditional CLI args for the table-manager
[]
tableManager.extraContainerslistContainers to add to the table-manager pods
[]
tableManager.extraEnvlistEnvironment variables to add to the table-manager pods
[]
tableManager.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the table-manager pods
[]
tableManager.extraVolumeMountslistVolume mounts to add to the table-manager pods
[]
tableManager.extraVolumeslistVolumes to add to the table-manager pods
[]
tableManager.image.registrystringThe Docker registry for the table-manager image. Overrides `loki.image.registry`
null
tableManager.image.repositorystringDocker image repository for the table-manager image. Overrides `loki.image.repository`
null
tableManager.image.tagstringDocker image tag for the table-manager image. Overrides `loki.image.tag`
null
tableManager.nodeSelectorobjectNode selector for table-manager pods
{}
tableManager.podAnnotationsobjectAnnotations for table-manager pods
{}
tableManager.podLabelsobjectLabels for table-manager pods
{}
tableManager.priorityClassNamestringThe name of the PriorityClass for table-manager pods
null
tableManager.resourcesobjectResource requests and limits for the table-manager
{}
tableManager.serviceLabelsobjectLabels for table-manager service
{}
tableManager.terminationGracePeriodSecondsintGrace period to allow the table-manager to shutdown before it is killed
30
tableManager.tolerationslistTolerations for table-manager pods
[]
testobjectSection for configuring optional Helm test
{
  "annotations": {},
  "enabled": true,
  "image": {
    "pullPolicy": "IfNotPresent",
    "registry": "docker.io",
    "repository": "grafana/loki-helm-test",
    "tag": null
  },
  "labels": {},
  "prometheusAddress": "http://prometheus:9090",
  "timeout": "1m"
}
test.annotationsobjectAdditional annotations for test pods
{}
test.imageobjectImage to use for loki canary
{
  "pullPolicy": "IfNotPresent",
  "registry": "docker.io",
  "repository": "grafana/loki-helm-test",
  "tag": null
}
test.image.pullPolicystringDocker image pull policy
"IfNotPresent"
test.image.registrystringThe Docker registry
"docker.io"
test.image.repositorystringDocker image repository
"grafana/loki-helm-test"
test.image.tagstringOverrides the image tag whose default is the chart's appVersion
null
test.labelsobjectAdditional labels for the test pods
{}
test.prometheusAddressstringAddress of the prometheus server to query for the test
"http://prometheus:9090"
test.timeoutstringNumber of times to retry the test before failing
"1m"
tracing.jaegerAgentHoststring
""
write.affinitystringAffinity for write pods. Passed through `tpl` and, thus, to be configured as string
Hard node and soft zone anti-affinity
write.extraArgslistAdditional CLI args for the write
[]
write.extraEnvlistEnvironment variables to add to the write pods
[]
write.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the write pods
[]
write.extraVolumeMountslistVolume mounts to add to the write pods
[]
write.extraVolumeslistVolumes to add to the write pods
[]
write.image.registrystringThe Docker registry for the write image. Overrides `loki.image.registry`
null
write.image.repositorystringDocker image repository for the write image. Overrides `loki.image.repository`
null
write.image.tagstringDocker image tag for the write image. Overrides `loki.image.tag`
null
write.initContainerslistInit containers to add to the write pods
[]
write.lifecycleobjectLifecycle for the write container
{}
write.nodeSelectorobjectNode selector for write pods
{}
write.persistence.enableStatefulSetAutoDeletePVCboolEnable StatefulSetAutoDeletePVC feature
false
write.persistence.selectorstringSelector for persistent disk
null
write.persistence.sizestringSize of persistent disk
"10Gi"
write.persistence.storageClassstringStorage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
null
write.podAnnotationsobjectAnnotations for write pods
{}
write.podLabelsobjectAdditional labels for each `write` pod
{}
write.priorityClassNamestringThe name of the PriorityClass for write pods
null
write.replicasintNumber of replicas for the write
3
write.resourcesobjectResource requests and limits for the write
{}
write.selectorLabelsobjectAdditional selector labels for each `write` pod
{}
write.serviceLabelsobjectLabels for ingester service
{}
write.targetModulestringComma-separated list of Loki modules to load for the write
"write"
write.terminationGracePeriodSecondsintGrace period to allow the write to shutdown before it is killed. Especially for the ingester, this must be increased. It must be long enough so writes can be gracefully shutdown flushing/transferring all data and to successfully leave the member ring on shutdown.
300
write.tolerationslistTolerations for write pods
[]