-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7ce3c7c
commit 04f7757
Showing
2 changed files
with
53 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| # Loki | ||
| Loki is a logging aggregator from Grafana labs. It has native support in Grafana as a data source. | ||
|
|
||
| This configuration deploys Loki in `singleBinary` mode (monolithic style), using S3 for log storage. | ||
|
|
||
| ## Required Variables | ||
| * `LOKI_GATEWAY_HOST`: The hostname of the loki gateway ingress | ||
| * `LOKI_ROLE_ARN`: The role ARN to attach to the loki service account | ||
| * `LOKI_S3_BUCKET`: The name of the loki log storage bucket | ||
|
|
||
| ## Required Secrets | ||
| A secret named `loki-basic-auth` in the `loki` namespace, which contains the basic auth credentials for the Loki gateway. See [this tutorial](https://kubernetes.github.io/ingress-nginx/examples/auth/basic/) for an example on how to generate such a secret. | ||
|
|
||
| ## Required AWS Resources | ||
| * An S3 bucket for log storage | ||
| * IAM policy for the `loki` service account: | ||
| ```json | ||
| { | ||
| "Version": "2012-10-17", | ||
| "Statement": [ | ||
| { | ||
| "Effect": "Allow", | ||
| "Action": [ | ||
| "s3:ListBucket", | ||
| "s3:PutObject", | ||
| "s3:GetObject", | ||
| "s3:DeleteObject" | ||
| ], | ||
| "Resource": [ | ||
| "arn:aws:s3:::{LOKI_S3_BUCKET}", | ||
| "arn:aws:s3:::{LOKI_S3_BUCKET}/*" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ``` | ||
| * If using grafana, a data source for Loki: | ||
| ```hcl | ||
| resource "grafana_data_source" "loki" { | ||
| provider = grafana.amg | ||
| type = "loki" | ||
| name = "loki" | ||
| url = "{LOKI_GATEWAY_HOST}" | ||
| basic_auth_enabled = true | ||
| basic_auth_username = "admin" | ||
| secure_json_data_encoded = jsonencode({ | ||
| basicAuthPassword = var.LOKI_BASIC_AUTH_PASSWD | ||
| }) | ||
| } | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters