diff --git a/production/helm/loki/CHANGELOG.md b/production/helm/loki/CHANGELOG.md index 0054b96810de..91889639fe3b 100644 --- a/production/helm/loki/CHANGELOG.md +++ b/production/helm/loki/CHANGELOG.md @@ -17,6 +17,7 @@ Entries should include a reference to the pull request that introduced the chang - [CHANGE] the lokiCanary section was moved from under monitoring to be under the root of the file. - [CHANGE] the definitions for topologySpreadConstraints and podAffinity were converted from string templates to objects. Also removed the soft constraint on zone. +- [CHANGE] the externalConfigSecretName was replaced with more generic configs ## 5.41.8 diff --git a/production/helm/loki/templates/_helpers.tpl b/production/helm/loki/templates/_helpers.tpl index fe7604911e76..69aacf777351 100644 --- a/production/helm/loki/templates/_helpers.tpl +++ b/production/helm/loki/templates/_helpers.tpl @@ -464,10 +464,10 @@ The volume to mount for loki configuration {{- define "loki.configVolume" -}} {{- if eq .Values.loki.configStorageType "Secret" -}} secret: - secretName: {{ tpl .Values.loki.externalConfigSecretName . }} -{{- else if eq .Values.loki.configStorageType "ConfigMap" -}} + secretName: {{ tpl .Values.loki.configObjectName . }} +{{- else -}} configMap: - name: {{ tpl .Values.loki.externalConfigSecretName . }} + name: {{ tpl .Values.loki.configObjectName . }} items: - key: "config.yaml" path: "config.yaml" diff --git a/production/helm/loki/templates/admin-api/deployment-admin-api.yaml b/production/helm/loki/templates/admin-api/deployment-admin-api.yaml index 6893a51ac350..636dedabdb9d 100644 --- a/production/helm/loki/templates/admin-api/deployment-admin-api.yaml +++ b/production/helm/loki/templates/admin-api/deployment-admin-api.yaml @@ -135,12 +135,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.adminApi.terminationGracePeriodSeconds }} volumes: - name: config - secret: - {{- if .Values.useExternalConfig }} - secretName: {{ .Values.externalConfigName }} - {{- else }} - secretName: enterprise-logs-config - {{- end }} + {{- include "loki.configVolume" . | nindent 10 }} - name: license secret: {{- if .Values.useExternalLicense }} diff --git a/production/helm/loki/templates/backend/statefulset-backend.yaml b/production/helm/loki/templates/backend/statefulset-backend.yaml index c60098aadf93..2792b0ffca24 100644 --- a/production/helm/loki/templates/backend/statefulset-backend.yaml +++ b/production/helm/loki/templates/backend/statefulset-backend.yaml @@ -231,12 +231,7 @@ spec: {{- toYaml .Values.backend.persistence.dataVolumeParameters | nindent 10 }} {{- end}} - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.name" . }}-runtime diff --git a/production/helm/loki/templates/compactor/statefulset-compactor.yaml b/production/helm/loki/templates/compactor/statefulset-compactor.yaml index 29eb941e0f6e..451cfcdf003f 100644 --- a/production/helm/loki/templates/compactor/statefulset-compactor.yaml +++ b/production/helm/loki/templates/compactor/statefulset-compactor.yaml @@ -146,12 +146,7 @@ spec: - name: temp emptyDir: {} - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.name" . }}-runtime diff --git a/production/helm/loki/templates/config.yaml b/production/helm/loki/templates/config.yaml index 101abc353e26..fe47590078e5 100644 --- a/production/helm/loki/templates/config.yaml +++ b/production/helm/loki/templates/config.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.loki.existingSecretForConfig -}} +{{- if .Values.loki.generatedConfigObjectName -}} apiVersion: v1 {{- if eq .Values.loki.configStorageType "Secret" }} kind: Secret @@ -6,7 +6,7 @@ kind: Secret kind: ConfigMap {{- end }} metadata: - name: {{ tpl .Values.loki.externalConfigSecretName . }} + name: {{ tpl .Values.loki.generatedConfigObjectName . }} namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} diff --git a/production/helm/loki/templates/distributor/deployment-distributor.yaml b/production/helm/loki/templates/distributor/deployment-distributor.yaml index a8fa934720c9..e58102668880 100644 --- a/production/helm/loki/templates/distributor/deployment-distributor.yaml +++ b/production/helm/loki/templates/distributor/deployment-distributor.yaml @@ -129,12 +129,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.name" . }}-runtime diff --git a/production/helm/loki/templates/gateway/deployment-gateway-enterprise.yaml b/production/helm/loki/templates/gateway/deployment-gateway-enterprise.yaml index 6965acf83842..f8e00f9b6bdd 100644 --- a/production/helm/loki/templates/gateway/deployment-gateway-enterprise.yaml +++ b/production/helm/loki/templates/gateway/deployment-gateway-enterprise.yaml @@ -116,12 +116,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.enterpriseGateway.terminationGracePeriodSeconds }} volumes: - name: config - secret: - {{- if .Values.useExternalConfig }} - secretName: {{ .Values.externalConfigName }} - {{- else }} - secretName: enterprise-logs-config - {{- end }} + {{- include "loki.configVolume" . | nindent 10 }} - name: license secret: {{- if .Values.useExternalLicense }} diff --git a/production/helm/loki/templates/index-gateway/statefulset-index-gateway.yaml b/production/helm/loki/templates/index-gateway/statefulset-index-gateway.yaml index 430d8c061b7f..a56f076fde2f 100644 --- a/production/helm/loki/templates/index-gateway/statefulset-index-gateway.yaml +++ b/production/helm/loki/templates/index-gateway/statefulset-index-gateway.yaml @@ -133,16 +133,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else if .Values.loki.configAsSecret }} - secret: - secretName: {{ include "loki.fullname" . }}-config - {{- else }} - configMap: - name: {{ include "loki.fullname" . }} - {{- end }} + {{- include "loki.configVolume" . | nindent 10 }} - name: runtime-config configMap: name: {{ template "loki.fullname" . }}-runtime diff --git a/production/helm/loki/templates/ingester/statefulset-ingester-zone-a.yaml b/production/helm/loki/templates/ingester/statefulset-ingester-zone-a.yaml index 2131731714db..63c529ba2c45 100644 --- a/production/helm/loki/templates/ingester/statefulset-ingester-zone-a.yaml +++ b/production/helm/loki/templates/ingester/statefulset-ingester-zone-a.yaml @@ -171,12 +171,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.fullname" . }}-runtime diff --git a/production/helm/loki/templates/ingester/statefulset-ingester-zone-b.yaml b/production/helm/loki/templates/ingester/statefulset-ingester-zone-b.yaml index 5f481a7fcd28..ae321c4cc22b 100644 --- a/production/helm/loki/templates/ingester/statefulset-ingester-zone-b.yaml +++ b/production/helm/loki/templates/ingester/statefulset-ingester-zone-b.yaml @@ -171,12 +171,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.fullname" . }}-runtime diff --git a/production/helm/loki/templates/ingester/statefulset-ingester-zone-c.yaml b/production/helm/loki/templates/ingester/statefulset-ingester-zone-c.yaml index db186b08f080..55552e03518e 100644 --- a/production/helm/loki/templates/ingester/statefulset-ingester-zone-c.yaml +++ b/production/helm/loki/templates/ingester/statefulset-ingester-zone-c.yaml @@ -171,12 +171,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.fullname" . }}-runtime diff --git a/production/helm/loki/templates/ingester/statefulset-ingester.yaml b/production/helm/loki/templates/ingester/statefulset-ingester.yaml index 2e09225caba9..9810fa1858c4 100644 --- a/production/helm/loki/templates/ingester/statefulset-ingester.yaml +++ b/production/helm/loki/templates/ingester/statefulset-ingester.yaml @@ -149,16 +149,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else if .Values.loki.configAsSecret }} - secret: - secretName: {{ include "loki.fullname" . }}-config - {{- else }} - configMap: - name: {{ include "loki.fullname" . }} - {{- end }} + {{- include "loki.configVolume" . | nindent 10 }} - name: runtime-config configMap: name: {{ template "loki.fullname" . }}-runtime diff --git a/production/helm/loki/templates/querier/deployment-querier.yaml b/production/helm/loki/templates/querier/deployment-querier.yaml index 0b50ac672218..68cf8cb79a53 100644 --- a/production/helm/loki/templates/querier/deployment-querier.yaml +++ b/production/helm/loki/templates/querier/deployment-querier.yaml @@ -141,12 +141,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.name" . }}-runtime diff --git a/production/helm/loki/templates/query-frontend/deployment-query-frontend.yaml b/production/helm/loki/templates/query-frontend/deployment-query-frontend.yaml index b956d873118b..f3371658fa33 100644 --- a/production/helm/loki/templates/query-frontend/deployment-query-frontend.yaml +++ b/production/helm/loki/templates/query-frontend/deployment-query-frontend.yaml @@ -119,16 +119,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else if .Values.loki.configAsSecret }} - secret: - secretName: {{ include "loki.fullname" . }}-config - {{- else }} - configMap: - name: {{ include "loki.fullname" . }} - {{- end }} + {{- include "loki.configVolume" . | nindent 10 }} - name: runtime-config configMap: name: {{ template "loki.fullname" . }}-runtime diff --git a/production/helm/loki/templates/query-scheduler/deployment-query-scheduler.yaml b/production/helm/loki/templates/query-scheduler/deployment-query-scheduler.yaml index e3f058b88d85..7631a5b4dac5 100644 --- a/production/helm/loki/templates/query-scheduler/deployment-query-scheduler.yaml +++ b/production/helm/loki/templates/query-scheduler/deployment-query-scheduler.yaml @@ -117,12 +117,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.name" . }}-runtime diff --git a/production/helm/loki/templates/read/deployment-read.yaml b/production/helm/loki/templates/read/deployment-read.yaml index 92d35a875345..98ddb2bf6ea6 100644 --- a/production/helm/loki/templates/read/deployment-read.yaml +++ b/production/helm/loki/templates/read/deployment-read.yaml @@ -141,12 +141,7 @@ spec: - name: data emptyDir: {} - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.name" . }}-runtime diff --git a/production/helm/loki/templates/read/statefulset-read.yaml b/production/helm/loki/templates/read/statefulset-read.yaml index 1422712f4762..ba885b91e0be 100644 --- a/production/helm/loki/templates/read/statefulset-read.yaml +++ b/production/helm/loki/templates/read/statefulset-read.yaml @@ -143,12 +143,7 @@ spec: - name: tmp emptyDir: {} - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.name" . }}-runtime diff --git a/production/helm/loki/templates/ruler/statefulset-ruler.yaml b/production/helm/loki/templates/ruler/statefulset-ruler.yaml index f4ee76eb4786..9fb3c3a5e578 100644 --- a/production/helm/loki/templates/ruler/statefulset-ruler.yaml +++ b/production/helm/loki/templates/ruler/statefulset-ruler.yaml @@ -126,16 +126,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else if .Values.loki.configAsSecret }} - secret: - secretName: {{ include "loki.fullname" . }}-config - {{- else }} - configMap: - name: {{ include "loki.fullname" . }} - {{- end }} + {{- include "loki.configVolume" . | nindent 10 }} - name: runtime-config configMap: name: {{ template "loki.fullname" . }}-runtime diff --git a/production/helm/loki/templates/single-binary/statefulset.yaml b/production/helm/loki/templates/single-binary/statefulset.yaml index 70fc17fb7cb7..c92b5ac7a641 100644 --- a/production/helm/loki/templates/single-binary/statefulset.yaml +++ b/production/helm/loki/templates/single-binary/statefulset.yaml @@ -153,12 +153,7 @@ spec: - name: tmp emptyDir: {} - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.name" . }}-runtime diff --git a/production/helm/loki/templates/table-manager/deployment-table-manager.yaml b/production/helm/loki/templates/table-manager/deployment-table-manager.yaml index 00c150abecf4..2a932994c88e 100644 --- a/production/helm/loki/templates/table-manager/deployment-table-manager.yaml +++ b/production/helm/loki/templates/table-manager/deployment-table-manager.yaml @@ -106,12 +106,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} {{- with .Values.tableManager.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/production/helm/loki/templates/tokengen/job-tokengen.yaml b/production/helm/loki/templates/tokengen/job-tokengen.yaml index 56d95589ad7c..f9ae7374c2d1 100644 --- a/production/helm/loki/templates/tokengen/job-tokengen.yaml +++ b/production/helm/loki/templates/tokengen/job-tokengen.yaml @@ -116,12 +116,7 @@ spec: {{- end }} volumes: - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.name" . }}-runtime diff --git a/production/helm/loki/templates/write/statefulset-write.yaml b/production/helm/loki/templates/write/statefulset-write.yaml index 34ca5d747f65..9c14c72326de 100644 --- a/production/helm/loki/templates/write/statefulset-write.yaml +++ b/production/helm/loki/templates/write/statefulset-write.yaml @@ -167,12 +167,7 @@ spec: {{- toYaml .Values.write.persistence.dataVolumeParameters | nindent 10 }} {{- end}} - name: config - {{- if .Values.loki.existingSecretForConfig }} - secret: - secretName: {{ .Values.loki.existingSecretForConfig }} - {{- else }} {{- include "loki.configVolume" . | nindent 10 }} - {{- end }} - name: runtime-config configMap: name: {{ template "loki.name" . }}-runtime diff --git a/production/helm/loki/values.yaml b/production/helm/loki/values.yaml index 94a026a13806..fed28d5db502 100644 --- a/production/helm/loki/values.yaml +++ b/production/helm/loki/values.yaml @@ -32,7 +32,8 @@ deploymentMode: SimpleScalable ###################################################################################################################### # -# Base Loki Configs +# Base Loki Configs including kubernetes configurations and configurations for Loki itself, +# see below for more specifics on Loki's configuration. # ###################################################################################################################### # -- Configuration for running Loki @@ -84,14 +85,44 @@ loki: allowPrivilegeEscalation: false # -- Should enableServiceLinks be enabled. Default to enable enableServiceLinks: true - # -- Specify an existing secret containing loki configuration. If non-empty, overrides `loki.config` - existingSecretForConfig: "" + ###################################################################################################################### + # + # Loki Configuration + # + # There are several ways to pass configuration to Loki, listing them here in order of our preference for how + # you should use this chart. + # 1. Use the templated value of loki.config below and the corresponding override sections which follow. + # This allows us to set a lot of important Loki configurations and defaults and also allows us to maintain them + # over time as Loki changes and evolves. + # 2. Use the loki.structuredConfig section. + # This will completely override the templated value of loki.config, so you MUST provide the entire Loki config + # including any configuration that we set in loki.config unless you explicitly are trying to change one of those + # values and are not able to do so with the templated sections. + # If you choose this approach the burden is on you to maintain any changes we make to the templated config. + # 3. Use an existing secret or configmap to provide the configuration. + # This option is mostly provided for folks who have external processes which provide or modify the configuration. + # When using this option you can specify a different name for loki.generatedConfigObjectName and configObjectName + # if you have a process which takes the generated config and modifies it, or you can stop the chart from generating + # a config entirely by setting loki.generatedConfigObjectName to + # + ###################################################################################################################### + # -- Defines what kind of object stores the configuration, a ConfigMap or a Secret. # In order to move sensitive information (such as credentials) from the ConfigMap/Secret to a more secure location (e.g. vault), it is possible to use [environment variables in the configuration](https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration). # Such environment variables can be then stored in a separate Secret and injected via the global.extraEnvFrom value. For details about environment injection from a Secret please see [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables). configStorageType: ConfigMap - # -- Name of the Secret or ConfigMap that contains the configuration (used for naming even if config is internal). - externalConfigSecretName: '{{ include "loki.name" . }}' + + # -- The name of the object which Loki will mount as a volume containing the config. + # If the configStorageType is Secret, this will be the name of the Secret, if it is ConfigMap, this will be the name of the ConfigMap. + # The value will be passed through tpl. + configObjectName: '{{ include "loki.name" . }}' + + # -- The name of the Secret or ConfigMap that will be created by this chart. + # If empty, no configmap or secret will be created. + # The value will be passed through tpl. + generatedConfigObjectName: '{{ include "loki.name" . }}' + + # -- Config file contents for Loki # @default -- See values.yaml config: |