title | linkTitle | weight | slug |
---|---|---|---|
Configuration file |
Configuration file |
1 |
configuration-file |
Cortex can be configured using a YAML file - specified using the -config.file
flag - or CLI flags. In case you combine both, CLI flags take precedence over the YAML config file.
The current configuration of any Cortex component can be seen by visiting the /config
HTTP path.
Passwords are filtered out of this endpoint.
To specify which configuration file to load, pass the -config.file
flag at the command line. The file is written in YAML format, defined by the scheme below. Brackets indicate that a parameter is optional.
<boolean>
: a boolean that can take the valuestrue
orfalse
<int>
: any integer matching the regular expression[1-9]+[0-9]*
<duration>
: a duration matching the regular expression[0-9]+(ns|us|µs|ms|s|m|h|d|w|y)
where y = 365 days.<string>
: a regular string<url>
: a URL<prefix>
: a CLI flag prefix based on the context (look at the parent configuration block to see which CLI flags prefix should be used)<relabel_config>
: a Prometheus relabeling configuration.<time>
: a timestamp, with available formats:2006-01-20
(midnight, local timezone),2006-01-20T15:04
(local timezone), and RFC 3339 formats:2006-01-20T15:04:05Z
(UTC) or2006-01-20T15:04:05+07:00
(explicit timezone)
You can use environment variable references in the config file to set values that need to be configurable during deployment by using the -config.expand-env
flag.
To do this, use:
${VAR}
Where VAR is the name of the environment variable.
Each variable reference is replaced at startup by the value of the environment variable. The replacement is case-sensitive and occurs before the YAML file is parsed. References to undefined variables are replaced by empty strings unless you specify a default value or custom error text.
To specify a default value, use:
${VAR:default_value}
Where default_value is the value to use if the environment variable is undefined.
# Comma-separated list of Cortex modules to load. The alias 'all' can be used in
# the list to load a number of core modules and will enable single-binary mode.
# Use '-modules' command line flag to get a list of available modules, and to
# see which modules are included in 'all'.
# CLI flag: -target
[target: <string> | default = "all"]
# Set to false to disable auth.
# CLI flag: -auth.enabled
[auth_enabled: <boolean> | default = true]
# HTTP path prefix for Cortex API.
# CLI flag: -http.prefix
[http_prefix: <string> | default = "/api/prom"]
api:
# Use GZIP compression for API responses. Some endpoints serve large YAML or
# JSON blobs which can benefit from compression.
# CLI flag: -api.response-compression-enabled
[response_compression_enabled: <boolean> | default = false]
# HTTP URL path under which the Alertmanager ui and api will be served.
# CLI flag: -http.alertmanager-http-prefix
[alertmanager_http_prefix: <string> | default = "/alertmanager"]
# HTTP URL path under which the Prometheus api will be served.
# CLI flag: -http.prometheus-http-prefix
[prometheus_http_prefix: <string> | default = "/prometheus"]
# Which HTTP Request headers to add to logs
# CLI flag: -api.http-request-headers-to-log
[http_request_headers_to_log: <list of string> | default = []]
# Regex for CORS origin. It is fully anchored. Example:
# 'https?://(domain1|domain2)\.com'
# CLI flag: -server.cors-origin
[cors_origin: <string> | default = ".*"]
# If enabled, build Info API will be served by query frontend or querier.
# CLI flag: -api.build-info-enabled
[build_info_enabled: <boolean> | default = false]
# Choose default codec for querier response serialization. Supports 'json' and
# 'protobuf'.
# CLI flag: -api.querier-default-codec
[querier_default_codec: <string> | default = "json"]
# The server_config configures the HTTP and gRPC server of the launched
# service(s).
[server: <server_config>]
# The distributor_config configures the Cortex distributor.
[distributor: <distributor_config>]
# The querier_config configures the Cortex querier.
[querier: <querier_config>]
# The ingester_client_config configures how the Cortex distributors connect to
# the ingesters.
[ingester_client: <ingester_client_config>]
# The ingester_config configures the Cortex ingester.
[ingester: <ingester_config>]
# The flusher_config configures the WAL flusher target, used to manually run
# one-time flushes when scaling down ingesters.
[flusher: <flusher_config>]
# The storage_config configures the storage type Cortex uses.
[storage: <storage_config>]
# The limits_config configures default and per-tenant limits imposed by Cortex
# services (ie. distributor, ingester, ...).
[limits: <limits_config>]
# The frontend_worker_config configures the worker - running within the Cortex
# querier - picking up and executing queries enqueued by the query-frontend or
# query-scheduler.
[frontend_worker: <frontend_worker_config>]
# The query_frontend_config configures the Cortex query-frontend.
[frontend: <query_frontend_config>]
# The query_range_config configures the query splitting and caching in the
# Cortex query-frontend.
[query_range: <query_range_config>]
# The blocks_storage_config configures the blocks storage.
[blocks_storage: <blocks_storage_config>]
# The compactor_config configures the compactor for the blocks storage.
[compactor: <compactor_config>]
# The store_gateway_config configures the store-gateway service used by the
# blocks storage.
[store_gateway: <store_gateway_config>]
tenant_federation:
# If enabled on all Cortex services, queries can be federated across multiple
# tenants. The tenant IDs involved need to be specified separated by a `|`
# character in the `X-Scope-OrgID` header (experimental).
# CLI flag: -tenant-federation.enabled
[enabled: <boolean> | default = false]
# The ruler_config configures the Cortex ruler.
[ruler: <ruler_config>]
# The ruler_storage_config configures the Cortex ruler storage backend.
[ruler_storage: <ruler_storage_config>]
# The configs_config configures the Cortex Configs DB and API.
[configs: <configs_config>]
# The alertmanager_config configures the Cortex alertmanager.
[alertmanager: <alertmanager_config>]
# The alertmanager_storage_config configures the Cortex alertmanager storage
# backend.
[alertmanager_storage: <alertmanager_storage_config>]
# The runtime_configuration_storage_config configures the storage backend for
# the runtime configuration file.
[runtime_config: <runtime_configuration_storage_config>]
# The memberlist_config configures the Gossip memberlist.
[memberlist: <memberlist_config>]
query_scheduler:
# If a querier disconnects without sending notification about graceful
# shutdown, the query-scheduler will keep the querier in the tenant's shard
# until the forget delay has passed. This feature is useful to reduce the
# blast radius when shuffle-sharding is enabled.
# CLI flag: -query-scheduler.querier-forget-delay
[querier_forget_delay: <duration> | default = 0s]
# This configures the gRPC client used to report errors back to the
# query-frontend.
grpc_client_config:
# gRPC client max receive message size (bytes).
# CLI flag: -query-scheduler.grpc-client-config.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -query-scheduler.grpc-client-config.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 16777216]
# Use compression when sending messages. Supported values are: 'gzip',
# 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)
# CLI flag: -query-scheduler.grpc-client-config.grpc-compression
[grpc_compression: <string> | default = ""]
# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -query-scheduler.grpc-client-config.grpc-client-rate-limit
[rate_limit: <float> | default = 0]
# Rate limit burst for gRPC client.
# CLI flag: -query-scheduler.grpc-client-config.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]
# Enable backoff and retry when we hit ratelimits.
# CLI flag: -query-scheduler.grpc-client-config.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# Minimum delay when backing off.
# CLI flag: -query-scheduler.grpc-client-config.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -query-scheduler.grpc-client-config.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -query-scheduler.grpc-client-config.backoff-retries
[max_retries: <int> | default = 10]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -query-scheduler.grpc-client-config.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -query-scheduler.grpc-client-config.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -query-scheduler.grpc-client-config.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -query-scheduler.grpc-client-config.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -query-scheduler.grpc-client-config.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -query-scheduler.grpc-client-config.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# The tracing_config configures backends cortex uses.
[tracing: <tracing_config>]
The alertmanager_config
configures the Cortex alertmanager.
# Base path for data storage.
# CLI flag: -alertmanager.storage.path
[data_dir: <string> | default = "data/"]
# How long to keep data for.
# CLI flag: -alertmanager.storage.retention
[retention: <duration> | default = 120h]
# The URL under which Alertmanager is externally reachable (for example, if
# Alertmanager is served via a reverse proxy). Used for generating relative and
# absolute links back to Alertmanager itself. If the URL has a path portion, it
# will be used to prefix all HTTP endpoints served by Alertmanager. If omitted,
# relevant URL components will be derived automatically.
# CLI flag: -alertmanager.web.external-url
[external_url: <url> | default = ]
# How frequently to poll Cortex configs
# CLI flag: -alertmanager.configs.poll-interval
[poll_interval: <duration> | default = 15s]
# Maximum size (bytes) of an accepted HTTP request body.
# CLI flag: -alertmanager.max-recv-msg-size
[max_recv_msg_size: <int> | default = 16777216]
# Shard tenants across multiple alertmanager instances.
# CLI flag: -alertmanager.sharding-enabled
[sharding_enabled: <boolean> | default = false]
sharding_ring:
# The key-value store used to share the hash ring across multiple instances.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -alertmanager.sharding-ring.store
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -alertmanager.sharding-ring.prefix
[prefix: <string> | default = "alertmanagers/"]
dynamodb:
# Region to access dynamodb.
# CLI flag: -alertmanager.sharding-ring.dynamodb.region
[region: <string> | default = ""]
# Table name to use on dynamodb.
# CLI flag: -alertmanager.sharding-ring.dynamodb.table-name
[table_name: <string> | default = ""]
# Time to expire items on dynamodb.
# CLI flag: -alertmanager.sharding-ring.dynamodb.ttl-time
[ttl: <duration> | default = 0s]
# Time to refresh local ring with information on dynamodb.
# CLI flag: -alertmanager.sharding-ring.dynamodb.puller-sync-time
[puller_sync_time: <duration> | default = 1m]
# Maximum number of retries for DDB KV CAS.
# CLI flag: -alertmanager.sharding-ring.dynamodb.max-cas-retries
[max_cas_retries: <int> | default = 10]
# The consul_config configures the consul client.
# The CLI flags prefix for this block config is: alertmanager.sharding-ring
[consul: <consul_config>]
# The etcd_config configures the etcd client.
# The CLI flags prefix for this block config is: alertmanager.sharding-ring
[etcd: <etcd_config>]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -alertmanager.sharding-ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -alertmanager.sharding-ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -alertmanager.sharding-ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -alertmanager.sharding-ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -alertmanager.sharding-ring.heartbeat-period
[heartbeat_period: <duration> | default = 15s]
# The heartbeat timeout after which alertmanagers are considered unhealthy
# within the ring. 0 = never (timeout disabled).
# CLI flag: -alertmanager.sharding-ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# The replication factor to use when sharding the alertmanager.
# CLI flag: -alertmanager.sharding-ring.replication-factor
[replication_factor: <int> | default = 3]
# True to enable zone-awareness and replicate alerts across different
# availability zones.
# CLI flag: -alertmanager.sharding-ring.zone-awareness-enabled
[zone_awareness_enabled: <boolean> | default = false]
# The sleep seconds when alertmanager is shutting down. Need to be close to or
# larger than KV Store information propagation delay
# CLI flag: -alertmanager.sharding-ring.final-sleep
[final_sleep: <duration> | default = 0s]
# Timeout for waiting on alertmanager to become desired state in the ring.
# CLI flag: -alertmanager.sharding-ring.wait-instance-state-timeout
[wait_instance_state_timeout: <duration> | default = 10m]
# Name of network interface to read address from.
# CLI flag: -alertmanager.sharding-ring.instance-interface-names
[instance_interface_names: <list of string> | default = [eth0 en0]]
# The availability zone where this instance is running. Required if
# zone-awareness is enabled.
# CLI flag: -alertmanager.sharding-ring.instance-availability-zone
[instance_availability_zone: <string> | default = ""]
# Filename of fallback config to use if none specified for instance.
# CLI flag: -alertmanager.configs.fallback
[fallback_config_file: <string> | default = ""]
# Root of URL to generate if config is http://internal.monitor
# CLI flag: -alertmanager.configs.auto-webhook-root
[auto_webhook_root: <string> | default = ""]
cluster:
# Listen address and port for the cluster. Not specifying this flag disables
# high-availability mode.
# CLI flag: -alertmanager.cluster.listen-address
[listen_address: <string> | default = "0.0.0.0:9094"]
# Explicit address or hostname to advertise in cluster.
# CLI flag: -alertmanager.cluster.advertise-address
[advertise_address: <string> | default = ""]
# Comma-separated list of initial peers.
# CLI flag: -alertmanager.cluster.peers
[peers: <string> | default = ""]
# Time to wait between peers to send notifications.
# CLI flag: -alertmanager.cluster.peer-timeout
[peer_timeout: <duration> | default = 15s]
# The interval between sending gossip messages. By lowering this value (more
# frequent) gossip messages are propagated across cluster more quickly at the
# expense of increased bandwidth usage.
# CLI flag: -alertmanager.cluster.gossip-interval
[gossip_interval: <duration> | default = 200ms]
# The interval between gossip state syncs. Setting this interval lower (more
# frequent) will increase convergence speeds across larger clusters at the
# expense of increased bandwidth usage.
# CLI flag: -alertmanager.cluster.push-pull-interval
[push_pull_interval: <duration> | default = 1m]
# Enable the experimental alertmanager config api.
# CLI flag: -experimental.alertmanager.enable-api
[enable_api: <boolean> | default = false]
# Maximum number of concurrent GET API requests before returning an error.
# CLI flag: -alertmanager.api-concurrency
[api_concurrency: <int> | default = 0]
# Alertmanager alerts Garbage collection interval.
# CLI flag: -alertmanager.alerts-gc-interval
[gc_interval: <duration> | default = 30m]
alertmanager_client:
# Timeout for downstream alertmanagers.
# CLI flag: -alertmanager.alertmanager-client.remote-timeout
[remote_timeout: <duration> | default = 2s]
# Enable TLS in the GRPC client. This flag needs to be enabled when any other
# TLS flag is set. If set to false, insecure connection to gRPC server will be
# used.
# CLI flag: -alertmanager.alertmanager-client.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -alertmanager.alertmanager-client.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -alertmanager.alertmanager-client.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -alertmanager.alertmanager-client.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -alertmanager.alertmanager-client.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -alertmanager.alertmanager-client.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Use compression when sending messages. Supported values are: 'gzip',
# 'snappy' and '' (disable compression)
# CLI flag: -alertmanager.alertmanager-client.grpc-compression
[grpc_compression: <string> | default = ""]
# gRPC client max receive message size (bytes).
# CLI flag: -alertmanager.alertmanager-client.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 16777216]
# gRPC client max send message size (bytes).
# CLI flag: -alertmanager.alertmanager-client.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 4194304]
# The interval between persisting the current alertmanager state (notification
# log and silences) to object storage. This is only used when sharding is
# enabled. This state is read when all replicas for a shard can not be
# contacted. In this scenario, having persisted the state more frequently will
# result in potentially fewer lost silences, and fewer duplicate notifications.
# CLI flag: -alertmanager.persist-interval
[persist_interval: <duration> | default = 15m]
# Comma separated list of tenants whose alerts this alertmanager can process. If
# specified, only these tenants will be handled by alertmanager, otherwise this
# alertmanager can process alerts from all tenants.
# CLI flag: -alertmanager.enabled-tenants
[enabled_tenants: <string> | default = ""]
# Comma separated list of tenants whose alerts this alertmanager cannot process.
# If specified, a alertmanager that would normally pick the specified tenant(s)
# for processing will ignore them instead.
# CLI flag: -alertmanager.disabled-tenants
[disabled_tenants: <string> | default = ""]
The alertmanager_storage_config
configures the Cortex alertmanager storage backend.
# Backend storage to use. Supported backends are: s3, gcs, azure, swift,
# filesystem, configdb, local.
# CLI flag: -alertmanager-storage.backend
[backend: <string> | default = "s3"]
s3:
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -alertmanager-storage.s3.endpoint
[endpoint: <string> | default = ""]
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call
# to autodetect it.
# CLI flag: -alertmanager-storage.s3.region
[region: <string> | default = ""]
# S3 bucket name
# CLI flag: -alertmanager-storage.s3.bucket-name
[bucket_name: <string> | default = ""]
# S3 secret access key
# CLI flag: -alertmanager-storage.s3.secret-access-key
[secret_access_key: <string> | default = ""]
# S3 access key ID
# CLI flag: -alertmanager-storage.s3.access-key-id
[access_key_id: <string> | default = ""]
# If enabled, use http:// for the S3 endpoint instead of https://. This could
# be useful in local dev/test environments while using an S3-compatible
# backend storage, like Minio.
# CLI flag: -alertmanager-storage.s3.insecure
[insecure: <boolean> | default = false]
# The signature version to use for authenticating against S3. Supported values
# are: v4, v2.
# CLI flag: -alertmanager-storage.s3.signature-version
[signature_version: <string> | default = "v4"]
# The s3 bucket lookup style. Supported values are: auto, virtual-hosted,
# path.
# CLI flag: -alertmanager-storage.s3.bucket-lookup-type
[bucket_lookup_type: <string> | default = "auto"]
# If true, attach MD5 checksum when upload objects and S3 uses MD5 checksum
# algorithm to verify the provided digest. If false, use CRC32C algorithm
# instead.
# CLI flag: -alertmanager-storage.s3.send-content-md5
[send_content_md5: <boolean> | default = true]
# The list api version. Supported values are: v1, v2, and ''.
# CLI flag: -alertmanager-storage.s3.list-objects-version
[list_objects_version: <string> | default = ""]
# The s3_sse_config configures the S3 server-side encryption.
# The CLI flags prefix for this block config is: alertmanager-storage
[sse: <s3_sse_config>]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -alertmanager-storage.s3.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -alertmanager-storage.s3.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects via HTTPS and this option is enabled, the client
# will accept any certificate and hostname.
# CLI flag: -alertmanager-storage.s3.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -alertmanager-storage.s3.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully writing
# the request headers if the request has an Expect header. 0 to send the
# request body immediately.
# CLI flag: -alertmanager-storage.s3.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0 means
# no limit.
# CLI flag: -alertmanager-storage.s3.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
# built-in default value is used.
# CLI flag: -alertmanager-storage.s3.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -alertmanager-storage.s3.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
gcs:
# GCS bucket name
# CLI flag: -alertmanager-storage.gcs.bucket-name
[bucket_name: <string> | default = ""]
# JSON representing either a Google Developers Console client_credentials.json
# file or a Google Developers service account key file. If empty, fallback to
# Google default logic.
# CLI flag: -alertmanager-storage.gcs.service-account
[service_account: <string> | default = ""]
azure:
# Azure storage account name
# CLI flag: -alertmanager-storage.azure.account-name
[account_name: <string> | default = ""]
# Azure storage account key
# CLI flag: -alertmanager-storage.azure.account-key
[account_key: <string> | default = ""]
# The values of `account-name` and `endpoint-suffix` values will not be
# ignored if `connection-string` is set. Use this method over `account-key` if
# you need to authenticate via a SAS token or if you use the Azurite emulator.
# CLI flag: -alertmanager-storage.azure.connection-string
[connection_string: <string> | default = ""]
# Azure storage container name
# CLI flag: -alertmanager-storage.azure.container-name
[container_name: <string> | default = ""]
# Azure storage endpoint suffix without schema. The account name will be
# prefixed to this value to create the FQDN
# CLI flag: -alertmanager-storage.azure.endpoint-suffix
[endpoint_suffix: <string> | default = ""]
# Number of retries for recoverable errors
# CLI flag: -alertmanager-storage.azure.max-retries
[max_retries: <int> | default = 20]
# Deprecated: Azure storage MSI resource. It will be set automatically by
# Azure SDK.
# CLI flag: -alertmanager-storage.azure.msi-resource
[msi_resource: <string> | default = ""]
# Azure storage MSI resource managed identity client Id. If not supplied
# default Azure credential will be used. Set it to empty if you need to
# authenticate via Azure Workload Identity.
# CLI flag: -alertmanager-storage.azure.user-assigned-id
[user_assigned_id: <string> | default = ""]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -alertmanager-storage.azure.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -alertmanager-storage.azure.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects via HTTPS and this option is enabled, the client
# will accept any certificate and hostname.
# CLI flag: -alertmanager-storage.azure.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -alertmanager-storage.azure.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully writing
# the request headers if the request has an Expect header. 0 to send the
# request body immediately.
# CLI flag: -alertmanager-storage.azure.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0 means
# no limit.
# CLI flag: -alertmanager-storage.azure.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
# built-in default value is used.
# CLI flag: -alertmanager-storage.azure.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -alertmanager-storage.azure.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
swift:
# OpenStack Swift authentication API version. 0 to autodetect.
# CLI flag: -alertmanager-storage.swift.auth-version
[auth_version: <int> | default = 0]
# OpenStack Swift authentication URL
# CLI flag: -alertmanager-storage.swift.auth-url
[auth_url: <string> | default = ""]
# OpenStack Swift application credential ID.
# CLI flag: -alertmanager-storage.swift.application-credential-id
[application_credential_id: <string> | default = ""]
# OpenStack Swift application credential name.
# CLI flag: -alertmanager-storage.swift.application-credential-name
[application_credential_name: <string> | default = ""]
# OpenStack Swift application credential secret.
# CLI flag: -alertmanager-storage.swift.application-credential-secret
[application_credential_secret: <string> | default = ""]
# OpenStack Swift username.
# CLI flag: -alertmanager-storage.swift.username
[username: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -alertmanager-storage.swift.user-domain-name
[user_domain_name: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -alertmanager-storage.swift.user-domain-id
[user_domain_id: <string> | default = ""]
# OpenStack Swift user ID.
# CLI flag: -alertmanager-storage.swift.user-id
[user_id: <string> | default = ""]
# OpenStack Swift API key.
# CLI flag: -alertmanager-storage.swift.password
[password: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -alertmanager-storage.swift.domain-id
[domain_id: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -alertmanager-storage.swift.domain-name
[domain_name: <string> | default = ""]
# OpenStack Swift project ID (v2,v3 auth only).
# CLI flag: -alertmanager-storage.swift.project-id
[project_id: <string> | default = ""]
# OpenStack Swift project name (v2,v3 auth only).
# CLI flag: -alertmanager-storage.swift.project-name
[project_name: <string> | default = ""]
# ID of the OpenStack Swift project's domain (v3 auth only), only needed if it
# differs the from user domain.
# CLI flag: -alertmanager-storage.swift.project-domain-id
[project_domain_id: <string> | default = ""]
# Name of the OpenStack Swift project's domain (v3 auth only), only needed if
# it differs from the user domain.
# CLI flag: -alertmanager-storage.swift.project-domain-name
[project_domain_name: <string> | default = ""]
# OpenStack Swift Region to use (v2,v3 auth only).
# CLI flag: -alertmanager-storage.swift.region-name
[region_name: <string> | default = ""]
# Name of the OpenStack Swift container to put chunks in.
# CLI flag: -alertmanager-storage.swift.container-name
[container_name: <string> | default = ""]
# Max retries on requests error.
# CLI flag: -alertmanager-storage.swift.max-retries
[max_retries: <int> | default = 3]
# Time after which a connection attempt is aborted.
# CLI flag: -alertmanager-storage.swift.connect-timeout
[connect_timeout: <duration> | default = 10s]
# Time after which an idle request is aborted. The timeout watchdog is reset
# each time some data is received, so the timeout triggers after X time no
# data is received on a request.
# CLI flag: -alertmanager-storage.swift.request-timeout
[request_timeout: <duration> | default = 5s]
filesystem:
# Local filesystem storage directory.
# CLI flag: -alertmanager-storage.filesystem.dir
[dir: <string> | default = ""]
# The configstore_config configures the config database storing rules and
# alerts, and is used by the Cortex alertmanager.
# The CLI flags prefix for this block config is: alertmanager-storage
[configdb: <configstore_config>]
local:
# Path at which alertmanager configurations are stored.
# CLI flag: -alertmanager-storage.local.path
[path: <string> | default = ""]
The blocks_storage_config
configures the blocks storage.
# Backend storage to use. Supported backends are: s3, gcs, azure, swift,
# filesystem.
# CLI flag: -blocks-storage.backend
[backend: <string> | default = "s3"]
s3:
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -blocks-storage.s3.endpoint
[endpoint: <string> | default = ""]
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call
# to autodetect it.
# CLI flag: -blocks-storage.s3.region
[region: <string> | default = ""]
# S3 bucket name
# CLI flag: -blocks-storage.s3.bucket-name
[bucket_name: <string> | default = ""]
# S3 secret access key
# CLI flag: -blocks-storage.s3.secret-access-key
[secret_access_key: <string> | default = ""]
# S3 access key ID
# CLI flag: -blocks-storage.s3.access-key-id
[access_key_id: <string> | default = ""]
# If enabled, use http:// for the S3 endpoint instead of https://. This could
# be useful in local dev/test environments while using an S3-compatible
# backend storage, like Minio.
# CLI flag: -blocks-storage.s3.insecure
[insecure: <boolean> | default = false]
# The signature version to use for authenticating against S3. Supported values
# are: v4, v2.
# CLI flag: -blocks-storage.s3.signature-version
[signature_version: <string> | default = "v4"]
# The s3 bucket lookup style. Supported values are: auto, virtual-hosted,
# path.
# CLI flag: -blocks-storage.s3.bucket-lookup-type
[bucket_lookup_type: <string> | default = "auto"]
# If true, attach MD5 checksum when upload objects and S3 uses MD5 checksum
# algorithm to verify the provided digest. If false, use CRC32C algorithm
# instead.
# CLI flag: -blocks-storage.s3.send-content-md5
[send_content_md5: <boolean> | default = true]
# The list api version. Supported values are: v1, v2, and ''.
# CLI flag: -blocks-storage.s3.list-objects-version
[list_objects_version: <string> | default = ""]
# The s3_sse_config configures the S3 server-side encryption.
# The CLI flags prefix for this block config is: blocks-storage
[sse: <s3_sse_config>]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -blocks-storage.s3.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -blocks-storage.s3.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects via HTTPS and this option is enabled, the client
# will accept any certificate and hostname.
# CLI flag: -blocks-storage.s3.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -blocks-storage.s3.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully writing
# the request headers if the request has an Expect header. 0 to send the
# request body immediately.
# CLI flag: -blocks-storage.s3.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0 means
# no limit.
# CLI flag: -blocks-storage.s3.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
# built-in default value is used.
# CLI flag: -blocks-storage.s3.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -blocks-storage.s3.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
gcs:
# GCS bucket name
# CLI flag: -blocks-storage.gcs.bucket-name
[bucket_name: <string> | default = ""]
# JSON representing either a Google Developers Console client_credentials.json
# file or a Google Developers service account key file. If empty, fallback to
# Google default logic.
# CLI flag: -blocks-storage.gcs.service-account
[service_account: <string> | default = ""]
azure:
# Azure storage account name
# CLI flag: -blocks-storage.azure.account-name
[account_name: <string> | default = ""]
# Azure storage account key
# CLI flag: -blocks-storage.azure.account-key
[account_key: <string> | default = ""]
# The values of `account-name` and `endpoint-suffix` values will not be
# ignored if `connection-string` is set. Use this method over `account-key` if
# you need to authenticate via a SAS token or if you use the Azurite emulator.
# CLI flag: -blocks-storage.azure.connection-string
[connection_string: <string> | default = ""]
# Azure storage container name
# CLI flag: -blocks-storage.azure.container-name
[container_name: <string> | default = ""]
# Azure storage endpoint suffix without schema. The account name will be
# prefixed to this value to create the FQDN
# CLI flag: -blocks-storage.azure.endpoint-suffix
[endpoint_suffix: <string> | default = ""]
# Number of retries for recoverable errors
# CLI flag: -blocks-storage.azure.max-retries
[max_retries: <int> | default = 20]
# Deprecated: Azure storage MSI resource. It will be set automatically by
# Azure SDK.
# CLI flag: -blocks-storage.azure.msi-resource
[msi_resource: <string> | default = ""]
# Azure storage MSI resource managed identity client Id. If not supplied
# default Azure credential will be used. Set it to empty if you need to
# authenticate via Azure Workload Identity.
# CLI flag: -blocks-storage.azure.user-assigned-id
[user_assigned_id: <string> | default = ""]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -blocks-storage.azure.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -blocks-storage.azure.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects via HTTPS and this option is enabled, the client
# will accept any certificate and hostname.
# CLI flag: -blocks-storage.azure.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -blocks-storage.azure.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully writing
# the request headers if the request has an Expect header. 0 to send the
# request body immediately.
# CLI flag: -blocks-storage.azure.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0 means
# no limit.
# CLI flag: -blocks-storage.azure.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
# built-in default value is used.
# CLI flag: -blocks-storage.azure.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -blocks-storage.azure.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
swift:
# OpenStack Swift authentication API version. 0 to autodetect.
# CLI flag: -blocks-storage.swift.auth-version
[auth_version: <int> | default = 0]
# OpenStack Swift authentication URL
# CLI flag: -blocks-storage.swift.auth-url
[auth_url: <string> | default = ""]
# OpenStack Swift application credential ID.
# CLI flag: -blocks-storage.swift.application-credential-id
[application_credential_id: <string> | default = ""]
# OpenStack Swift application credential name.
# CLI flag: -blocks-storage.swift.application-credential-name
[application_credential_name: <string> | default = ""]
# OpenStack Swift application credential secret.
# CLI flag: -blocks-storage.swift.application-credential-secret
[application_credential_secret: <string> | default = ""]
# OpenStack Swift username.
# CLI flag: -blocks-storage.swift.username
[username: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -blocks-storage.swift.user-domain-name
[user_domain_name: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -blocks-storage.swift.user-domain-id
[user_domain_id: <string> | default = ""]
# OpenStack Swift user ID.
# CLI flag: -blocks-storage.swift.user-id
[user_id: <string> | default = ""]
# OpenStack Swift API key.
# CLI flag: -blocks-storage.swift.password
[password: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -blocks-storage.swift.domain-id
[domain_id: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -blocks-storage.swift.domain-name
[domain_name: <string> | default = ""]
# OpenStack Swift project ID (v2,v3 auth only).
# CLI flag: -blocks-storage.swift.project-id
[project_id: <string> | default = ""]
# OpenStack Swift project name (v2,v3 auth only).
# CLI flag: -blocks-storage.swift.project-name
[project_name: <string> | default = ""]
# ID of the OpenStack Swift project's domain (v3 auth only), only needed if it
# differs the from user domain.
# CLI flag: -blocks-storage.swift.project-domain-id
[project_domain_id: <string> | default = ""]
# Name of the OpenStack Swift project's domain (v3 auth only), only needed if
# it differs from the user domain.
# CLI flag: -blocks-storage.swift.project-domain-name
[project_domain_name: <string> | default = ""]
# OpenStack Swift Region to use (v2,v3 auth only).
# CLI flag: -blocks-storage.swift.region-name
[region_name: <string> | default = ""]
# Name of the OpenStack Swift container to put chunks in.
# CLI flag: -blocks-storage.swift.container-name
[container_name: <string> | default = ""]
# Max retries on requests error.
# CLI flag: -blocks-storage.swift.max-retries
[max_retries: <int> | default = 3]
# Time after which a connection attempt is aborted.
# CLI flag: -blocks-storage.swift.connect-timeout
[connect_timeout: <duration> | default = 10s]
# Time after which an idle request is aborted. The timeout watchdog is reset
# each time some data is received, so the timeout triggers after X time no
# data is received on a request.
# CLI flag: -blocks-storage.swift.request-timeout
[request_timeout: <duration> | default = 5s]
filesystem:
# Local filesystem storage directory.
# CLI flag: -blocks-storage.filesystem.dir
[dir: <string> | default = ""]
# This configures how the querier and store-gateway discover and synchronize
# blocks stored in the bucket.
bucket_store:
# Directory to store synchronized TSDB index headers.
# CLI flag: -blocks-storage.bucket-store.sync-dir
[sync_dir: <string> | default = "tsdb-sync"]
# How frequently to scan the bucket, or to refresh the bucket index (if
# enabled), in order to look for changes (new blocks shipped by ingesters and
# blocks deleted by retention or compaction).
# CLI flag: -blocks-storage.bucket-store.sync-interval
[sync_interval: <duration> | default = 15m]
# Max number of concurrent queries to execute against the long-term storage.
# The limit is shared across all tenants.
# CLI flag: -blocks-storage.bucket-store.max-concurrent
[max_concurrent: <int> | default = 100]
# Max number of inflight queries to execute against the long-term storage. The
# limit is shared across all tenants. 0 to disable.
# CLI flag: -blocks-storage.bucket-store.max-inflight-requests
[max_inflight_requests: <int> | default = 0]
# Maximum number of concurrent tenants syncing blocks.
# CLI flag: -blocks-storage.bucket-store.tenant-sync-concurrency
[tenant_sync_concurrency: <int> | default = 10]
# Maximum number of concurrent blocks syncing per tenant.
# CLI flag: -blocks-storage.bucket-store.block-sync-concurrency
[block_sync_concurrency: <int> | default = 20]
# Number of Go routines to use when syncing block meta files from object
# storage per tenant.
# CLI flag: -blocks-storage.bucket-store.meta-sync-concurrency
[meta_sync_concurrency: <int> | default = 20]
# Minimum age of a block before it's being read. Set it to safe value (e.g
# 30m) if your object storage is eventually consistent. GCS and S3 are
# (roughly) strongly consistent.
# CLI flag: -blocks-storage.bucket-store.consistency-delay
[consistency_delay: <duration> | default = 0s]
index_cache:
# The index cache backend type. Multiple cache backend can be provided as a
# comma-separated ordered list to enable the implementation of a cache
# hierarchy. Supported values: inmemory, memcached, redis.
# CLI flag: -blocks-storage.bucket-store.index-cache.backend
[backend: <string> | default = "inmemory"]
inmemory:
# Maximum size in bytes of in-memory index cache used to speed up blocks
# index lookups (shared between all tenants).
# CLI flag: -blocks-storage.bucket-store.index-cache.inmemory.max-size-bytes
[max_size_bytes: <int> | default = 1073741824]
# Selectively cache index item types. Supported values are Postings,
# ExpandedPostings and Series
# CLI flag: -blocks-storage.bucket-store.index-cache.inmemory.enabled-items
[enabled_items: <list of string> | default = []]
memcached:
# Comma separated list of memcached addresses. Supported prefixes are:
# dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query,
# dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after
# that).
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.addresses
[addresses: <string> | default = ""]
# The socket read/write timeout.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.timeout
[timeout: <duration> | default = 100ms]
# The maximum number of idle connections that will be maintained per
# address.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-idle-connections
[max_idle_connections: <int> | default = 16]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-async-concurrency
[max_async_concurrency: <int> | default = 3]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-async-buffer-size
[max_async_buffer_size: <int> | default = 10000]
# The maximum number of concurrent connections running get operations. If
# set to 0, concurrency is unlimited.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum number of keys a single underlying get operation should run.
# If more keys are specified, internally keys are split into multiple
# batches and fetched concurrently, honoring the max concurrency. If set
# to 0, the max batch size is unlimited.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-get-multi-batch-size
[max_get_multi_batch_size: <int> | default = 0]
# The maximum size of an item stored in memcached. Bigger items are not
# stored. If set to 0, no maximum size is enforced.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-item-size
[max_item_size: <int> | default = 1048576]
# Use memcached auto-discovery mechanism provided by some cloud provider
# like GCP and AWS
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.auto-discovery
[auto_discovery: <boolean> | default = false]
set_async_circuit_breaker_config:
# If true, enable circuit breaker.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.enabled
[enabled: <boolean> | default = false]
# Maximum number of requests allowed to pass through when the circuit
# breaker is half-open. If set to 0, by default it allows 1 request.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.half-open-max-requests
[half_open_max_requests: <int> | default = 10]
# Period of the open state after which the state of the circuit breaker
# becomes half-open. If set to 0, by default open duration is 60
# seconds.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.open-duration
[open_duration: <duration> | default = 5s]
# Minimal requests to trigger the circuit breaker.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.min-requests
[min_requests: <int> | default = 50]
# Consecutive failures to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.consecutive-failures
[consecutive_failures: <int> | default = 5]
# Failure percentage to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.failure-percent
[failure_percent: <float> | default = 0.05]
# Selectively cache index item types. Supported values are Postings,
# ExpandedPostings and Series
# CLI flag: -blocks-storage.bucket-store.index-cache.memcached.enabled-items
[enabled_items: <list of string> | default = []]
redis:
# Comma separated list of redis addresses. Supported prefixes are: dns+
# (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query,
# dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after
# that).
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.addresses
[addresses: <string> | default = ""]
# Redis username.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.username
[username: <string> | default = ""]
# Redis password.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.password
[password: <string> | default = ""]
# Database to be selected after connecting to the server.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.db
[db: <int> | default = 0]
# Specifies the master's name. Must be not empty for Redis Sentinel.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.master-name
[master_name: <string> | default = ""]
# The maximum number of concurrent GetMulti() operations. If set to 0,
# concurrency is unlimited.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum size per batch for mget.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.get-multi-batch-size
[get_multi_batch_size: <int> | default = 100]
# The maximum number of concurrent SetMulti() operations. If set to 0,
# concurrency is unlimited.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.max-set-multi-concurrency
[max_set_multi_concurrency: <int> | default = 100]
# The maximum size per batch for pipeline set.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.set-multi-batch-size
[set_multi_batch_size: <int> | default = 100]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.max-async-concurrency
[max_async_concurrency: <int> | default = 3]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.max-async-buffer-size
[max_async_buffer_size: <int> | default = 10000]
# Client dial timeout.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Client read timeout.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.read-timeout
[read_timeout: <duration> | default = 3s]
# Client write timeout.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.write-timeout
[write_timeout: <duration> | default = 3s]
# Whether to enable tls for redis connection.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for
# authenticating with the server. Also requires the key path to be
# configured.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis..tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis..tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis..tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis..tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis..tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# If not zero then client-side caching is enabled. Client-side caching is
# when data is stored in memory instead of fetching data each time. See
# https://redis.io/docs/manual/client-side-caching/ for more info.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.cache-size
[cache_size: <int> | default = 0]
set_async_circuit_breaker_config:
# If true, enable circuit breaker.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.enabled
[enabled: <boolean> | default = false]
# Maximum number of requests allowed to pass through when the circuit
# breaker is half-open. If set to 0, by default it allows 1 request.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.half-open-max-requests
[half_open_max_requests: <int> | default = 10]
# Period of the open state after which the state of the circuit breaker
# becomes half-open. If set to 0, by default open duration is 60
# seconds.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.open-duration
[open_duration: <duration> | default = 5s]
# Minimal requests to trigger the circuit breaker.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.min-requests
[min_requests: <int> | default = 50]
# Consecutive failures to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.consecutive-failures
[consecutive_failures: <int> | default = 5]
# Failure percentage to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.failure-percent
[failure_percent: <float> | default = 0.05]
# Selectively cache index item types. Supported values are Postings,
# ExpandedPostings and Series
# CLI flag: -blocks-storage.bucket-store.index-cache.redis.enabled-items
[enabled_items: <list of string> | default = []]
multilevel:
# The maximum number of concurrent asynchronous operations can occur when
# backfilling cache items.
# CLI flag: -blocks-storage.bucket-store.index-cache.multilevel.max-async-concurrency
[max_async_concurrency: <int> | default = 3]
# The maximum number of enqueued asynchronous operations allowed when
# backfilling cache items.
# CLI flag: -blocks-storage.bucket-store.index-cache.multilevel.max-async-buffer-size
[max_async_buffer_size: <int> | default = 10000]
# The maximum number of items to backfill per asynchronous operation.
# CLI flag: -blocks-storage.bucket-store.index-cache.multilevel.max-backfill-items
[max_backfill_items: <int> | default = 10000]
chunks_cache:
# The chunks cache backend type. Single or Multiple cache backend can be
# provided. Supported values in single cache: memcached, redis, inmemory,
# and '' (disable). Supported values in multi level cache: a comma-separated
# list of (inmemory, memcached, redis)
# CLI flag: -blocks-storage.bucket-store.chunks-cache.backend
[backend: <string> | default = ""]
inmemory:
# Maximum size in bytes of in-memory chunk cache used to speed up chunk
# lookups (shared between all tenants).
# CLI flag: -blocks-storage.bucket-store.chunks-cache.inmemory.max-size-bytes
[max_size_bytes: <int> | default = 1073741824]
memcached:
# Comma separated list of memcached addresses. Supported prefixes are:
# dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query,
# dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after
# that).
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.addresses
[addresses: <string> | default = ""]
# The socket read/write timeout.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.timeout
[timeout: <duration> | default = 100ms]
# The maximum number of idle connections that will be maintained per
# address.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-idle-connections
[max_idle_connections: <int> | default = 16]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-async-concurrency
[max_async_concurrency: <int> | default = 3]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-async-buffer-size
[max_async_buffer_size: <int> | default = 10000]
# The maximum number of concurrent connections running get operations. If
# set to 0, concurrency is unlimited.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum number of keys a single underlying get operation should run.
# If more keys are specified, internally keys are split into multiple
# batches and fetched concurrently, honoring the max concurrency. If set
# to 0, the max batch size is unlimited.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-get-multi-batch-size
[max_get_multi_batch_size: <int> | default = 0]
# The maximum size of an item stored in memcached. Bigger items are not
# stored. If set to 0, no maximum size is enforced.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-item-size
[max_item_size: <int> | default = 1048576]
# Use memcached auto-discovery mechanism provided by some cloud provider
# like GCP and AWS
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.auto-discovery
[auto_discovery: <boolean> | default = false]
set_async_circuit_breaker_config:
# If true, enable circuit breaker.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.enabled
[enabled: <boolean> | default = false]
# Maximum number of requests allowed to pass through when the circuit
# breaker is half-open. If set to 0, by default it allows 1 request.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.half-open-max-requests
[half_open_max_requests: <int> | default = 10]
# Period of the open state after which the state of the circuit breaker
# becomes half-open. If set to 0, by default open duration is 60
# seconds.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.open-duration
[open_duration: <duration> | default = 5s]
# Minimal requests to trigger the circuit breaker.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.min-requests
[min_requests: <int> | default = 50]
# Consecutive failures to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.consecutive-failures
[consecutive_failures: <int> | default = 5]
# Failure percentage to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.failure-percent
[failure_percent: <float> | default = 0.05]
redis:
# Comma separated list of redis addresses. Supported prefixes are: dns+
# (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query,
# dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after
# that).
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.addresses
[addresses: <string> | default = ""]
# Redis username.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.username
[username: <string> | default = ""]
# Redis password.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.password
[password: <string> | default = ""]
# Database to be selected after connecting to the server.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.db
[db: <int> | default = 0]
# Specifies the master's name. Must be not empty for Redis Sentinel.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.master-name
[master_name: <string> | default = ""]
# The maximum number of concurrent GetMulti() operations. If set to 0,
# concurrency is unlimited.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum size per batch for mget.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.get-multi-batch-size
[get_multi_batch_size: <int> | default = 100]
# The maximum number of concurrent SetMulti() operations. If set to 0,
# concurrency is unlimited.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.max-set-multi-concurrency
[max_set_multi_concurrency: <int> | default = 100]
# The maximum size per batch for pipeline set.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.set-multi-batch-size
[set_multi_batch_size: <int> | default = 100]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.max-async-concurrency
[max_async_concurrency: <int> | default = 3]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.max-async-buffer-size
[max_async_buffer_size: <int> | default = 10000]
# Client dial timeout.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Client read timeout.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.read-timeout
[read_timeout: <duration> | default = 3s]
# Client write timeout.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.write-timeout
[write_timeout: <duration> | default = 3s]
# Whether to enable tls for redis connection.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for
# authenticating with the server. Also requires the key path to be
# configured.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis..tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis..tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis..tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis..tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis..tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# If not zero then client-side caching is enabled. Client-side caching is
# when data is stored in memory instead of fetching data each time. See
# https://redis.io/docs/manual/client-side-caching/ for more info.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.cache-size
[cache_size: <int> | default = 0]
set_async_circuit_breaker_config:
# If true, enable circuit breaker.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.enabled
[enabled: <boolean> | default = false]
# Maximum number of requests allowed to pass through when the circuit
# breaker is half-open. If set to 0, by default it allows 1 request.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.half-open-max-requests
[half_open_max_requests: <int> | default = 10]
# Period of the open state after which the state of the circuit breaker
# becomes half-open. If set to 0, by default open duration is 60
# seconds.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.open-duration
[open_duration: <duration> | default = 5s]
# Minimal requests to trigger the circuit breaker.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.min-requests
[min_requests: <int> | default = 50]
# Consecutive failures to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.consecutive-failures
[consecutive_failures: <int> | default = 5]
# Failure percentage to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.failure-percent
[failure_percent: <float> | default = 0.05]
multilevel:
# The maximum number of concurrent asynchronous operations can occur when
# backfilling cache items.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.multilevel.max-async-concurrency
[max_async_concurrency: <int> | default = 3]
# The maximum number of enqueued asynchronous operations allowed when
# backfilling cache items.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.multilevel.max-async-buffer-size
[max_async_buffer_size: <int> | default = 10000]
# The maximum number of items to backfill per asynchronous operation.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.multilevel.max-backfill-items
[max_backfill_items: <int> | default = 10000]
# Size of each subrange that bucket object is split into for better caching.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.subrange-size
[subrange_size: <int> | default = 16000]
# Maximum number of sub-GetRange requests that a single GetRange request can
# be split into when fetching chunks. Zero or negative value = unlimited
# number of sub-requests.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.max-get-range-requests
[max_get_range_requests: <int> | default = 3]
# TTL for caching object attributes for chunks.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.attributes-ttl
[attributes_ttl: <duration> | default = 168h]
# TTL for caching individual chunks subranges.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.subrange-ttl
[subrange_ttl: <duration> | default = 24h]
metadata_cache:
# Backend for metadata cache, if not empty. Supported values: memcached,
# redis, and '' (disable).
# CLI flag: -blocks-storage.bucket-store.metadata-cache.backend
[backend: <string> | default = ""]
memcached:
# Comma separated list of memcached addresses. Supported prefixes are:
# dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query,
# dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after
# that).
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.addresses
[addresses: <string> | default = ""]
# The socket read/write timeout.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.timeout
[timeout: <duration> | default = 100ms]
# The maximum number of idle connections that will be maintained per
# address.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-idle-connections
[max_idle_connections: <int> | default = 16]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-async-concurrency
[max_async_concurrency: <int> | default = 3]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-async-buffer-size
[max_async_buffer_size: <int> | default = 10000]
# The maximum number of concurrent connections running get operations. If
# set to 0, concurrency is unlimited.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum number of keys a single underlying get operation should run.
# If more keys are specified, internally keys are split into multiple
# batches and fetched concurrently, honoring the max concurrency. If set
# to 0, the max batch size is unlimited.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-get-multi-batch-size
[max_get_multi_batch_size: <int> | default = 0]
# The maximum size of an item stored in memcached. Bigger items are not
# stored. If set to 0, no maximum size is enforced.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-item-size
[max_item_size: <int> | default = 1048576]
# Use memcached auto-discovery mechanism provided by some cloud provider
# like GCP and AWS
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.auto-discovery
[auto_discovery: <boolean> | default = false]
set_async_circuit_breaker_config:
# If true, enable circuit breaker.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.enabled
[enabled: <boolean> | default = false]
# Maximum number of requests allowed to pass through when the circuit
# breaker is half-open. If set to 0, by default it allows 1 request.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.half-open-max-requests
[half_open_max_requests: <int> | default = 10]
# Period of the open state after which the state of the circuit breaker
# becomes half-open. If set to 0, by default open duration is 60
# seconds.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.open-duration
[open_duration: <duration> | default = 5s]
# Minimal requests to trigger the circuit breaker.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.min-requests
[min_requests: <int> | default = 50]
# Consecutive failures to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.consecutive-failures
[consecutive_failures: <int> | default = 5]
# Failure percentage to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.failure-percent
[failure_percent: <float> | default = 0.05]
redis:
# Comma separated list of redis addresses. Supported prefixes are: dns+
# (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query,
# dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after
# that).
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.addresses
[addresses: <string> | default = ""]
# Redis username.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.username
[username: <string> | default = ""]
# Redis password.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.password
[password: <string> | default = ""]
# Database to be selected after connecting to the server.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.db
[db: <int> | default = 0]
# Specifies the master's name. Must be not empty for Redis Sentinel.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.master-name
[master_name: <string> | default = ""]
# The maximum number of concurrent GetMulti() operations. If set to 0,
# concurrency is unlimited.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum size per batch for mget.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.get-multi-batch-size
[get_multi_batch_size: <int> | default = 100]
# The maximum number of concurrent SetMulti() operations. If set to 0,
# concurrency is unlimited.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.max-set-multi-concurrency
[max_set_multi_concurrency: <int> | default = 100]
# The maximum size per batch for pipeline set.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.set-multi-batch-size
[set_multi_batch_size: <int> | default = 100]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.max-async-concurrency
[max_async_concurrency: <int> | default = 3]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.max-async-buffer-size
[max_async_buffer_size: <int> | default = 10000]
# Client dial timeout.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Client read timeout.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.read-timeout
[read_timeout: <duration> | default = 3s]
# Client write timeout.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.write-timeout
[write_timeout: <duration> | default = 3s]
# Whether to enable tls for redis connection.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for
# authenticating with the server. Also requires the key path to be
# configured.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis..tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis..tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis..tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis..tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis..tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# If not zero then client-side caching is enabled. Client-side caching is
# when data is stored in memory instead of fetching data each time. See
# https://redis.io/docs/manual/client-side-caching/ for more info.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.cache-size
[cache_size: <int> | default = 0]
set_async_circuit_breaker_config:
# If true, enable circuit breaker.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.enabled
[enabled: <boolean> | default = false]
# Maximum number of requests allowed to pass through when the circuit
# breaker is half-open. If set to 0, by default it allows 1 request.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.half-open-max-requests
[half_open_max_requests: <int> | default = 10]
# Period of the open state after which the state of the circuit breaker
# becomes half-open. If set to 0, by default open duration is 60
# seconds.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.open-duration
[open_duration: <duration> | default = 5s]
# Minimal requests to trigger the circuit breaker.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.min-requests
[min_requests: <int> | default = 50]
# Consecutive failures to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.consecutive-failures
[consecutive_failures: <int> | default = 5]
# Failure percentage to determine if the circuit breaker should open.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.failure-percent
[failure_percent: <float> | default = 0.05]
# How long to cache list of tenants in the bucket.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.tenants-list-ttl
[tenants_list_ttl: <duration> | default = 15m]
# How long to cache list of blocks for each tenant.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.tenant-blocks-list-ttl
[tenant_blocks_list_ttl: <duration> | default = 5m]
# How long to cache list of chunks for a block.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.chunks-list-ttl
[chunks_list_ttl: <duration> | default = 24h]
# How long to cache information that block metafile exists. Also used for
# user deletion mark file.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-exists-ttl
[metafile_exists_ttl: <duration> | default = 2h]
# How long to cache information that block metafile doesn't exist. Also used
# for user deletion mark file.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-doesnt-exist-ttl
[metafile_doesnt_exist_ttl: <duration> | default = 5m]
# How long to cache content of the metafile.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-content-ttl
[metafile_content_ttl: <duration> | default = 24h]
# Maximum size of metafile content to cache in bytes. Caching will be
# skipped if the content exceeds this size. This is useful to avoid network
# round trip for large content if the configured caching backend has an hard
# limit on cached items size (in this case, you should set this limit to the
# same limit in the caching backend).
# CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-max-size-bytes
[metafile_max_size_bytes: <int> | default = 1048576]
# How long to cache attributes of the block metafile.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-attributes-ttl
[metafile_attributes_ttl: <duration> | default = 168h]
# How long to cache attributes of the block index.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.block-index-attributes-ttl
[block_index_attributes_ttl: <duration> | default = 168h]
# How long to cache content of the bucket index.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.bucket-index-content-ttl
[bucket_index_content_ttl: <duration> | default = 5m]
# Maximum size of bucket index content to cache in bytes. Caching will be
# skipped if the content exceeds this size. This is useful to avoid network
# round trip for large content if the configured caching backend has an hard
# limit on cached items size (in this case, you should set this limit to the
# same limit in the caching backend).
# CLI flag: -blocks-storage.bucket-store.metadata-cache.bucket-index-max-size-bytes
[bucket_index_max_size_bytes: <int> | default = 1048576]
# Duration after which the blocks marked for deletion will be filtered out
# while fetching blocks. The idea of ignore-deletion-marks-delay is to ignore
# blocks that are marked for deletion with some delay. This ensures store can
# still serve blocks that are meant to be deleted but do not have a
# replacement yet. Default is 6h, half of the default value for
# -compactor.deletion-delay.
# CLI flag: -blocks-storage.bucket-store.ignore-deletion-marks-delay
[ignore_deletion_mark_delay: <duration> | default = 6h]
# The blocks created since `now() - ignore_blocks_within` will not be synced.
# This should be used together with `-querier.query-store-after` to filter out
# the blocks that are too new to be queried. A reasonable value for this flag
# would be `-querier.query-store-after -
# blocks-storage.bucket-store.bucket-index.max-stale-period` to give some
# buffer. 0 to disable.
# CLI flag: -blocks-storage.bucket-store.ignore-blocks-within
[ignore_blocks_within: <duration> | default = 0s]
bucket_index:
# True to enable querier and store-gateway to discover blocks in the storage
# via bucket index instead of bucket scanning.
# CLI flag: -blocks-storage.bucket-store.bucket-index.enabled
[enabled: <boolean> | default = false]
# How frequently a bucket index, which previously failed to load, should be
# tried to load again. This option is used only by querier.
# CLI flag: -blocks-storage.bucket-store.bucket-index.update-on-error-interval
[update_on_error_interval: <duration> | default = 1m]
# How long a unused bucket index should be cached. Once this timeout
# expires, the unused bucket index is removed from the in-memory cache. This
# option is used only by querier.
# CLI flag: -blocks-storage.bucket-store.bucket-index.idle-timeout
[idle_timeout: <duration> | default = 1h]
# The maximum allowed age of a bucket index (last updated) before queries
# start failing because the bucket index is too old. The bucket index is
# periodically updated by the compactor, while this check is enforced in the
# querier (at query time).
# CLI flag: -blocks-storage.bucket-store.bucket-index.max-stale-period
[max_stale_period: <duration> | default = 1h]
# One of concurrent, recursive, bucket_index. When set to concurrent, stores
# will concurrently issue one call per directory to discover active blocks in
# the bucket. The recursive strategy iterates through all objects in the
# bucket, recursively traversing into each directory. This avoids N+1 calls at
# the expense of having slower bucket iterations. bucket_index strategy can be
# used in Compactor only and utilizes the existing bucket index to fetch block
# IDs to sync. This avoids iterating the bucket but can be impacted by delays
# of cleaner creating bucket index.
# CLI flag: -blocks-storage.bucket-store.block-discovery-strategy
[block_discovery_strategy: <string> | default = "concurrent"]
# Max size - in bytes - of a chunks pool, used to reduce memory allocations.
# The pool is shared across all tenants. 0 to disable the limit.
# CLI flag: -blocks-storage.bucket-store.max-chunk-pool-bytes
[max_chunk_pool_bytes: <int> | default = 2147483648]
# If enabled, store-gateway will lazily memory-map an index-header only once
# required by a query.
# CLI flag: -blocks-storage.bucket-store.index-header-lazy-loading-enabled
[index_header_lazy_loading_enabled: <boolean> | default = false]
# If index-header lazy loading is enabled and this setting is > 0, the
# store-gateway will release memory-mapped index-headers after 'idle timeout'
# inactivity.
# CLI flag: -blocks-storage.bucket-store.index-header-lazy-loading-idle-timeout
[index_header_lazy_loading_idle_timeout: <duration> | default = 20m]
# If true, Store Gateway will estimate postings size and try to lazily expand
# postings if it downloads less data than expanding all postings.
# CLI flag: -blocks-storage.bucket-store.lazy-expanded-postings-enabled
[lazy_expanded_postings_enabled: <boolean> | default = false]
# Mark posting group as lazy if it fetches more keys than R * max series the
# query should fetch. With R set to 100, a posting group which fetches 100K
# keys will be marked as lazy if the current query only fetches 1000 series.
# This config is only valid if lazy expanded posting is enabled. 0 disables
# the limit.
# CLI flag: -blocks-storage.bucket-store.lazy-expanded-posting-group-max-key-series-ratio
[lazy_expanded_posting_group_max_key_series_ratio: <float> | default = 100]
# Controls how many series to fetch per batch in Store Gateway. Default value
# is 10000.
# CLI flag: -blocks-storage.bucket-store.series-batch-size
[series_batch_size: <int> | default = 10000]
token_bucket_bytes_limiter:
# Token bucket bytes limiter mode. Supported values are: disabled, dryrun,
# enabled
# CLI flag: -blocks-storage.bucket-store.token-bucket-bytes-limiter.mode
[mode: <string> | default = "disabled"]
# Instance token bucket size
# CLI flag: -blocks-storage.bucket-store.token-bucket-bytes-limiter.instance-token-bucket-size
[instance_token_bucket_size: <int> | default = 859832320]
# User token bucket size
# CLI flag: -blocks-storage.bucket-store.token-bucket-bytes-limiter.user-token-bucket-size
[user_token_bucket_size: <int> | default = 644874240]
# Request token bucket size
# CLI flag: -blocks-storage.bucket-store.token-bucket-bytes-limiter.request-token-bucket-size
[request_token_bucket_size: <int> | default = 4194304]
tsdb:
# Local directory to store TSDBs in the ingesters.
# CLI flag: -blocks-storage.tsdb.dir
[dir: <string> | default = "tsdb"]
# TSDB blocks range period.
# CLI flag: -blocks-storage.tsdb.block-ranges-period
[block_ranges_period: <list of duration> | default = 2h0m0s]
# TSDB blocks retention in the ingester before a block is removed. This should
# be larger than the block_ranges_period and large enough to give
# store-gateways and queriers enough time to discover newly uploaded blocks.
# CLI flag: -blocks-storage.tsdb.retention-period
[retention_period: <duration> | default = 6h]
# How frequently the TSDB blocks are scanned and new ones are shipped to the
# storage. 0 means shipping is disabled.
# CLI flag: -blocks-storage.tsdb.ship-interval
[ship_interval: <duration> | default = 1m]
# Maximum number of tenants concurrently shipping blocks to the storage.
# CLI flag: -blocks-storage.tsdb.ship-concurrency
[ship_concurrency: <int> | default = 10]
# How frequently does Cortex try to compact TSDB head. Block is only created
# if data covers smallest block range. Must be greater than 0 and max 30
# minutes. Note that up to 50% jitter is added to the value for the first
# compaction to avoid ingesters compacting concurrently.
# CLI flag: -blocks-storage.tsdb.head-compaction-interval
[head_compaction_interval: <duration> | default = 1m]
# Maximum number of tenants concurrently compacting TSDB head into a new block
# CLI flag: -blocks-storage.tsdb.head-compaction-concurrency
[head_compaction_concurrency: <int> | default = 5]
# If TSDB head is idle for this duration, it is compacted. Note that up to 25%
# jitter is added to the value to avoid ingesters compacting concurrently. 0
# means disabled.
# CLI flag: -blocks-storage.tsdb.head-compaction-idle-timeout
[head_compaction_idle_timeout: <duration> | default = 1h]
# The write buffer size used by the head chunks mapper. Lower values reduce
# memory utilisation on clusters with a large number of tenants at the cost of
# increased disk I/O operations.
# CLI flag: -blocks-storage.tsdb.head-chunks-write-buffer-size-bytes
[head_chunks_write_buffer_size_bytes: <int> | default = 4194304]
# The number of shards of series to use in TSDB (must be a power of 2).
# Reducing this will decrease memory footprint, but can negatively impact
# performance.
# CLI flag: -blocks-storage.tsdb.stripe-size
[stripe_size: <int> | default = 16384]
# Deprecated (use blocks-storage.tsdb.wal-compression-type instead): True to
# enable TSDB WAL compression.
# CLI flag: -blocks-storage.tsdb.wal-compression-enabled
[wal_compression_enabled: <boolean> | default = false]
# TSDB WAL type. Supported values are: 'snappy', 'zstd' and '' (disable
# compression)
# CLI flag: -blocks-storage.tsdb.wal-compression-type
[wal_compression_type: <string> | default = ""]
# TSDB WAL segments files max size (bytes).
# CLI flag: -blocks-storage.tsdb.wal-segment-size-bytes
[wal_segment_size_bytes: <int> | default = 134217728]
# True to flush blocks to storage on shutdown. If false, incomplete blocks
# will be reused after restart.
# CLI flag: -blocks-storage.tsdb.flush-blocks-on-shutdown
[flush_blocks_on_shutdown: <boolean> | default = false]
# If TSDB has not received any data for this duration, and all blocks from
# TSDB have been shipped, TSDB is closed and deleted from local disk. If set
# to positive value, this value should be equal or higher than
# -querier.query-ingesters-within flag to make sure that TSDB is not closed
# prematurely, which could cause partial query results. 0 or negative value
# disables closing of idle TSDB.
# CLI flag: -blocks-storage.tsdb.close-idle-tsdb-timeout
[close_idle_tsdb_timeout: <duration> | default = 0s]
# The size of the in-memory queue used before flushing chunks to the disk.
# CLI flag: -blocks-storage.tsdb.head-chunks-write-queue-size
[head_chunks_write_queue_size: <int> | default = 0]
# limit the number of concurrently opening TSDB's on startup
# CLI flag: -blocks-storage.tsdb.max-tsdb-opening-concurrency-on-startup
[max_tsdb_opening_concurrency_on_startup: <int> | default = 10]
# Deprecated, use maxExemplars in limits instead. If the MaxExemplars value in
# limits is set to zero, cortex will fallback on this value. This setting
# enables support for exemplars in TSDB and sets the maximum number that will
# be stored. 0 or less means disabled.
# CLI flag: -blocks-storage.tsdb.max-exemplars
[max_exemplars: <int> | default = 0]
# True to enable snapshotting of in-memory TSDB data on disk when shutting
# down.
# CLI flag: -blocks-storage.tsdb.memory-snapshot-on-shutdown
[memory_snapshot_on_shutdown: <boolean> | default = false]
# [EXPERIMENTAL] Configures the maximum number of samples per chunk that can
# be out-of-order.
# CLI flag: -blocks-storage.tsdb.out-of-order-cap-max
[out_of_order_cap_max: <int> | default = 32]
# [EXPERIMENTAL] True to enable native histogram.
# CLI flag: -blocks-storage.tsdb.enable-native-histograms
[enable_native_histograms: <boolean> | default = false]
# [EXPERIMENTAL] If enabled, ingesters will cache expanded postings when
# querying blocks. Caching can be configured separately for the head and
# compacted blocks.
expanded_postings_cache:
# If enabled, ingesters will cache expanded postings for the head block.
# Only queries with with an equal matcher for metric __name__ are cached.
head:
# Whether the postings cache is enabled or not
# CLI flag: -blocks-storage.expanded_postings_cache.head.enabled
[enabled: <boolean> | default = false]
# Max bytes for postings cache
# CLI flag: -blocks-storage.expanded_postings_cache.head.max-bytes
[max_bytes: <int> | default = 10485760]
# TTL for postings cache
# CLI flag: -blocks-storage.expanded_postings_cache.head.ttl
[ttl: <duration> | default = 10m]
# If enabled, ingesters will cache expanded postings for the compacted
# blocks. The cache is shared between all blocks.
blocks:
# Whether the postings cache is enabled or not
# CLI flag: -blocks-storage.expanded_postings_cache.block.enabled
[enabled: <boolean> | default = false]
# Max bytes for postings cache
# CLI flag: -blocks-storage.expanded_postings_cache.block.max-bytes
[max_bytes: <int> | default = 10485760]
# TTL for postings cache
# CLI flag: -blocks-storage.expanded_postings_cache.block.ttl
[ttl: <duration> | default = 10m]
The compactor_config
configures the compactor for the blocks storage.
# List of compaction time ranges.
# CLI flag: -compactor.block-ranges
[block_ranges: <list of duration> | default = 2h0m0s,12h0m0s,24h0m0s]
# Number of Go routines to use when syncing block index and chunks files from
# the long term storage.
# CLI flag: -compactor.block-sync-concurrency
[block_sync_concurrency: <int> | default = 20]
# Number of Go routines to use when syncing block meta files from the long term
# storage.
# CLI flag: -compactor.meta-sync-concurrency
[meta_sync_concurrency: <int> | default = 20]
# Minimum age of fresh (non-compacted) blocks before they are being processed.
# Malformed blocks older than the maximum of consistency-delay and 48h0m0s will
# be removed.
# CLI flag: -compactor.consistency-delay
[consistency_delay: <duration> | default = 0s]
# Data directory in which to cache blocks and process compactions
# CLI flag: -compactor.data-dir
[data_dir: <string> | default = "./data"]
# The frequency at which the compaction runs
# CLI flag: -compactor.compaction-interval
[compaction_interval: <duration> | default = 1h]
# How many times to retry a failed compaction within a single compaction run.
# CLI flag: -compactor.compaction-retries
[compaction_retries: <int> | default = 3]
# Max number of concurrent compactions running.
# CLI flag: -compactor.compaction-concurrency
[compaction_concurrency: <int> | default = 1]
# How frequently compactor should run blocks cleanup and maintenance, as well as
# update the bucket index.
# CLI flag: -compactor.cleanup-interval
[cleanup_interval: <duration> | default = 15m]
# Max number of tenants for which blocks cleanup and maintenance should run
# concurrently.
# CLI flag: -compactor.cleanup-concurrency
[cleanup_concurrency: <int> | default = 20]
# Time before a block marked for deletion is deleted from bucket. If not 0,
# blocks will be marked for deletion and compactor component will permanently
# delete blocks marked for deletion from the bucket. If 0, blocks will be
# deleted straight away. Note that deleting blocks immediately can cause query
# failures.
# CLI flag: -compactor.deletion-delay
[deletion_delay: <duration> | default = 12h]
# For tenants marked for deletion, this is time between deleting of last block,
# and doing final cleanup (marker files, debug files) of the tenant.
# CLI flag: -compactor.tenant-cleanup-delay
[tenant_cleanup_delay: <duration> | default = 6h]
# When enabled, mark blocks containing index with out-of-order chunks for no
# compact instead of halting the compaction.
# CLI flag: -compactor.skip-blocks-with-out-of-order-chunks-enabled
[skip_blocks_with_out_of_order_chunks_enabled: <boolean> | default = false]
# Number of goroutines to use when fetching/uploading block files from object
# storage.
# CLI flag: -compactor.block-files-concurrency
[block_files_concurrency: <int> | default = 10]
# Number of goroutines to use when fetching blocks from object storage when
# compacting.
# CLI flag: -compactor.blocks-fetch-concurrency
[blocks_fetch_concurrency: <int> | default = 3]
# When enabled, at compactor startup the bucket will be scanned and all found
# deletion marks inside the block location will be copied to the markers global
# location too. This option can (and should) be safely disabled as soon as the
# compactor has successfully run at least once.
# CLI flag: -compactor.block-deletion-marks-migration-enabled
[block_deletion_marks_migration_enabled: <boolean> | default = false]
# Comma separated list of tenants that can be compacted. If specified, only
# these tenants will be compacted by compactor, otherwise all tenants can be
# compacted. Subject to sharding.
# CLI flag: -compactor.enabled-tenants
[enabled_tenants: <string> | default = ""]
# Comma separated list of tenants that cannot be compacted by this compactor. If
# specified, and compactor would normally pick given tenant for compaction (via
# -compactor.enabled-tenants or sharding), it will be ignored instead.
# CLI flag: -compactor.disabled-tenants
[disabled_tenants: <string> | default = ""]
# Shard tenants across multiple compactor instances. Sharding is required if you
# run multiple compactor instances, in order to coordinate compactions and avoid
# race conditions leading to the same tenant blocks simultaneously compacted by
# different instances.
# CLI flag: -compactor.sharding-enabled
[sharding_enabled: <boolean> | default = false]
# The sharding strategy to use. Supported values are: default, shuffle-sharding.
# CLI flag: -compactor.sharding-strategy
[sharding_strategy: <string> | default = "default"]
sharding_ring:
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -compactor.ring.store
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -compactor.ring.prefix
[prefix: <string> | default = "collectors/"]
dynamodb:
# Region to access dynamodb.
# CLI flag: -compactor.ring.dynamodb.region
[region: <string> | default = ""]
# Table name to use on dynamodb.
# CLI flag: -compactor.ring.dynamodb.table-name
[table_name: <string> | default = ""]
# Time to expire items on dynamodb.
# CLI flag: -compactor.ring.dynamodb.ttl-time
[ttl: <duration> | default = 0s]
# Time to refresh local ring with information on dynamodb.
# CLI flag: -compactor.ring.dynamodb.puller-sync-time
[puller_sync_time: <duration> | default = 1m]
# Maximum number of retries for DDB KV CAS.
# CLI flag: -compactor.ring.dynamodb.max-cas-retries
[max_cas_retries: <int> | default = 10]
# The consul_config configures the consul client.
# The CLI flags prefix for this block config is: compactor.ring
[consul: <consul_config>]
# The etcd_config configures the etcd client.
# The CLI flags prefix for this block config is: compactor.ring
[etcd: <etcd_config>]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -compactor.ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -compactor.ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -compactor.ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -compactor.ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -compactor.ring.heartbeat-period
[heartbeat_period: <duration> | default = 5s]
# The heartbeat timeout after which compactors are considered unhealthy within
# the ring. 0 = never (timeout disabled).
# CLI flag: -compactor.ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# Minimum time to wait for ring stability at startup. 0 to disable.
# CLI flag: -compactor.ring.wait-stability-min-duration
[wait_stability_min_duration: <duration> | default = 1m]
# Maximum time to wait for ring stability at startup. If the compactor ring
# keeps changing after this period of time, the compactor will start anyway.
# CLI flag: -compactor.ring.wait-stability-max-duration
[wait_stability_max_duration: <duration> | default = 5m]
# Name of network interface to read address from.
# CLI flag: -compactor.ring.instance-interface-names
[instance_interface_names: <list of string> | default = [eth0 en0]]
# File path where tokens are stored. If empty, tokens are not stored at
# shutdown and restored at startup.
# CLI flag: -compactor.ring.tokens-file-path
[tokens_file_path: <string> | default = ""]
# Unregister the compactor during shutdown if true.
# CLI flag: -compactor.ring.unregister-on-shutdown
[unregister_on_shutdown: <boolean> | default = true]
# Timeout for waiting on compactor to become ACTIVE in the ring.
# CLI flag: -compactor.ring.wait-active-instance-timeout
[wait_active_instance_timeout: <duration> | default = 10m]
# The compaction strategy to use. Supported values are: default, partitioning.
# CLI flag: -compactor.compaction-mode
[compaction_mode: <string> | default = "default"]
# How long block visit marker file should be considered as expired and able to
# be picked up by compactor again.
# CLI flag: -compactor.block-visit-marker-timeout
[block_visit_marker_timeout: <duration> | default = 5m]
# How frequently block visit marker file should be updated duration compaction.
# CLI flag: -compactor.block-visit-marker-file-update-interval
[block_visit_marker_file_update_interval: <duration> | default = 1m]
# How long cleaner visit marker file should be considered as expired and able to
# be picked up by cleaner again. The value should be smaller than
# -compactor.cleanup-interval
# CLI flag: -compactor.cleaner-visit-marker-timeout
[cleaner_visit_marker_timeout: <duration> | default = 10m]
# How frequently cleaner visit marker file should be updated when cleaning user.
# CLI flag: -compactor.cleaner-visit-marker-file-update-interval
[cleaner_visit_marker_file_update_interval: <duration> | default = 5m]
# When enabled, index verification will ignore out of order label names.
# CLI flag: -compactor.accept-malformed-index
[accept_malformed_index: <boolean> | default = false]
# When enabled, caching bucket will be used for compactor, except cleaner
# service, which serves as the source of truth for block status
# CLI flag: -compactor.caching-bucket-enabled
[caching_bucket_enabled: <boolean> | default = false]
The configs_config
configures the Cortex Configs DB and API.
database:
# URI where the database can be found (for dev you can use memory://)
# CLI flag: -configs.database.uri
[uri: <string> | default = "postgres://[email protected]/configs?sslmode=disable"]
# Path where the database migration files can be found
# CLI flag: -configs.database.migrations-dir
[migrations_dir: <string> | default = ""]
# File containing password (username goes in URI)
# CLI flag: -configs.database.password-file
[password_file: <string> | default = ""]
api:
notifications:
# Disable Email notifications for Alertmanager.
# CLI flag: -configs.notifications.disable-email
[disable_email: <boolean> | default = false]
# Disable WebHook notifications for Alertmanager.
# CLI flag: -configs.notifications.disable-webhook
[disable_webhook: <boolean> | default = false]
The configstore_config
configures the config database storing rules and alerts, and is used by the Cortex alertmanager. The supported CLI flags <prefix>
used to reference this config block are:
alertmanager-storage
ruler-storage
# URL of configs API server.
# CLI flag: -<prefix>.configs.url
[configs_api_url: <url> | default = ]
# Timeout for requests to Weave Cloud configs service.
# CLI flag: -<prefix>.configs.client-timeout
[client_timeout: <duration> | default = 5s]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.configs.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -<prefix>.configs.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.configs.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -<prefix>.configs.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -<prefix>.configs.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
The consul_config
configures the consul client. The supported CLI flags <prefix>
used to reference this config block are:
- no prefix
alertmanager.sharding-ring
compactor.ring
distributor.ha-tracker
distributor.ring
ruler.ring
store-gateway.sharding-ring
# Hostname and port of Consul.
# CLI flag: -<prefix>.consul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -<prefix>.consul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul.
# CLI flag: -<prefix>.consul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -<prefix>.consul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per second. 0
# disables the rate limit.
# CLI flag: -<prefix>.consul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -<prefix>.consul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Enable TLS.
# CLI flag: -<prefix>.consul.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.consul.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -<prefix>.consul.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.consul.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -<prefix>.consul.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -<prefix>.consul.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
The distributor_config
configures the Cortex distributor.
pool:
# How frequently to clean up clients for ingesters that have gone away.
# CLI flag: -distributor.client-cleanup-period
[client_cleanup_period: <duration> | default = 15s]
# Run a health check on each ingester client during periodic cleanup.
# CLI flag: -distributor.health-check-ingesters
[health_check_ingesters: <boolean> | default = true]
ha_tracker:
# Enable the distributors HA tracker so that it can accept samples from
# Prometheus HA replicas gracefully (requires labels).
# CLI flag: -distributor.ha-tracker.enable
[enable_ha_tracker: <boolean> | default = false]
# Update the timestamp in the KV store for a given cluster/replica only after
# this amount of time has passed since the current stored timestamp.
# CLI flag: -distributor.ha-tracker.update-timeout
[ha_tracker_update_timeout: <duration> | default = 15s]
# Maximum jitter applied to the update timeout, in order to spread the HA
# heartbeats over time.
# CLI flag: -distributor.ha-tracker.update-timeout-jitter-max
[ha_tracker_update_timeout_jitter_max: <duration> | default = 5s]
# If we don't receive any samples from the accepted replica for a cluster in
# this amount of time we will failover to the next replica we receive a sample
# from. This value must be greater than the update timeout
# CLI flag: -distributor.ha-tracker.failover-timeout
[ha_tracker_failover_timeout: <duration> | default = 30s]
# Backend storage to use for the ring. Please be aware that memberlist is not
# supported by the HA tracker since gossip propagation is too slow for HA
# purposes.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -distributor.ha-tracker.store
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -distributor.ha-tracker.prefix
[prefix: <string> | default = "ha-tracker/"]
dynamodb:
# Region to access dynamodb.
# CLI flag: -distributor.ha-tracker.dynamodb.region
[region: <string> | default = ""]
# Table name to use on dynamodb.
# CLI flag: -distributor.ha-tracker.dynamodb.table-name
[table_name: <string> | default = ""]
# Time to expire items on dynamodb.
# CLI flag: -distributor.ha-tracker.dynamodb.ttl-time
[ttl: <duration> | default = 0s]
# Time to refresh local ring with information on dynamodb.
# CLI flag: -distributor.ha-tracker.dynamodb.puller-sync-time
[puller_sync_time: <duration> | default = 1m]
# Maximum number of retries for DDB KV CAS.
# CLI flag: -distributor.ha-tracker.dynamodb.max-cas-retries
[max_cas_retries: <int> | default = 10]
# The consul_config configures the consul client.
# The CLI flags prefix for this block config is: distributor.ha-tracker
[consul: <consul_config>]
# The etcd_config configures the etcd client.
# The CLI flags prefix for this block config is: distributor.ha-tracker
[etcd: <etcd_config>]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -distributor.ha-tracker.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -distributor.ha-tracker.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -distributor.ha-tracker.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -distributor.ha-tracker.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# remote_write API max receive message size (bytes).
# CLI flag: -distributor.max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]
# Maximum OTLP request size in bytes that the Distributor can accept.
# CLI flag: -distributor.otlp-max-recv-msg-size
[otlp_max_recv_msg_size: <int> | default = 104857600]
# Timeout for downstream ingesters.
# CLI flag: -distributor.remote-timeout
[remote_timeout: <duration> | default = 2s]
# Time to wait before sending more than the minimum successful query requests.
# CLI flag: -distributor.extra-query-delay
[extra_queue_delay: <duration> | default = 0s]
# The sharding strategy to use. Supported values are: default, shuffle-sharding.
# CLI flag: -distributor.sharding-strategy
[sharding_strategy: <string> | default = "default"]
# Distribute samples based on all labels, as opposed to solely by user and
# metric name.
# CLI flag: -distributor.shard-by-all-labels
[shard_by_all_labels: <boolean> | default = false]
# Try writing to an additional ingester in the presence of an ingester not in
# the ACTIVE state. It is useful to disable this along with
# -ingester.unregister-on-shutdown=false in order to not spread samples to extra
# ingesters during rolling restarts with consistent naming.
# CLI flag: -distributor.extend-writes
[extend_writes: <boolean> | default = true]
# EXPERIMENTAL: If enabled, sign the write request between distributors and
# ingesters.
# CLI flag: -distributor.sign-write-requests
[sign_write_requests: <boolean> | default = false]
ring:
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -distributor.ring.store
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -distributor.ring.prefix
[prefix: <string> | default = "collectors/"]
dynamodb:
# Region to access dynamodb.
# CLI flag: -distributor.ring.dynamodb.region
[region: <string> | default = ""]
# Table name to use on dynamodb.
# CLI flag: -distributor.ring.dynamodb.table-name
[table_name: <string> | default = ""]
# Time to expire items on dynamodb.
# CLI flag: -distributor.ring.dynamodb.ttl-time
[ttl: <duration> | default = 0s]
# Time to refresh local ring with information on dynamodb.
# CLI flag: -distributor.ring.dynamodb.puller-sync-time
[puller_sync_time: <duration> | default = 1m]
# Maximum number of retries for DDB KV CAS.
# CLI flag: -distributor.ring.dynamodb.max-cas-retries
[max_cas_retries: <int> | default = 10]
# The consul_config configures the consul client.
# The CLI flags prefix for this block config is: distributor.ring
[consul: <consul_config>]
# The etcd_config configures the etcd client.
# The CLI flags prefix for this block config is: distributor.ring
[etcd: <etcd_config>]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -distributor.ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -distributor.ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -distributor.ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -distributor.ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -distributor.ring.heartbeat-period
[heartbeat_period: <duration> | default = 5s]
# The heartbeat timeout after which distributors are considered unhealthy
# within the ring. 0 = never (timeout disabled).
# CLI flag: -distributor.ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# Name of network interface to read address from.
# CLI flag: -distributor.ring.instance-interface-names
[instance_interface_names: <list of string> | default = [eth0 en0]]
# EXPERIMENTAL: Number of go routines to handle push calls from distributors to
# ingesters. When no workers are available, a new goroutine will be spawned
# automatically. If set to 0 (default), workers are disabled, and a new
# goroutine will be created for each push request.
# CLI flag: -distributor.num-push-workers
[num_push_workers: <int> | default = 0]
instance_limits:
# Max ingestion rate (samples/sec) that this distributor will accept. This
# limit is per-distributor, not per-tenant. Additional push requests will be
# rejected. Current ingestion rate is computed as exponentially weighted
# moving average, updated every second. 0 = unlimited.
# CLI flag: -distributor.instance-limits.max-ingestion-rate
[max_ingestion_rate: <float> | default = 0]
# Max inflight push requests that this distributor can handle. This limit is
# per-distributor, not per-tenant. Additional requests will be rejected. 0 =
# unlimited.
# CLI flag: -distributor.instance-limits.max-inflight-push-requests
[max_inflight_push_requests: <int> | default = 0]
# Max inflight ingester client requests that this distributor can handle. This
# limit is per-distributor, not per-tenant. Additional requests will be
# rejected. 0 = unlimited.
# CLI flag: -distributor.instance-limits.max-inflight-client-requests
[max_inflight_client_requests: <int> | default = 0]
otlp:
# If true, all resource attributes are converted to labels.
# CLI flag: -distributor.otlp.convert-all-attributes
[convert_all_attributes: <boolean> | default = false]
# If true, a target_info metric is not ingested. (refer to:
# https://github.com/prometheus/OpenMetrics/blob/main/specification/OpenMetrics.md#supporting-target-metadata-in-both-push-based-and-pull-based-systems)
# CLI flag: -distributor.otlp.disable-target-info
[disable_target_info: <boolean> | default = false]
The etcd_config
configures the etcd client. The supported CLI flags <prefix>
used to reference this config block are:
- no prefix
alertmanager.sharding-ring
compactor.ring
distributor.ha-tracker
distributor.ring
ruler.ring
store-gateway.sharding-ring
# The etcd endpoints to connect to.
# CLI flag: -<prefix>.etcd.endpoints
[endpoints: <list of string> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -<prefix>.etcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -<prefix>.etcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -<prefix>.etcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.etcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -<prefix>.etcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.etcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -<prefix>.etcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -<prefix>.etcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Etcd username.
# CLI flag: -<prefix>.etcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -<prefix>.etcd.password
[password: <string> | default = ""]
# Send Keepalive pings with no streams.
# CLI flag: -<prefix>.etcd.ping-without-stream-allowed
[ping-without-stream-allowed: <boolean> | default = true]
The fifo_cache_config
configures the local in-memory cache.
# Maximum memory size of the cache in bytes. A unit suffix (KB, MB, GB) may be
# applied.
# CLI flag: -frontend.fifocache.max-size-bytes
[max_size_bytes: <string> | default = ""]
# Maximum number of entries in the cache.
# CLI flag: -frontend.fifocache.max-size-items
[max_size_items: <int> | default = 0]
# The expiry duration for the cache.
# CLI flag: -frontend.fifocache.duration
[validity: <duration> | default = 0s]
# Deprecated (use max-size-items or max-size-bytes instead): The number of
# entries to cache.
# CLI flag: -frontend.fifocache.size
[size: <int> | default = 0]
The flusher_config
configures the WAL flusher target, used to manually run one-time flushes when scaling down ingesters.
# Stop Cortex after flush has finished. If false, Cortex process will keep
# running, doing nothing.
# CLI flag: -flusher.exit-after-flush
[exit_after_flush: <boolean> | default = true]
The frontend_worker_config
configures the worker - running within the Cortex querier - picking up and executing queries enqueued by the query-frontend or query-scheduler.
# Address of query frontend service, in host:port format. If
# -querier.scheduler-address is set as well, querier will use scheduler instead.
# Only one of -querier.frontend-address or -querier.scheduler-address can be
# set. If neither is set, queries are only received via HTTP endpoint.
# CLI flag: -querier.frontend-address
[frontend_address: <string> | default = ""]
# Hostname (and port) of scheduler that querier will periodically resolve,
# connect to and receive queries from. Only one of -querier.frontend-address or
# -querier.scheduler-address can be set. If neither is set, queries are only
# received via HTTP endpoint.
# CLI flag: -querier.scheduler-address
[scheduler_address: <string> | default = ""]
# How often to query DNS for query-frontend or query-scheduler address.
# CLI flag: -querier.dns-lookup-period
[dns_lookup_duration: <duration> | default = 10s]
# Number of simultaneous queries to process per query-frontend or
# query-scheduler.
# CLI flag: -querier.worker-parallelism
[parallelism: <int> | default = 10]
# Force worker concurrency to match the -querier.max-concurrent option.
# Overrides querier.worker-parallelism.
# CLI flag: -querier.worker-match-max-concurrent
[match_max_concurrent: <boolean> | default = false]
# Querier ID, sent to frontend service to identify requests from the same
# querier. Defaults to hostname.
# CLI flag: -querier.id
[id: <string> | default = ""]
grpc_client_config:
# gRPC client max receive message size (bytes).
# CLI flag: -querier.frontend-client.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -querier.frontend-client.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 16777216]
# Use compression when sending messages. Supported values are: 'gzip',
# 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)
# CLI flag: -querier.frontend-client.grpc-compression
[grpc_compression: <string> | default = ""]
# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -querier.frontend-client.grpc-client-rate-limit
[rate_limit: <float> | default = 0]
# Rate limit burst for gRPC client.
# CLI flag: -querier.frontend-client.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]
# Enable backoff and retry when we hit ratelimits.
# CLI flag: -querier.frontend-client.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# Minimum delay when backing off.
# CLI flag: -querier.frontend-client.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -querier.frontend-client.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -querier.frontend-client.backoff-retries
[max_retries: <int> | default = 10]
# Enable TLS in the GRPC client. This flag needs to be enabled when any other
# TLS flag is set. If set to false, insecure connection to gRPC server will be
# used.
# CLI flag: -querier.frontend-client.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -querier.frontend-client.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -querier.frontend-client.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -querier.frontend-client.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -querier.frontend-client.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -querier.frontend-client.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
The ingester_config
configures the Cortex ingester.
lifecycler:
ring:
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -ring.store
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -ring.prefix
[prefix: <string> | default = "collectors/"]
dynamodb:
# Region to access dynamodb.
# CLI flag: -dynamodb.region
[region: <string> | default = ""]
# Table name to use on dynamodb.
# CLI flag: -dynamodb.table-name
[table_name: <string> | default = ""]
# Time to expire items on dynamodb.
# CLI flag: -dynamodb.ttl-time
[ttl: <duration> | default = 0s]
# Time to refresh local ring with information on dynamodb.
# CLI flag: -dynamodb.puller-sync-time
[puller_sync_time: <duration> | default = 1m]
# Maximum number of retries for DDB KV CAS.
# CLI flag: -dynamodb.max-cas-retries
[max_cas_retries: <int> | default = 10]
# The consul_config configures the consul client.
[consul: <consul_config>]
# The etcd_config configures the etcd client.
[etcd: <etcd_config>]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# The heartbeat timeout after which ingesters are skipped for reads/writes.
# 0 = never (timeout disabled).
# CLI flag: -ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# The number of ingesters to write to and read from.
# CLI flag: -distributor.replication-factor
[replication_factor: <int> | default = 3]
# True to enable the zone-awareness and replicate ingested samples across
# different availability zones.
# CLI flag: -distributor.zone-awareness-enabled
[zone_awareness_enabled: <boolean> | default = false]
# Comma-separated list of zones to exclude from the ring. Instances in
# excluded zones will be filtered out from the ring.
# CLI flag: -distributor.excluded-zones
[excluded_zones: <string> | default = ""]
# Set to true to enable ring detailed metrics. These metrics provide
# detailed information, such as token count and ownership per tenant.
# Disabling them can significantly decrease the number of metrics emitted by
# the distributors.
# CLI flag: -ring.detailed-metrics-enabled
[detailed_metrics_enabled: <boolean> | default = true]
# Number of tokens for each ingester.
# CLI flag: -ingester.num-tokens
[num_tokens: <int> | default = 128]
# EXPERIMENTAL: Algorithm used to generate new ring tokens. Supported Values:
# random,minimize-spread
# CLI flag: -ingester.tokens-generator-strategy
[tokens_generator_strategy: <string> | default = "random"]
# Period at which to heartbeat to consul. 0 = disabled.
# CLI flag: -ingester.heartbeat-period
[heartbeat_period: <duration> | default = 5s]
# Observe tokens after generating to resolve collisions. Useful when using
# gossiping ring.
# CLI flag: -ingester.observe-period
[observe_period: <duration> | default = 0s]
# Period to wait for a claim from another member; will join automatically
# after this.
# CLI flag: -ingester.join-after
[join_after: <duration> | default = 0s]
# Minimum duration to wait after the internal readiness checks have passed but
# before succeeding the readiness endpoint. This is used to slowdown
# deployment controllers (eg. Kubernetes) after an instance is ready and
# before they proceed with a rolling update, to give the rest of the cluster
# instances enough time to receive ring updates.
# CLI flag: -ingester.min-ready-duration
[min_ready_duration: <duration> | default = 15s]
# Name of network interface to read address from.
# CLI flag: -ingester.lifecycler.interface
[interface_names: <list of string> | default = [eth0 en0]]
# Duration to sleep for before exiting, to ensure metrics are scraped.
# CLI flag: -ingester.final-sleep
[final_sleep: <duration> | default = 30s]
# File path where tokens are stored. If empty, tokens are not stored at
# shutdown and restored at startup.
# CLI flag: -ingester.tokens-file-path
[tokens_file_path: <string> | default = ""]
# The availability zone where this instance is running.
# CLI flag: -ingester.availability-zone
[availability_zone: <string> | default = ""]
# Unregister from the ring upon clean shutdown. It can be useful to disable
# for rolling restarts with consistent naming in conjunction with
# -distributor.extend-writes=false.
# CLI flag: -ingester.unregister-on-shutdown
[unregister_on_shutdown: <boolean> | default = true]
# When enabled the readiness probe succeeds only after all instances are
# ACTIVE and healthy in the ring, otherwise only the instance itself is
# checked. This option should be disabled if in your cluster multiple
# instances can be rolled out simultaneously, otherwise rolling updates may be
# slowed down.
# CLI flag: -ingester.readiness-check-ring-health
[readiness_check_ring_health: <boolean> | default = true]
# Period at which metadata we have not seen will remain in memory before being
# deleted.
# CLI flag: -ingester.metadata-retain-period
[metadata_retain_period: <duration> | default = 10m]
# Period with which to update the per-user ingestion rates.
# CLI flag: -ingester.rate-update-period
[rate_update_period: <duration> | default = 15s]
# Period with which to update the per-user tsdb config.
# CLI flag: -ingester.user-tsdb-configs-update-period
[user_tsdb_configs_update_period: <duration> | default = 15s]
# Enable tracking of active series and export them as metrics.
# CLI flag: -ingester.active-series-metrics-enabled
[active_series_metrics_enabled: <boolean> | default = true]
# How often to update active series metrics.
# CLI flag: -ingester.active-series-metrics-update-period
[active_series_metrics_update_period: <duration> | default = 1m]
# After what time a series is considered to be inactive.
# CLI flag: -ingester.active-series-metrics-idle-timeout
[active_series_metrics_idle_timeout: <duration> | default = 10m]
# Enable uploading compacted blocks.
# CLI flag: -ingester.upload-compacted-blocks-enabled
[upload_compacted_blocks_enabled: <boolean> | default = true]
instance_limits:
# Max ingestion rate (samples/sec) that ingester will accept. This limit is
# per-ingester, not per-tenant. Additional push requests will be rejected.
# Current ingestion rate is computed as exponentially weighted moving average,
# updated every second. This limit only works when using blocks engine. 0 =
# unlimited.
# CLI flag: -ingester.instance-limits.max-ingestion-rate
[max_ingestion_rate: <float> | default = 0]
# Max users that this ingester can hold. Requests from additional users will
# be rejected. This limit only works when using blocks engine. 0 = unlimited.
# CLI flag: -ingester.instance-limits.max-tenants
[max_tenants: <int> | default = 0]
# Max series that this ingester can hold (across all tenants). Requests to
# create additional series will be rejected. This limit only works when using
# blocks engine. 0 = unlimited.
# CLI flag: -ingester.instance-limits.max-series
[max_series: <int> | default = 0]
# Max inflight push requests that this ingester can handle (across all
# tenants). Additional requests will be rejected. 0 = unlimited.
# CLI flag: -ingester.instance-limits.max-inflight-push-requests
[max_inflight_push_requests: <int> | default = 0]
# Max inflight query requests that this ingester can handle (across all
# tenants). Additional requests will be rejected. 0 = unlimited.
# CLI flag: -ingester.instance-limits.max-inflight-query-requests
[max_inflight_query_requests: <int> | default = 0]
# Comma-separated list of metric names, for which
# -ingester.max-series-per-metric and -ingester.max-global-series-per-metric
# limits will be ignored. Does not affect max-series-per-user or
# max-global-series-per-metric limits.
# CLI flag: -ingester.ignore-series-limit-for-metric-names
[ignore_series_limit_for_metric_names: <string> | default = ""]
# Customize the message contained in limit errors
# CLI flag: -ingester.admin-limit-message
[admin_limit_message: <string> | default = "please contact administrator to raise it"]
# Experimental: Enable string interning for metrics labels.
# CLI flag: -ingester.labels-string-interning-enabled
[labels_string_interning_enabled: <boolean> | default = false]
# Disable trimming of matching series chunks based on query Start and End time.
# When disabled, the result may contain samples outside the queried time range
# but select performances may be improved. Note that certain query results might
# change by changing this option.
# CLI flag: -ingester.disable-chunk-trimming
[disable_chunk_trimming: <boolean> | default = false]
The ingester_client_config
configures how the Cortex distributors connect to the ingesters.
grpc_client_config:
# gRPC client max receive message size (bytes).
# CLI flag: -ingester.client.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -ingester.client.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 16777216]
# Use compression when sending messages. Supported values are: 'gzip',
# 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)
# CLI flag: -ingester.client.grpc-compression
[grpc_compression: <string> | default = "snappy-block"]
# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -ingester.client.grpc-client-rate-limit
[rate_limit: <float> | default = 0]
# Rate limit burst for gRPC client.
# CLI flag: -ingester.client.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]
# Enable backoff and retry when we hit ratelimits.
# CLI flag: -ingester.client.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# Minimum delay when backing off.
# CLI flag: -ingester.client.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -ingester.client.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -ingester.client.backoff-retries
[max_retries: <int> | default = 10]
# Enable TLS in the GRPC client. This flag needs to be enabled when any other
# TLS flag is set. If set to false, insecure connection to gRPC server will be
# used.
# CLI flag: -ingester.client.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -ingester.client.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -ingester.client.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -ingester.client.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -ingester.client.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -ingester.client.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# EXPERIMENTAL: If enabled, gRPC clients perform health checks for each target
# and fail the request if the target is marked as unhealthy.
healthcheck_config:
# The number of consecutive failed health checks required before considering
# a target unhealthy. 0 means disabled.
# CLI flag: -ingester.client.healthcheck.unhealthy-threshold
[unhealthy_threshold: <int> | default = 0]
# The approximate amount of time between health checks of an individual
# target.
# CLI flag: -ingester.client.healthcheck.interval
[interval: <duration> | default = 5s]
# The amount of time during which no response from a target means a failed
# health check.
# CLI flag: -ingester.client.healthcheck.timeout
[timeout: <duration> | default = 1s]
# Max inflight push requests that this ingester client can handle. This limit is
# per-ingester-client. Additional requests will be rejected. 0 = unlimited.
# CLI flag: -ingester.client.max-inflight-push-requests
[max_inflight_push_requests: <int> | default = 0]
The limits_config
configures default and per-tenant limits imposed by Cortex services (ie. distributor, ingester, ...).
# Per-user ingestion rate limit in samples per second.
# CLI flag: -distributor.ingestion-rate-limit
[ingestion_rate: <float> | default = 25000]
# Whether the ingestion rate limit should be applied individually to each
# distributor instance (local), or evenly shared across the cluster (global).
# CLI flag: -distributor.ingestion-rate-limit-strategy
[ingestion_rate_strategy: <string> | default = "local"]
# Per-user allowed ingestion burst size (in number of samples).
# CLI flag: -distributor.ingestion-burst-size
[ingestion_burst_size: <int> | default = 50000]
# Flag to enable, for all users, handling of samples with external labels
# identifying replicas in an HA Prometheus setup.
# CLI flag: -distributor.ha-tracker.enable-for-all-users
[accept_ha_samples: <boolean> | default = false]
# [Experimental] Flag to enable handling of samples with mixed external labels
# identifying replicas in an HA Prometheus setup. Supported only if
# -distributor.ha-tracker.enable-for-all-users is true.
# CLI flag: -experimental.distributor.ha-tracker.mixed-ha-samples
[accept_mixed_ha_samples: <boolean> | default = false]
# Prometheus label to look for in samples to identify a Prometheus HA cluster.
# CLI flag: -distributor.ha-tracker.cluster
[ha_cluster_label: <string> | default = "cluster"]
# Prometheus label to look for in samples to identify a Prometheus HA replica.
# CLI flag: -distributor.ha-tracker.replica
[ha_replica_label: <string> | default = "__replica__"]
# Maximum number of clusters that HA tracker will keep track of for single user.
# 0 to disable the limit.
# CLI flag: -distributor.ha-tracker.max-clusters
[ha_max_clusters: <int> | default = 0]
# This flag can be used to specify label names that to drop during sample
# ingestion within the distributor and can be repeated in order to drop multiple
# labels.
# CLI flag: -distributor.drop-label
[drop_labels: <list of string> | default = []]
# Maximum length accepted for label names
# CLI flag: -validation.max-length-label-name
[max_label_name_length: <int> | default = 1024]
# Maximum length accepted for label value. This setting also applies to the
# metric name
# CLI flag: -validation.max-length-label-value
[max_label_value_length: <int> | default = 2048]
# Maximum number of label names per series.
# CLI flag: -validation.max-label-names-per-series
[max_label_names_per_series: <int> | default = 30]
# Maximum combined size in bytes of all labels and label values accepted for a
# series. 0 to disable the limit.
# CLI flag: -validation.max-labels-size-bytes
[max_labels_size_bytes: <int> | default = 0]
# Maximum length accepted for metric metadata. Metadata refers to Metric Name,
# HELP and UNIT.
# CLI flag: -validation.max-metadata-length
[max_metadata_length: <int> | default = 1024]
# Reject old samples.
# CLI flag: -validation.reject-old-samples
[reject_old_samples: <boolean> | default = false]
# Maximum accepted sample age before rejecting.
# CLI flag: -validation.reject-old-samples.max-age
[reject_old_samples_max_age: <duration> | default = 2w]
# Duration which table will be created/deleted before/after it's needed; we
# won't accept sample from before this time.
# CLI flag: -validation.create-grace-period
[creation_grace_period: <duration> | default = 10m]
# Enforce every metadata has a metric name.
# CLI flag: -validation.enforce-metadata-metric-name
[enforce_metadata_metric_name: <boolean> | default = true]
# Enforce every sample has a metric name.
# CLI flag: -validation.enforce-metric-name
[enforce_metric_name: <boolean> | default = true]
# The default tenant's shard size when the shuffle-sharding strategy is used.
# Must be set both on ingesters and distributors. When this setting is specified
# in the per-tenant overrides, a value of 0 disables shuffle sharding for the
# tenant.
# CLI flag: -distributor.ingestion-tenant-shard-size
[ingestion_tenant_shard_size: <int> | default = 0]
# List of metric relabel configurations. Note that in most situations, it is
# more effective to use metrics relabeling directly in the Prometheus server,
# e.g. remote_write.write_relabel_configs.
[metric_relabel_configs: <relabel_config...> | default = []]
# Limit on total number of positive and negative buckets allowed in a single
# native histogram. The resolution of a histogram with more buckets will be
# reduced until the number of buckets is within the limit. If the limit cannot
# be reached, the sample will be discarded. 0 means no limit. Enforced at
# Distributor.
# CLI flag: -validation.max-native-histogram-buckets
[max_native_histogram_buckets: <int> | default = 0]
# Comma separated list of resource attributes that should be converted to
# labels.
# CLI flag: -distributor.promote-resource-attributes
[promote_resource_attributes: <list of string> | default = ]
# The maximum number of active series per user, per ingester. 0 to disable.
# CLI flag: -ingester.max-series-per-user
[max_series_per_user: <int> | default = 5000000]
# The maximum number of active series per metric name, per ingester. 0 to
# disable.
# CLI flag: -ingester.max-series-per-metric
[max_series_per_metric: <int> | default = 50000]
# The maximum number of active series per user, across the cluster before
# replication. 0 to disable. Supported only if -distributor.shard-by-all-labels
# is true.
# CLI flag: -ingester.max-global-series-per-user
[max_global_series_per_user: <int> | default = 0]
# The maximum number of active series per metric name, across the cluster before
# replication. 0 to disable.
# CLI flag: -ingester.max-global-series-per-metric
[max_global_series_per_metric: <int> | default = 0]
# [Experimental] Enable limits per LabelSet. Supported limits per labelSet:
# [max_series]
[limits_per_label_set: <list of LimitsPerLabelSet> | default = []]
# The maximum number of active metrics with metadata per user, per ingester. 0
# to disable.
# CLI flag: -ingester.max-metadata-per-user
[max_metadata_per_user: <int> | default = 8000]
# The maximum number of metadata per metric, per ingester. 0 to disable.
# CLI flag: -ingester.max-metadata-per-metric
[max_metadata_per_metric: <int> | default = 10]
# The maximum number of active metrics with metadata per user, across the
# cluster. 0 to disable. Supported only if -distributor.shard-by-all-labels is
# true.
# CLI flag: -ingester.max-global-metadata-per-user
[max_global_metadata_per_user: <int> | default = 0]
# The maximum number of metadata per metric, across the cluster. 0 to disable.
# CLI flag: -ingester.max-global-metadata-per-metric
[max_global_metadata_per_metric: <int> | default = 0]
# [Experimental] Configures the allowed time window for ingestion of
# out-of-order samples. Disabled (0s) by default.
# CLI flag: -ingester.out-of-order-time-window
[out_of_order_time_window: <duration> | default = 0s]
# Enables support for exemplars in TSDB and sets the maximum number that will be
# stored. less than zero means disabled. If the value is set to zero, cortex
# will fallback to blocks-storage.tsdb.max-exemplars value.
# CLI flag: -ingester.max-exemplars
[max_exemplars: <int> | default = 0]
# Maximum number of chunks that can be fetched in a single query from ingesters
# and long-term storage. This limit is enforced in the querier, ruler and
# store-gateway. 0 to disable.
# CLI flag: -querier.max-fetched-chunks-per-query
[max_fetched_chunks_per_query: <int> | default = 2000000]
# The maximum number of unique series for which a query can fetch samples from
# each ingesters and blocks storage. This limit is enforced in the querier,
# ruler and store-gateway. 0 to disable
# CLI flag: -querier.max-fetched-series-per-query
[max_fetched_series_per_query: <int> | default = 0]
# Deprecated (use max-fetched-data-bytes-per-query instead): The maximum size of
# all chunks in bytes that a query can fetch from each ingester and storage.
# This limit is enforced in the querier, ruler and store-gateway. 0 to disable.
# CLI flag: -querier.max-fetched-chunk-bytes-per-query
[max_fetched_chunk_bytes_per_query: <int> | default = 0]
# The maximum combined size of all data that a query can fetch from each
# ingester and storage. This limit is enforced in the querier and ruler for
# `query`, `query_range` and `series` APIs. 0 to disable.
# CLI flag: -querier.max-fetched-data-bytes-per-query
[max_fetched_data_bytes_per_query: <int> | default = 0]
# Limit how long back data (series and metadata) can be queried, up until
# <lookback> duration ago. This limit is enforced in the query-frontend, querier
# and ruler. If the requested time range is outside the allowed range, the
# request will not fail but will be manipulated to only query data within the
# allowed time range. 0 to disable.
# CLI flag: -querier.max-query-lookback
[max_query_lookback: <duration> | default = 0s]
# Limit the query time range (end - start time of range query parameter and max
# - min of data fetched time range). This limit is enforced in the
# query-frontend and ruler (on the received query). 0 to disable.
# CLI flag: -store.max-query-length
[max_query_length: <duration> | default = 0s]
# Maximum number of split queries will be scheduled in parallel by the frontend.
# CLI flag: -querier.max-query-parallelism
[max_query_parallelism: <int> | default = 14]
# Most recent allowed cacheable result per-tenant, to prevent caching very
# recent results that might still be in flux.
# CLI flag: -frontend.max-cache-freshness
[max_cache_freshness: <duration> | default = 1m]
# Maximum number of queriers that can handle requests for a single tenant. If
# set to 0 or value higher than number of available queriers, *all* queriers
# will handle requests for the tenant. If the value is < 1, it will be treated
# as a percentage and the gets a percentage of the total queriers. Each frontend
# (or query-scheduler, if used) will select the same set of queriers for the
# same tenant (given that all queriers are connected to all frontends /
# query-schedulers). This option only works with queriers connecting to the
# query-frontend / query-scheduler, not when using downstream URL.
# CLI flag: -frontend.max-queriers-per-tenant
[max_queriers_per_tenant: <float> | default = 0]
# Maximum number of outstanding requests per tenant per request queue (either
# query frontend or query scheduler); requests beyond this error with HTTP 429.
# CLI flag: -frontend.max-outstanding-requests-per-tenant
[max_outstanding_requests_per_tenant: <int> | default = 100]
# Configuration for query priority.
query_priority:
# Whether queries are assigned with priorities.
# CLI flag: -frontend.query-priority.enabled
[enabled: <boolean> | default = false]
# Priority assigned to all queries by default. Must be a unique value. Use
# this as a baseline to make certain queries higher/lower priority.
# CLI flag: -frontend.query-priority.default-priority
[default_priority: <int> | default = 0]
# List of priority definitions.
[priorities: <list of PriorityDef> | default = []]
# Configuration for query rejection.
query_rejection:
# Whether query rejection is enabled.
# CLI flag: -frontend.query-rejection.enabled
[enabled: <boolean> | default = false]
# List of query_attributes to match and reject queries. A query is rejected if
# it matches any query_attribute in this list. Each query_attribute has
# several properties (e.g., regex, time_window, user_agent), and all specified
# properties must match for a query_attribute to be considered a match. Only
# the specified properties are checked, and an AND operator is applied to
# them.
[query_attributes: <list of QueryAttribute> | default = []]
# Deprecated(use ruler.query-offset instead) and will be removed in v1.19.0:
# Duration to delay the evaluation of rules to ensure the underlying metrics
# have been pushed to Cortex.
# CLI flag: -ruler.evaluation-delay-duration
[ruler_evaluation_delay_duration: <duration> | default = 0s]
# The default tenant's shard size when the shuffle-sharding strategy is used by
# ruler. When this setting is specified in the per-tenant overrides, a value of
# 0 disables shuffle sharding for the tenant.
# CLI flag: -ruler.tenant-shard-size
[ruler_tenant_shard_size: <int> | default = 0]
# Maximum number of rules per rule group per-tenant. 0 to disable.
# CLI flag: -ruler.max-rules-per-rule-group
[ruler_max_rules_per_rule_group: <int> | default = 0]
# Maximum number of rule groups per-tenant. 0 to disable.
# CLI flag: -ruler.max-rule-groups-per-tenant
[ruler_max_rule_groups_per_tenant: <int> | default = 0]
# Duration to offset all rule evaluation queries per-tenant.
# CLI flag: -ruler.query-offset
[ruler_query_offset: <duration> | default = 0s]
# external labels for alerting rules
[ruler_external_labels: <map of string (labelName) to string (labelValue)> | default = []]
# The default tenant's shard size when the shuffle-sharding strategy is used.
# Must be set when the store-gateway sharding is enabled with the
# shuffle-sharding strategy. When this setting is specified in the per-tenant
# overrides, a value of 0 disables shuffle sharding for the tenant. If the value
# is < 1 the shard size will be a percentage of the total store-gateways.
# CLI flag: -store-gateway.tenant-shard-size
[store_gateway_tenant_shard_size: <float> | default = 0]
# The maximum number of data bytes to download per gRPC request in Store
# Gateway, including Series/LabelNames/LabelValues requests. 0 to disable.
# CLI flag: -store-gateway.max-downloaded-bytes-per-request
[max_downloaded_bytes_per_request: <int> | default = 0]
# Delete blocks containing samples older than the specified retention period. 0
# to disable.
# CLI flag: -compactor.blocks-retention-period
[compactor_blocks_retention_period: <duration> | default = 0s]
# The default tenant's shard size when the shuffle-sharding strategy is used by
# the compactor. When this setting is specified in the per-tenant overrides, a
# value of 0 disables shuffle sharding for the tenant.
# CLI flag: -compactor.tenant-shard-size
[compactor_tenant_shard_size: <int> | default = 0]
# S3 server-side encryption type. Required to enable server-side encryption
# overrides for a specific tenant. If not set, the default S3 client settings
# are used.
[s3_sse_type: <string> | default = ""]
# S3 server-side encryption KMS Key ID. Ignored if the SSE type override is not
# set.
[s3_sse_kms_key_id: <string> | default = ""]
# S3 server-side encryption KMS encryption context. If unset and the key ID
# override is set, the encryption context will not be provided to S3. Ignored if
# the SSE type override is not set.
[s3_sse_kms_encryption_context: <string> | default = ""]
# Comma-separated list of network CIDRs to block in Alertmanager receiver
# integrations.
# CLI flag: -alertmanager.receivers-firewall-block-cidr-networks
[alertmanager_receivers_firewall_block_cidr_networks: <string> | default = ""]
# True to block private and local addresses in Alertmanager receiver
# integrations. It blocks private addresses defined by RFC 1918 (IPv4
# addresses) and RFC 4193 (IPv6 addresses), as well as loopback, local unicast
# and local multicast addresses.
# CLI flag: -alertmanager.receivers-firewall-block-private-addresses
[alertmanager_receivers_firewall_block_private_addresses: <boolean> | default = false]
# Per-user rate limit for sending notifications from Alertmanager in
# notifications/sec. 0 = rate limit disabled. Negative value = no notifications
# are allowed.
# CLI flag: -alertmanager.notification-rate-limit
[alertmanager_notification_rate_limit: <float> | default = 0]
# Per-integration notification rate limits. Value is a map, where each key is
# integration name and value is a rate-limit (float). On command line, this map
# is given in JSON format. Rate limit has the same meaning as
# -alertmanager.notification-rate-limit, but only applies for specific
# integration. Allowed integration names: webhook, email, pagerduty, opsgenie,
# wechat, slack, victorops, pushover, sns, telegram, discord, webex, msteams.
# CLI flag: -alertmanager.notification-rate-limit-per-integration
[alertmanager_notification_rate_limit_per_integration: <map of string to float64> | default = {}]
# Maximum size of configuration file for Alertmanager that tenant can upload via
# Alertmanager API. 0 = no limit.
# CLI flag: -alertmanager.max-config-size-bytes
[alertmanager_max_config_size_bytes: <int> | default = 0]
# Maximum number of templates in tenant's Alertmanager configuration uploaded
# via Alertmanager API. 0 = no limit.
# CLI flag: -alertmanager.max-templates-count
[alertmanager_max_templates_count: <int> | default = 0]
# Maximum size of single template in tenant's Alertmanager configuration
# uploaded via Alertmanager API. 0 = no limit.
# CLI flag: -alertmanager.max-template-size-bytes
[alertmanager_max_template_size_bytes: <int> | default = 0]
# Maximum number of aggregation groups in Alertmanager's dispatcher that a
# tenant can have. Each active aggregation group uses single goroutine. When the
# limit is reached, dispatcher will not dispatch alerts that belong to
# additional aggregation groups, but existing groups will keep working properly.
# 0 = no limit.
# CLI flag: -alertmanager.max-dispatcher-aggregation-groups
[alertmanager_max_dispatcher_aggregation_groups: <int> | default = 0]
# Maximum number of alerts that a single user can have. Inserting more alerts
# will fail with a log message and metric increment. 0 = no limit.
# CLI flag: -alertmanager.max-alerts-count
[alertmanager_max_alerts_count: <int> | default = 0]
# Maximum total size of alerts that a single user can have, alert size is the
# sum of the bytes of its labels, annotations and generatorURL. Inserting more
# alerts will fail with a log message and metric increment. 0 = no limit.
# CLI flag: -alertmanager.max-alerts-size-bytes
[alertmanager_max_alerts_size_bytes: <int> | default = 0]
# list of rule groups to disable
[disabled_rule_groups: <list of DisabledRuleGroup> | default = []]
The memberlist_config
configures the Gossip memberlist.
# Name of the node in memberlist cluster. Defaults to hostname.
# CLI flag: -memberlist.nodename
[node_name: <string> | default = ""]
# Add random suffix to the node name.
# CLI flag: -memberlist.randomize-node-name
[randomize_node_name: <boolean> | default = true]
# The timeout for establishing a connection with a remote node, and for
# read/write operations.
# CLI flag: -memberlist.stream-timeout
[stream_timeout: <duration> | default = 10s]
# Multiplication factor used when sending out messages (factor * log(N+1)).
# CLI flag: -memberlist.retransmit-factor
[retransmit_factor: <int> | default = 4]
# How often to use pull/push sync.
# CLI flag: -memberlist.pullpush-interval
[pull_push_interval: <duration> | default = 30s]
# How often to gossip.
# CLI flag: -memberlist.gossip-interval
[gossip_interval: <duration> | default = 200ms]
# How many nodes to gossip to.
# CLI flag: -memberlist.gossip-nodes
[gossip_nodes: <int> | default = 3]
# How long to keep gossiping to dead nodes, to give them chance to refute their
# death.
# CLI flag: -memberlist.gossip-to-dead-nodes-time
[gossip_to_dead_nodes_time: <duration> | default = 30s]
# How soon can dead node's name be reclaimed with new address. 0 to disable.
# CLI flag: -memberlist.dead-node-reclaim-time
[dead_node_reclaim_time: <duration> | default = 0s]
# Enable message compression. This can be used to reduce bandwidth usage at the
# cost of slightly more CPU utilization.
# CLI flag: -memberlist.compression-enabled
[compression_enabled: <boolean> | default = true]
# Gossip address to advertise to other members in the cluster. Used for NAT
# traversal.
# CLI flag: -memberlist.advertise-addr
[advertise_addr: <string> | default = ""]
# Gossip port to advertise to other members in the cluster. Used for NAT
# traversal.
# CLI flag: -memberlist.advertise-port
[advertise_port: <int> | default = 7946]
# Other cluster members to join. Can be specified multiple times. It can be an
# IP, hostname or an entry specified in the DNS Service Discovery format.
# CLI flag: -memberlist.join
[join_members: <list of string> | default = []]
# Min backoff duration to join other cluster members.
# CLI flag: -memberlist.min-join-backoff
[min_join_backoff: <duration> | default = 1s]
# Max backoff duration to join other cluster members.
# CLI flag: -memberlist.max-join-backoff
[max_join_backoff: <duration> | default = 1m]
# Max number of retries to join other cluster members.
# CLI flag: -memberlist.max-join-retries
[max_join_retries: <int> | default = 10]
# If this node fails to join memberlist cluster, abort.
# CLI flag: -memberlist.abort-if-join-fails
[abort_if_cluster_join_fails: <boolean> | default = true]
# If not 0, how often to rejoin the cluster. Occasional rejoin can help to fix
# the cluster split issue, and is harmless otherwise. For example when using
# only few components as a seed nodes (via -memberlist.join), then it's
# recommended to use rejoin. If -memberlist.join points to dynamic service that
# resolves to all gossiping nodes (eg. Kubernetes headless service), then rejoin
# is not needed.
# CLI flag: -memberlist.rejoin-interval
[rejoin_interval: <duration> | default = 0s]
# How long to keep LEFT ingesters in the ring.
# CLI flag: -memberlist.left-ingesters-timeout
[left_ingesters_timeout: <duration> | default = 5m]
# Timeout for leaving memberlist cluster.
# CLI flag: -memberlist.leave-timeout
[leave_timeout: <duration> | default = 5s]
# How much space to use for keeping received and sent messages in memory for
# troubleshooting (two buffers). 0 to disable.
# CLI flag: -memberlist.message-history-buffer-bytes
[message_history_buffer_bytes: <int> | default = 0]
# IP address to listen on for gossip messages. Multiple addresses may be
# specified. Defaults to 0.0.0.0
# CLI flag: -memberlist.bind-addr
[bind_addr: <list of string> | default = []]
# Port to listen on for gossip messages.
# CLI flag: -memberlist.bind-port
[bind_port: <int> | default = 7946]
# Timeout used when connecting to other nodes to send packet.
# CLI flag: -memberlist.packet-dial-timeout
[packet_dial_timeout: <duration> | default = 5s]
# Timeout for writing 'packet' data.
# CLI flag: -memberlist.packet-write-timeout
[packet_write_timeout: <duration> | default = 5s]
# Enable TLS on the memberlist transport layer.
# CLI flag: -memberlist.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -memberlist.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -memberlist.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -memberlist.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -memberlist.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -memberlist.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
The memcached_config
block configures how data is stored in Memcached (ie. expiration).
# How long keys stay in the memcache.
# CLI flag: -frontend.memcached.expiration
[expiration: <duration> | default = 0s]
# How many keys to fetch in each batch.
# CLI flag: -frontend.memcached.batchsize
[batch_size: <int> | default = 1024]
# Maximum active requests to memcache.
# CLI flag: -frontend.memcached.parallelism
[parallelism: <int> | default = 100]
The memcached_client_config
configures the client used to connect to Memcached.
# Hostname for memcached service to use. If empty and if addresses is unset, no
# memcached will be used.
# CLI flag: -frontend.memcached.hostname
[host: <string> | default = ""]
# SRV service used to discover memcache servers.
# CLI flag: -frontend.memcached.service
[service: <string> | default = "memcached"]
# EXPERIMENTAL: Comma separated addresses list in DNS Service Discovery format:
# https://cortexmetrics.io/docs/configuration/arguments/#dns-service-discovery
# CLI flag: -frontend.memcached.addresses
[addresses: <string> | default = ""]
# Maximum time to wait before giving up on memcached requests.
# CLI flag: -frontend.memcached.timeout
[timeout: <duration> | default = 100ms]
# Maximum number of idle connections in pool.
# CLI flag: -frontend.memcached.max-idle-conns
[max_idle_conns: <int> | default = 16]
# The maximum size of an item stored in memcached. Bigger items are not stored.
# If set to 0, no maximum size is enforced.
# CLI flag: -frontend.memcached.max-item-size
[max_item_size: <int> | default = 0]
# Period with which to poll DNS for memcache servers.
# CLI flag: -frontend.memcached.update-interval
[update_interval: <duration> | default = 1m]
# Use consistent hashing to distribute to memcache servers.
# CLI flag: -frontend.memcached.consistent-hash
[consistent_hash: <boolean> | default = true]
# Trip circuit-breaker after this number of consecutive dial failures (if zero
# then circuit-breaker is disabled).
# CLI flag: -frontend.memcached.circuit-breaker-consecutive-failures
[circuit_breaker_consecutive_failures: <int> | default = 10]
# Duration circuit-breaker remains open after tripping (if zero then 60 seconds
# is used).
# CLI flag: -frontend.memcached.circuit-breaker-timeout
[circuit_breaker_timeout: <duration> | default = 10s]
# Reset circuit-breaker counts after this long (if zero then never reset).
# CLI flag: -frontend.memcached.circuit-breaker-interval
[circuit_breaker_interval: <duration> | default = 10s]
The querier_config
configures the Cortex querier.
# The maximum number of concurrent queries.
# CLI flag: -querier.max-concurrent
[max_concurrent: <int> | default = 20]
# The timeout for a query.
# CLI flag: -querier.timeout
[timeout: <duration> | default = 2m]
# Deprecated (This feature will be always on after v1.18): Use streaming RPCs
# for metadata APIs from ingester.
# CLI flag: -querier.ingester-metadata-streaming
[ingester_metadata_streaming: <boolean> | default = true]
# Use LabelNames ingester RPCs with match params.
# CLI flag: -querier.ingester-label-names-with-matchers
[ingester_label_names_with_matchers: <boolean> | default = false]
# Maximum number of samples a single query can load into memory.
# CLI flag: -querier.max-samples
[max_samples: <int> | default = 50000000]
# Maximum lookback beyond which queries are not sent to ingester. 0 means all
# queries are sent to ingester.
# CLI flag: -querier.query-ingesters-within
[query_ingesters_within: <duration> | default = 0s]
# Enable returning samples stats per steps in query response.
# CLI flag: -querier.per-step-stats-enabled
[per_step_stats_enabled: <boolean> | default = false]
# Use compression for metrics query API or instant and range query APIs.
# Supports 'gzip' and '' (disable compression)
# CLI flag: -querier.response-compression
[response_compression: <string> | default = "gzip"]
# The time after which a metric should be queried from storage and not just
# ingesters. 0 means all queries are sent to store. When running the blocks
# storage, if this option is enabled, the time range of the query sent to the
# store will be manipulated to ensure the query end is not more recent than 'now
# - query-store-after'.
# CLI flag: -querier.query-store-after
[query_store_after: <duration> | default = 0s]
# Maximum duration into the future you can query. 0 to disable.
# CLI flag: -querier.max-query-into-future
[max_query_into_future: <duration> | default = 10m]
# The default evaluation interval or step size for subqueries.
# CLI flag: -querier.default-evaluation-interval
[default_evaluation_interval: <duration> | default = 1m]
# Max number of steps allowed for every subquery expression in query. Number of
# steps is calculated using subquery range / step. A value > 0 enables it.
# CLI flag: -querier.max-subquery-steps
[max_subquery_steps: <int> | default = 0]
# Active query tracker monitors active queries, and writes them to the file in
# given directory. If Cortex discovers any queries in this log during startup,
# it will log them to the log file. Setting to empty value disables active query
# tracker, which also disables -querier.max-concurrent option.
# CLI flag: -querier.active-query-tracker-dir
[active_query_tracker_dir: <string> | default = "./active-query-tracker"]
# Time since the last sample after which a time series is considered stale and
# ignored by expression evaluations.
# CLI flag: -querier.lookback-delta
[lookback_delta: <duration> | default = 5m]
# Comma separated list of store-gateway addresses in DNS Service Discovery
# format. This option should be set when using the blocks storage and the
# store-gateway sharding is disabled (when enabled, the store-gateway instances
# form a ring and addresses are picked from the ring).
# CLI flag: -querier.store-gateway-addresses
[store_gateway_addresses: <string> | default = ""]
store_gateway_client:
# Enable TLS for gRPC client connecting to store-gateway.
# CLI flag: -querier.store-gateway-client.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -querier.store-gateway-client.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -querier.store-gateway-client.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -querier.store-gateway-client.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -querier.store-gateway-client.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -querier.store-gateway-client.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Use compression when sending messages. Supported values are: 'gzip',
# 'snappy' and '' (disable compression)
# CLI flag: -querier.store-gateway-client.grpc-compression
[grpc_compression: <string> | default = ""]
# EXPERIMENTAL: If enabled, gRPC clients perform health checks for each target
# and fail the request if the target is marked as unhealthy.
healthcheck_config:
# The number of consecutive failed health checks required before considering
# a target unhealthy. 0 means disabled.
# CLI flag: -querier.store-gateway-client.healthcheck.unhealthy-threshold
[unhealthy_threshold: <int> | default = 0]
# The approximate amount of time between health checks of an individual
# target.
# CLI flag: -querier.store-gateway-client.healthcheck.interval
[interval: <duration> | default = 5s]
# The amount of time during which no response from a target means a failed
# health check.
# CLI flag: -querier.store-gateway-client.healthcheck.timeout
[timeout: <duration> | default = 1s]
# If enabled, store gateway query stats will be logged using `info` log level.
# CLI flag: -querier.store-gateway-query-stats-enabled
[store_gateway_query_stats: <boolean> | default = true]
# The maximum number of times we attempt fetching missing blocks from different
# store-gateways. If no more store-gateways are left (ie. due to lower
# replication factor) than we'll end the retries earlier
# CLI flag: -querier.store-gateway-consistency-check-max-attempts
[store_gateway_consistency_check_max_attempts: <int> | default = 3]
# When distributor's sharding strategy is shuffle-sharding and this setting is >
# 0, queriers fetch in-memory series from the minimum set of required ingesters,
# selecting only ingesters which may have received series since 'now - lookback
# period'. The lookback period should be greater or equal than the configured
# 'query store after' and 'query ingesters within'. If this setting is 0,
# queriers always query all ingesters (ingesters shuffle sharding on read path
# is disabled).
# CLI flag: -querier.shuffle-sharding-ingesters-lookback-period
[shuffle_sharding_ingesters_lookback_period: <duration> | default = 0s]
# Experimental. Use Thanos promql engine
# https://github.com/thanos-io/promql-engine rather than the Prometheus promql
# engine.
# CLI flag: -querier.thanos-engine
[thanos_engine: <boolean> | default = false]
# If enabled, ignore max query length check at Querier select method. Users can
# choose to ignore it since the validation can be done before Querier evaluation
# like at Query Frontend or Ruler.
# CLI flag: -querier.ignore-max-query-length
[ignore_max_query_length: <boolean> | default = false]
# [Experimental] If true, experimental promQL functions are enabled.
# CLI flag: -querier.enable-promql-experimental-functions
[enable_promql_experimental_functions: <boolean> | default = false]
The query_frontend_config
configures the Cortex query-frontend.
# Log queries that are slower than the specified duration. Set to 0 to disable.
# Set to < 0 to enable on all queries.
# CLI flag: -frontend.log-queries-longer-than
[log_queries_longer_than: <duration> | default = 0s]
# Max body size for downstream prometheus.
# CLI flag: -frontend.max-body-size
[max_body_size: <int> | default = 10485760]
# True to enable query statistics tracking. When enabled, a message with some
# statistics is logged for every query.
# CLI flag: -frontend.query-stats-enabled
[query_stats_enabled: <boolean> | default = false]
# If a querier disconnects without sending notification about graceful shutdown,
# the query-frontend will keep the querier in the tenant's shard until the
# forget delay has passed. This feature is useful to reduce the blast radius
# when shuffle-sharding is enabled.
# CLI flag: -query-frontend.querier-forget-delay
[querier_forget_delay: <duration> | default = 0s]
# DNS hostname used for finding query-schedulers.
# CLI flag: -frontend.scheduler-address
[scheduler_address: <string> | default = ""]
# How often to resolve the scheduler-address, in order to look for new
# query-scheduler instances.
# CLI flag: -frontend.scheduler-dns-lookup-period
[scheduler_dns_lookup_period: <duration> | default = 10s]
# Number of concurrent workers forwarding queries to single query-scheduler.
# CLI flag: -frontend.scheduler-worker-concurrency
[scheduler_worker_concurrency: <int> | default = 5]
grpc_client_config:
# gRPC client max receive message size (bytes).
# CLI flag: -frontend.grpc-client-config.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -frontend.grpc-client-config.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 16777216]
# Use compression when sending messages. Supported values are: 'gzip',
# 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)
# CLI flag: -frontend.grpc-client-config.grpc-compression
[grpc_compression: <string> | default = ""]
# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -frontend.grpc-client-config.grpc-client-rate-limit
[rate_limit: <float> | default = 0]
# Rate limit burst for gRPC client.
# CLI flag: -frontend.grpc-client-config.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]
# Enable backoff and retry when we hit ratelimits.
# CLI flag: -frontend.grpc-client-config.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# Minimum delay when backing off.
# CLI flag: -frontend.grpc-client-config.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -frontend.grpc-client-config.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -frontend.grpc-client-config.backoff-retries
[max_retries: <int> | default = 10]
# Enable TLS in the GRPC client. This flag needs to be enabled when any other
# TLS flag is set. If set to false, insecure connection to gRPC server will be
# used.
# CLI flag: -frontend.grpc-client-config.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -frontend.grpc-client-config.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -frontend.grpc-client-config.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -frontend.grpc-client-config.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -frontend.grpc-client-config.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -frontend.grpc-client-config.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# When multiple query-schedulers are available, re-enqueue queries that were
# rejected due to too many outstanding requests.
# CLI flag: -frontend.retry-on-too-many-outstanding-requests
[retry_on_too_many_outstanding_requests: <boolean> | default = false]
# Name of network interface to read address from. This address is sent to
# query-scheduler and querier, which uses it to send the query response back to
# query-frontend.
# CLI flag: -frontend.instance-interface-names
[instance_interface_names: <list of string> | default = [eth0 en0]]
# URL of downstream Prometheus.
# CLI flag: -frontend.downstream-url
[downstream_url: <string> | default = ""]
The query_range_config
configures the query splitting and caching in the Cortex query-frontend.
# Split queries by an interval and execute in parallel, 0 disables it. You
# should use a multiple of 24 hours (same as the storage bucketing scheme), to
# avoid queriers downloading and processing the same chunks. This also
# determines how cache keys are chosen when result caching is enabled
# CLI flag: -querier.split-queries-by-interval
[split_queries_by_interval: <duration> | default = 0s]
# Mutate incoming queries to align their start and end with their step.
# CLI flag: -querier.align-querier-with-step
[align_queries_with_step: <boolean> | default = false]
results_cache:
cache:
# Enable in-memory cache.
# CLI flag: -frontend.cache.enable-fifocache
[enable_fifocache: <boolean> | default = false]
# The default validity of entries for caches unless overridden.
# CLI flag: -frontend.default-validity
[default_validity: <duration> | default = 0s]
background:
# At what concurrency to write back to cache.
# CLI flag: -frontend.background.write-back-concurrency
[writeback_goroutines: <int> | default = 10]
# How many key batches to buffer for background write-back.
# CLI flag: -frontend.background.write-back-buffer
[writeback_buffer: <int> | default = 10000]
# The memcached_config block configures how data is stored in Memcached (ie.
# expiration).
[memcached: <memcached_config>]
# The memcached_client_config configures the client used to connect to
# Memcached.
[memcached_client: <memcached_client_config>]
# The redis_config configures the Redis backend cache.
[redis: <redis_config>]
# The fifo_cache_config configures the local in-memory cache.
[fifocache: <fifo_cache_config>]
# Use compression in results cache. Supported values are: 'snappy' and ''
# (disable compression).
# CLI flag: -frontend.compression
[compression: <string> | default = ""]
# Cache Statistics queryable samples on results cache.
# CLI flag: -frontend.cache-queryable-samples-stats
[cache_queryable_samples_stats: <boolean> | default = false]
# Cache query results.
# CLI flag: -querier.cache-results
[cache_results: <boolean> | default = false]
# Maximum number of retries for a single request; beyond this, the downstream
# error is returned.
# CLI flag: -querier.max-retries-per-request
[max_retries: <int> | default = 5]
# List of headers forwarded by the query Frontend to downstream querier.
# CLI flag: -frontend.forward-headers-list
[forward_headers_list: <list of string> | default = []]
The redis_config
configures the Redis backend cache.
# Redis Server endpoint to use for caching. A comma-separated list of endpoints
# for Redis Cluster or Redis Sentinel. If empty, no redis will be used.
# CLI flag: -frontend.redis.endpoint
[endpoint: <string> | default = ""]
# Redis Sentinel master name. An empty string for Redis Server or Redis Cluster.
# CLI flag: -frontend.redis.master-name
[master_name: <string> | default = ""]
# Maximum time to wait before giving up on redis requests.
# CLI flag: -frontend.redis.timeout
[timeout: <duration> | default = 500ms]
# How long keys stay in the redis.
# CLI flag: -frontend.redis.expiration
[expiration: <duration> | default = 0s]
# Database index.
# CLI flag: -frontend.redis.db
[db: <int> | default = 0]
# Maximum number of connections in the pool.
# CLI flag: -frontend.redis.pool-size
[pool_size: <int> | default = 0]
# Password to use when connecting to redis.
# CLI flag: -frontend.redis.password
[password: <string> | default = ""]
# Enable connecting to redis with TLS.
# CLI flag: -frontend.redis.tls-enabled
[tls_enabled: <boolean> | default = false]
# Skip validating server certificate.
# CLI flag: -frontend.redis.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Close connections after remaining idle for this duration. If the value is
# zero, then idle connections are not closed.
# CLI flag: -frontend.redis.idle-timeout
[idle_timeout: <duration> | default = 0s]
# Close connections older than this duration. If the value is zero, then the
# pool does not close connections based on age.
# CLI flag: -frontend.redis.max-connection-age
[max_connection_age: <duration> | default = 0s]
The ruler_config
configures the Cortex ruler.
# [Experimental] GRPC listen address of the Query Frontend, in host:port format.
# If set, Ruler queries to Query Frontends via gRPC. If not set, ruler queries
# to Ingesters directly.
# CLI flag: -ruler.frontend-address
[frontend_address: <string> | default = ""]
frontend_client:
# gRPC client max receive message size (bytes).
# CLI flag: -ruler.frontendClient.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -ruler.frontendClient.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 16777216]
# Use compression when sending messages. Supported values are: 'gzip',
# 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)
# CLI flag: -ruler.frontendClient.grpc-compression
[grpc_compression: <string> | default = ""]
# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -ruler.frontendClient.grpc-client-rate-limit
[rate_limit: <float> | default = 0]
# Rate limit burst for gRPC client.
# CLI flag: -ruler.frontendClient.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]
# Enable backoff and retry when we hit ratelimits.
# CLI flag: -ruler.frontendClient.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# Minimum delay when backing off.
# CLI flag: -ruler.frontendClient.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -ruler.frontendClient.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -ruler.frontendClient.backoff-retries
[max_retries: <int> | default = 10]
# Enable TLS in the GRPC client. This flag needs to be enabled when any other
# TLS flag is set. If set to false, insecure connection to gRPC server will be
# used.
# CLI flag: -ruler.frontendClient.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -ruler.frontendClient.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -ruler.frontendClient.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -ruler.frontendClient.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -ruler.frontendClient.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -ruler.frontendClient.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# URL of alerts return path.
# CLI flag: -ruler.external.url
[external_url: <url> | default = ]
# Labels to add to all alerts.
[external_labels: <map of string (labelName) to string (labelValue)> | default = []]
ruler_client:
# gRPC client max receive message size (bytes).
# CLI flag: -ruler.client.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -ruler.client.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 16777216]
# Use compression when sending messages. Supported values are: 'gzip',
# 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)
# CLI flag: -ruler.client.grpc-compression
[grpc_compression: <string> | default = ""]
# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -ruler.client.grpc-client-rate-limit
[rate_limit: <float> | default = 0]
# Rate limit burst for gRPC client.
# CLI flag: -ruler.client.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]
# Enable backoff and retry when we hit ratelimits.
# CLI flag: -ruler.client.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# Minimum delay when backing off.
# CLI flag: -ruler.client.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -ruler.client.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -ruler.client.backoff-retries
[max_retries: <int> | default = 10]
# Enable TLS in the GRPC client. This flag needs to be enabled when any other
# TLS flag is set. If set to false, insecure connection to gRPC server will be
# used.
# CLI flag: -ruler.client.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -ruler.client.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -ruler.client.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -ruler.client.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -ruler.client.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -ruler.client.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Timeout for downstream rulers.
# CLI flag: -ruler.client.remote-timeout
[remote_timeout: <duration> | default = 2m]
# How frequently to evaluate rules
# CLI flag: -ruler.evaluation-interval
[evaluation_interval: <duration> | default = 1m]
# How frequently to poll for rule changes
# CLI flag: -ruler.poll-interval
[poll_interval: <duration> | default = 1m]
# file path to store temporary rule files for the prometheus rule managers
# CLI flag: -ruler.rule-path
[rule_path: <string> | default = "/rules"]
# Comma-separated list of URL(s) of the Alertmanager(s) to send notifications
# to. Each Alertmanager URL is treated as a separate group in the configuration.
# Multiple Alertmanagers in HA per group can be supported by using DNS
# resolution via -ruler.alertmanager-discovery.
# CLI flag: -ruler.alertmanager-url
[alertmanager_url: <string> | default = ""]
# Use DNS SRV records to discover Alertmanager hosts.
# CLI flag: -ruler.alertmanager-discovery
[enable_alertmanager_discovery: <boolean> | default = false]
# How long to wait between refreshing DNS resolutions of Alertmanager hosts.
# CLI flag: -ruler.alertmanager-refresh-interval
[alertmanager_refresh_interval: <duration> | default = 1m]
# Capacity of the queue for notifications to be sent to the Alertmanager.
# CLI flag: -ruler.notification-queue-capacity
[notification_queue_capacity: <int> | default = 10000]
# HTTP timeout duration when sending notifications to the Alertmanager.
# CLI flag: -ruler.notification-timeout
[notification_timeout: <duration> | default = 10s]
alertmanager_client:
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -ruler.alertmanager-client.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -ruler.alertmanager-client.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -ruler.alertmanager-client.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -ruler.alertmanager-client.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -ruler.alertmanager-client.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# HTTP Basic authentication username. It overrides the username set in the URL
# (if any).
# CLI flag: -ruler.alertmanager-client.basic-auth-username
[basic_auth_username: <string> | default = ""]
# HTTP Basic authentication password. It overrides the password set in the URL
# (if any).
# CLI flag: -ruler.alertmanager-client.basic-auth-password
[basic_auth_password: <string> | default = ""]
# Max time to tolerate outage for restoring "for" state of alert.
# CLI flag: -ruler.for-outage-tolerance
[for_outage_tolerance: <duration> | default = 1h]
# Minimum duration between alert and restored "for" state. This is maintained
# only for alerts with configured "for" time greater than grace period.
# CLI flag: -ruler.for-grace-period
[for_grace_period: <duration> | default = 10m]
# Minimum amount of time to wait before resending an alert to Alertmanager.
# CLI flag: -ruler.resend-delay
[resend_delay: <duration> | default = 1m]
# If enabled, rules from a single rule group can be evaluated concurrently if
# there is no dependency between each other. Max concurrency for each rule group
# is controlled via ruler.max-concurrent-evals flag.
# CLI flag: -ruler.concurrent-evals-enabled
[concurrent_evals_enabled: <boolean> | default = false]
# Max concurrency for a single rule group to evaluate independent rules.
# CLI flag: -ruler.max-concurrent-evals
[max_concurrent_evals: <int> | default = 1]
# Distribute rule evaluation using ring backend
# CLI flag: -ruler.enable-sharding
[enable_sharding: <boolean> | default = false]
# The sharding strategy to use. Supported values are: default, shuffle-sharding.
# CLI flag: -ruler.sharding-strategy
[sharding_strategy: <string> | default = "default"]
# Time to spend searching for a pending ruler when shutting down.
# CLI flag: -ruler.search-pending-for
[search_pending_for: <duration> | default = 5m]
ring:
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -ruler.ring.store
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -ruler.ring.prefix
[prefix: <string> | default = "rulers/"]
dynamodb:
# Region to access dynamodb.
# CLI flag: -ruler.ring.dynamodb.region
[region: <string> | default = ""]
# Table name to use on dynamodb.
# CLI flag: -ruler.ring.dynamodb.table-name
[table_name: <string> | default = ""]
# Time to expire items on dynamodb.
# CLI flag: -ruler.ring.dynamodb.ttl-time
[ttl: <duration> | default = 0s]
# Time to refresh local ring with information on dynamodb.
# CLI flag: -ruler.ring.dynamodb.puller-sync-time
[puller_sync_time: <duration> | default = 1m]
# Maximum number of retries for DDB KV CAS.
# CLI flag: -ruler.ring.dynamodb.max-cas-retries
[max_cas_retries: <int> | default = 10]
# The consul_config configures the consul client.
# The CLI flags prefix for this block config is: ruler.ring
[consul: <consul_config>]
# The etcd_config configures the etcd client.
# The CLI flags prefix for this block config is: ruler.ring
[etcd: <etcd_config>]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -ruler.ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -ruler.ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -ruler.ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -ruler.ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -ruler.ring.heartbeat-period
[heartbeat_period: <duration> | default = 5s]
# The heartbeat timeout after which rulers are considered unhealthy within the
# ring. 0 = never (timeout disabled).
# CLI flag: -ruler.ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# EXPERIMENTAL: The replication factor to use when loading rule groups for API
# HA.
# CLI flag: -ruler.ring.replication-factor
[replication_factor: <int> | default = 1]
# EXPERIMENTAL: True to enable zone-awareness and load rule groups across
# different availability zones for API HA.
# CLI flag: -ruler.ring.zone-awareness-enabled
[zone_awareness_enabled: <boolean> | default = false]
# EXPERIMENTAL: File path where tokens are stored. If empty, tokens are not
# stored at shutdown and restored at startup.
# CLI flag: -ruler.ring.tokens-file-path
[tokens_file_path: <string> | default = ""]
# Name of network interface to read address from.
# CLI flag: -ruler.ring.instance-interface-names
[instance_interface_names: <list of string> | default = [eth0 en0]]
# Number of tokens for each ruler.
# CLI flag: -ruler.ring.num-tokens
[num_tokens: <int> | default = 128]
# The sleep seconds when ruler is shutting down. Need to be close to or larger
# than KV Store information propagation delay
# CLI flag: -ruler.ring.final-sleep
[final_sleep: <duration> | default = 0s]
# Keep instance in the ring on shut down.
# CLI flag: -ruler.ring.keep-instance-in-the-ring-on-shutdown
[keep_instance_in_the_ring_on_shutdown: <boolean> | default = false]
# Period with which to attempt to flush rule groups.
# CLI flag: -ruler.flush-period
[flush_period: <duration> | default = 1m]
# Enable the ruler api
# CLI flag: -experimental.ruler.enable-api
[enable_api: <boolean> | default = false]
# EXPERIMENTAL: Remove duplicate rules in the prometheus rules and alerts API
# response. If there are duplicate rules the rule with the latest evaluation
# timestamp will be kept.
# CLI flag: -experimental.ruler.api-deduplicate-rules
[api_deduplicate_rules: <boolean> | default = false]
# Comma separated list of tenants whose rules this ruler can evaluate. If
# specified, only these tenants will be handled by ruler, otherwise this ruler
# can process rules from all tenants. Subject to sharding.
# CLI flag: -ruler.enabled-tenants
[enabled_tenants: <string> | default = ""]
# Comma separated list of tenants whose rules this ruler cannot evaluate. If
# specified, a ruler that would normally pick the specified tenant(s) for
# processing will ignore them instead. Subject to sharding.
# CLI flag: -ruler.disabled-tenants
[disabled_tenants: <string> | default = ""]
# Report query statistics for ruler queries to complete as a per user metric and
# as an info level log message.
# CLI flag: -ruler.query-stats-enabled
[query_stats_enabled: <boolean> | default = false]
# Disable the rule_group label on exported metrics
# CLI flag: -ruler.disable-rule-group-label
[disable_rule_group_label: <boolean> | default = false]
# Enable high availability
# CLI flag: -ruler.enable-ha-evaluation
[enable_ha_evaluation: <boolean> | default = false]
# Timeout duration for non-primary rulers during liveness checks. If the check
# times out, the non-primary ruler will evaluate the rule group. Applicable when
# ruler.enable-ha-evaluation is true.
# CLI flag: -ruler.liveness-check-timeout
[liveness_check_timeout: <duration> | default = 1s]
The ruler_storage_config
configures the Cortex ruler storage backend.
# Backend storage to use. Supported backends are: s3, gcs, azure, swift,
# filesystem, configdb, local.
# CLI flag: -ruler-storage.backend
[backend: <string> | default = "s3"]
s3:
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -ruler-storage.s3.endpoint
[endpoint: <string> | default = ""]
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call
# to autodetect it.
# CLI flag: -ruler-storage.s3.region
[region: <string> | default = ""]
# S3 bucket name
# CLI flag: -ruler-storage.s3.bucket-name
[bucket_name: <string> | default = ""]
# S3 secret access key
# CLI flag: -ruler-storage.s3.secret-access-key
[secret_access_key: <string> | default = ""]
# S3 access key ID
# CLI flag: -ruler-storage.s3.access-key-id
[access_key_id: <string> | default = ""]
# If enabled, use http:// for the S3 endpoint instead of https://. This could
# be useful in local dev/test environments while using an S3-compatible
# backend storage, like Minio.
# CLI flag: -ruler-storage.s3.insecure
[insecure: <boolean> | default = false]
# The signature version to use for authenticating against S3. Supported values
# are: v4, v2.
# CLI flag: -ruler-storage.s3.signature-version
[signature_version: <string> | default = "v4"]
# The s3 bucket lookup style. Supported values are: auto, virtual-hosted,
# path.
# CLI flag: -ruler-storage.s3.bucket-lookup-type
[bucket_lookup_type: <string> | default = "auto"]
# If true, attach MD5 checksum when upload objects and S3 uses MD5 checksum
# algorithm to verify the provided digest. If false, use CRC32C algorithm
# instead.
# CLI flag: -ruler-storage.s3.send-content-md5
[send_content_md5: <boolean> | default = true]
# The list api version. Supported values are: v1, v2, and ''.
# CLI flag: -ruler-storage.s3.list-objects-version
[list_objects_version: <string> | default = ""]
# The s3_sse_config configures the S3 server-side encryption.
# The CLI flags prefix for this block config is: ruler-storage
[sse: <s3_sse_config>]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -ruler-storage.s3.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -ruler-storage.s3.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects via HTTPS and this option is enabled, the client
# will accept any certificate and hostname.
# CLI flag: -ruler-storage.s3.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -ruler-storage.s3.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully writing
# the request headers if the request has an Expect header. 0 to send the
# request body immediately.
# CLI flag: -ruler-storage.s3.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0 means
# no limit.
# CLI flag: -ruler-storage.s3.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
# built-in default value is used.
# CLI flag: -ruler-storage.s3.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -ruler-storage.s3.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
gcs:
# GCS bucket name
# CLI flag: -ruler-storage.gcs.bucket-name
[bucket_name: <string> | default = ""]
# JSON representing either a Google Developers Console client_credentials.json
# file or a Google Developers service account key file. If empty, fallback to
# Google default logic.
# CLI flag: -ruler-storage.gcs.service-account
[service_account: <string> | default = ""]
azure:
# Azure storage account name
# CLI flag: -ruler-storage.azure.account-name
[account_name: <string> | default = ""]
# Azure storage account key
# CLI flag: -ruler-storage.azure.account-key
[account_key: <string> | default = ""]
# The values of `account-name` and `endpoint-suffix` values will not be
# ignored if `connection-string` is set. Use this method over `account-key` if
# you need to authenticate via a SAS token or if you use the Azurite emulator.
# CLI flag: -ruler-storage.azure.connection-string
[connection_string: <string> | default = ""]
# Azure storage container name
# CLI flag: -ruler-storage.azure.container-name
[container_name: <string> | default = ""]
# Azure storage endpoint suffix without schema. The account name will be
# prefixed to this value to create the FQDN
# CLI flag: -ruler-storage.azure.endpoint-suffix
[endpoint_suffix: <string> | default = ""]
# Number of retries for recoverable errors
# CLI flag: -ruler-storage.azure.max-retries
[max_retries: <int> | default = 20]
# Deprecated: Azure storage MSI resource. It will be set automatically by
# Azure SDK.
# CLI flag: -ruler-storage.azure.msi-resource
[msi_resource: <string> | default = ""]
# Azure storage MSI resource managed identity client Id. If not supplied
# default Azure credential will be used. Set it to empty if you need to
# authenticate via Azure Workload Identity.
# CLI flag: -ruler-storage.azure.user-assigned-id
[user_assigned_id: <string> | default = ""]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -ruler-storage.azure.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -ruler-storage.azure.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects via HTTPS and this option is enabled, the client
# will accept any certificate and hostname.
# CLI flag: -ruler-storage.azure.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -ruler-storage.azure.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully writing
# the request headers if the request has an Expect header. 0 to send the
# request body immediately.
# CLI flag: -ruler-storage.azure.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0 means
# no limit.
# CLI flag: -ruler-storage.azure.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
# built-in default value is used.
# CLI flag: -ruler-storage.azure.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -ruler-storage.azure.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
swift:
# OpenStack Swift authentication API version. 0 to autodetect.
# CLI flag: -ruler-storage.swift.auth-version
[auth_version: <int> | default = 0]
# OpenStack Swift authentication URL
# CLI flag: -ruler-storage.swift.auth-url
[auth_url: <string> | default = ""]
# OpenStack Swift application credential ID.
# CLI flag: -ruler-storage.swift.application-credential-id
[application_credential_id: <string> | default = ""]
# OpenStack Swift application credential name.
# CLI flag: -ruler-storage.swift.application-credential-name
[application_credential_name: <string> | default = ""]
# OpenStack Swift application credential secret.
# CLI flag: -ruler-storage.swift.application-credential-secret
[application_credential_secret: <string> | default = ""]
# OpenStack Swift username.
# CLI flag: -ruler-storage.swift.username
[username: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -ruler-storage.swift.user-domain-name
[user_domain_name: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -ruler-storage.swift.user-domain-id
[user_domain_id: <string> | default = ""]
# OpenStack Swift user ID.
# CLI flag: -ruler-storage.swift.user-id
[user_id: <string> | default = ""]
# OpenStack Swift API key.
# CLI flag: -ruler-storage.swift.password
[password: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -ruler-storage.swift.domain-id
[domain_id: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -ruler-storage.swift.domain-name
[domain_name: <string> | default = ""]
# OpenStack Swift project ID (v2,v3 auth only).
# CLI flag: -ruler-storage.swift.project-id
[project_id: <string> | default = ""]
# OpenStack Swift project name (v2,v3 auth only).
# CLI flag: -ruler-storage.swift.project-name
[project_name: <string> | default = ""]
# ID of the OpenStack Swift project's domain (v3 auth only), only needed if it
# differs the from user domain.
# CLI flag: -ruler-storage.swift.project-domain-id
[project_domain_id: <string> | default = ""]
# Name of the OpenStack Swift project's domain (v3 auth only), only needed if
# it differs from the user domain.
# CLI flag: -ruler-storage.swift.project-domain-name
[project_domain_name: <string> | default = ""]
# OpenStack Swift Region to use (v2,v3 auth only).
# CLI flag: -ruler-storage.swift.region-name
[region_name: <string> | default = ""]
# Name of the OpenStack Swift container to put chunks in.
# CLI flag: -ruler-storage.swift.container-name
[container_name: <string> | default = ""]
# Max retries on requests error.
# CLI flag: -ruler-storage.swift.max-retries
[max_retries: <int> | default = 3]
# Time after which a connection attempt is aborted.
# CLI flag: -ruler-storage.swift.connect-timeout
[connect_timeout: <duration> | default = 10s]
# Time after which an idle request is aborted. The timeout watchdog is reset
# each time some data is received, so the timeout triggers after X time no
# data is received on a request.
# CLI flag: -ruler-storage.swift.request-timeout
[request_timeout: <duration> | default = 5s]
filesystem:
# Local filesystem storage directory.
# CLI flag: -ruler-storage.filesystem.dir
[dir: <string> | default = ""]
# The configstore_config configures the config database storing rules and
# alerts, and is used by the Cortex alertmanager.
# The CLI flags prefix for this block config is: ruler-storage
[configdb: <configstore_config>]
local:
# Directory to scan for rules
# CLI flag: -ruler-storage.local.directory
[directory: <string> | default = ""]
The runtime_configuration_storage_config
configures the storage backend for the runtime configuration file.
# How often to check runtime config file.
# CLI flag: -runtime-config.reload-period
[period: <duration> | default = 10s]
# File with the configuration that can be updated in runtime.
# CLI flag: -runtime-config.file
[file: <string> | default = ""]
# Backend storage to use. Supported backends are: s3, gcs, azure, swift,
# filesystem.
# CLI flag: -runtime-config.backend
[backend: <string> | default = "filesystem"]
s3:
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -runtime-config.s3.endpoint
[endpoint: <string> | default = ""]
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call
# to autodetect it.
# CLI flag: -runtime-config.s3.region
[region: <string> | default = ""]
# S3 bucket name
# CLI flag: -runtime-config.s3.bucket-name
[bucket_name: <string> | default = ""]
# S3 secret access key
# CLI flag: -runtime-config.s3.secret-access-key
[secret_access_key: <string> | default = ""]
# S3 access key ID
# CLI flag: -runtime-config.s3.access-key-id
[access_key_id: <string> | default = ""]
# If enabled, use http:// for the S3 endpoint instead of https://. This could
# be useful in local dev/test environments while using an S3-compatible
# backend storage, like Minio.
# CLI flag: -runtime-config.s3.insecure
[insecure: <boolean> | default = false]
# The signature version to use for authenticating against S3. Supported values
# are: v4, v2.
# CLI flag: -runtime-config.s3.signature-version
[signature_version: <string> | default = "v4"]
# The s3 bucket lookup style. Supported values are: auto, virtual-hosted,
# path.
# CLI flag: -runtime-config.s3.bucket-lookup-type
[bucket_lookup_type: <string> | default = "auto"]
# If true, attach MD5 checksum when upload objects and S3 uses MD5 checksum
# algorithm to verify the provided digest. If false, use CRC32C algorithm
# instead.
# CLI flag: -runtime-config.s3.send-content-md5
[send_content_md5: <boolean> | default = true]
# The list api version. Supported values are: v1, v2, and ''.
# CLI flag: -runtime-config.s3.list-objects-version
[list_objects_version: <string> | default = ""]
# The s3_sse_config configures the S3 server-side encryption.
# The CLI flags prefix for this block config is: runtime-config
[sse: <s3_sse_config>]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -runtime-config.s3.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -runtime-config.s3.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects via HTTPS and this option is enabled, the client
# will accept any certificate and hostname.
# CLI flag: -runtime-config.s3.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -runtime-config.s3.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully writing
# the request headers if the request has an Expect header. 0 to send the
# request body immediately.
# CLI flag: -runtime-config.s3.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0 means
# no limit.
# CLI flag: -runtime-config.s3.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
# built-in default value is used.
# CLI flag: -runtime-config.s3.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -runtime-config.s3.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
gcs:
# GCS bucket name
# CLI flag: -runtime-config.gcs.bucket-name
[bucket_name: <string> | default = ""]
# JSON representing either a Google Developers Console client_credentials.json
# file or a Google Developers service account key file. If empty, fallback to
# Google default logic.
# CLI flag: -runtime-config.gcs.service-account
[service_account: <string> | default = ""]
azure:
# Azure storage account name
# CLI flag: -runtime-config.azure.account-name
[account_name: <string> | default = ""]
# Azure storage account key
# CLI flag: -runtime-config.azure.account-key
[account_key: <string> | default = ""]
# The values of `account-name` and `endpoint-suffix` values will not be
# ignored if `connection-string` is set. Use this method over `account-key` if
# you need to authenticate via a SAS token or if you use the Azurite emulator.
# CLI flag: -runtime-config.azure.connection-string
[connection_string: <string> | default = ""]
# Azure storage container name
# CLI flag: -runtime-config.azure.container-name
[container_name: <string> | default = ""]
# Azure storage endpoint suffix without schema. The account name will be
# prefixed to this value to create the FQDN
# CLI flag: -runtime-config.azure.endpoint-suffix
[endpoint_suffix: <string> | default = ""]
# Number of retries for recoverable errors
# CLI flag: -runtime-config.azure.max-retries
[max_retries: <int> | default = 20]
# Deprecated: Azure storage MSI resource. It will be set automatically by
# Azure SDK.
# CLI flag: -runtime-config.azure.msi-resource
[msi_resource: <string> | default = ""]
# Azure storage MSI resource managed identity client Id. If not supplied
# default Azure credential will be used. Set it to empty if you need to
# authenticate via Azure Workload Identity.
# CLI flag: -runtime-config.azure.user-assigned-id
[user_assigned_id: <string> | default = ""]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -runtime-config.azure.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -runtime-config.azure.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects via HTTPS and this option is enabled, the client
# will accept any certificate and hostname.
# CLI flag: -runtime-config.azure.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -runtime-config.azure.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully writing
# the request headers if the request has an Expect header. 0 to send the
# request body immediately.
# CLI flag: -runtime-config.azure.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0 means
# no limit.
# CLI flag: -runtime-config.azure.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
# built-in default value is used.
# CLI flag: -runtime-config.azure.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -runtime-config.azure.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
swift:
# OpenStack Swift authentication API version. 0 to autodetect.
# CLI flag: -runtime-config.swift.auth-version
[auth_version: <int> | default = 0]
# OpenStack Swift authentication URL
# CLI flag: -runtime-config.swift.auth-url
[auth_url: <string> | default = ""]
# OpenStack Swift application credential ID.
# CLI flag: -runtime-config.swift.application-credential-id
[application_credential_id: <string> | default = ""]
# OpenStack Swift application credential name.
# CLI flag: -runtime-config.swift.application-credential-name
[application_credential_name: <string> | default = ""]
# OpenStack Swift application credential secret.
# CLI flag: -runtime-config.swift.application-credential-secret
[application_credential_secret: <string> | default = ""]
# OpenStack Swift username.
# CLI flag: -runtime-config.swift.username
[username: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -runtime-config.swift.user-domain-name
[user_domain_name: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -runtime-config.swift.user-domain-id
[user_domain_id: <string> | default = ""]
# OpenStack Swift user ID.
# CLI flag: -runtime-config.swift.user-id
[user_id: <string> | default = ""]
# OpenStack Swift API key.
# CLI flag: -runtime-config.swift.password
[password: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -runtime-config.swift.domain-id
[domain_id: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -runtime-config.swift.domain-name
[domain_name: <string> | default = ""]
# OpenStack Swift project ID (v2,v3 auth only).
# CLI flag: -runtime-config.swift.project-id
[project_id: <string> | default = ""]
# OpenStack Swift project name (v2,v3 auth only).
# CLI flag: -runtime-config.swift.project-name
[project_name: <string> | default = ""]
# ID of the OpenStack Swift project's domain (v3 auth only), only needed if it
# differs the from user domain.
# CLI flag: -runtime-config.swift.project-domain-id
[project_domain_id: <string> | default = ""]
# Name of the OpenStack Swift project's domain (v3 auth only), only needed if
# it differs from the user domain.
# CLI flag: -runtime-config.swift.project-domain-name
[project_domain_name: <string> | default = ""]
# OpenStack Swift Region to use (v2,v3 auth only).
# CLI flag: -runtime-config.swift.region-name
[region_name: <string> | default = ""]
# Name of the OpenStack Swift container to put chunks in.
# CLI flag: -runtime-config.swift.container-name
[container_name: <string> | default = ""]
# Max retries on requests error.
# CLI flag: -runtime-config.swift.max-retries
[max_retries: <int> | default = 3]
# Time after which a connection attempt is aborted.
# CLI flag: -runtime-config.swift.connect-timeout
[connect_timeout: <duration> | default = 10s]
# Time after which an idle request is aborted. The timeout watchdog is reset
# each time some data is received, so the timeout triggers after X time no
# data is received on a request.
# CLI flag: -runtime-config.swift.request-timeout
[request_timeout: <duration> | default = 5s]
filesystem:
# Local filesystem storage directory.
# CLI flag: -runtime-config.filesystem.dir
[dir: <string> | default = ""]
The s3_sse_config
configures the S3 server-side encryption. The supported CLI flags <prefix>
used to reference this config block are:
alertmanager-storage
blocks-storage
ruler-storage
runtime-config
# Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
# CLI flag: -<prefix>.s3.sse.type
[type: <string> | default = ""]
# KMS Key ID used to encrypt objects in S3
# CLI flag: -<prefix>.s3.sse.kms-key-id
[kms_key_id: <string> | default = ""]
# KMS Encryption Context used for object encryption. It expects JSON formatted
# string.
# CLI flag: -<prefix>.s3.sse.kms-encryption-context
[kms_encryption_context: <string> | default = ""]
The server_config
configures the HTTP and gRPC server of the launched service(s).
# HTTP server listen network, default tcp
# CLI flag: -server.http-listen-network
[http_listen_network: <string> | default = "tcp"]
# HTTP server listen address.
# CLI flag: -server.http-listen-address
[http_listen_address: <string> | default = ""]
# HTTP server listen port.
# CLI flag: -server.http-listen-port
[http_listen_port: <int> | default = 80]
# Maximum number of simultaneous http connections, <=0 to disable
# CLI flag: -server.http-conn-limit
[http_listen_conn_limit: <int> | default = 0]
# gRPC server listen network
# CLI flag: -server.grpc-listen-network
[grpc_listen_network: <string> | default = "tcp"]
# gRPC server listen address.
# CLI flag: -server.grpc-listen-address
[grpc_listen_address: <string> | default = ""]
# gRPC server listen port.
# CLI flag: -server.grpc-listen-port
[grpc_listen_port: <int> | default = 9095]
# Maximum number of simultaneous grpc connections, <=0 to disable
# CLI flag: -server.grpc-conn-limit
[grpc_listen_conn_limit: <int> | default = 0]
# Comma-separated list of cipher suites to use. If blank, the default Go cipher
# suites is used.
# CLI flag: -server.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Minimum TLS version to use. Allowed values: VersionTLS10, VersionTLS11,
# VersionTLS12, VersionTLS13. If blank, the Go TLS minimum version is used.
# CLI flag: -server.tls-min-version
[tls_min_version: <string> | default = ""]
http_tls_config:
# HTTP server cert path.
# CLI flag: -server.http-tls-cert-path
[cert_file: <string> | default = ""]
# HTTP server key path.
# CLI flag: -server.http-tls-key-path
[key_file: <string> | default = ""]
# HTTP TLS Client Auth type.
# CLI flag: -server.http-tls-client-auth
[client_auth_type: <string> | default = ""]
# HTTP TLS Client CA path.
# CLI flag: -server.http-tls-ca-path
[client_ca_file: <string> | default = ""]
grpc_tls_config:
# GRPC TLS server cert path.
# CLI flag: -server.grpc-tls-cert-path
[cert_file: <string> | default = ""]
# GRPC TLS server key path.
# CLI flag: -server.grpc-tls-key-path
[key_file: <string> | default = ""]
# GRPC TLS Client Auth type.
# CLI flag: -server.grpc-tls-client-auth
[client_auth_type: <string> | default = ""]
# GRPC TLS Client CA path.
# CLI flag: -server.grpc-tls-ca-path
[client_ca_file: <string> | default = ""]
# Register the intrumentation handlers (/metrics etc).
# CLI flag: -server.register-instrumentation
[register_instrumentation: <boolean> | default = true]
# Timeout for graceful shutdowns
# CLI flag: -server.graceful-shutdown-timeout
[graceful_shutdown_timeout: <duration> | default = 30s]
# Read timeout for HTTP server
# CLI flag: -server.http-read-timeout
[http_server_read_timeout: <duration> | default = 30s]
# Write timeout for HTTP server
# CLI flag: -server.http-write-timeout
[http_server_write_timeout: <duration> | default = 30s]
# Idle timeout for HTTP server
# CLI flag: -server.http-idle-timeout
[http_server_idle_timeout: <duration> | default = 2m]
# Limit on the size of a gRPC message this server can receive (bytes).
# CLI flag: -server.grpc-max-recv-msg-size-bytes
[grpc_server_max_recv_msg_size: <int> | default = 4194304]
# Limit on the size of a gRPC message this server can send (bytes).
# CLI flag: -server.grpc-max-send-msg-size-bytes
[grpc_server_max_send_msg_size: <int> | default = 4194304]
# Limit on the number of concurrent streams for gRPC calls (0 = unlimited)
# CLI flag: -server.grpc-max-concurrent-streams
[grpc_server_max_concurrent_streams: <int> | default = 100]
# Number of worker goroutines that should be used to process incoming
# streams.Setting this 0 (default) will disable workers and spawn a new
# goroutine for each stream.
# CLI flag: -server.grpc_server-num-stream-workers
[grpc_server_num_stream_workers: <int> | default = 0]
# The duration after which an idle connection should be closed. Default:
# infinity
# CLI flag: -server.grpc.keepalive.max-connection-idle
[grpc_server_max_connection_idle: <duration> | default = 2562047h47m16.854775807s]
# The duration for the maximum amount of time a connection may exist before it
# will be closed. Default: infinity
# CLI flag: -server.grpc.keepalive.max-connection-age
[grpc_server_max_connection_age: <duration> | default = 2562047h47m16.854775807s]
# An additive period after max-connection-age after which the connection will be
# forcibly closed. Default: infinity
# CLI flag: -server.grpc.keepalive.max-connection-age-grace
[grpc_server_max_connection_age_grace: <duration> | default = 2562047h47m16.854775807s]
# Duration after which a keepalive probe is sent in case of no activity over the
# connection., Default: 2h
# CLI flag: -server.grpc.keepalive.time
[grpc_server_keepalive_time: <duration> | default = 2h]
# After having pinged for keepalive check, the duration after which an idle
# connection should be closed, Default: 20s
# CLI flag: -server.grpc.keepalive.timeout
[grpc_server_keepalive_timeout: <duration> | default = 20s]
# Minimum amount of time a client should wait before sending a keepalive ping.
# If client sends keepalive ping more often, server will send GOAWAY and close
# the connection.
# CLI flag: -server.grpc.keepalive.min-time-between-pings
[grpc_server_min_time_between_pings: <duration> | default = 10s]
# If true, server allows keepalive pings even when there are no active
# streams(RPCs). If false, and client sends ping when there are no active
# streams, server will send GOAWAY and close the connection.
# CLI flag: -server.grpc.keepalive.ping-without-stream-allowed
[grpc_server_ping_without_stream_allowed: <boolean> | default = true]
# Output log messages in the given format. Valid formats: [logfmt, json]
# CLI flag: -log.format
[log_format: <string> | default = "logfmt"]
# Only log messages with the given severity or above. Valid levels: [debug,
# info, warn, error]
# CLI flag: -log.level
[log_level: <string> | default = "info"]
# Optionally log the source IPs.
# CLI flag: -server.log-source-ips-enabled
[log_source_ips_enabled: <boolean> | default = false]
# Header field storing the source IPs. Only used if
# server.log-source-ips-enabled is true. If not set the default Forwarded,
# X-Real-IP and X-Forwarded-For headers are used
# CLI flag: -server.log-source-ips-header
[log_source_ips_header: <string> | default = ""]
# Regex for matching the source IPs. Only used if server.log-source-ips-enabled
# is true. If not set the default Forwarded, X-Real-IP and X-Forwarded-For
# headers are used
# CLI flag: -server.log-source-ips-regex
[log_source_ips_regex: <string> | default = ""]
# Optionally log request headers.
# CLI flag: -server.log-request-headers
[log_request_headers: <boolean> | default = false]
# Optionally log requests at info level instead of debug level. Applies to
# request headers as well if server.log-request-headers is enabled.
# CLI flag: -server.log-request-at-info-level-enabled
[log_request_at_info_level_enabled: <boolean> | default = false]
# Comma separated list of headers to exclude from loggin. Only used if
# server.log-request-headers is true.
# CLI flag: -server.log-request-headers-exclude-list
[log_request_exclude_headers_list: <string> | default = ""]
# Base path to serve all API routes from (e.g. /v1/)
# CLI flag: -server.path-prefix
[http_path_prefix: <string> | default = ""]
The storage_config
configures the storage type Cortex uses.
# The storage engine to use: blocks is the only supported option today.
# CLI flag: -store.engine
[engine: <string> | default = "blocks"]
The store_gateway_config
configures the store-gateway service used by the blocks storage.
# Shard blocks across multiple store gateway instances. This option needs be set
# both on the store-gateway and querier when running in microservices mode.
# CLI flag: -store-gateway.sharding-enabled
[sharding_enabled: <boolean> | default = false]
# The hash ring configuration. This option is required only if blocks sharding
# is enabled.
sharding_ring:
# The key-value store used to share the hash ring across multiple instances.
# This option needs be set both on the store-gateway and querier when running
# in microservices mode.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -store-gateway.sharding-ring.store
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -store-gateway.sharding-ring.prefix
[prefix: <string> | default = "collectors/"]
dynamodb:
# Region to access dynamodb.
# CLI flag: -store-gateway.sharding-ring.dynamodb.region
[region: <string> | default = ""]
# Table name to use on dynamodb.
# CLI flag: -store-gateway.sharding-ring.dynamodb.table-name
[table_name: <string> | default = ""]
# Time to expire items on dynamodb.
# CLI flag: -store-gateway.sharding-ring.dynamodb.ttl-time
[ttl: <duration> | default = 0s]
# Time to refresh local ring with information on dynamodb.
# CLI flag: -store-gateway.sharding-ring.dynamodb.puller-sync-time
[puller_sync_time: <duration> | default = 1m]
# Maximum number of retries for DDB KV CAS.
# CLI flag: -store-gateway.sharding-ring.dynamodb.max-cas-retries
[max_cas_retries: <int> | default = 10]
# The consul_config configures the consul client.
# The CLI flags prefix for this block config is: store-gateway.sharding-ring
[consul: <consul_config>]
# The etcd_config configures the etcd client.
# The CLI flags prefix for this block config is: store-gateway.sharding-ring
[etcd: <etcd_config>]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -store-gateway.sharding-ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -store-gateway.sharding-ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -store-gateway.sharding-ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -store-gateway.sharding-ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -store-gateway.sharding-ring.heartbeat-period
[heartbeat_period: <duration> | default = 15s]
# The heartbeat timeout after which store gateways are considered unhealthy
# within the ring. 0 = never (timeout disabled). This option needs be set both
# on the store-gateway and querier when running in microservices mode.
# CLI flag: -store-gateway.sharding-ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# The replication factor to use when sharding blocks. This option needs be set
# both on the store-gateway and querier when running in microservices mode.
# CLI flag: -store-gateway.sharding-ring.replication-factor
[replication_factor: <int> | default = 3]
# File path where tokens are stored. If empty, tokens are not stored at
# shutdown and restored at startup.
# CLI flag: -store-gateway.sharding-ring.tokens-file-path
[tokens_file_path: <string> | default = ""]
# True to enable zone-awareness and replicate blocks across different
# availability zones.
# CLI flag: -store-gateway.sharding-ring.zone-awareness-enabled
[zone_awareness_enabled: <boolean> | default = false]
# True to keep the store gateway instance in the ring when it shuts down. The
# instance will then be auto-forgotten from the ring after
# 10*heartbeat_timeout.
# CLI flag: -store-gateway.sharding-ring.keep-instance-in-the-ring-on-shutdown
[keep_instance_in_the_ring_on_shutdown: <boolean> | default = false]
# Minimum time to wait for ring stability at startup. 0 to disable.
# CLI flag: -store-gateway.sharding-ring.wait-stability-min-duration
[wait_stability_min_duration: <duration> | default = 1m]
# Maximum time to wait for ring stability at startup. If the store-gateway
# ring keeps changing after this period of time, the store-gateway will start
# anyway.
# CLI flag: -store-gateway.sharding-ring.wait-stability-max-duration
[wait_stability_max_duration: <duration> | default = 5m]
# Timeout for waiting on store-gateway to become desired state in the ring.
# CLI flag: -store-gateway.sharding-ring.wait-instance-state-timeout
[wait_instance_state_timeout: <duration> | default = 10m]
# The sleep seconds when store-gateway is shutting down. Need to be close to
# or larger than KV Store information propagation delay
# CLI flag: -store-gateway.sharding-ring.final-sleep
[final_sleep: <duration> | default = 0s]
# Name of network interface to read address from.
# CLI flag: -store-gateway.sharding-ring.instance-interface-names
[instance_interface_names: <list of string> | default = [eth0 en0]]
# The availability zone where this instance is running. Required if
# zone-awareness is enabled.
# CLI flag: -store-gateway.sharding-ring.instance-availability-zone
[instance_availability_zone: <string> | default = ""]
# The sharding strategy to use. Supported values are: default, shuffle-sharding.
# CLI flag: -store-gateway.sharding-strategy
[sharding_strategy: <string> | default = "default"]
# Comma separated list of tenants whose store metrics this storegateway can
# process. If specified, only these tenants will be handled by storegateway,
# otherwise this storegateway will be enabled for all the tenants in the
# store-gateway cluster.
# CLI flag: -store-gateway.enabled-tenants
[enabled_tenants: <string> | default = ""]
# Comma separated list of tenants whose store metrics this storegateway cannot
# process. If specified, a storegateway that would normally pick the specified
# tenant(s) for processing will ignore them instead.
# CLI flag: -store-gateway.disabled-tenants
[disabled_tenants: <string> | default = ""]
hedged_request:
# If true, hedged requests are applied to object store calls. It can help with
# reducing tail latency.
# CLI flag: -store-gateway.hedged-request.enabled
[enabled: <boolean> | default = false]
# Maximum number of hedged requests allowed for each initial request. A high
# number can reduce latency but increase internal calls.
# CLI flag: -store-gateway.hedged-request.max-requests
[max_requests: <int> | default = 3]
# It is used to calculate a latency threshold to trigger hedged requests. For
# example, additional requests are triggered when the initial request response
# time exceeds the 90th percentile.
# CLI flag: -store-gateway.hedged-request.quantile
[quantile: <float> | default = 0.9]
The tracing_config
configures backends cortex uses.
# Tracing type. OTEL and JAEGER are currently supported. For jaeger
# `JAEGER_AGENT_HOST` environment variable should also be set. See:
# https://cortexmetrics.io/docs/guides/tracing .
# CLI flag: -tracing.type
[type: <string> | default = "jaeger"]
otel:
# otl collector endpoint that the driver will use to send spans.
# CLI flag: -tracing.otel.otlp-endpoint
[otlp_endpoint: <string> | default = ""]
# enhance/modify traces/propagators for specific exporter. If empty, OTEL
# defaults will apply. Supported values are: `awsxray.`
# CLI flag: -tracing.otel.exporter-type
[exporter_type: <string> | default = ""]
# Fraction of traces to be sampled. Fractions >= 1 means sampling if off and
# everything is traced.
# CLI flag: -tracing.otel.sample-ratio
[sample_ratio: <float> | default = 0.001]
# If enabled, use round_robin gRPC load balancing policy. By default, use
# pick_first policy. For more details, please refer to
# https://github.com/grpc/grpc/blob/master/doc/load-balancing.md#load-balancing-policies.
# CLI flag: -tracing.otel.round-robin
[round_robin: <boolean> | default = false]
# Enable TLS in the GRPC client. This flag needs to be enabled when any other
# TLS flag is set. If set to false, insecure connection to gRPC server will be
# used.
# CLI flag: -tracing.otel.tls-enabled
[tls_enabled: <boolean> | default = false]
tls:
# Path to the client certificate file, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -tracing.otel.tls.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key file for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -tracing.otel.tls.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates file to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -tracing.otel.tls.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -tracing.otel.tls.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -tracing.otel.tls.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
limits:
# The maximum number of active series per LabelSet, across the cluster before
# replication. Setting the value 0 will enable the monitoring (metrics) but
# would not enforce any limits.
[max_series: <int> | default = ]
# LabelSet which the limit should be applied.
[label_set: <map of string (labelName) to string (labelValue)> | default = []]
# Priority level. Must be a unique value.
[priority: <int> | default = 0]
# Number of reserved queriers to handle priorities higher or equal to the
# priority level. Value between 0 and 1 will be used as a percentage.
[reserved_queriers: <float> | default = 0]
# List of query_attributes to match and assign priority to queries. A query is
# assigned to this priority if it matches any query_attribute in this list. Each
# query_attribute has several properties (e.g., regex, time_window, user_agent),
# and all specified properties must match for a query_attribute to be considered
# a match. Only the specified properties are checked, and an AND operator is
# applied to them.
[query_attributes: <list of QueryAttribute> | default = []]
# API type for the query. Should be one of the query, query_range, series,
# labels, label_values. If not set, it won't be checked.
[api_type: <string> | default = ""]
# Regex that the query string (or at least one of the matchers in metadata
# query) should match. If not set, it won't be checked.
[regex: <string> | default = ""]
# Overall data select time window (including range selectors, modifiers and
# lookback delta) that the query should be within. If not set, it won't be
# checked.
time_window:
# Start of the data select time window (including range selectors, modifiers
# and lookback delta) that the query should be within. If set to 0, it won't
# be checked.
[start: <int> | default = 0]
# End of the data select time window (including range selectors, modifiers and
# lookback delta) that the query should be within. If set to 0, it won't be
# checked.
[end: <int> | default = 0]
# Query time range should be within this limit to match. Depending on where it
# was used, in most of the use-cases, either min or max value will be used. If
# not set, it won't be checked.
time_range_limit:
# This will be duration (12h, 1d, 15d etc.). Query time range should be above
# or equal to this value to match. Ex: if this value is 20d, then queries
# whose range is bigger than or equal to 20d will match. If set to 0, it won't
# be checked.
[min: <int> | default = 0]
# This will be duration (12h, 1d, 15d etc.). Query time range should be below
# or equal to this value to match. Ex: if this value is 24h, then queries
# whose range is smaller than or equal to 24h will match.If set to 0, it won't
# be checked.
[max: <int> | default = 0]
# If query step provided should be within this limit to match. If not set, it
# won't be checked. This property only applied to range queries and ignored for
# other types of queries.
query_step_limit:
# Query step should be above or equal to this value to match. If set to 0, it
# won't be checked.
[min: <int> | default = 0]
# Query step should be below or equal to this value to match. If set to 0, it
# won't be checked.
[max: <int> | default = 0]
# Regex that User-Agent header of the request should match. If not set, it won't
# be checked.
[user_agent_regex: <string> | default = ""]
# Grafana includes X-Dashboard-Uid header in query requests. If this field is
# provided then X-Dashboard-Uid header of request should match this value. If
# not set, it won't be checked. This property won't be applied to metadata
# queries.
[dashboard_uid: <string> | default = ""]
# Grafana includes X-Panel-Id header in query requests. If this field is
# provided then X-Panel-Id header of request should match this value. If not
# set, it won't be checked. This property won't be applied to metadata queries.
[panel_id: <string> | default = ""]
# namespace in which the rule group belongs
[namespace: <string> | default = ""]
# name of the rule group
[name: <string> | default = ""]