K8s 部署 Loki(Helm方式)
myluzh 发布于 阅读:234 Kubernetes
安装 loki
下载loki helm chart
# add repo
root@iZbp12bkuvg20e1j3y9gtxZ:~/k8s-yaml# helm repo add grafana https://grafana.github.io/helm-charts
"grafana" has been added to your repositories
# pull loki chart
root@iZbp12bkuvg20e1j3y9gtxZ:~/k8s-yaml# helm pull grafana/loki --untar
# edit loki values.yaml
root@iZbp12bkuvg20e1j3y9gtxZ:~/k8s-yaml# cd loki/ && ls
Chart.lock Chart.yaml distributed-values.yaml Makefile reference.md.gotmpl simple-scalable-values.yaml src test values.yaml
charts CONTRIBUTING.md docs README.md scenarios single-binary-values.yaml templates values.schema.json
自定义loki values.yaml
auth_enabled是关闭认证,然后就是配置下对象存储地址 ak,sk,把镜像地址改成私有仓的就可以了。
# mv values.yaml values.yaml.bak && vi values.yaml
loki:
auth_enabled: false
image:
registry: registry.sxhlcloud.com:5443
repository: base/grafana/loki
tag: 3.5.9
commonConfig:
replication_factor: 1
schemaConfig:
configs:
- from: "2024-04-01"
store: tsdb
object_store: s3
schema: v13
index:
prefix: loki_index_
period: 24h
pattern_ingester:
enabled: true
limits_config:
allow_structured_metadata: true
volume_enabled: true
retention_period: 336h
storage:
type: s3
bucketNames:
chunks: sxhl-prod-loki
ruler: sxhl-prod-loki
admin: sxhl-prod-loki
s3:
endpoint: https://oss-cn-hangzhou-internal.aliyuncs.com
region: cn-hangzhou
accessKeyId: "LTAI5txxxxxxxxxPGLVn"
secretAccessKey: "TVP3OZ6oxxxxxxq0w2UfHe"
s3ForcePathStyle: false
insecure: false
minio: { enabled: false }
deploymentMode: SingleBinary
singleBinary:
replicas: 1
persistence:
storageClass: nfs-storage
accessModes: [ "ReadWriteOnce" ]
size: 30Gi
# --- 高级功能配置 (镜像地址已改为私有仓库) ---
gateway:
enabled: true
image:
registry: registry.sxhlcloud.com:5443
repository: base/nginxinc/nginx-unprivileged
tag: 1.27-alpine
memcached:
enabled: true
image:
registry: registry.sxhlcloud.com:5443
repository: base/memcached
tag: 1.6.40-alpine
memcachedExporter:
enabled: true
image:
registry: registry.sxhlcloud.com:5443
repository: base/prom/memcached-exporter
tag: v0.15.4
lokiCanary:
enabled: true
image:
registry: registry.sxhlcloud.com:5443
repository: base/grafana/loki-canary
tag: 3.5.9
sidecar:
image:
registry: registry.sxhlcloud.com:5443
repository: base/kiwigrid/k8s-sidecar
tag: 1.28.4
# --- 关闭微服务 ---
backend: { replicas: 0 }
read: { replicas: 0 }
write: { replicas: 0 }
ingester: { replicas: 0 }
querier: { replicas: 0 }
queryFrontend: { replicas: 0 }
queryScheduler: { replicas: 0 }
distributor: { replicas: 0 }
compactor: { replicas: 0 }
indexGateway: { replicas: 0 }
bloomCompactor: { replicas: 0 }
bloomGateway: { replicas: 0 }部署loki
root@iZbp12bkuvg20e1j3y9gtxZ:~/k8s-yaml/loki# helm install loki grafana/loki -f values.yaml -n loki --create-namespace
NAME: loki
LAST DEPLOYED: Thu Dec 25 09:14:54 2025
NAMESPACE: loki
STATUS: deployed
REVISION: 1
NOTES:
***********************************************************************
Welcome to Grafana Loki
Chart version: 6.49.0
Chart Name: loki
Loki version: 3.6.3
***********************************************************************
** Please be patient while the chart is being deployed **
Tip:
Watch the deployment status using the command: kubectl get pods -w --namespace loki
If pods are taking too long to schedule make sure pod affinity can be fulfilled in the current cluster.
***********************************************************************
Installed components:
***********************************************************************
* loki
Loki has been deployed as a single binary.
This means a single pod is handling reads and writes. You can scale that pod vertically by adding more CPU and memory resources.
***********************************************************************
Sending logs to Loki
***********************************************************************
Loki has been configured with a gateway (nginx) to support reads and writes from a single component.
You can send logs from inside the cluster using the cluster DNS:
http://loki-gateway.loki.svc.cluster.local/loki/api/v1/push
You can test to send data from outside the cluster by port-forwarding the gateway to your local machine:
kubectl port-forward --namespace loki svc/loki-gateway 3100:80 &
And then using http://127.0.0.1:3100/loki/api/v1/push URL as shown below:
\`\`\`
curl -H "Content-Type: application/json" -XPOST -s "http://127.0.0.1:3100/loki/api/v1/push" \
--data-raw "{\"streams\": [{\"stream\": {\"job\": \"test\"}, \"values\": [[\"$(date +%s)000000000\", \"fizzbuzz\"]]}]}" \
-H X-Scope-OrgId:foo
\`\`\`
Then verify that Loki did receive the data using the following command:
\`\`\`
curl "http://127.0.0.1:3100/loki/api/v1/query_range" --data-urlencode 'query={job="test"}' -H X-Scope-OrgId:foo | jq .data.result
\`\`\`
***********************************************************************
Connecting Grafana to Loki
***********************************************************************
If Grafana operates within the cluster, you'll set up a new Loki datasource by utilizing the following URL:
http://loki-gateway.loki.svc.cluster.local/
***********************************************************************
Multi-tenancy
***********************************************************************
Loki is configured with auth enabled (multi-tenancy) and expects tenant headers (`X-Scope-OrgID`) to be set for all API calls.
You must configure Grafana's Loki datasource using the `HTTP Headers` section with the `X-Scope-OrgID` to target a specific tenant.
For each tenant, you can create a different datasource.
The agent of your choice must also be configured to propagate this header.
For example, when using Promtail you can use the `tenant` stage. https://grafana.com/docs/loki/latest/send-data/promtail/stages/tenant/
When not provided with the `X-Scope-OrgID` while auth is enabled, Loki will reject reads and writes with a 404 status code `no org id`.
You can also use a reverse proxy, to automatically add the `X-Scope-OrgID` header as suggested by https://grafana.com/docs/loki/latest/operations/authentication/
For more information, read our documentation about multi-tenancy: https://grafana.com/docs/loki/latest/operations/multi-tenancy/
> When using curl you can pass `X-Scope-OrgId` header using `-H X-Scope-OrgId:foo` option, where foo can be replaced with the tenant of your choice.测试
由于loki开启了gatway,所以grafana配置数据源的时候,只需要填入http://loki-gateway.loki.svc.cluster.local/即可
root@iZbp12bkuvg20e1j3y9gtxZ:~/k8s-yaml/loki# kubectl get pod -n loki
NAME READY STATUS RESTARTS AGE
loki-0 2/2 Running 0 2m48s
loki-canary-4cj5z 1/1 Running 0 2m48s
loki-canary-hmzc7 1/1 Running 0 2m48s
loki-canary-r9twc 1/1 Running 0 2m48s
loki-canary-t4jks 1/1 Running 0 2m48s
loki-canary-xjgg6 1/1 Running 0 2m48s
loki-chunks-cache-0 2/2 Running 0 2m48s
loki-gateway-786864964b-rcnf8 1/1 Running 0 2m48s
loki-results-cache-0 2/2 Running 0 2m48s
root@iZbp12bkuvg20e1j3y9gtxZ:~/k8s-yaml/loki# kubectl get svc -n loki
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
loki ClusterIP 10.43.227.111 <none> 3100/TCP,9095/TCP 5m5s
loki-canary ClusterIP 10.43.232.124 <none> 3500/TCP 5m5s
loki-chunks-cache ClusterIP None <none> 11211/TCP,9150/TCP 5m5s
loki-gateway ClusterIP 10.43.26.48 <none> 80/TCP 5m5s
loki-headless ClusterIP None <none> 3100/TCP 5m5s
loki-memberlist ClusterIP None <none> 7946/TCP 5m5s
loki-results-cache ClusterIP None <none> 11211/TCP,9150/TCP 5m5s