InstallationInstall Grafana Loki with HelmHelm Chart Values

Helm Chart Values

This is the generade reference for the Loki Helm Chart values.

KeyTypeDescriptionDefault
enterprise.adminApiobjectIf enabled, the correct admin_client storage will be configured. If disabled while running enterprise, make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`.
{
  "enabled": true
}
enterprise.adminTokenSecretstringAlternative name for admin token secret, needed by tokengen and provisioner jobs
null
enterprise.canarySecretstringAlternative name of the secret to store token for the canary
null
enterprise.cluster_namestringOptional name of the GEL cluster, otherwise will use .Release.Name The cluster name must match what is in your GEL license
null
enterprise.configstring
"{{- if .Values.enterprise.adminApi.enabled }}\n{{- if or .Values.minio.enabled (eq .Values.loki.storage.type \"s3\") (eq .Values.loki.storage.type \"gcs\") }}\nadmin_client:\n  storage:\n    s3:\n      bucket_name: {{ .Values.loki.storage.bucketNames.admin }}\n{{- end }}\n{{- end }}\nauth:\n  type: {{ .Values.enterprise.adminApi.enabled | ternary \"enterprise\" \"trust\" }}\nauth_enabled: {{ .Values.loki.auth_enabled }}\ncluster_name: {{ include \"loki.clusterName\" . }}\nlicense:\n  path: /etc/loki/license/license.jwt\n"
enterprise.enabledbool
false
enterprise.externalLicenseNamestringName of external licesne secret to use
null
enterprise.image.pullPolicystringDocker image pull policy
"IfNotPresent"
enterprise.image.registrystringThe Docker registry
"docker.io"
enterprise.image.repositorystringDocker image repository
"grafana/enterprise-logs"
enterprise.image.tagstringOverrides the image tag whose default is the chart's appVersion
"v1.4.0"
enterprise.licenseobjectGrafana Enterprise Logs license In order to use Grafana Enterprise Logs features, you will need to provide the contents of your Grafana Enterprise Logs license, either by providing the contents of the license.jwt, or the name Kubernetes Secret that contains your license.jwt. To set the license contents, use the flag `--set-file 'license.contents=./license.jwt'`
{
  "contents": "NOTAVALIDLICENSE"
}
enterprise.nginxConfig.filestring
"worker_processes  5;  ## Default: 1\nerror_log  /dev/stderr;\npid        /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n  worker_connections  4096;  ## Default: 1024\n}\n\nhttp {\n  client_body_temp_path /tmp/client_temp;\n  proxy_temp_path       /tmp/proxy_temp_path;\n  fastcgi_temp_path     /tmp/fastcgi_temp;\n  uwsgi_temp_path       /tmp/uwsgi_temp;\n  scgi_temp_path        /tmp/scgi_temp;\n\n  proxy_http_version    1.1;\n\n  default_type application/octet-stream;\n  log_format   {{ .Values.gateway.nginxConfig.logFormat }}\n\n  {{- if .Values.gateway.verboseLogging }}\n  access_log   /dev/stderr  main;\n  {{- else }}\n\n  map $status $loggable {\n    ~^[23]  0;\n    default 1;\n  }\n  access_log   /dev/stderr  main  if=$loggable;\n  {{- end }}\n\n  sendfile     on;\n  tcp_nopush   on;\n  resolver {{ .Values.global.dnsService }}.{{ .Values.global.dnsNamespace }}.svc.{{ .Values.global.clusterDomain }}.;\n\n  {{- with .Values.gateway.nginxConfig.httpSnippet }}\n  {{ . | nindent 2 }}\n  {{- end }}\n\n  server {\n    listen             8080;\n\n    {{- if .Values.gateway.basicAuth.enabled }}\n    auth_basic           \"Loki\";\n    auth_basic_user_file /etc/nginx/secrets/.htpasswd;\n    {{- end }}\n\n    location = / {\n      return 200 'OK';\n      auth_basic off;\n    }\n\n    location = /api/prom/push {\n      proxy_pass       http://{{ include \"loki.writeFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location = /api/prom/tail {\n      proxy_pass       http://{{ include \"loki.readFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n      proxy_set_header Upgrade $http_upgrade;\n      proxy_set_header Connection \"upgrade\";\n    }\n\n    location ~ /api/prom/.* {\n      proxy_pass       http://{{ include \"loki.readFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location ~ /prometheus/api/v1/alerts.* {\n      proxy_pass       http://{{ include \"loki.readFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location ~ /prometheus/api/v1/rules.* {\n      proxy_pass       http://{{ include \"loki.readFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location = /loki/api/v1/push {\n      proxy_pass       http://{{ include \"loki.writeFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location = /loki/api/v1/tail {\n      proxy_pass       http://{{ include \"loki.readFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n      proxy_set_header Upgrade $http_upgrade;\n      proxy_set_header Connection \"upgrade\";\n    }\n\n    location ~ /loki/api/.* {\n      proxy_pass       http://{{ include \"loki.readFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location ~ /admin/api/.* {\n      proxy_pass       http://{{ include \"loki.writeFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location ~ /compactor/.* {\n      proxy_pass       http://{{ include \"loki.readFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location ~ /distributor/.* {\n      proxy_pass       http://{{ include \"loki.writeFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location ~ /ring {\n      proxy_pass       http://{{ include \"loki.writeFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location ~ /ingester/.* {\n      proxy_pass       http://{{ include \"loki.writeFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location ~ /ruler/.* {\n      proxy_pass       http://{{ include \"loki.readFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    location ~ /scheduler/.* {\n      proxy_pass       http://{{ include \"loki.readFullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;\n    }\n\n    {{- with .Values.gateway.nginxConfig.serverSnippet }}\n    {{ . | nindent 4 }}\n    {{- end }}\n  }\n}\n"
enterprise.provisionerobjectConfiguration for `provisioner` target
{
  "annotations": {},
  "enabled": true,
  "env": [],
  "image": {
    "pullPolicy": "IfNotPresent",
    "registry": "docker.io",
    "repository": "grafana/enterprise-logs-provisioner",
    "tag": null
  },
  "labels": {},
  "priorityClassName": null,
  "provisionedSecretPrefix": "{{ include \"loki.name\" . }}-provisioned",
  "securityContext": {
    "fsGroup": 10001,
    "runAsGroup": 10001,
    "runAsNonRoot": true,
    "runAsUser": 10001
  },
  "tenants": []
}
enterprise.provisioner.annotationsobjectAdditional annotations for the `provisioner` Job
{}
enterprise.provisioner.enabledboolWhether the job should be part of the deployment
true
enterprise.provisioner.envlistAdditional Kubernetes environment
[]
enterprise.provisioner.imageobjectProvisioner image to Utilize
{
  "pullPolicy": "IfNotPresent",
  "registry": "docker.io",
  "repository": "grafana/enterprise-logs-provisioner",
  "tag": null
}
enterprise.provisioner.image.pullPolicystringDocker image pull policy
"IfNotPresent"
enterprise.provisioner.image.registrystringThe Docker registry
"docker.io"
enterprise.provisioner.image.repositorystringDocker image repository
"grafana/enterprise-logs-provisioner"
enterprise.provisioner.image.tagstringOverrides the image tag whose default is the chart's appVersion
null
enterprise.provisioner.labelsobjectAdditional labels for the `provisioner` Job
{}
enterprise.provisioner.priorityClassNamestringThe name of the PriorityClass for provisioner Job
null
enterprise.provisioner.provisionedSecretPrefixstringName of the secret to store provisioned tokens in
"{{ include \"loki.name\" . }}-provisioned"
enterprise.provisioner.securityContextobjectRun containers as user `enterprise-logs(uid=10001)`
{
  "fsGroup": 10001,
  "runAsGroup": 10001,
  "runAsNonRoot": true,
  "runAsUser": 10001
}
enterprise.provisioner.tenantslistTenants to be created. Each tenant will get a read and write policy and associated token.
[]
enterprise.tokengenobjectConfiguration for `tokengen` target
{
  "annotations": {},
  "enabled": true,
  "env": [],
  "extraArgs": [],
  "extraEnvFrom": [],
  "extraVolumeMounts": [],
  "extraVolumes": [],
  "labels": {},
  "securityContext": {
    "fsGroup": 10001,
    "runAsGroup": 10001,
    "runAsNonRoot": true,
    "runAsUser": 10001
  },
  "tolerations": []
}
enterprise.tokengen.annotationsobjectAdditional annotations for the `tokengen` Job
{}
enterprise.tokengen.enabledboolWhether the job should be part of the deployment
true
enterprise.tokengen.envlistAdditional Kubernetes environment
[]
enterprise.tokengen.extraArgslistAdditional CLI arguments for the `tokengen` target
[]
enterprise.tokengen.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the tokengen pods
[]
enterprise.tokengen.extraVolumeMountslistAdditional volume mounts for Pods
[]
enterprise.tokengen.extraVolumeslistAdditional volumes for Pods
[]
enterprise.tokengen.labelsobjectAdditional labels for the `tokengen` Job
{}
enterprise.tokengen.securityContextobjectRun containers as user `enterprise-logs(uid=10001)`
{
  "fsGroup": 10001,
  "runAsGroup": 10001,
  "runAsNonRoot": true,
  "runAsUser": 10001
}
enterprise.tokengen.tolerationslistTolerations for tokengen Job
[]
enterprise.useExternalLicenseboolSet to true when providing an external license
false
enterprise.versionstring
"v1.5.2"
fullnameOverridestringOverrides the chart's computed fullname
null
gateway.affinitystringAffinity for gateway pods. Passed through `tpl` and, thus, to be configured as string
Hard node and soft zone anti-affinity
gateway.autoscaling.enabledboolEnable autoscaling for the gateway
false
gateway.autoscaling.maxReplicasintMaximum autoscaling replicas for the gateway
3
gateway.autoscaling.minReplicasintMinimum autoscaling replicas for the gateway
1
gateway.autoscaling.targetCPUUtilizationPercentageintTarget CPU utilisation percentage for the gateway
60
gateway.autoscaling.targetMemoryUtilizationPercentagestringTarget memory utilisation percentage for the gateway
null
gateway.basicAuth.enabledboolEnables basic authentication for the gateway
false
gateway.basicAuth.existingSecretstringExisting basic auth secret to use. Must contain '.htpasswd'
null
gateway.basicAuth.htpasswdstringUses the specified username and password to compute a htpasswd using Sprig's `htpasswd` function. The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes high CPU load.
"{{ htpasswd (required \"'gateway.basicAuth.username' is required\" .Values.gateway.basicAuth.username) (required \"'gateway.basicAuth.password' is required\" .Values.gateway.basicAuth.password) }}"
gateway.basicAuth.passwordstringThe basic auth password for the gateway
null
gateway.basicAuth.usernamestringThe basic auth username for the gateway
null
gateway.containerSecurityContextobjectThe SecurityContext for gateway containers
{
  "allowPrivilegeEscalation": false,
  "capabilities": {
    "drop": [
      "ALL"
    ]
  },
  "readOnlyRootFilesystem": true
}
gateway.deploymentStrategyobjectref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
{
  "type": "RollingUpdate"
}
gateway.enabledboolSpecifies whether the gateway should be enabled
true
gateway.extraArgslistAdditional CLI args for the gateway
[]
gateway.extraEnvlistEnvironment variables to add to the gateway pods
[]
gateway.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the gateway pods
[]
gateway.extraVolumeMountslistVolume mounts to add to the gateway pods
[]
gateway.extraVolumeslistVolumes to add to the gateway pods
[]
gateway.image.pullPolicystringThe gateway image pull policy
"IfNotPresent"
gateway.image.registrystringThe Docker registry for the gateway image
"docker.io"
gateway.image.repositorystringThe gateway image repository
"nginxinc/nginx-unprivileged"
gateway.image.tagstringThe gateway image tag
"1.19-alpine"
gateway.ingress.annotationsobjectAnnotations for the gateway ingress
{}
gateway.ingress.enabledboolSpecifies whether an ingress for the gateway should be created
false
gateway.ingress.hostslistHosts configuration for the gateway ingress
[
  {
    "host": "gateway.loki.example.com",
    "paths": [
      {
        "path": "/"
      }
    ]
  }
]
gateway.ingress.tlslistTLS configuration for the gateway ingress
[
  {
    "hosts": [
      "gateway.loki.example.com"
    ],
    "secretName": "loki-gateway-tls"
  }
]
gateway.nginxConfig.filestringConfig file contents for Nginx. Passed through the `tpl` function to allow templating
See values.yaml
gateway.nginxConfig.httpSnippetstringAllows appending custom configuration to the http block
""
gateway.nginxConfig.logFormatstringNGINX log format
"main '$remote_addr - $remote_user [$time_local]  $status '\n        '\"$request\" $body_bytes_sent \"$http_referer\" '\n        '\"$http_user_agent\" \"$http_x_forwarded_for\"';"
gateway.nginxConfig.serverSnippetstringAllows appending custom configuration to the server block
""
gateway.nodeSelectorobjectNode selector for gateway pods
{}
gateway.podAnnotationsobjectAnnotations for gateway pods
{}
gateway.podSecurityContextobjectThe SecurityContext for gateway containers
{
  "fsGroup": 101,
  "runAsGroup": 101,
  "runAsNonRoot": true,
  "runAsUser": 101
}
gateway.priorityClassNamestringThe name of the PriorityClass for gateway pods
null
gateway.readinessProbe.httpGet.pathstring
"/"
gateway.readinessProbe.httpGet.portstring
"http"
gateway.readinessProbe.initialDelaySecondsint
15
gateway.readinessProbe.timeoutSecondsint
1
gateway.replicasintNumber of replicas for the gateway
1
gateway.resourcesobjectResource requests and limits for the gateway
{}
gateway.service.annotationsobjectAnnotations for the gateway service
{}
gateway.service.clusterIPstringClusterIP of the gateway service
null
gateway.service.labelsobjectLabels for gateway service
{}
gateway.service.loadBalancerIPstringLoad balancer IPO address if service type is LoadBalancer
null
gateway.service.nodePortintNode port if service type is NodePort
null
gateway.service.portintPort of the gateway service
80
gateway.service.typestringType of the gateway service
"ClusterIP"
gateway.terminationGracePeriodSecondsintGrace period to allow the gateway to shutdown before it is killed
30
gateway.tolerationslistTolerations for gateway pods
[]
gateway.verboseLoggingboolEnable logging of 2xx and 3xx HTTP requests
true
global.clusterDomainstringconfigures cluster domain ("cluster.local" by default)
"cluster.local"
global.dnsNamespacestringconfigures DNS service namespace
"kube-system"
global.dnsServicestringconfigures DNS service name
"kube-dns"
global.image.registrystringOverrides the Docker registry globally for all images
null
global.priorityClassNamestringOverrides the priorityClassName for all pods
null
imagePullSecretslistImage pull secrets for Docker images
[]
ingress.annotationsobject
{}
ingress.enabledbool
false
ingress.hosts[0]string
"loki.example.com"
ingress.paths.read[0]string
"/api/prom/tail"
ingress.paths.read[1]string
"/loki/api/v1/tail"
ingress.paths.read[2]string
"/loki/api"
ingress.paths.read[3]string
"/api/prom/rules"
ingress.paths.read[4]string
"/loki/api/v1/rules"
ingress.paths.read[5]string
"/prometheus/api/v1/rules"
ingress.paths.read[6]string
"/prometheus/api/v1/alerts"
ingress.paths.write[0]string
"/api/prom/push"
ingress.paths.write[1]string
"/loki/api/v1/push"
kubectlImage.pullPolicystringDocker image pull policy
"IfNotPresent"
kubectlImage.registrystringThe Docker registry
"docker.io"
kubectlImage.repositorystringDocker image repository
"bitnami/kubectl"
kubectlImage.tagstringOverrides the image tag whose default is the chart's appVersion
null
loki.analyticsobjectOptional analytics configuration
{}
loki.auth_enabledbool
true
loki.commonConfigobjectCheck https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration
{
  "path_prefix": "/var/loki",
  "replication_factor": 3
}
loki.compactorobjectOptional compactor configuration
{}
loki.configstringConfig file contents for Loki
See values.yaml
loki.containerSecurityContextobjectThe SecurityContext for Loki containers
{
  "allowPrivilegeEscalation": false,
  "capabilities": {
    "drop": [
      "ALL"
    ]
  },
  "readOnlyRootFilesystem": true
}
loki.existingSecretForConfigstringSpecify an existing secret containing loki configuration. If non-empty, overrides `loki.config`
""
loki.image.pullPolicystringDocker image pull policy
"IfNotPresent"
loki.image.registrystringThe Docker registry
"docker.io"
loki.image.repositorystringDocker image repository
"grafana/loki"
loki.image.tagstringOverrides the image tag whose default is the chart's appVersion
null
loki.limits_configobjectLimits config
{
  "enforce_metric_name": false,
  "max_cache_freshness_per_query": "10m",
  "reject_old_samples": true,
  "reject_old_samples_max_age": "168h",
  "split_queries_by_interval": "15m"
}
loki.memcachedobjectConfigure memcached as an external cache for chunk and results cache. Disabled by default must enable and specify a host for each cache you would like to use.
{
  "chunk_cache": {
    "batch_size": 256,
    "enabled": false,
    "host": "",
    "parallelism": 10,
    "service": "memcached-client"
  },
  "results_cache": {
    "default_validity": "12h",
    "enabled": false,
    "host": "",
    "service": "memcached-client",
    "timeout": "500ms"
  }
}
loki.podAnnotationsobjectCommon annotations for all pods
{}
loki.podSecurityContextobjectThe SecurityContext for Loki pods
{
  "fsGroup": 10001,
  "runAsGroup": 10001,
  "runAsNonRoot": true,
  "runAsUser": 10001
}
loki.query_schedulerobjectAdditional query scheduler config
{}
loki.readinessProbe.httpGet.pathstring
"/ready"
loki.readinessProbe.httpGet.portstring
"http-metrics"
loki.readinessProbe.initialDelaySecondsint
30
loki.readinessProbe.timeoutSecondsint
1
loki.revisionHistoryLimitintThe number of old ReplicaSets to retain to allow rollback
10
loki.rulerConfigobjectCheck https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler
{}
loki.schemaConfigobjectCheck https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas
{}
loki.serverobjectCheck https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration.
{
  "grpc_listen_port": 9095,
  "http_listen_port": 3100
}
loki.storageobjectStorage config. Providing this will automatically populate all necessary storage configs in the templated config.
{
  "bucketNames": {
    "admin": "admin",
    "chunks": "chunks",
    "ruler": "ruler"
  },
  "filesystem": {
    "chunks_directory": "/var/loki/chunks",
    "rules_directory": "/var/loki/rules"
  },
  "gcs": {
    "chunkBufferSize": 0,
    "enableHttp2": true,
    "requestTimeout": "0s"
  },
  "s3": {
    "accessKeyId": null,
    "endpoint": null,
    "http_config": {},
    "insecure": false,
    "region": null,
    "s3": null,
    "s3ForcePathStyle": false,
    "secretAccessKey": null
  },
  "type": "s3"
}
loki.storage_configobjectAdditional storage config
{
  "hedging": {
    "at": "250ms",
    "max_per_second": 20,
    "up_to": 3
  }
}
loki.structuredConfigobjectStructured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig`
{}
migrateobjectOptions that may be necessary when performing a migration from another helm chart
{
  "fromDistributed": {
    "enabled": false,
    "memberlistService": ""
  }
}
migrate.fromDistributedobjectWhen migrating from a distributed chart like loki-distributed or enterprise-logs
{
  "enabled": false,
  "memberlistService": ""
}
migrate.fromDistributed.enabledboolSet to true if migrating from a distributed helm chart
false
migrate.fromDistributed.memberlistServicestringIf migrating from a distributed service, provide the distributed deployment's memberlist service DNS so the new deployment can join it's ring.
""
minioobject-----------------------------------
{
  "buckets": [
    {
      "name": "chunks",
      "policy": "none",
      "purge": false
    },
    {
      "name": "ruler",
      "policy": "none",
      "purge": false
    },
    {
      "name": "admin",
      "policy": "none",
      "purge": false
    }
  ],
  "drivesPerNode": 2,
  "enabled": false,
  "persistence": {
    "size": "5Gi"
  },
  "replicas": 1,
  "resources": {
    "requests": {
      "cpu": "100m",
      "memory": "128Mi"
    }
  },
  "rootPassword": "supersecret",
  "rootUser": "enterprise-logs"
}
monitoring.alerts.annotationsobjectAdditional annotations for the alerts PrometheusRule resource
{}
monitoring.alerts.enabledboolIf enabled, create PrometheusRule resource with Loki alerting rules
true
monitoring.alerts.labelsobjectAdditional labels for the alerts PrometheusRule resource
{}
monitoring.alerts.namespacestringAlternative namespace to create alerting rules PrometheusRule resource in
null
monitoring.dashboards.annotationsobjectAdditional annotations for the dashboards ConfigMap
{}
monitoring.dashboards.enabledboolIf enabled, create configmap with dashboards for monitoring Loki
true
monitoring.dashboards.labelsobjectAdditional labels for the dashboards ConfigMap
{}
monitoring.dashboards.namespacestringAlternative namespace to create dashboards ConfigMap in
null
monitoring.rules.additionalGroupslistAdditional groups to add to the rules file
[]
monitoring.rules.alertingboolInclude alerting rules
true
monitoring.rules.annotationsobjectAdditional annotations for the rules PrometheusRule resource
{}
monitoring.rules.enabledboolIf enabled, create PrometheusRule resource with Loki recording rules
true
monitoring.rules.labelsobjectAdditional labels for the rules PrometheusRule resource
{}
monitoring.rules.namespacestringAlternative namespace to create recording rules PrometheusRule resource in
null
monitoring.selfMonitoring.enabledbool
true
monitoring.selfMonitoring.grafanaAgent.annotationsobjectGrafana Agent annotations
{}
monitoring.selfMonitoring.grafanaAgent.enableConfigReadAPIboolEnable the config read api on port 8080 of the agent
false
monitoring.selfMonitoring.grafanaAgent.installOperatorboolControls whether to install the Grafana Agent Operator and its CRDs. Note that helm will not install CRDs if this flag is enabled during an upgrade. In that case install the CRDs manually from https://github.com/grafana/agent/tree/main/production/operator/crds
true
monitoring.selfMonitoring.grafanaAgent.labelsobjectAdditional Grafana Agent labels
{}
monitoring.selfMonitoring.grafanaAgent.namespacestringAlternative namespace for Grafana Agent resources
null
monitoring.selfMonitoring.logsInstance.annotationsobjectLogsInstance annotations
{}
monitoring.selfMonitoring.logsInstance.clientsstringAdditional clients for remote write
null
monitoring.selfMonitoring.logsInstance.labelsobjectAdditional LogsInstance labels
{}
monitoring.selfMonitoring.logsInstance.namespacestringAlternative namespace for LogsInstance resources
null
monitoring.selfMonitoring.lokiCanary.annotationsobjectAdditional annotations for the `loki-canary` Daemonset
{}
monitoring.selfMonitoring.lokiCanary.enabledbool
true
monitoring.selfMonitoring.lokiCanary.extraArgslistAdditional CLI arguments for the `loki-canary' command
[]
monitoring.selfMonitoring.lokiCanary.extraEnvlistEnvironment variables to add to the canary pods
[]
monitoring.selfMonitoring.lokiCanary.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the canary pods
[]
monitoring.selfMonitoring.lokiCanary.imageobjectImage to use for loki canary
{
  "pullPolicy": "IfNotPresent",
  "registry": "docker.io",
  "repository": "grafana/loki-canary",
  "tag": null
}
monitoring.selfMonitoring.lokiCanary.image.pullPolicystringDocker image pull policy
"IfNotPresent"
monitoring.selfMonitoring.lokiCanary.image.registrystringThe Docker registry
"docker.io"
monitoring.selfMonitoring.lokiCanary.image.repositorystringDocker image repository
"grafana/loki-canary"
monitoring.selfMonitoring.lokiCanary.image.tagstringOverrides the image tag whose default is the chart's appVersion
null
monitoring.selfMonitoring.lokiCanary.nodeSelectorobjectNode selector for canary pods
{}
monitoring.selfMonitoring.lokiCanary.resourcesobjectResource requests and limits for the canary
{}
monitoring.selfMonitoring.lokiCanary.tolerationslistTolerations for canary pods
[]
monitoring.selfMonitoring.podLogs.annotationsobjectPodLogs annotations
{}
monitoring.selfMonitoring.podLogs.labelsobjectAdditional PodLogs labels
{}
monitoring.selfMonitoring.podLogs.namespacestringAlternative namespace for PodLogs resources
null
monitoring.selfMonitoring.podLogs.relabelingslistPodLogs relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
[]
monitoring.selfMonitoring.tenantstringTenant to use for self monitoring
"self-monitoring"
monitoring.serviceMonitor.annotationsobjectServiceMonitor annotations
{}
monitoring.serviceMonitor.enabledboolIf enabled, ServiceMonitor resources for Prometheus Operator are created
true
monitoring.serviceMonitor.intervalstringServiceMonitor scrape interval
null
monitoring.serviceMonitor.labelsobjectAdditional ServiceMonitor labels
{}
monitoring.serviceMonitor.metricsInstanceobjectIf defined, will create a MetricsInstance for the Grafana Agent Operator.
{
  "annotations": {},
  "labels": {},
  "remoteWrite": null
}
monitoring.serviceMonitor.metricsInstance.annotationsobjectMerticsInstance annotations
{}
monitoring.serviceMonitor.metricsInstance.labelsobjectAdditional MatricsInstance labels
{}
monitoring.serviceMonitor.metricsInstance.remoteWritestringIf defined a MetricsInstance will be created to remote write metrics.
null
monitoring.serviceMonitor.namespacestringAlternative namespace for ServiceMonitor resources
null
monitoring.serviceMonitor.namespaceSelectorobjectNamespace selector for ServiceMonitor resources
{}
monitoring.serviceMonitor.relabelingslistServiceMonitor relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
[]
monitoring.serviceMonitor.schemestringServiceMonitor will use http by default, but you can pick https as well
"http"
monitoring.serviceMonitor.scrapeTimeoutstringServiceMonitor scrape timeout in Go duration format (e.g. 15s)
null
monitoring.serviceMonitor.tlsConfigstringServiceMonitor will use these tlsConfig settings to make the health check requests
null
nameOverridestringOverrides the chart's name
null
networkPolicy.alertmanager.namespaceSelectorobjectSpecifies the namespace the alertmanager is running in
{}
networkPolicy.alertmanager.podSelectorobjectSpecifies the alertmanager Pods. As this is cross-namespace communication, you also need the namespaceSelector.
{}
networkPolicy.alertmanager.portintSpecify the alertmanager port used for alerting
9093
networkPolicy.discovery.namespaceSelectorobjectSpecifies the namespace the discovery Pods are running in
{}
networkPolicy.discovery.podSelectorobjectSpecifies the Pods labels used for discovery. As this is cross-namespace communication, you also need the namespaceSelector.
{}
networkPolicy.discovery.portintSpecify the port used for discovery
null
networkPolicy.enabledboolSpecifies whether Network Policies should be created
false
networkPolicy.externalStorage.cidrslistSpecifies specific network CIDRs you want to limit access to
[]
networkPolicy.externalStorage.portslistSpecify the port used for external storage, e.g. AWS S3
[]
networkPolicy.ingress.namespaceSelectorobjectSpecifies the namespaces which are allowed to access the http port
{}
networkPolicy.ingress.podSelectorobjectSpecifies the Pods which are allowed to access the http port. As this is cross-namespace communication, you also need the namespaceSelector.
{}
networkPolicy.metrics.cidrslistSpecifies specific network CIDRs which are allowed to access the metrics port. In case you use namespaceSelector, you also have to specify your kubelet networks here. The metrics ports are also used for probes.
[]
networkPolicy.metrics.namespaceSelectorobjectSpecifies the namespaces which are allowed to access the metrics port
{}
networkPolicy.metrics.podSelectorobjectSpecifies the Pods which are allowed to access the metrics port. As this is cross-namespace communication, you also need the namespaceSelector.
{}
rbac.pspEnabledboolIf pspEnabled true, a PodSecurityPolicy is created for K8s that use psp.
false
rbac.sccEnabledboolFor OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints.
false
read.affinitystringAffinity for read pods. Passed through `tpl` and, thus, to be configured as string
Hard node and soft zone anti-affinity
read.autoscaling.enabledboolEnable autoscaling for the read, this is only used if `queryIndex.enabled: true`
false
read.autoscaling.maxReplicasintMaximum autoscaling replicas for the read
3
read.autoscaling.minReplicasintMinimum autoscaling replicas for the read
1
read.autoscaling.targetCPUUtilizationPercentageintTarget CPU utilisation percentage for the read
60
read.autoscaling.targetMemoryUtilizationPercentagestringTarget memory utilisation percentage for the read
null
read.extraArgslistAdditional CLI args for the read
[]
read.extraEnvlistEnvironment variables to add to the read pods
[]
read.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the read pods
[]
read.extraVolumeMountslistVolume mounts to add to the read pods
[]
read.extraVolumeslistVolumes to add to the read pods
[]
read.image.registrystringThe Docker registry for the read image. Overrides `loki.image.registry`
null
read.image.repositorystringDocker image repository for the read image. Overrides `loki.image.repository`
null
read.image.tagstringDocker image tag for the read image. Overrides `loki.image.tag`
null
read.nodeSelectorobjectNode selector for read pods
{}
read.persistence.sizestringSize of persistent disk
"10Gi"
read.persistence.storageClassstringStorage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
null
read.podAnnotationsobjectAnnotations for read pods
{}
read.priorityClassNamestringThe name of the PriorityClass for read pods
null
read.replicasintNumber of replicas for the read
3
read.resourcesobjectResource requests and limits for the read
{}
read.selectorLabelsobjectAdditional selecto labels for each `read` pod
{}
read.serviceLabelsobjectLabels for read service
{}
read.terminationGracePeriodSecondsintGrace period to allow the read to shutdown before it is killed
30
read.tolerationslistTolerations for read pods
[]
serviceAccount.annotationsobjectAnnotations for the service account
{}
serviceAccount.automountServiceAccountTokenboolSet this toggle to false to opt out of automounting API credentials for the service account
true
serviceAccount.createboolSpecifies whether a ServiceAccount should be created
true
serviceAccount.imagePullSecretslistImage pull secrets for the service account
[]
serviceAccount.namestringThe name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template
null
singleBinary.affinitystringAffinity for single binary pods. Passed through `tpl` and, thus, to be configured as string
Hard node and soft zone anti-affinity
singleBinary.autoscaling.enabledboolEnable autoscaling, this is only used if `queryIndex.enabled: true`
false
singleBinary.autoscaling.maxReplicasintMaximum autoscaling replicas for the single binary
3
singleBinary.autoscaling.minReplicasintMinimum autoscaling replicas for the single binary
1
singleBinary.autoscaling.targetCPUUtilizationPercentageintTarget CPU utilisation percentage for the single binary
60
singleBinary.autoscaling.targetMemoryUtilizationPercentagestringTarget memory utilisation percentage for the single binary
null
singleBinary.extraArgslistLabels for single binary service
[]
singleBinary.extraEnvlistEnvironment variables to add to the single binary pods
[]
singleBinary.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the single binary pods
[]
singleBinary.extraVolumeMountslistVolume mounts to add to the single binary pods
[]
singleBinary.extraVolumeslistVolumes to add to the single binary pods
[]
singleBinary.image.registrystringThe Docker registry for the single binary image. Overrides `loki.image.registry`
null
singleBinary.image.repositorystringDocker image repository for the single binary image. Overrides `loki.image.repository`
null
singleBinary.image.tagstringDocker image tag for the single binary image. Overrides `loki.image.tag`
null
singleBinary.nodeSelectorobjectNode selector for single binary pods
{}
singleBinary.persistence.sizestringSize of persistent disk
"10Gi"
singleBinary.persistence.storageClassstringStorage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
null
singleBinary.podAnnotationsobjectAnnotations for single binary pods
{}
singleBinary.priorityClassNamestringThe name of the PriorityClass for single binary pods
null
singleBinary.replicasintNumber of replicas for the single binary
1
singleBinary.resourcesobjectResource requests and limits for the single binary
{}
singleBinary.selectorLabelsobjectAdditional selecto labels for each `single binary` pod
{}
singleBinary.terminationGracePeriodSecondsintGrace period to allow the single binary to shutdown before it is killed
30
singleBinary.tolerationslistTolerations for single binary pods
[]
testobjectSection for configuring optional Helm test
{
  "annotations": {},
  "enabled": true,
  "image": {
    "pullPolicy": "IfNotPresent",
    "registry": "docker.io",
    "repository": "grafana/loki-helm-test",
    "tag": null
  },
  "labels": {},
  "prometheusAddress": "http://prometheus:9090",
  "timeout": "1m"
}
test.annotationsobjectAdditional annotations for test pods
{}
test.imageobjectImage to use for loki canary
{
  "pullPolicy": "IfNotPresent",
  "registry": "docker.io",
  "repository": "grafana/loki-helm-test",
  "tag": null
}
test.image.pullPolicystringDocker image pull policy
"IfNotPresent"
test.image.registrystringThe Docker registry
"docker.io"
test.image.repositorystringDocker image repository
"grafana/loki-helm-test"
test.image.tagstringOverrides the image tag whose default is the chart's appVersion
null
test.labelsobjectAdditional labels for the test pods
{}
test.prometheusAddressstringAddress of the prometheus server to query for the test
"http://prometheus:9090"
test.timeoutstringNumber of times to retry the test before failing
"1m"
tracing.jaegerAgentHoststring
""
write.affinitystringAffinity for write pods. Passed through `tpl` and, thus, to be configured as string
Hard node and soft zone anti-affinity
write.extraArgslistAdditional CLI args for the write
[]
write.extraEnvlistEnvironment variables to add to the write pods
[]
write.extraEnvFromlistEnvironment variables from secrets or configmaps to add to the write pods
[]
write.extraVolumeMountslistVolume mounts to add to the write pods
[]
write.extraVolumeslistVolumes to add to the write pods
[]
write.image.registrystringThe Docker registry for the write image. Overrides `loki.image.registry`
null
write.image.repositorystringDocker image repository for the write image. Overrides `loki.image.repository`
null
write.image.tagstringDocker image tag for the write image. Overrides `loki.image.tag`
null
write.nodeSelectorobjectNode selector for write pods
{}
write.persistence.sizestringSize of persistent disk
"10Gi"
write.persistence.storageClassstringStorage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
null
write.podAnnotationsobjectAnnotations for write pods
{}
write.priorityClassNamestringThe name of the PriorityClass for write pods
null
write.replicasintNumber of replicas for the write
3
write.resourcesobjectResource requests and limits for the write
{}
write.selectorLabelsobjectAdditional selector labels for each `write` pod
{}
write.serviceLabelsobjectLabels for ingestor service
{}
write.terminationGracePeriodSecondsintGrace period to allow the write to shutdown before it is killed. Especially for the ingestor, this must be increased. It must be long enough so writes can be gracefully shutdown flushing/transferring all data and to successfully leave the member ring on shutdown.
300
write.tolerationslistTolerations for write pods
[]