apiVersion: v1 automountServiceAccountToken: true kind: ServiceAccount metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki namespace: loki --- apiVersion: v1 automountServiceAccountToken: true kind: ServiceAccount metadata: labels: app.kubernetes.io/component: canary app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-canary namespace: loki --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-clusterrole rules: - apiGroups: - "" resources: - configmaps - secrets verbs: - get - watch - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-clusterrolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: loki-clusterrole subjects: - kind: ServiceAccount name: loki namespace: loki --- apiVersion: v1 data: config.yaml: |2 auth_enabled: true bloom_build: builder: planner_address: loki-backend-headless.loki.svc.cluster.local:9095 enabled: false bloom_gateway: client: addresses: dnssrvnoa+_grpc._tcp.loki-backend-headless.loki.svc.cluster.local enabled: false chunk_store_config: chunk_cache_config: background: writeback_buffer: 500000 writeback_goroutines: 1 writeback_size_limit: 500MB default_validity: 0s memcached: batch_size: 4 parallelism: 5 memcached_client: addresses: dnssrvnoa+_memcached-client._tcp.loki-chunks-cache.loki.svc.cluster.local consistent_hash: true max_idle_conns: 72 timeout: 2000ms common: compactor_grpc_address: 'loki-backend.loki.svc.cluster.local:9095' path_prefix: /var/loki replication_factor: 3 storage: s3: access_key_id: ${AWS_ACCESS_KEY_ID} bucketnames: loki-chunks endpoint: http://s3.home:9000 insecure: true region: home-nas s3: loki-data s3forcepathstyle: true secret_access_key: ${AWS_SECRET_ACCESS_KEY} frontend: scheduler_address: "" tail_proxy_url: "" frontend_worker: scheduler_address: "" index_gateway: mode: simple limits_config: max_cache_freshness_per_query: 10m query_timeout: 300s reject_old_samples: true reject_old_samples_max_age: 168h split_queries_by_interval: 15m volume_enabled: true memberlist: join_members: - loki-memberlist.loki.svc.cluster.local pattern_ingester: enabled: false query_range: align_queries_with_step: true cache_results: true results_cache: cache: background: writeback_buffer: 500000 writeback_goroutines: 1 writeback_size_limit: 500MB default_validity: 12h memcached_client: addresses: dnssrvnoa+_memcached-client._tcp.loki-results-cache.loki.svc.cluster.local consistent_hash: true timeout: 500ms update_interval: 1m ruler: storage: s3: access_key_id: ${AWS_ACCESS_KEY_ID} bucketnames: loki-ruler endpoint: http://s3.home:9000 insecure: true region: home-nas s3: loki-data s3forcepathstyle: true secret_access_key: ${AWS_SECRET_ACCESS_KEY} type: s3 wal: dir: /var/loki/ruler-wal runtime_config: file: /etc/loki/runtime-config/runtime-config.yaml schema_config: configs: - from: "2024-04-01" index: period: 24h prefix: index_ object_store: s3 schema: v13 store: tsdb server: grpc_listen_port: 9095 http_listen_port: 3100 http_server_read_timeout: 600s http_server_write_timeout: 600s storage_config: bloom_shipper: working_directory: /var/loki/data/bloomshipper boltdb_shipper: index_gateway_client: server_address: dns+loki-backend-headless.loki.svc.cluster.local:9095 hedging: at: 250ms max_per_second: 20 up_to: 3 tsdb_shipper: index_gateway_client: server_address: dns+loki-backend-headless.loki.svc.cluster.local:9095 use_thanos_objstore: false tracing: enabled: false kind: ConfigMap metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki namespace: loki --- apiVersion: v1 data: nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections 4096; ## Default: 1024\n}\n\nhttp {\n \ client_body_temp_path /tmp/client_temp;\n proxy_temp_path /tmp/proxy_temp_path;\n \ fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n \ scgi_temp_path /tmp/scgi_temp;\n\n client_max_body_size 4M;\n\n proxy_read_timeout \ 600; ## 10 minutes\n proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version 1.1;\n\n default_type application/octet-stream;\n \ log_format main '$remote_addr - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n \ access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush on;\n \ resolver kube-dns.kube-system.svc.cluster.local.;\n\n # if the X-Query-Tags header is empty, set a noop= without a value as empty values are not logged\n \ map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise, preserve the original value\n }\n\n server {\n listen 8080;\n \ listen [::]:8080;\n\n location = / {\n \n return 200 'OK';\n auth_basic off;\n }\n\n ########################################################\n \ # Configure backend targets\n location ^~ /ui {\n \n proxy_pass \ http://loki-read.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Distributor\n location = /api/prom/push {\n \n proxy_pass http://loki-write.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /loki/api/v1/push {\n \n proxy_pass http://loki-write.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /distributor/ring {\n \n proxy_pass http://loki-write.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /otlp/v1/logs {\n \n proxy_pass http://loki-write.loki.svc.cluster.local:3100$request_uri;\n \ }\n\n # Ingester\n location = /flush {\n \n proxy_pass http://loki-write.loki.svc.cluster.local:3100$request_uri;\n \ }\n location ^~ /ingester/ {\n \n proxy_pass http://loki-write.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /ingester {\n \n internal; # to suppress 301\n }\n\n # Ring\n location = /ring {\n \n proxy_pass http://loki-write.loki.svc.cluster.local:3100$request_uri;\n \ }\n\n # MemberListKV\n location = /memberlist {\n \n proxy_pass \ http://loki-write.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Ruler\n location = /ruler/ring {\n \n proxy_pass http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /api/prom/rules {\n \n proxy_pass http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n \ }\n location ^~ /api/prom/rules/ {\n \n proxy_pass http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /loki/api/v1/rules {\n \n proxy_pass http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n \ }\n location ^~ /loki/api/v1/rules/ {\n \n proxy_pass http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /prometheus/api/v1/alerts {\n \n proxy_pass http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /prometheus/api/v1/rules {\n \n proxy_pass http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n \ }\n\n # Compactor\n location = /compactor/ring {\n \n proxy_pass \ http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/delete {\n \n proxy_pass http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /loki/api/v1/cache/generation_numbers {\n \n proxy_pass \ http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n }\n\n \ # IndexGateway\n location = /indexgateway/ring {\n \n proxy_pass \ http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n }\n\n \ # QueryScheduler\n location = /scheduler/ring {\n \n proxy_pass \ http://loki-backend.loki.svc.cluster.local:3100$request_uri;\n }\n\n \ # Config\n location = /config {\n \n proxy_pass http://loki-write.loki.svc.cluster.local:3100$request_uri;\n \ }\n\n\n # QueryFrontend, Querier\n location = /api/prom/tail {\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \n \ proxy_pass http://loki-read.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /loki/api/v1/tail {\n proxy_set_header Upgrade $http_upgrade;\n \ proxy_set_header Connection \"upgrade\";\n \n proxy_pass http://loki-read.loki.svc.cluster.local:3100$request_uri;\n \ }\n location ^~ /api/prom/ {\n \n proxy_pass http://loki-read.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /api/prom {\n \n internal; # to suppress 301\n }\n location ^~ /loki/api/v1/ {\n # pass custom headers set by Grafana as X-Query-Tags which are logged as key/value pairs in metrics.go log messages\n proxy_set_header X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\";\n \ \n proxy_pass http://loki-read.loki.svc.cluster.local:3100$request_uri;\n \ }\n location = /loki/api/v1 {\n \n internal; # to suppress 301\n }\n }\n}\n" kind: ConfigMap metadata: labels: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-gateway namespace: loki --- apiVersion: v1 data: runtime-config.yaml: | {} kind: ConfigMap metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-runtime namespace: loki --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-backend namespace: loki spec: ports: - name: http-metrics port: 3100 protocol: TCP targetPort: http-metrics - name: grpc port: 9095 protocol: TCP targetPort: grpc selector: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki prometheus.io/service-monitor: "false" variant: headless name: loki-backend-headless namespace: loki spec: clusterIP: None ports: - name: http-metrics port: 3100 protocol: TCP targetPort: http-metrics - appProtocol: tcp name: grpc port: 9095 protocol: TCP targetPort: grpc selector: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: canary app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-canary namespace: loki spec: ports: - name: http-metrics port: 3500 protocol: TCP targetPort: http-metrics selector: app.kubernetes.io/component: canary app.kubernetes.io/instance: loki app.kubernetes.io/name: loki type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-chunks-cache namespace: loki spec: clusterIP: None ports: - name: memcached-client port: 11211 targetPort: client - name: http-metrics port: 9150 targetPort: http-metrics selector: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 prometheus.io/service-monitor: "false" name: loki-gateway namespace: loki spec: ports: - name: http-metrics port: 80 protocol: TCP targetPort: http-metrics selector: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-memberlist namespace: loki spec: clusterIP: None ports: - name: tcp port: 7946 protocol: TCP targetPort: http-memberlist selector: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki prometheus.io/service-monitor: "false" name: loki-query-scheduler-discovery namespace: loki spec: clusterIP: None ports: - name: http-metrics port: 3100 protocol: TCP targetPort: http-metrics - name: grpc port: 9095 protocol: TCP targetPort: grpc publishNotReadyAddresses: true selector: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-read namespace: loki spec: ports: - name: http-metrics port: 3100 protocol: TCP targetPort: http-metrics - name: grpc port: 9095 protocol: TCP targetPort: grpc selector: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki prometheus.io/service-monitor: "false" variant: headless name: loki-read-headless namespace: loki spec: clusterIP: None ports: - name: http-metrics port: 3100 protocol: TCP targetPort: http-metrics - appProtocol: tcp name: grpc port: 9095 protocol: TCP targetPort: grpc selector: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-results-cache namespace: loki spec: clusterIP: None ports: - name: memcached-client port: 11211 targetPort: client - name: http-metrics port: 9150 targetPort: http-metrics selector: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-write namespace: loki spec: ports: - name: http-metrics port: 3100 protocol: TCP targetPort: http-metrics - name: grpc port: 9095 protocol: TCP targetPort: grpc selector: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki prometheus.io/service-monitor: "false" variant: headless name: loki-write-headless namespace: loki spec: clusterIP: None ports: - name: http-metrics port: 3100 protocol: TCP targetPort: http-metrics - appProtocol: tcp name: grpc port: 9095 protocol: TCP targetPort: grpc selector: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki type: ClusterIP --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-gateway namespace: loki spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki strategy: type: RollingUpdate template: metadata: annotations: checksum/config: 551f2f0b8c3a57d612deebdb6e46ed5e64807c15eebb972a030549402e4e6183 labels: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki topologyKey: kubernetes.io/hostname containers: - image: docker.io/nginxinc/nginx-unprivileged:1.29-alpine imagePullPolicy: IfNotPresent name: nginx ports: - containerPort: 8080 name: http-metrics protocol: TCP readinessProbe: httpGet: path: / port: http-metrics initialDelaySeconds: 15 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/nginx name: config - mountPath: /tmp name: tmp - mountPath: /docker-entrypoint.d name: docker-entrypoint-d-override enableServiceLinks: true securityContext: fsGroup: 101 runAsGroup: 101 runAsNonRoot: true runAsUser: 101 serviceAccountName: loki terminationGracePeriodSeconds: 30 volumes: - configMap: name: loki-gateway name: config - emptyDir: {} name: tmp - emptyDir: {} name: docker-entrypoint-d-override --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-read namespace: loki spec: replicas: 3 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki strategy: rollingUpdate: maxSurge: 0 maxUnavailable: 1 template: metadata: annotations: checksum/config: a2fb9c19d9a78713b80fde0284ce0fb688151b2279ac622ecdbc55d9015069c7 labels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki topologyKey: kubernetes.io/hostname automountServiceAccountToken: true containers: - args: - -config.file=/etc/loki/config/config.yaml - -target=read - -legacy-read-mode=false - -common.compactor-grpc-address=loki-backend.loki.svc.cluster.local:9095 - -config.expand-env=true env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: key: aws_access_key_id name: secret-s3 - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: aws_secret_access_key name: secret-s3 image: docker.io/grafana/loki:3.5.7 imagePullPolicy: IfNotPresent name: loki ports: - containerPort: 3100 name: http-metrics protocol: TCP - containerPort: 9095 name: grpc protocol: TCP - containerPort: 7946 name: http-memberlist protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: http-metrics initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/loki/config name: config - mountPath: /etc/loki/runtime-config name: runtime-config - mountPath: /tmp name: tmp - mountPath: /var/loki name: data securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 serviceAccountName: loki terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} name: tmp - emptyDir: {} name: data - configMap: items: - key: config.yaml path: config.yaml name: loki name: config - configMap: name: loki-runtime name: runtime-config --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-backend namespace: loki spec: persistentVolumeClaimRetentionPolicy: whenDeleted: Delete whenScaled: Delete podManagementPolicy: Parallel replicas: 3 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki serviceName: loki-backend-headless template: metadata: annotations: checksum/config: a2fb9c19d9a78713b80fde0284ce0fb688151b2279ac622ecdbc55d9015069c7 kubectl.kubernetes.io/default-container: loki labels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki topologyKey: kubernetes.io/hostname automountServiceAccountToken: true containers: - args: - -config.file=/etc/loki/config/config.yaml - -target=backend - -legacy-read-mode=false - -config.expand-env=true env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: key: aws_access_key_id name: secret-s3 - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: aws_secret_access_key name: secret-s3 image: docker.io/grafana/loki:3.5.7 imagePullPolicy: IfNotPresent name: loki ports: - containerPort: 3100 name: http-metrics protocol: TCP - containerPort: 9095 name: grpc protocol: TCP - containerPort: 7946 name: http-memberlist protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: http-metrics initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/loki/config name: config - mountPath: /etc/loki/runtime-config name: runtime-config - mountPath: /tmp name: tmp - mountPath: /var/loki name: data - mountPath: /rules name: sc-rules-volume - env: - name: METHOD value: WATCH - name: LABEL value: loki_rule - name: FOLDER value: /rules - name: RESOURCE value: both - name: WATCH_SERVER_TIMEOUT value: "60" - name: WATCH_CLIENT_TIMEOUT value: "60" - name: LOG_LEVEL value: INFO image: docker.io/kiwigrid/k8s-sidecar:1.30.10 imagePullPolicy: IfNotPresent name: loki-sc-rules securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /rules name: sc-rules-volume securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 serviceAccountName: loki terminationGracePeriodSeconds: 300 volumes: - emptyDir: {} name: tmp - configMap: items: - key: config.yaml path: config.yaml name: loki name: config - configMap: name: loki-runtime name: runtime-config - emptyDir: {} name: sc-rules-volume updateStrategy: rollingUpdate: partition: 0 volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: openebs-3-replicas --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: memcached-chunks-cache name: loki-chunks-cache namespace: loki spec: podManagementPolicy: Parallel replicas: 1 selector: matchLabels: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki name: memcached-chunks-cache serviceName: loki-chunks-cache template: metadata: annotations: null labels: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki name: memcached-chunks-cache spec: affinity: {} containers: - args: - -m 8192 - --extended=modern,track_sizes - -I 5m - -c 16384 - -v - -u 11211 env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: key: aws_access_key_id name: secret-s3 - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: aws_secret_access_key name: secret-s3 envFrom: null image: memcached:1.6.39-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: client timeoutSeconds: 5 name: memcached ports: - containerPort: 11211 name: client readinessProbe: failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 5 tcpSocket: port: client timeoutSeconds: 3 resources: limits: memory: 9830Mi requests: cpu: 500m memory: 9830Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true - args: - --memcached.address=localhost:11211 - --web.listen-address=0.0.0.0:9150 image: prom/memcached-exporter:v0.15.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /metrics port: http-metrics initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 name: exporter ports: - containerPort: 9150 name: http-metrics readinessProbe: failureThreshold: 3 httpGet: path: /metrics port: http-metrics initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 3 resources: limits: {} requests: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true initContainers: [] nodeSelector: {} securityContext: fsGroup: 11211 runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 serviceAccountName: loki terminationGracePeriodSeconds: 60 tolerations: [] topologySpreadConstraints: [] updateStrategy: type: RollingUpdate --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: memcached-results-cache name: loki-results-cache namespace: loki spec: podManagementPolicy: Parallel replicas: 1 selector: matchLabels: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki name: memcached-results-cache serviceName: loki-results-cache template: metadata: annotations: null labels: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki name: memcached-results-cache spec: affinity: {} containers: - args: - -m 1024 - --extended=modern,track_sizes - -I 5m - -c 16384 - -v - -u 11211 env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: key: aws_access_key_id name: secret-s3 - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: aws_secret_access_key name: secret-s3 envFrom: null image: memcached:1.6.39-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: client timeoutSeconds: 5 name: memcached ports: - containerPort: 11211 name: client readinessProbe: failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 5 tcpSocket: port: client timeoutSeconds: 3 resources: limits: memory: 1229Mi requests: cpu: 500m memory: 1229Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true - args: - --memcached.address=localhost:11211 - --web.listen-address=0.0.0.0:9150 image: prom/memcached-exporter:v0.15.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /metrics port: http-metrics initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 name: exporter ports: - containerPort: 9150 name: http-metrics readinessProbe: failureThreshold: 3 httpGet: path: /metrics port: http-metrics initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 3 resources: limits: {} requests: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true initContainers: [] nodeSelector: {} securityContext: fsGroup: 11211 runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 serviceAccountName: loki terminationGracePeriodSeconds: 60 tolerations: [] topologySpreadConstraints: [] updateStrategy: type: RollingUpdate --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-write namespace: loki spec: podManagementPolicy: Parallel replicas: 3 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki serviceName: loki-write-headless template: metadata: annotations: checksum/config: a2fb9c19d9a78713b80fde0284ce0fb688151b2279ac622ecdbc55d9015069c7 labels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki topologyKey: kubernetes.io/hostname automountServiceAccountToken: true containers: - args: - -config.file=/etc/loki/config/config.yaml - -target=write - -config.expand-env=true env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: key: aws_access_key_id name: secret-s3 - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: aws_secret_access_key name: secret-s3 image: docker.io/grafana/loki:3.5.7 imagePullPolicy: IfNotPresent name: loki ports: - containerPort: 3100 name: http-metrics protocol: TCP - containerPort: 9095 name: grpc protocol: TCP - containerPort: 7946 name: http-memberlist protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: http-metrics initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/loki/config name: config - mountPath: /etc/loki/runtime-config name: runtime-config - mountPath: /var/loki name: data enableServiceLinks: true securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 serviceAccountName: loki terminationGracePeriodSeconds: 300 volumes: - configMap: items: - key: config.yaml path: config.yaml name: loki name: config - configMap: name: loki-runtime name: runtime-config updateStrategy: rollingUpdate: partition: 0 volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: openebs-3-replicas --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: labels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-backend namespace: loki spec: maxUnavailable: 1 selector: matchLabels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: labels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-read namespace: loki spec: maxUnavailable: 1 selector: matchLabels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: labels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-write namespace: loki spec: maxUnavailable: 1 selector: matchLabels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki --- apiVersion: apps/v1 kind: DaemonSet metadata: labels: app.kubernetes.io/component: canary app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-canary namespace: loki spec: selector: matchLabels: app.kubernetes.io/component: canary app.kubernetes.io/instance: loki app.kubernetes.io/name: loki template: metadata: labels: app.kubernetes.io/component: canary app.kubernetes.io/instance: loki app.kubernetes.io/name: loki spec: containers: - args: - -addr=loki-gateway.loki.svc.cluster.local.:80 - -labelname=pod - -labelvalue=$(POD_NAME) - -user=self-monitoring - -tenant-id=self-monitoring - -pass= - -push=true env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name image: docker.io/grafana/loki-canary:3.5.7 imagePullPolicy: IfNotPresent name: loki-canary ports: - containerPort: 3500 name: http-metrics protocol: TCP readinessProbe: httpGet: path: /metrics port: http-metrics initialDelaySeconds: 15 timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: null securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 serviceAccountName: loki-canary volumes: null updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate --- apiVersion: v1 kind: Pod metadata: annotations: helm.sh/hook: test labels: app.kubernetes.io/component: helm-test app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/version: 3.5.7 helm.sh/chart: loki-6.46.0 name: loki-helm-test namespace: loki spec: containers: - args: - -test.v env: - name: CANARY_SERVICE_ADDRESS value: http://loki-canary.loki.svc.cluster.local:3500/metrics - name: CANARY_PROMETHEUS_ADDRESS value: "" - name: CANARY_TEST_TIMEOUT value: 1m image: docker.io/grafana/loki-helm-test:latest name: loki-helm-test restartPolicy: Never