From dd57de1e949deddd1d927d607f2422e93f252ce8 Mon Sep 17 00:00:00 2001 From: Jayclifford345 Date: Tue, 8 Oct 2024 13:44:37 +0100 Subject: [PATCH] added Poyzans recommendations --- .../install/helm/install-microservices/_index.md | 4 +++- .../setup/install/helm/install-scalable/aws.md | 16 +++++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/docs/sources/setup/install/helm/install-microservices/_index.md b/docs/sources/setup/install/helm/install-microservices/_index.md index c83e011ca432b..e9c59fba4c45d 100644 --- a/docs/sources/setup/install/helm/install-microservices/_index.md +++ b/docs/sources/setup/install/helm/install-microservices/_index.md @@ -88,7 +88,7 @@ We do not recommended to run Microservice mode with `filesystem` storage. For th queryScheduler: replicas: 2 distributor: - replicas: 3 # To ensure data durability with replication + replicas: 3 maxUnavailable: 2 compactor: replicas: 1 @@ -196,6 +196,8 @@ loki: region: bucketnames: loki-aws-bucket # Define your AWS bucket here s3forcepathstyle: false + ingester: + chunk_encoding: snappy pattern_ingester: enabled: true limits_config: diff --git a/docs/sources/setup/install/helm/install-scalable/aws.md b/docs/sources/setup/install/helm/install-scalable/aws.md index 37b3451f5c433..396b764222ef2 100644 --- a/docs/sources/setup/install/helm/install-scalable/aws.md +++ b/docs/sources/setup/install/helm/install-scalable/aws.md @@ -92,19 +92,19 @@ eksctl utils associate-iam-oidc-provider --cluster loki --approve ## Create three S3 buckets -{{< admonition type="WARNING" >}} +{{< admonition type="warning" >}} **DO NOT** use the default bucket names; `chunk`, `ruler` and `admin`. Choose a **unique** name for each bucket. For more information see the following [security update](https://grafana.com/blog/2024/06/27/grafana-security-update-grafana-loki-and-unintended-data-write-attempts-to-amazon-s3-buckets/). {{< /admonition >}} -Before deploying Loki, you need to create two S3 buckets; one to store logs (chunks), the second to store alert rules. You can create the bucket using the AWS Management Console or the AWS CLI. The bucket name must be globally unique. For this guide, we will use the bucket names `loki-aws-dev-chunks` and `loki-aws-dev-ruler` **but you should choose your own unique names when creating your own buckets**. +Before deploying Loki, you need to create two S3 buckets; one to store logs (chunks), the second to store alert rules. You can create the bucket using the AWS Management Console or the AWS CLI. The bucket name must be globally unique. {{}} GEL customers will require a third bucket to store the admin data. This bucket is not required for OSS users. {{}} ```bash -aws s3api create-bucket --bucket loki-aws-dev-chunks --region eu-west-2 --create-bucket-configuration LocationConstraint=eu-west-2 \ -aws s3api create-bucket --bucket loki-aws-dev-ruler --region eu-west-2 --create-bucket-configuration LocationConstraint=eu-west-2 +aws s3api create-bucket --bucket --region --create-bucket-configuration LocationConstraint= \ +aws s3api create-bucket --bucket --region --create-bucket-configuration LocationConstraint= ``` Make sure to replace the region and bucket name with your desired values. We will revisit the bucket policy later in this guide. @@ -223,7 +223,7 @@ To allow the IAM role to access the S3 buckets, you need to add the policy to th 1. Add the policy to the bucket: ```bash - aws s3api put-bucket-policy --bucket loki-aws-dev-chunk --policy file://bucket-policy-chunk.json + aws s3api put-bucket-policy --bucket --policy file://bucket-policy-chunk.json ``` 1. Create a bucket policy file named `bucket-policy-ruler.json` with the following content: @@ -256,7 +256,7 @@ To allow the IAM role to access the S3 buckets, you need to add the policy to th 1. Add the policy to the bucket: ```bash - aws s3api put-bucket-policy --bucket loki-aws-dev-ruler --policy file://bucket-policy-ruler.json + aws s3api put-bucket-policy --bucket --policy file://bucket-policy-ruler.json ``` ## Deploying the Helm chart @@ -293,6 +293,8 @@ Create a `values.yaml` file with the following content: region: # eu-west-2 bucketnames: # Your actual S3 bucket name (loki-aws-dev-chunks) s3forcepathstyle: false + ingester: + chunk_encoding: snappy pattern_ingester: enabled: true limits_config: @@ -433,7 +435,7 @@ Now that you have created the `values.yaml` file, you can deploy Loki using the The Loki Gateway service is a LoadBalancer service that exposes the Loki gateway to the internet. This is where you will write logs to and query logs from. By default NGINX is used as the gateway. -{{< admonition type="note" >}} +{{< admonition type="caution" >}} The Loki Gateway service is exposed to the internet. It is recommended to secure the gateway with authentication. Refer to the [Authentication]({{< relref "../../../../operations/authentication" >}}) documentation for more information. {{< /admonition >}}