Skip to main content

Loki

Loki is a log aggregation system designed to store and query logs from all your applications and infrastructure.

Deployment Modes

Loki is deployable in three different modes:

  • Monolithic mode
  • Simple Scalable mode
  • Microservices mode

When running the stack locally, Loki runs in Monolithic Mode. On IaaS-providers, simple scalable mode is used, as this is the easiest way to deploy Loki at scale. It strikes a balance between deploying in monolithic mode or deploying each component as a separate microservice. Simple scalable mode should be sufficient for most production environments.

Object Storage

Loki is able to use multiple different storage providers, but in our case we're standardizing on S3 / S3-compatible API's.

Loki needs 3 Object Storage buckets:

  • havenplus-loki-admin
  • havenplus-loki-chunks
  • havenplus-loki-ruler
info

Keep in mind that the bucket names must be globally unique within the context of an IaaS-provider.

When running the stack on your local environment, a Minio instance is automatically deployed and these three buckets are automically created as well.

For instructions on how to create these with the relevant IaaS provider, please consult the provider-specific instructions.

S3 Credentials Secret

ℹ When deploying the stack in your local environment using the Local overlay, you can skip the following step.

Use the S3 credentials provided by the concerning IaaS-provider and use these to create a secret.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: s3-credentials
type: Opaque
stringData:
  S3_ACCESS_KEY_ID: <access-key-id>
  S3_SECRET_ACCESS_KEY: <secret-access-key>

Next, use kubeseal to generate a sealed-secret based on the secret above:

kubeseal -f secret.yaml -w sealed.yaml  --controller-namespace sealed-secrets -n loki

An entry for sealed.yaml has already been preconfigured in kustomization.yaml, you just need to uncomment it. Furthermore, ensure that sealed.yaml is placed in the same folder as the kustomization.yaml.

Don't forget to remove the secret.yaml and definitely do NOT commit the actual secret.yaml to Git!

The HelmRelease patch refers to the secret.

Data Retention

By default, Loki is configured to retain data for 31 days. You can adjust this to your organisation's needs by overriding this value in the concerning overlay.