Menu
Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.
Open source
Helm Chart Values
This is the generated reference for the Loki Helm Chart values.
Note: This reference is for the Loki Helm chart version 3.0 or greater. If you are using the
grafana/loki-stackHelm chart from the community repo, please refer to thevalues.yamlof the respective Github repository grafana/helm-charts.
| Key | Type | Description | Default |
|---|---|---|---|
| backend.affinity | string | Affinity for backend pods. Passed through `tpl` and, thus, to be configured as string | Hard node and soft zone anti-affinity |
| backend.extraArgs | list | Additional CLI args for the backend |
[]
|
| backend.extraEnv | list | Environment variables to add to the backend pods |
[]
|
| backend.extraEnvFrom | list | Environment variables from secrets or configmaps to add to the backend pods |
[]
|
| backend.extraVolumeMounts | list | Volume mounts to add to the backend pods |
[]
|
| backend.extraVolumes | list | Volumes to add to the backend pods |
[]
|
| backend.image.registry | string | The Docker registry for the backend image. Overrides `loki.image.registry` |
null
|
| backend.image.repository | string | Docker image repository for the backend image. Overrides `loki.image.repository` |
null
|
| backend.image.tag | string | Docker image tag for the backend image. Overrides `loki.image.tag` |
null
|
| backend.initContainers | list | Init containers to add to the backend pods |
[]
|
| backend.nodeSelector | object | Node selector for backend pods |
{}
|
| backend.persistence.enableStatefulSetAutoDeletePVC | bool | Enable StatefulSetAutoDeletePVC feature |
true
|
| backend.persistence.selector | string | Selector for persistent disk |
null
|
| backend.persistence.size | string | Size of persistent disk |
"10Gi"
|
| backend.persistence.storageClass | string | Storage class to be used. If defined, storageClassName: |
null
|
| backend.podAnnotations | object | Annotations for backend pods |
{}
|
| backend.podLabels | object | Additional labels for each `backend` pod |
{}
|
| backend.priorityClassName | string | The name of the PriorityClass for backend pods |
null
|
| backend.replicas | int | Number of replicas for the backend |
3
|
| backend.resources | object | Resource requests and limits for the backend |
{}
|
| backend.selectorLabels | object | Additional selector labels for each `backend` pod |
{}
|
| backend.serviceLabels | object | Labels for ingester service |
{}
|
| backend.targetModule | string | Comma-separated list of Loki modules to load for the read |
"backend"
|
| backend.terminationGracePeriodSeconds | int | Grace period to allow the backend to shutdown before it is killed. Especially for the ingester, this must be increased. It must be long enough so backends can be gracefully shutdown flushing/transferring all data and to successfully leave the member ring on shutdown. |
300
|
| backend.tolerations | list | Tolerations for backend pods |
[]
|
| enterprise.adminApi | object | If enabled, the correct admin_client storage will be configured. If disabled while running enterprise, make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`. |
{
"enabled": true
}
|
| enterprise.adminToken.additionalNamespaces | list | Additional namespace to also create the token in. Useful if your Grafana instance is in a different namespace |
[]
|
| enterprise.adminToken.secret | string | Alternative name for admin token secret, needed by tokengen and provisioner jobs |
null
|
| enterprise.canarySecret | string | Alternative name of the secret to store token for the canary |
null
|
| enterprise.cluster_name | string | Optional name of the GEL cluster, otherwise will use .Release.Name The cluster name must match what is in your GEL license |
null
|
| enterprise.config | string |
"{{- if .Values.enterprise.adminApi.enabled }}\n{{- if or .Values.minio.enabled (eq .Values.loki.storage.type \"s3\") (eq .Values.loki.storage.type \"gcs\") (eq .Values.loki.storage.type \"azure\") }}\nadmin_client:\n storage:\n s3:\n bucket_name: {{ .Values.loki.storage.bucketNames.admin }}\n{{- end }}\n{{- end }}\nauth:\n type: {{ .Values.enterprise.adminApi.enabled | ternary \"enterprise\" \"trust\" }}\nauth_enabled: {{ .Values.loki.auth_enabled }}\ncluster_name: {{ include \"loki.clusterName\" . }}\nlicense:\n path: /etc/loki/license/license.jwt\n"
| |
| enterprise.enabled | bool |
false
| |
| enterprise.externalConfigName | string | Name of the external config secret to use |
""
|
| enterprise.externalLicenseName | string | Name of external license secret to use |
null
|
| enterprise.image.pullPolicy | string | Docker image pull policy |
"IfNotPresent"
|
| enterprise.image.registry | string | The Docker registry |
"docker.io"
|
| enterprise.image.repository | string | Docker image repository |
"grafana/enterprise-logs"
|
| enterprise.image.tag | string | Docker image tag |
null
|
| enterprise.license | object | Grafana Enterprise Logs license In order to use Grafana Enterprise Logs features, you will need to provide the contents of your Grafana Enterprise Logs license, either by providing the contents of the license.jwt, or the name Kubernetes Secret that contains your license.jwt. To set the license contents, use the flag `--set-file 'license.contents=./license.jwt'` |
{
"contents": "NOTAVALIDLICENSE"
}
|
| enterprise.provisioner | object | Configuration for `provisioner` target |
{
"additionalTenants": [],
"annotations": {},
"enabled": true,
"env": [],
"extraVolumeMounts": [],
"image": {
"pullPolicy": "IfNotPresent",
"registry": "docker.io",
"repository": "grafana/enterprise-logs-provisioner",
"tag": null
},
"labels": {},
"priorityClassName": null,
"provisionedSecretPrefix": null,
"securityContext": {
"fsGroup": 10001,
"runAsGroup": 10001,
"runAsNonRoot": true,
"runAsUser": 10001
}
}
|
| enterprise.provisioner.additionalTenants | list | Additional tenants to be created. Each tenant will get a read and write policy and associated token. Tenant must have a name and a namespace for the secret containting the token to be created in. For example additionalTenants: - name: loki secretNamespace: grafana |
[]
|
| enterprise.provisioner.annotations | object | Additional annotations for the `provisioner` Job |
{}
|
| enterprise.provisioner.enabled | bool | Whether the job should be part of the deployment |
true
|
| enterprise.provisioner.env | list | Additional Kubernetes environment |
[]
|
| enterprise.provisioner.extraVolumeMounts | list | Volume mounts to add to the provisioner pods |
[]
|
| enterprise.provisioner.image | object | Provisioner image to Utilize |
{
"pullPolicy": "IfNotPresent",
"registry": "docker.io",
"repository": "grafana/enterprise-logs-provisioner",
"tag": null
}
|
| enterprise.provisioner.image.pullPolicy | string | Docker image pull policy |
"IfNotPresent"
|
| enterprise.provisioner.image.registry | string | The Docker registry |
"docker.io"
|
| enterprise.provisioner.image.repository | string | Docker image repository |
"grafana/enterprise-logs-provisioner"
|
| enterprise.provisioner.image.tag | string | Overrides the image tag whose default is the chart's appVersion |
null
|
| enterprise.provisioner.labels | object | Additional labels for the `provisioner` Job |
{}
|
| enterprise.provisioner.priorityClassName | string | The name of the PriorityClass for provisioner Job |
null
|
| enterprise.provisioner.provisionedSecretPrefix | string | Name of the secret to store provisioned tokens in |
null
|
| enterprise.provisioner.securityContext | object | Run containers as user `enterprise-logs(uid=10001)` |
{
"fsGroup": 10001,
"runAsGroup": 10001,
"runAsNonRoot": true,
"runAsUser": 10001
}
|
| enterprise.tokengen | object | Configuration for `tokengen` target |
{
"annotations": {},
"enabled": true,
"env": [],
"extraArgs": [],
"extraEnvFrom": [],
"extraVolumeMounts": [],
"extraVolumes": [],
"labels": {},
"priorityClassName": "",
"securityContext": {
"fsGroup": 10001,
"runAsGroup": 10001,
"runAsNonRoot": true,
"runAsUser": 10001
},
"targetModule": "tokengen",
"tolerations": []
}
|
| enterprise.tokengen.annotations | object | Additional annotations for the `tokengen` Job |
{}
|
| enterprise.tokengen.enabled | bool | Whether the job should be part of the deployment |
true
|
| enterprise.tokengen.env | list | Additional Kubernetes environment |
[]
|
| enterprise.tokengen.extraArgs | list | Additional CLI arguments for the `tokengen` target |
[]
|
| enterprise.tokengen.extraEnvFrom | list | Environment variables from secrets or configmaps to add to the tokengen pods |
[]
|
| enterprise.tokengen.extraVolumeMounts | list | Additional volume mounts for Pods |
[]
|
| enterprise.tokengen.extraVolumes | list | Additional volumes for Pods |
[]
|
| enterprise.tokengen.labels | object | Additional labels for the `tokengen` Job |
{}
|
| enterprise.tokengen.priorityClassName | string | The name of the PriorityClass for tokengen Pods |
""
|
| enterprise.tokengen.securityContext | object | Run containers as user `enterprise-logs(uid=10001)` |
{
"fsGroup": 10001,
"runAsGroup": 10001,
"runAsNonRoot": true,
"runAsUser": 10001
}
|
| enterprise.tokengen.targetModule | string | Comma-separated list of Loki modules to load for tokengen |
"tokengen"
|
| enterprise.tokengen.tolerations | list | Tolerations for tokengen Job |
[]
|
| enterprise.useExternalLicense | bool | Set to true when providing an external license |
false
|
| enterprise.version | string |
"v1.6.2"
| |
| extraObjects | list |
[]
| |
| fullnameOverride | string | Overrides the chart's computed fullname |
null
|
| gateway.affinity | string | Affinity for gateway pods. Passed through `tpl` and, thus, to be configured as string | Hard node and soft zone anti-affinity |
| gateway.autoscaling.enabled | bool | Enable autoscaling for the gateway |
false
|
| gateway.autoscaling.maxReplicas | int | Maximum autoscaling replicas for the gateway |
3
|
| gateway.autoscaling.minReplicas | int | Minimum autoscaling replicas for the gateway |
1
|
| gateway.autoscaling.targetCPUUtilizationPercentage | int | Target CPU utilisation percentage for the gateway |
60
|
| gateway.autoscaling.targetMemoryUtilizationPercentage | string | Target memory utilisation percentage for the gateway |
null
|
| gateway.basicAuth.enabled | bool | Enables basic authentication for the gateway |
false
|
| gateway.basicAuth.existingSecret | string | Existing basic auth secret to use. Must contain '.htpasswd' |
null
|
| gateway.basicAuth.htpasswd | string | Uses the specified users from the `loki.tenants` list to create the htpasswd file if `loki.tenants` is not set, the `gateway.basicAuth.username` and `gateway.basicAuth.password` are used The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes high CPU load. |
"{{ if .Values.loki.tenants }}\n\n {{- range $t := .Values.loki.tenants }}\n{{ htpasswd (required \"All tenants must have a 'name' set\" $t.name) (required \"All tenants must have a 'password' set\" $t.password) }}\n\n {{- end }}\n{{ else }} {{ htpasswd (required \"'gateway.basicAuth.username' is required\" .Values.gateway.basicAuth.username) (required \"'gateway.basicAuth.password' is required\" .Values.gateway.basicAuth.password) }} {{ end }}"
|
| gateway.basicAuth.password | string | The basic auth password for the gateway |
null
|
| gateway.basicAuth.username | string | The basic auth username for the gateway |
null
|
| gateway.containerSecurityContext | object | The SecurityContext for gateway containers |
{
"allowPrivilegeEscalation": false,
"capabilities": {
"drop": [
"ALL"
]
},
"readOnlyRootFilesystem": true
}
|
| gateway.deploymentStrategy | object | ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy |
{
"type": "RollingUpdate"
}
|
| gateway.enabled | bool | Specifies whether the gateway should be enabled |
true
|
| gateway.extraArgs | list | Additional CLI args for the gateway |
[]
|
| gateway.extraEnv | list | Environment variables to add to the gateway pods |
[]
|
| gateway.extraEnvFrom | list | Environment variables from secrets or configmaps to add to the gateway pods |
[]
|
| gateway.extraVolumeMounts | list | Volume mounts to add to the gateway pods |
[]
|
| gateway.extraVolumes | list | Volumes to add to the gateway pods |
[]
|
| gateway.image.pullPolicy | string | The gateway image pull policy |
"IfNotPresent"
|
| gateway.image.registry | string | The Docker registry for the gateway image |
"docker.io"
|
| gateway.image.repository | string | The gateway image repository |
"nginxinc/nginx-unprivileged"
|
| gateway.image.tag | string | The gateway image tag |
"1.19-alpine"
|
| gateway.ingress.annotations | object | Annotations for the gateway ingress |
{}
|
| gateway.ingress.enabled | bool | Specifies whether an ingress for the gateway should be created |
false
|
| gateway.ingress.hosts | list | Hosts configuration for the gateway ingress |
[
{
"host": "gateway.loki.example.com",
"paths": [
{
"path": "/"
}
]
}
]
|
| gateway.ingress.ingressClassName | string | Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 |
""
|
| gateway.ingress.tls | list | TLS configuration for the gateway ingress |
[
{
"hosts": [
"gateway.loki.example.com"
],
"secretName": "loki-gateway-tls"
}
]
|
| gateway.lifecycle | object | Lifecycle for the gateway container |
{}
|
| gateway.nginxConfig.customBackendUrl | string | Override Backend URL |
null
|
| gateway.nginxConfig.customReadUrl | string | Override Read URL |
null
|
| gateway.nginxConfig.customWriteUrl | string | Override Write URL |
null
|
| gateway.nginxConfig.file | string | Config file contents for Nginx. Passed through the `tpl` function to allow templating | See values.yaml |
| gateway.nginxConfig.httpSnippet | string | Allows appending custom configuration to the http block, passed through the `tpl` function to allow templating |
"{{ if .Values.loki.tenants }}proxy_set_header X-Scope-OrgID $remote_user;{{ end }}"
|
| gateway.nginxConfig.logFormat | string | NGINX log format |
"main '$remote_addr - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';"
|
| gateway.nginxConfig.serverSnippet | string | Allows appending custom configuration to the server block |
""
|
| gateway.nodeSelector | object | Node selector for gateway pods |
{}
|
| gateway.podAnnotations | object | Annotations for gateway pods |
{}
|
| gateway.podLabels | object | Additional labels for gateway pods |
{}
|
| gateway.podSecurityContext | object | The SecurityContext for gateway containers |
{
"fsGroup": 101,
"runAsGroup": 101,
"runAsNonRoot": true,
"runAsUser": 101
}
|
| gateway.priorityClassName | string | The name of the PriorityClass for gateway pods |
null
|
| gateway.readinessProbe.httpGet.path | string |
"/"
| |
| gateway.readinessProbe.httpGet.port | string |
"http"
| |
| gateway.readinessProbe.initialDelaySeconds | int |
15
| |
| gateway.readinessProbe.timeoutSeconds | int |
1
| |
| gateway.replicas | int | Number of replicas for the gateway |
1
|
| gateway.resources | object | Resource requests and limits for the gateway |
{}
|
| gateway.service.annotations | object | Annotations for the gateway service |
{}
|
| gateway.service.clusterIP | string | ClusterIP of the gateway service |
null
|
| gateway.service.labels | object | Labels for gateway service |
{}
|
| gateway.service.loadBalancerIP | string | Load balancer IPO address if service type is LoadBalancer |
null
|
| gateway.service.nodePort | int | Node port if service type is NodePort |
null
|
| gateway.service.port | int | Port of the gateway service |
80
|
| gateway.service.type | string | Type of the gateway service |
"ClusterIP"
|
| gateway.terminationGracePeriodSeconds | int | Grace period to allow the gateway to shutdown before it is killed |
30
|
| gateway.tolerations | list | Tolerations for gateway pods |
[]
|
| gateway.verboseLogging | bool | Enable logging of 2xx and 3xx HTTP requests |
true
|
| global.clusterDomain | string | configures cluster domain ("cluster.local" by default) |
"cluster.local"
|
| global.dnsNamespace | string | configures DNS service namespace |
"kube-system"
|
| global.dnsService | string | configures DNS service name |
"kube-dns"
|
| global.image.registry | string | Overrides the Docker registry globally for all images |
null
|
| global.priorityClassName | string | Overrides the priorityClassName for all pods |
null
|
| imagePullSecrets | list | Image pull secrets for Docker images |
[]
|
| ingress.annotations | object |
{}
| |
| ingress.enabled | bool |
false
| |
| ingress.hosts[0] | string |
"loki.example.com"
| |
| ingress.ingressClassName | string |
""
| |
| ingress.paths.read[0] | string |
"/api/prom/tail"
| |
| ingress.paths.read[1] | string |
"/loki/api/v1/tail"
| |
| ingress.paths.read[2] | string |
"/loki/api"
| |
| ingress.paths.read[3] | string |
"/api/prom/rules"
| |
| ingress.paths.read[4] | string |
"/loki/api/v1/rules"
| |
| ingress.paths.read[5] | string |
"/prometheus/api/v1/rules"
| |
| ingress.paths.read[6] | string |
"/prometheus/api/v1/alerts"
| |
| ingress.paths.singleBinary[0] | string |
"/api/prom/push"
| |
| ingress.paths.singleBinary[1] | string |
"/loki/api/v1/push"
| |
| ingress.paths.singleBinary[2] | string |
"/api/prom/tail"
| |
| ingress.paths.singleBinary[3] | string |
"/loki/api/v1/tail"
| |
| ingress.paths.singleBinary[4] | string |
"/loki/api"
| |
| ingress.paths.singleBinary[5] | string |
"/api/prom/rules"
| |
| ingress.paths.singleBinary[6] | string |
"/loki/api/v1/rules"
| |
| ingress.paths.singleBinary[7] | string |
"/prometheus/api/v1/rules"
| |
| ingress.paths.singleBinary[8] | string |
"/prometheus/api/v1/alerts"
| |
| ingress.paths.write[0] | string |
"/api/prom/push"
| |
| ingress.paths.write[1] | string |
"/loki/api/v1/push"
| |
| ingress.tls | list |
[]
| |
| kubectlImage.pullPolicy | string | Docker image pull policy |
"IfNotPresent"
|
| kubectlImage.registry | string | The Docker registry |
"docker.io"
|
| kubectlImage.repository | string | Docker image repository |
"bitnami/kubectl"
|
| kubectlImage.tag | string | Overrides the image tag whose default is the chart's appVersion |
null
|
| loki.analytics | object | Optional analytics configuration |
{}
|
| loki.auth_enabled | bool |
true
| |
| loki.commonConfig | object | Check https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration |
{
"compactor_address": "{{ include \"loki.compactorAddress\" . }}",
"path_prefix": "/var/loki",
"replication_factor": 3
}
|
| loki.compactor | object | Optional compactor configuration |
{}
|
| loki.config | string | Config file contents for Loki | See values.yaml |
| loki.containerSecurityContext | object | The SecurityContext for Loki containers |
{
"allowPrivilegeEscalation": false,
"capabilities": {
"drop": [
"ALL"
]
},
"readOnlyRootFilesystem": true
}
|
| loki.enableServiceLinks | bool | Should enableServiceLinks be enabled. Default to enable |
true
|
| loki.existingSecretForConfig | string | Specify an existing secret containing loki configuration. If non-empty, overrides `loki.config` |
""
|
| loki.image.pullPolicy | string | Docker image pull policy |
"IfNotPresent"
|
| loki.image.registry | string | The Docker registry |
"docker.io"
|
| loki.image.repository | string | Docker image repository |
"grafana/loki"
|
| loki.image.tag | string | Overrides the image tag whose default is the chart's appVersion TODO: needed for 3rd target backend functionality revert to null or latest once this behavior is relased |
null
|
| loki.ingester | object | Optional ingester configuration |
{}
|
| loki.limits_config | object | Limits config |
{
"enforce_metric_name": false,
"max_cache_freshness_per_query": "10m",
"reject_old_samples": true,
"reject_old_samples_max_age": "168h",
"split_queries_by_interval": "15m"
}
|
| loki.memcached | object | Configure memcached as an external cache for chunk and results cache. Disabled by default must enable and specify a host for each cache you would like to use. |
{
"chunk_cache": {
"batch_size": 256,
"enabled": false,
"host": "",
"parallelism": 10,
"service": "memcached-client"
},
"results_cache": {
"default_validity": "12h",
"enabled": false,
"host": "",
"service": "memcached-client",
"timeout": "500ms"
}
}
|
| loki.podAnnotations | object | Common annotations for all pods |
{}
|
| loki.podLabels | object | Common labels for all pods |
{}
|
| loki.podSecurityContext | object | The SecurityContext for Loki pods |
{
"fsGroup": 10001,
"runAsGroup": 10001,
"runAsNonRoot": true,
"runAsUser": 10001
}
|
| loki.querier | object | Optional querier configuration |
{}
|
| loki.query_scheduler | object | Additional query scheduler config |
{}
|
| loki.readinessProbe.httpGet.path | string |
"/ready"
| |
| loki.readinessProbe.httpGet.port | string |
"http-metrics"
| |
| loki.readinessProbe.initialDelaySeconds | int |
30
| |
| loki.readinessProbe.timeoutSeconds | int |
1
| |
| loki.revisionHistoryLimit | int | The number of old ReplicaSets to retain to allow rollback |
10
|
| loki.rulerConfig | object | Check https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler |
{}
|
| loki.runtimeConfig | object | Provides a reloadable runtime configuration file for some specific configuration |
{}
|
| loki.schemaConfig | object | Check https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas |
{}
|
| loki.server | object | Check https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration. |
{
"grpc_listen_port": 9095,
"http_listen_port": 3100
}
|
| loki.storage | object | Storage config. Providing this will automatically populate all necessary storage configs in the templated config. |
{
"azure": {
"accountKey": null,
"accountName": null,
"requestTimeout": null,
"useManagedIdentity": false,
"userAssignedId": null
},
"bucketNames": {
"admin": "admin",
"chunks": "chunks",
"ruler": "ruler"
},
"filesystem": {
"chunks_directory": "/var/loki/chunks",
"rules_directory": "/var/loki/rules"
},
"gcs": {
"chunkBufferSize": 0,
"enableHttp2": true,
"requestTimeout": "0s"
},
"s3": {
"accessKeyId": null,
"endpoint": null,
"http_config": {},
"insecure": false,
"region": null,
"s3": null,
"s3ForcePathStyle": false,
"secretAccessKey": null
},
"type": "s3"
}
|
| loki.storage_config | object | Additional storage config |
{
"hedging": {
"at": "250ms",
"max_per_second": 20,
"up_to": 3
}
}
|
| loki.structuredConfig | object | Structured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig` |
{}
|
| loki.tenants | list | Tenants list to be created on nginx htpasswd file, with name and password keys |
[]
|
| memberlist.service.publishNotReadyAddresses | bool |
false
| |
| migrate | object | Options that may be necessary when performing a migration from another helm chart |
{
"fromDistributed": {
"enabled": false,
"memberlistService": ""
}
}
|
| migrate.fromDistributed | object | When migrating from a distributed chart like loki-distributed or enterprise-logs |
{
"enabled": false,
"memberlistService": ""
}
|
| migrate.fromDistributed.enabled | bool | Set to true if migrating from a distributed helm chart |
false
|
| migrate.fromDistributed.memberlistService | string | If migrating from a distributed service, provide the distributed deployment's memberlist service DNS so the new deployment can join it's ring. |
""
|
| minio | object | ----------------------------------- |
{
"buckets": [
{
"name": "chunks",
"policy": "none",
"purge": false
},
{
"name": "ruler",
"policy": "none",
"purge": false
},
{
"name": "admin",
"policy": "none",
"purge": false
}
],
"drivesPerNode": 2,
"enabled": false,
"persistence": {
"size": "5Gi"
},
"replicas": 1,
"resources": {
"requests": {
"cpu": "100m",
"memory": "128Mi"
}
},
"rootPassword": "supersecret",
"rootUser": "enterprise-logs"
}
|
| monitoring.dashboards.annotations | object | Additional annotations for the dashboards ConfigMap |
{}
|
| monitoring.dashboards.enabled | bool | If enabled, create configmap with dashboards for monitoring Loki |
true
|
| monitoring.dashboards.labels | object | Labels for the dashboards ConfigMap |
{
"grafana_dashboard": "1"
}
|
| monitoring.dashboards.namespace | string | Alternative namespace to create dashboards ConfigMap in |
null
|
| monitoring.lokiCanary.annotations | object | Additional annotations for the `loki-canary` Daemonset |
{}
|
| monitoring.lokiCanary.enabled | bool |
true
| |
| monitoring.lokiCanary.extraArgs | list | Additional CLI arguments for the `loki-canary' command |
[]
|
| monitoring.lokiCanary.extraEnv | list | Environment variables to add to the canary pods |
[]
|
| monitoring.lokiCanary.extraEnvFrom | list | Environment variables from secrets or configmaps to add to the canary pods |
[]
|
| monitoring.lokiCanary.image | object | Image to use for loki canary |
{
"pullPolicy": "IfNotPresent",
"registry": "docker.io",
"repository": "grafana/loki-canary",
"tag": null
}
|
| monitoring.lokiCanary.image.pullPolicy | string | Docker image pull policy |
"IfNotPresent"
|
| monitoring.lokiCanary.image.registry | string | The Docker registry |
"docker.io"
|
| monitoring.lokiCanary.image.repository | string | Docker image repository |
"grafana/loki-canary"
|
| monitoring.lokiCanary.image.tag | string | Overrides the image tag whose default is the chart's appVersion |
null
|
| monitoring.lokiCanary.nodeSelector | object | Node selector for canary pods |
{}
|
| monitoring.lokiCanary.resources | object | Resource requests and limits for the canary |
{}
|
| monitoring.lokiCanary.tolerations | list | Tolerations for canary pods |
[]
|
| monitoring.rules.additionalGroups | list | Additional groups to add to the rules file |
[]
|
| monitoring.rules.alerting | bool | Include alerting rules |
true
|
| monitoring.rules.annotations | object | Additional annotations for the rules PrometheusRule resource |
{}
|
| monitoring.rules.enabled | bool | If enabled, create PrometheusRule resource with Loki recording rules |
true
|
| monitoring.rules.labels | object | Additional labels for the rules PrometheusRule resource |
{}
|
| monitoring.rules.namespace | string | Alternative namespace to create PrometheusRule resources in |
null
|
| monitoring.selfMonitoring.enabled | bool |
true
| |
| monitoring.selfMonitoring.grafanaAgent.annotations | object | Grafana Agent annotations |
{}
|
| monitoring.selfMonitoring.grafanaAgent.enableConfigReadAPI | bool | Enable the config read api on port 8080 of the agent |
false
|
| monitoring.selfMonitoring.grafanaAgent.installOperator | bool | Controls whether to install the Grafana Agent Operator and its CRDs. Note that helm will not install CRDs if this flag is enabled during an upgrade. In that case install the CRDs manually from https://github.com/grafana/agent/tree/main/production/operator/crds |
true
|
| monitoring.selfMonitoring.grafanaAgent.labels | object | Additional Grafana Agent labels |
{}
|
| monitoring.selfMonitoring.logsInstance.annotations | object | LogsInstance annotations |
{}
|
| monitoring.selfMonitoring.logsInstance.clients | string | Additional clients for remote write |
null
|
| monitoring.selfMonitoring.logsInstance.labels | object | Additional LogsInstance labels |
{}
|
| monitoring.selfMonitoring.podLogs.annotations | object | PodLogs annotations |
{}
|
| monitoring.selfMonitoring.podLogs.labels | object | Additional PodLogs labels |
{}
|
| monitoring.selfMonitoring.podLogs.relabelings | list | PodLogs relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig |
[]
|
| monitoring.selfMonitoring.tenant | object | Tenant to use for self monitoring |
{
"name": "self-monitoring",
"secretNamespace": "{{ .Release.Namespace }}"
}
|
| monitoring.selfMonitoring.tenant.name | string | Name of the tenant |
"self-monitoring"
|
| monitoring.selfMonitoring.tenant.secretNamespace | string | Namespace to create additional tenant token secret in. Useful if your Grafana instance is in a separate namespace. Token will still be created in the canary namespace. |
"{{ .Release.Namespace }}"
|
| monitoring.serviceMonitor.annotations | object | ServiceMonitor annotations |
{}
|
| monitoring.serviceMonitor.enabled | bool | If enabled, ServiceMonitor resources for Prometheus Operator are created |
true
|
| monitoring.serviceMonitor.interval | string | ServiceMonitor scrape interval Default is 15s because included recording rules use a 1m rate, and scrape interval needs to be at least 1/4 rate interval. |
"15s"
|
| monitoring.serviceMonitor.labels | object | Additional ServiceMonitor labels |
{}
|
| monitoring.serviceMonitor.metricsInstance | object | If defined, will create a MetricsInstance for the Grafana Agent Operator. |
{
"annotations": {},
"enabled": true,
"labels": {},
"remoteWrite": null
}
|
| monitoring.serviceMonitor.metricsInstance.annotations | object | MetricsInstance annotations |
{}
|
| monitoring.serviceMonitor.metricsInstance.enabled | bool | If enabled, MetricsInstance resources for Grafana Agent Operator are created |
true
|
| monitoring.serviceMonitor.metricsInstance.labels | object | Additional MetricsInstance labels |
{}
|
| monitoring.serviceMonitor.metricsInstance.remoteWrite | string | If defined a MetricsInstance will be created to remote write metrics. |
null
|
| monitoring.serviceMonitor.namespaceSelector | object | Namespace selector for ServiceMonitor resources |
{}
|
| monitoring.serviceMonitor.relabelings | list | ServiceMonitor relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig |
[]
|
| monitoring.serviceMonitor.scheme | string | ServiceMonitor will use http by default, but you can pick https as well |
"http"
|
| monitoring.serviceMonitor.scrapeTimeout | string | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) |
null
|
| monitoring.serviceMonitor.tlsConfig | string | ServiceMonitor will use these tlsConfig settings to make the health check requests |
null
|
| nameOverride | string | Overrides the chart's name |
null
|
| networkPolicy.alertmanager.namespaceSelector | object | Specifies the namespace the alertmanager is running in |
{}
|
| networkPolicy.alertmanager.podSelector | object | Specifies the alertmanager Pods. As this is cross-namespace communication, you also need the namespaceSelector. |
{}
|
| networkPolicy.alertmanager.port | int | Specify the alertmanager port used for alerting |
9093
|
| networkPolicy.discovery.namespaceSelector | object | Specifies the namespace the discovery Pods are running in |
{}
|
| networkPolicy.discovery.podSelector | object | Specifies the Pods labels used for discovery. As this is cross-namespace communication, you also need the namespaceSelector. |
{}
|
| networkPolicy.discovery.port | int | Specify the port used for discovery |
null
|
| networkPolicy.enabled | bool | Specifies whether Network Policies should be created |
false
|
| networkPolicy.externalStorage.cidrs | list | Specifies specific network CIDRs you want to limit access to |
[]
|
| networkPolicy.externalStorage.ports | list | Specify the port used for external storage, e.g. AWS S3 |
[]
|
| networkPolicy.ingress.namespaceSelector | object | Specifies the namespaces which are allowed to access the http port |
{}
|
| networkPolicy.ingress.podSelector | object | Specifies the Pods which are allowed to access the http port. As this is cross-namespace communication, you also need the namespaceSelector. |
{}
|
| networkPolicy.metrics.cidrs | list | Specifies specific network CIDRs which are allowed to access the metrics port. In case you use namespaceSelector, you also have to specify your kubelet networks here. The metrics ports are also used for probes. |
[]
|
| networkPolicy.metrics.namespaceSelector | object | Specifies the namespaces which are allowed to access the metrics port |
{}
|
| networkPolicy.metrics.podSelector | object | Specifies the Pods which are allowed to access the metrics port. As this is cross-namespace communication, you also need the namespaceSelector. |
{}
|
| rbac.pspEnabled | bool | If pspEnabled true, a PodSecurityPolicy is created for K8s that use psp. |
false
|
| rbac.sccEnabled | bool | For OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints. |
false
|
| read.affinity | string | Affinity for read pods. Passed through `tpl` and, thus, to be configured as string | Hard node and soft zone anti-affinity |
| read.autoscaling.enabled | bool | Enable autoscaling for the read, this is only used if `queryIndex.enabled: true` |
false
|
| read.autoscaling.maxReplicas | int | Maximum autoscaling replicas for the read |
3
|
| read.autoscaling.minReplicas | int | Minimum autoscaling replicas for the read |
1
|
| read.autoscaling.targetCPUUtilizationPercentage | int | Target CPU utilisation percentage for the read |
60
|
| read.autoscaling.targetMemoryUtilizationPercentage | string | Target memory utilisation percentage for the read |
null
|
| read.extraArgs | list | Additional CLI args for the read |
[]
|
| read.extraEnv | list | Environment variables to add to the read pods |
[]
|
| read.extraEnvFrom | list | Environment variables from secrets or configmaps to add to the read pods |
[]
|
| read.extraVolumeMounts | list | Volume mounts to add to the read pods |
[]
|
| read.extraVolumes | list | Volumes to add to the read pods |
[]
|
| read.image.registry | string | The Docker registry for the read image. Overrides `loki.image.registry` |
null
|
| read.image.repository | string | Docker image repository for the read image. Overrides `loki.image.repository` |
null
|
| read.image.tag | string | Docker image tag for the read image. Overrides `loki.image.tag` |
null
|
| read.legacyReadTarget | bool | Whether or not to use the 2 target type simple scalable mode (read, write) or the 3 target type (read, write, backend). Legacy refers to the 2 target type, so true will run two targets, false will run 3 targets. |
true
|
| read.lifecycle | object | Lifecycle for the read container |
{}
|
| read.nodeSelector | object | Node selector for read pods |
{}
|
| read.persistence.enableStatefulSetAutoDeletePVC | bool | Enable StatefulSetAutoDeletePVC feature |
true
|
| read.persistence.selector | string | Selector for persistent disk |
null
|
| read.persistence.size | string | Size of persistent disk |
"10Gi"
|
| read.persistence.storageClass | string | Storage class to be used. If defined, storageClassName: |
null
|
| read.podAnnotations | object | Annotations for read pods |
{}
|
| read.podLabels | object | Additional labels for each `read` pod |
{}
|
| read.priorityClassName | string | The name of the PriorityClass for read pods |
null
|
| read.replicas | int | Number of replicas for the read |
3
|
| read.resources | object | Resource requests and limits for the read |
{}
|
| read.selectorLabels | object | Additional selector labels for each `read` pod |
{}
|
| read.serviceLabels | object | Labels for read service |
{}
|
| read.targetModule | string | Comma-separated list of Loki modules to load for the read |
"read"
|
| read.terminationGracePeriodSeconds | int | Grace period to allow the read to shutdown before it is killed |
30
|
| read.tolerations | list | Tolerations for read pods |
[]
|
| serviceAccount.annotations | object | Annotations for the service account |
{}
|
| serviceAccount.automountServiceAccountToken | bool | Set this toggle to false to opt out of automounting API credentials for the service account |
true
|
| serviceAccount.create | bool | Specifies whether a ServiceAccount should be created |
true
|
| serviceAccount.imagePullSecrets | list | Image pull secrets for the service account |
[]
|
| serviceAccount.labels | object | Labels for the service account |
{}
|
| serviceAccount.name | string | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template |
null
|
| singleBinary.affinity | string | Affinity for single binary pods. Passed through `tpl` and, thus, to be configured as string | Hard node and soft zone anti-affinity |
| singleBinary.autoscaling.enabled | bool | Enable autoscaling, this is only used if `queryIndex.enabled: true` |
false
|
| singleBinary.autoscaling.maxReplicas | int | Maximum autoscaling replicas for the single binary |
3
|
| singleBinary.autoscaling.minReplicas | int | Minimum autoscaling replicas for the single binary |
1
|
| singleBinary.autoscaling.targetCPUUtilizationPercentage | int | Target CPU utilisation percentage for the single binary |
60
|
| singleBinary.autoscaling.targetMemoryUtilizationPercentage | string | Target memory utilisation percentage for the single binary |
null
|
| singleBinary.extraArgs | list | Labels for single binary service |
[]
|
| singleBinary.extraEnv | list | Environment variables to add to the single binary pods |
[]
|
| singleBinary.extraEnvFrom | list | Environment variables from secrets or configmaps to add to the single binary pods |
[]
|
| singleBinary.extraVolumeMounts | list | Volume mounts to add to the single binary pods |
[]
|
| singleBinary.extraVolumes | list | Volumes to add to the single binary pods |
[]
|
| singleBinary.image.registry | string | The Docker registry for the single binary image. Overrides `loki.image.registry` |
null
|
| singleBinary.image.repository | string | Docker image repository for the single binary image. Overrides `loki.image.repository` |
null
|
| singleBinary.image.tag | string | Docker image tag for the single binary image. Overrides `loki.image.tag` |
null
|
| singleBinary.initContainers | list | Init containers to add to the single binary pods |
[]
|
| singleBinary.nodeSelector | object | Node selector for single binary pods |
{}
|
| singleBinary.persistence.enableStatefulSetAutoDeletePVC | bool | Enable StatefulSetAutoDeletePVC feature |
true
|
| singleBinary.persistence.enabled | bool | Enable persistent disk |
true
|
| singleBinary.persistence.selector | string | Selector for persistent disk |
null
|
| singleBinary.persistence.size | string | Size of persistent disk |
"10Gi"
|
| singleBinary.persistence.storageClass | string | Storage class to be used. If defined, storageClassName: |
null
|
| singleBinary.podAnnotations | object | Annotations for single binary pods |
{}
|
| singleBinary.podLabels | object | Additional labels for each `single binary` pod |
{}
|
| singleBinary.priorityClassName | string | The name of the PriorityClass for single binary pods |
null
|
| singleBinary.replicas | int | Number of replicas for the single binary |
0
|
| singleBinary.resources | object | Resource requests and limits for the single binary |
{}
|
| singleBinary.selectorLabels | object | Additional selector labels for each `single binary` pod |
{}
|
| singleBinary.targetModule | string | Comma-separated list of Loki modules to load for the single binary |
"all"
|
| singleBinary.terminationGracePeriodSeconds | int | Grace period to allow the single binary to shutdown before it is killed |
30
|
| singleBinary.tolerations | list | Tolerations for single binary pods |
[]
|
| tableManager.affinity | string | Affinity for table-manager pods. Passed through `tpl` and, thus, to be configured as string | Hard node and soft zone anti-affinity |
| tableManager.command | string | Command to execute instead of defined in Docker image |
null
|
| tableManager.enabled | bool | Specifies whether the table-manager should be enabled |
false
|
| tableManager.extraArgs | list | Additional CLI args for the table-manager |
[]
|
| tableManager.extraContainers | list | Containers to add to the table-manager pods |
[]
|
| tableManager.extraEnv | list | Environment variables to add to the table-manager pods |
[]
|
| tableManager.extraEnvFrom | list | Environment variables from secrets or configmaps to add to the table-manager pods |
[]
|
| tableManager.extraVolumeMounts | list | Volume mounts to add to the table-manager pods |
[]
|
| tableManager.extraVolumes | list | Volumes to add to the table-manager pods |
[]
|
| tableManager.image.registry | string | The Docker registry for the table-manager image. Overrides `loki.image.registry` |
null
|
| tableManager.image.repository | string | Docker image repository for the table-manager image. Overrides `loki.image.repository` |
null
|
| tableManager.image.tag | string | Docker image tag for the table-manager image. Overrides `loki.image.tag` |
null
|
| tableManager.nodeSelector | object | Node selector for table-manager pods |
{}
|
| tableManager.podAnnotations | object | Annotations for table-manager pods |
{}
|
| tableManager.podLabels | object | Labels for table-manager pods |
{}
|
| tableManager.priorityClassName | string | The name of the PriorityClass for table-manager pods |
null
|
| tableManager.resources | object | Resource requests and limits for the table-manager |
{}
|
| tableManager.serviceLabels | object | Labels for table-manager service |
{}
|
| tableManager.terminationGracePeriodSeconds | int | Grace period to allow the table-manager to shutdown before it is killed |
30
|
| tableManager.tolerations | list | Tolerations for table-manager pods |
[]
|
| test | object | Section for configuring optional Helm test |
{
"annotations": {},
"enabled": true,
"image": {
"pullPolicy": "IfNotPresent",
"registry": "docker.io",
"repository": "grafana/loki-helm-test",
"tag": null
},
"labels": {},
"prometheusAddress": "http://prometheus:9090",
"timeout": "1m"
}
|
| test.annotations | object | Additional annotations for test pods |
{}
|
| test.image | object | Image to use for loki canary |
{
"pullPolicy": "IfNotPresent",
"registry": "docker.io",
"repository": "grafana/loki-helm-test",
"tag": null
}
|
| test.image.pullPolicy | string | Docker image pull policy |
"IfNotPresent"
|
| test.image.registry | string | The Docker registry |
"docker.io"
|
| test.image.repository | string | Docker image repository |
"grafana/loki-helm-test"
|
| test.image.tag | string | Overrides the image tag whose default is the chart's appVersion |
null
|
| test.labels | object | Additional labels for the test pods |
{}
|
| test.prometheusAddress | string | Address of the prometheus server to query for the test |
"http://prometheus:9090"
|
| test.timeout | string | Number of times to retry the test before failing |
"1m"
|
| tracing.jaegerAgentHost | string |
""
| |
| write.affinity | string | Affinity for write pods. Passed through `tpl` and, thus, to be configured as string | Hard node and soft zone anti-affinity |
| write.extraArgs | list | Additional CLI args for the write |
[]
|
| write.extraEnv | list | Environment variables to add to the write pods |
[]
|
| write.extraEnvFrom | list | Environment variables from secrets or configmaps to add to the write pods |
[]
|
| write.extraVolumeMounts | list | Volume mounts to add to the write pods |
[]
|
| write.extraVolumes | list | Volumes to add to the write pods |
[]
|
| write.image.registry | string | The Docker registry for the write image. Overrides `loki.image.registry` |
null
|
| write.image.repository | string | Docker image repository for the write image. Overrides `loki.image.repository` |
null
|
| write.image.tag | string | Docker image tag for the write image. Overrides `loki.image.tag` |
null
|
| write.initContainers | list | Init containers to add to the write pods |
[]
|
| write.lifecycle | object | Lifecycle for the write container |
{}
|
| write.nodeSelector | object | Node selector for write pods |
{}
|
| write.persistence.enableStatefulSetAutoDeletePVC | bool | Enable StatefulSetAutoDeletePVC feature |
false
|
| write.persistence.selector | string | Selector for persistent disk |
null
|
| write.persistence.size | string | Size of persistent disk |
"10Gi"
|
| write.persistence.storageClass | string | Storage class to be used. If defined, storageClassName: |
null
|
| write.podAnnotations | object | Annotations for write pods |
{}
|
| write.podLabels | object | Additional labels for each `write` pod |
{}
|
| write.priorityClassName | string | The name of the PriorityClass for write pods |
null
|
| write.replicas | int | Number of replicas for the write |
3
|
| write.resources | object | Resource requests and limits for the write |
{}
|
| write.selectorLabels | object | Additional selector labels for each `write` pod |
{}
|
| write.serviceLabels | object | Labels for ingester service |
{}
|
| write.targetModule | string | Comma-separated list of Loki modules to load for the write |
"write"
|
| write.terminationGracePeriodSeconds | int | Grace period to allow the write to shutdown before it is killed. Especially for the ingester, this must be increased. It must be long enough so writes can be gracefully shutdown flushing/transferring all data and to successfully leave the member ring on shutdown. |
300
|
| write.tolerations | list | Tolerations for write pods |
[]
|
Was this page helpful?
Related resources from Grafana Labs
7 Jan
Getting started with logging and Grafana Loki
See a demo of the updated features in Loki, and how to create metrics from logs and alert on your logs with powerful Prometheus-style alerting rules.
60 min
Essential Grafana Loki configuration settings
This webinar focuses on Grafana Loki configuration including agents Promtail and Docker; the Loki server; and Loki storage for popular backends.
60 min
Scaling and securing your logs with Grafana Loki
This webinar covers the challenges of scaling and securing logs, and how Grafana Enterprise Logs powered by Grafana Loki can help, cost-effectively.