apiVersion: apps/v1 kind: StatefulSet metadata: name: loki namespace: loki labels: helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: single-binary app.kubernetes.io/part-of: memberlist spec: replicas: 1 podManagementPolicy: Parallel updateStrategy: rollingUpdate: partition: 0 serviceName: loki-headless revisionHistoryLimit: 10 persistentVolumeClaimRetentionPolicy: whenDeleted: Delete whenScaled: Delete selector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: single-binary template: metadata: annotations: checksum/config: 19e0049d8578b5fadd19fbcef19075cf8df1c30f6a3e6fc48aeeeaae41e30e27 storage/size: 150Gi kubectl.kubernetes.io/default-container: "loki" labels: helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: single-binary app.kubernetes.io/part-of: memberlist spec: serviceAccountName: loki enableServiceLinks: true automountServiceAccountToken: true securityContext: fsGroup: 10001 fsGroupChangePolicy: OnRootMismatch runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 seccompProfile: type: RuntimeDefault terminationGracePeriodSeconds: 30 affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: single-binary app.kubernetes.io/instance: 'loki' app.kubernetes.io/name: 'loki' topologyKey: kubernetes.io/hostname volumes: - name: temp emptyDir: {} - name: config configMap: name: loki items: - key: "config.yaml" path: "config.yaml" - name: runtime-config configMap: name: loki-runtime - name: sc-rules-volume emptyDir: {} - name: sc-rules-temp emptyDir: {} containers: - name: loki image: docker.io/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent args: - -config.file=/etc/loki/config/config.yaml - -config.expand-env=true - -target=all ports: - name: http-metrics containerPort: 3100 protocol: TCP - name: grpc containerPort: 9095 protocol: TCP - name: http-memberlist containerPort: 7946 protocol: TCP env: - name: GOGC value: "80" - name: HASH_RING_INSTANCE_ADDR valueFrom: fieldRef: fieldPath: status.podIP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault livenessProbe: failureThreshold: 10 httpGet: path: /loki/api/v1/status/buildinfo port: http-metrics periodSeconds: 30 successThreshold: 1 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: path: /ready port: http-metrics initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 volumeMounts: - name: config mountPath: /etc/loki/config - name: runtime-config mountPath: /etc/loki/runtime-config - name: storage mountPath: /var/loki - name: temp mountPath: /tmp - name: sc-rules-volume mountPath: "/rules" resources: requests: cpu: 100m memory: 800Mi - name: loki-sc-rules image: docker.io/kiwigrid/k8s-sidecar:2.7.1 imagePullPolicy: IfNotPresent ports: - name: http-sidecar containerPort: 8080 protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: http-sidecar initialDelaySeconds: 30 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: http-sidecar initialDelaySeconds: 3 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 env: - name: METHOD value: WATCH - name: LABEL value: "loki_rule" - name: FOLDER value: "/rules" - name: RESOURCE value: "both" - name: WATCH_SERVER_TIMEOUT value: "60" - name: WATCH_CLIENT_TIMEOUT value: "60" - name: LOG_LEVEL value: "INFO" - name: HEALTH_PORT value: "8080" volumeMounts: - name: sc-rules-temp mountPath: /tmp - name: sc-rules-volume mountPath: "/rules" volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: storage spec: accessModes: - ReadWriteOnce storageClassName: synology-iscsi-delete resources: requests: storage: "150Gi"