Menu

Configure the Grafana Mimir object storage backend with Jsonnet

You can configure the object storage backend for all Mimir components from a single place. The minimum Jsonnet code required for this is:

{
  _config+:: {
    storage_backend: 'gcs',
    blocks_storage_bucket_name: 'blocks-bucket',
  }
}

The storage_backend option must be one of either azure, gcs, or s3. Additional configuration options are available for each one of these providers.

Amazon S3 (s3) storage configuration options

Amazon S3 storage can be accessed without credentials when using Amazon VPC. In this case, storage_s3_secret_access_key and storage_s3_access_key_id are optional and can be left null, as in the following example:

{
  _config+:: {
    storage_backend: 's3',
    blocks_storage_bucket_name: 'blocks-bucket',
    aws_region: 'af-south-1',
  }
}

If credentials are required, it is a good practice to keep them in secrets. In that case environment variable interpolation can be used:

{
  _config+:: {
    storage_backend: 's3',
    storage_s3_access_key_id: '$(BLOCKS_STORAGE_S3_ACCESS_KEY_ID)',
    storage_s3_secret_access_key: '$(BLOCKS_STORAGE_S3_SECRET_ACCESS_KEY)',
    aws_region: 'af-south-1',
    blocks_storage_bucket_name: 'blocks-bucket',
  }
}

Azure (azure) storage configuration options

Azure storage client requires the storage_azure_account_name and storage_azure_account_key to be configured. It is a good practice to keep them in secrets. In that case environment variable interpolation can be used:

{
  _config+:: {
    storage_backend: 'azure',
    storage_azure_account_name: '$(STORAGE_AZURE_ACCOUNT_NAME)',
    storage_azure_account_key: '$(STORAGE_AZURE_ACCOUNT_KEY)',
    blocks_storage_bucket_name: 'blocks-bucket',
  }
}

Google Cloud Storage (gcs) storage configuration options

There are multiple ways to configure Google Cloud Storage client. If you run Mimir on Google Cloud Platform it is possible that the environment already has the credentials configured, in that case the minimum jsonnet configuration is valid:

{
  _config+:: {
    storage_backend: 'gcs',
    blocks_storage_bucket_name: 'blocks-bucket',
  }
}

You can use the storage_gcs_service_account configuration key to provide the service account when authentication is needed. It is a good practice to keep credentials in secrets, so environment variable interpolation can be used:

{
  _config+:: {
    storage_backend: 'gcs',
    storage_gcs_service_account: '$(STORAGE_GCS_SERVICE_ACCOUNT)',
    blocks_storage_bucket_name: 'blocks-bucket',
  }
}

Alternatively, you can set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the service account file mounted from a secret.