Skip to content

Instantly share code, notes, and snippets.

@bbenno

bbenno/mimir.yaml

Created June 27, 2024 19:29
Show Gist options
  • Save bbenno/81247c33f7e942aa20e2a00cbf8369a9 to your computer and use it in GitHub Desktop.
Save bbenno/81247c33f7e942aa20e2a00cbf8369a9 to your computer and use it in GitHub Desktop.
Download ZIP
"one-file" configuraiton of Grafana Mimir v2.12.x including default values. See also https://grafana.com/docs/mimir/latest/configure/configuration-parameters/
Raw
mimir.yaml
# Comma-separated list of components to include in the instantiated process. The
# default value 'all' includes all components that are required to form a
# functional Grafana Mimir instance in single-binary mode. Use the '-modules'
# command line flag to get a list of available components, and to see which
# components are included with 'all'.
# CLI flag: -target
#target: "all"
# When set to true, incoming HTTP requests must specify tenant ID in HTTP
# X-Scope-OrgId header. When set to false, tenant ID from -auth.no-auth-tenant
# is used instead.
# CLI flag: -auth.multitenancy-enabled
#multitenancy_enabled: true
# (advanced) Tenant ID to use when multitenancy is disabled.
# CLI flag: -auth.no-auth-tenant
#no_auth_tenant: "anonymous"
# (advanced) How long to wait between SIGTERM and shutdown. After receiving
# SIGTERM, Mimir will report not-ready status via /ready endpoint.
# CLI flag: -shutdown-delay
#shutdown_delay: 0s
# (experimental) Maximum number of groups allowed per user by which specified
# distributor and ingester metrics can be further separated.
# CLI flag: -max-separate-metrics-groups-per-user
#max_separate_metrics_groups_per_user: 1000
# (advanced) Set to true to enable all Go runtime metrics, such as go_sched_*
# and go_memstats_*.
# CLI flag: -enable-go-runtime-metrics
#enable_go_runtime_metrics: false
api:
# (advanced) Allows to skip label name validation via
# X-Mimir-SkipLabelNameValidation header on the http write path. Use with
# caution as it breaks PromQL. Allowing this for external clients allows any
# client to send invalid label names. After enabling it, requests with a
# specific HTTP header set to true will not have label names validated.
# CLI flag: -api.skip-label-name-validation-header-enabled
#skip_label_name_validation_header_enabled: false
# (deprecated) If true, store metadata when ingesting metrics via OTLP. This
# makes metric descriptions and types available for metrics ingested via OTLP.
# CLI flag: -distributor.enable-otlp-metadata-storage
#enable_otel_metadata_translation: true
# (advanced) HTTP URL path under which the Alertmanager ui and api will be
# served.
# CLI flag: -http.alertmanager-http-prefix
#alertmanager_http_prefix: "/alertmanager"
# (advanced) HTTP URL path under which the Prometheus api will be served.
# CLI flag: -http.prometheus-http-prefix
#prometheus_http_prefix: "/prometheus"
# The server block configures the HTTP and gRPC server of the launched
# service(s).
server: # Optional
# (advanced) HTTP server listen network, default tcp
# CLI flag: -server.http-listen-network
#http_listen_network: "tcp"
# HTTP server listen address.
# CLI flag: -server.http-listen-address
#http_listen_address: ""
# HTTP server listen port.
# CLI flag: -server.http-listen-port
#http_listen_port: 8080
# (advanced) Maximum number of simultaneous http connections, <=0 to disable
# CLI flag: -server.http-conn-limit
#http_listen_conn_limit: 0
# (advanced) gRPC server listen network
# CLI flag: -server.grpc-listen-network
#grpc_listen_network: "tcp"
# gRPC server listen address.
# CLI flag: -server.grpc-listen-address
#grpc_listen_address: ""
# gRPC server listen port.
# CLI flag: -server.grpc-listen-port
#grpc_listen_port: 9095
# (advanced) Maximum number of simultaneous grpc connections, <=0 to disable
# CLI flag: -server.grpc-conn-limit
#grpc_listen_conn_limit: 0
# Comma-separated list of cipher suites to use. If blank, the default Go cipher
# suites is used.
# CLI flag: -server.tls-cipher-suites
#tls_cipher_suites: ""
# Minimum TLS version to use. Allowed values: VersionTLS10, VersionTLS11,
# VersionTLS12, VersionTLS13. If blank, the Go TLS minimum version is used.
# CLI flag: -server.tls-min-version
#tls_min_version: ""
http_tls_config:
# Server TLS certificate. This configuration parameter is YAML only.
#cert: ""
# Server TLS key. This configuration parameter is YAML only.
#key: ""
# Root certificate authority used to verify client certificates. This
# configuration parameter is YAML only.
#client_ca: ""
# (advanced) HTTP server cert path.
# CLI flag: -server.http-tls-cert-path
#cert_file: ""
# (advanced) HTTP server key path.
# CLI flag: -server.http-tls-key-path
#key_file: ""
# (advanced) HTTP TLS Client Auth type.
# CLI flag: -server.http-tls-client-auth
#client_auth_type: ""
# (advanced) HTTP TLS Client CA path.
# CLI flag: -server.http-tls-ca-path
#client_ca_file: ""
grpc_tls_config:
# Server TLS certificate. This configuration parameter is YAML only.
#cert: ""
# Server TLS key. This configuration parameter is YAML only.
#key: ""
# Root certificate authority used to verify client certificates. This
# configuration parameter is YAML only.
#client_ca: ""
# (advanced) GRPC TLS server cert path.
# CLI flag: -server.grpc-tls-cert-path
#cert_file: ""
# (advanced) GRPC TLS server key path.
# CLI flag: -server.grpc-tls-key-path
#key_file: ""
# (advanced) GRPC TLS Client Auth type.
# CLI flag: -server.grpc-tls-client-auth
#client_auth_type: ""
# (advanced) GRPC TLS Client CA path.
# CLI flag: -server.grpc-tls-ca-path
#client_ca_file: ""
# (advanced) Register the intrumentation handlers (/metrics etc).
# CLI flag: -server.register-instrumentation
#register_instrumentation: true
# If set to true, gRPC statuses will be reported in instrumentation labels with
# their string representations. Otherwise, they will be reported as "error".
# CLI flag: -server.report-grpc-codes-in-instrumentation-label-enabled
#report_grpc_codes_in_instrumentation_label_enabled: true
# (advanced) Timeout for graceful shutdowns
# CLI flag: -server.graceful-shutdown-timeout
#graceful_shutdown_timeout: 30s
# (advanced) Read timeout for entire HTTP request, including headers and body.
# CLI flag: -server.http-read-timeout
#http_server_read_timeout: 30s
# Read timeout for HTTP request headers. If set to 0, value of
# -server.http-read-timeout is used.
# CLI flag: -server.http-read-header-timeout
#http_server_read_header_timeout: 0s
# (advanced) Write timeout for HTTP server
# CLI flag: -server.http-write-timeout
#http_server_write_timeout: 2m
# (advanced) Idle timeout for HTTP server
# CLI flag: -server.http-idle-timeout
#http_server_idle_timeout: 2m
# Log closed connections that did not receive any response, most likely because
# client didn't send any request within timeout.
# CLI flag: -server.http-log-closed-connections-without-response-enabled
#http_log_closed_connections_without_response_enabled: false
# (advanced) Limit on the size of a gRPC message this server can receive
# (bytes).
# CLI flag: -server.grpc-max-recv-msg-size-bytes
#grpc_server_max_recv_msg_size: 104857600
# (advanced) Limit on the size of a gRPC message this server can send (bytes).
# CLI flag: -server.grpc-max-send-msg-size-bytes
#grpc_server_max_send_msg_size: 104857600
# (advanced) Limit on the number of concurrent streams for gRPC calls per client
# connection (0 = unlimited)
# CLI flag: -server.grpc-max-concurrent-streams
#grpc_server_max_concurrent_streams: 100
# (advanced) The duration after which an idle connection should be closed.
# Default: infinity
# CLI flag: -server.grpc.keepalive.max-connection-idle
#grpc_server_max_connection_idle: 2562047h47m16.854775807s
# (advanced) The duration for the maximum amount of time a connection may exist
# before it will be closed. Default: infinity
# CLI flag: -server.grpc.keepalive.max-connection-age
#grpc_server_max_connection_age: 2562047h47m16.854775807s
# (advanced) An additive period after max-connection-age after which the
# connection will be forcibly closed. Default: infinity
# CLI flag: -server.grpc.keepalive.max-connection-age-grace
#grpc_server_max_connection_age_grace: 2562047h47m16.854775807s
# (advanced) Duration after which a keepalive probe is sent in case of no
# activity over the connection., Default: 2h
# CLI flag: -server.grpc.keepalive.time
#grpc_server_keepalive_time: 2h
# (advanced) After having pinged for keepalive check, the duration after which
# an idle connection should be closed, Default: 20s
# CLI flag: -server.grpc.keepalive.timeout
#grpc_server_keepalive_timeout: 20s
# (advanced) Minimum amount of time a client should wait before sending a
# keepalive ping. If client sends keepalive ping more often, server will send
# GOAWAY and close the connection.
# CLI flag: -server.grpc.keepalive.min-time-between-pings
#grpc_server_min_time_between_pings: 10s
# (advanced) If true, server allows keepalive pings even when there are no
# active streams(RPCs). If false, and client sends ping when there are no active
# streams, server will send GOAWAY and close the connection.
# CLI flag: -server.grpc.keepalive.ping-without-stream-allowed
#grpc_server_ping_without_stream_allowed: true
# (advanced) If non-zero, configures the amount of GRPC server workers used to
# serve the requests.
# CLI flag: -server.grpc.num-workers
#grpc_server_num_workers: 100
# Output log messages in the given format. Valid formats: [logfmt, json]
# CLI flag: -log.format
#log_format: "logfmt"
# Only log messages with the given severity or above. Valid levels: [debug,
# info, warn, error]
# CLI flag: -log.level
#log_level: "info"
# (advanced) Optionally log the source IPs.
# CLI flag: -server.log-source-ips-enabled
#log_source_ips_enabled: false
# Log all source IPs instead of only the originating one. Only used if
# server.log-source-ips-enabled is true
# CLI flag: -server.log-source-ips-full
#log_source_ips_full: false
# (advanced) Header field storing the source IPs. Only used if
# server.log-source-ips-enabled is true. If not set the default Forwarded,
# X-Real-IP and X-Forwarded-For headers are used
# CLI flag: -server.log-source-ips-header
#log_source_ips_header: ""
# (advanced) Regex for matching the source IPs. Only used if
# server.log-source-ips-enabled is true. If not set the default Forwarded,
# X-Real-IP and X-Forwarded-For headers are used
# CLI flag: -server.log-source-ips-regex
#log_source_ips_regex: ""
# Optionally log request headers.
# CLI flag: -server.log-request-headers
#log_request_headers: false
# (advanced) Optionally log requests at info level instead of debug level.
# Applies to request headers as well if server.log-request-headers is enabled.
# CLI flag: -server.log-request-at-info-level-enabled
#log_request_at_info_level_enabled: false
# Comma separated list of headers to exclude from loggin. Only used if
# server.log-request-headers is true.
# CLI flag: -server.log-request-headers-exclude-list
#log_request_exclude_headers_list: ""
# (advanced) Base path to serve all API routes from (e.g. /v1/)
# CLI flag: -server.path-prefix
#http_path_prefix: ""
# The distributor block configures the distributor.
distributor: # Optional
pool:
# (advanced) How frequently to clean up clients for ingesters that have gone
# away.
# CLI flag: -distributor.client-cleanup-period
#client_cleanup_period: 15s
# (advanced) Run a health check on each ingester client during periodic
# cleanup.
# CLI flag: -distributor.health-check-ingesters
#health_check_ingesters: true
retry_after_header:
# (experimental) Enabled controls inclusion of the Retry-After header in the
# response: true includes it for client retry guidance, false omits it.
# CLI flag: -distributor.retry-after-header.enabled
#enabled: false
# (experimental) Base duration in seconds for calculating the Retry-After
# header in responses to 429/5xx errors.
# CLI flag: -distributor.retry-after-header.base-seconds
#base_seconds: 3
# (experimental) Sets the upper limit on the number of Retry-Attempt
# considered for calculation. It caps the Retry-Attempt header without
# rejecting additional attempts, controlling exponential backoff calculations.
# For example, when the base-seconds is set to 3 and max-backoff-exponent to
# 5, the maximum retry duration would be 3 * 2^5 = 96 seconds.
# CLI flag: -distributor.retry-after-header.max-backoff-exponent
#max_backoff_exponent: 5
ha_tracker:
# Enable the distributors HA tracker so that it can accept samples from
# Prometheus HA replicas gracefully (requires labels).
# CLI flag: -distributor.ha-tracker.enable
#enable_ha_tracker: false
# (advanced) Update the timestamp in the KV store for a given cluster/replica
# only after this amount of time has passed since the current stored
# timestamp.
# CLI flag: -distributor.ha-tracker.update-timeout
#ha_tracker_update_timeout: 15s
# (advanced) Maximum jitter applied to the update timeout, in order to spread
# the HA heartbeats over time.
# CLI flag: -distributor.ha-tracker.update-timeout-jitter-max
#ha_tracker_update_timeout_jitter_max: 5s
# (advanced) If we don't receive any samples from the accepted replica for a
# cluster in this amount of time we will failover to the next replica we
# receive a sample from. This value must be greater than the update timeout
# CLI flag: -distributor.ha-tracker.failover-timeout
#ha_tracker_failover_timeout: 30s
# Backend storage to use for the ring. Please be aware that memberlist is not
# supported by the HA tracker since gossip propagation is too slow for HA
# purposes.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -distributor.ha-tracker.store
#store: "consul"
# (advanced) The prefix for the keys in the store. Should end with a /.
# CLI flag: -distributor.ha-tracker.prefix
#prefix: "ha-tracker/"
# The consul block configures the consul client.
# The CLI flags prefix for this block configuration is:
# distributor.ha-tracker
#consul: <consul>
# The etcd block configures the etcd client.
# The CLI flags prefix for this block configuration is:
# distributor.ha-tracker
#etcd: <etcd>
multi:
# (advanced) Primary backend storage used by multi-client.
# CLI flag: -distributor.ha-tracker.multi.primary
#primary: ""
# (advanced) Secondary backend storage used by multi-client.
# CLI flag: -distributor.ha-tracker.multi.secondary
#secondary: ""
# (advanced) Mirror writes to secondary store.
# CLI flag: -distributor.ha-tracker.multi.mirror-enabled
#mirror_enabled: false
# (advanced) Timeout for storing value to secondary store.
# CLI flag: -distributor.ha-tracker.multi.mirror-timeout
#mirror_timeout: 2s
# (advanced) Max message size in bytes that the distributors will accept for
# incoming push requests to the remote write API. If exceeded, the request will
# be rejected.
# CLI flag: -distributor.max-recv-msg-size
#max_recv_msg_size: 104857600
# (advanced) Timeout for downstream ingesters.
# CLI flag: -distributor.remote-timeout
#remote_timeout: 2s
ring:
# The key-value store used to share the hash ring across multiple instances.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -distributor.ring.store
#store: "memberlist"
# (advanced) The prefix for the keys in the store. Should end with a /.
# CLI flag: -distributor.ring.prefix
#prefix: "collectors/"
# The consul block configures the consul client.
# The CLI flags prefix for this block configuration is: distributor.ring
#consul: <consul>
# The etcd block configures the etcd client.
# The CLI flags prefix for this block configuration is: distributor.ring
#etcd: <etcd>
multi:
# (advanced) Primary backend storage used by multi-client.
# CLI flag: -distributor.ring.multi.primary
#primary: ""
# (advanced) Secondary backend storage used by multi-client.
# CLI flag: -distributor.ring.multi.secondary
#secondary: ""
# (advanced) Mirror writes to secondary store.
# CLI flag: -distributor.ring.multi.mirror-enabled
#mirror_enabled: false
# (advanced) Timeout for storing value to secondary store.
# CLI flag: -distributor.ring.multi.mirror-timeout
#mirror_timeout: 2s
# (advanced) Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -distributor.ring.heartbeat-period
#heartbeat_period: 15s
# (advanced) The heartbeat timeout after which distributors are considered
# unhealthy within the ring. 0 = never (timeout disabled).
# CLI flag: -distributor.ring.heartbeat-timeout
#heartbeat_timeout: 1m
# (advanced) Instance ID to register in the ring.
# CLI flag: -distributor.ring.instance-id
#instance_id: "<hostname>"
# List of network interface names to look up when finding the instance IP
# address.
# CLI flag: -distributor.ring.instance-interface-names
#instance_interface_names: [<private network interfaces>]
# (advanced) Port to advertise in the ring (defaults to
# -server.grpc-listen-port).
# CLI flag: -distributor.ring.instance-port
#instance_port: 0
# (advanced) IP address to advertise in the ring. Default is auto-detected.
# CLI flag: -distributor.ring.instance-addr
#instance_addr: ""
# (advanced) Enable using a IPv6 instance address. (default false)
# CLI flag: -distributor.ring.instance-enable-ipv6
#instance_enable_ipv6: false
instance_limits:
# (advanced) Max ingestion rate (samples/sec) that this distributor will
# accept. This limit is per-distributor, not per-tenant. Additional push
# requests will be rejected. Current ingestion rate is computed as
# exponentially weighted moving average, updated every second. 0 = unlimited.
# CLI flag: -distributor.instance-limits.max-ingestion-rate
#max_ingestion_rate: 0
# (advanced) Max inflight push requests that this distributor can handle. This
# limit is per-distributor, not per-tenant. Additional requests will be
# rejected. 0 = unlimited.
# CLI flag: -distributor.instance-limits.max-inflight-push-requests
#max_inflight_push_requests: 2000
# (advanced) The sum of the request sizes in bytes of inflight push requests
# that this distributor can handle. This limit is per-distributor, not
# per-tenant. Additional requests will be rejected. 0 = unlimited.
# CLI flag: -distributor.instance-limits.max-inflight-push-requests-bytes
#max_inflight_push_requests_bytes: 0
# (experimental) Enable pooling of buffers used for marshaling write requests.
# CLI flag: -distributor.write-requests-buffer-pooling-enabled
#write_requests_buffer_pooling_enabled: true
# (deprecated) When enabled, in-flight write requests limit is checked as soon
# as the gRPC request is received, before the request is decoded and parsed.
# CLI flag: -distributor.limit-inflight-requests-using-grpc-method-limiter
#limit_inflight_requests_using_grpc_method_limiter: true
# (advanced) Number of pre-allocated workers used to forward push requests to
# the ingesters. If 0, no workers will be used and a new goroutine will be
# spawned for each ingester push request. If not enough workers available, new
# goroutine will be spawned. (Note: this is a performance optimization, not a
# limiting feature.)
# CLI flag: -distributor.reusable-ingester-push-workers
#reusable_ingester_push_workers: 2000
# The querier block configures the querier.
querier: # Optional
# (advanced) The time after which a metric should be queried from storage and
# not just ingesters. 0 means all queries are sent to store. If this option is
# enabled, the time range of the query sent to the store-gateway will be
# manipulated to ensure the query end is not more recent than 'now -
# query-store-after'.
# CLI flag: -querier.query-store-after
#query_store_after: 12h
# (deprecated) Maximum duration into the future you can query. 0 to disable.
# CLI flag: -querier.max-query-into-future
#max_query_into_future: 10m
store_gateway_client:
# (advanced) Enable TLS for gRPC client connecting to store-gateway.
# CLI flag: -querier.store-gateway-client.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -querier.store-gateway-client.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -querier.store-gateway-client.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate
# against. If not set, the host's root CA certificates are used.
# CLI flag: -querier.store-gateway-client.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -querier.store-gateway-client.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -querier.store-gateway-client.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -querier.store-gateway-client.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -querier.store-gateway-client.tls-min-version
#tls_min_version: ""
# (advanced) Fetch in-memory series from the minimum set of required ingesters,
# selecting only ingesters which may have received series since
# -querier.query-ingesters-within. If this setting is false or
# -querier.query-ingesters-within is '0', queriers always query all ingesters
# (ingesters shuffle sharding on read path is disabled).
# CLI flag: -querier.shuffle-sharding-ingesters-enabled
#shuffle_sharding_ingesters_enabled: true
# (experimental) Request store-gateways stream chunks. Store-gateways will only
# respond with a stream of chunks if the target store-gateway supports this, and
# this preference will be ignored by store-gateways that do not support this.
# CLI flag: -querier.prefer-streaming-chunks-from-store-gateways
#prefer_streaming_chunks_from_store_gateways: false
# (advanced) Number of series to buffer per ingester when streaming chunks from
# ingesters.
# CLI flag: -querier.streaming-chunks-per-ingester-buffer-size
#streaming_chunks_per_ingester_series_buffer_size: 256
# (experimental) Number of series to buffer per store-gateway when streaming
# chunks from store-gateways.
# CLI flag: -querier.streaming-chunks-per-store-gateway-buffer-size
#streaming_chunks_per_store_gateway_series_buffer_size: 256
# (advanced) If true, when querying ingesters, only the minimum required
# ingesters required to reach quorum will be queried initially, with other
# ingesters queried only if needed due to failures from the initial set of
# ingesters. Enabling this option reduces resource consumption for the happy
# path at the cost of increased latency for the unhappy path.
# CLI flag: -querier.minimize-ingester-requests
#minimize_ingester_requests: true
# (advanced) Delay before initiating requests to further ingesters when request
# minimization is enabled and the initially selected set of ingesters have not
# all responded. Ignored if -querier.minimize-ingester-requests is not enabled.
# CLI flag: -querier.minimize-ingester-requests-hedging-delay
#minimize_ingester_requests_hedging_delay: 3s
# The number of workers running in each querier process. This setting limits the
# maximum number of concurrent queries in each querier.
# CLI flag: -querier.max-concurrent
#max_concurrent: 20
# The timeout for a query. This config option should be set on query-frontend
# too when query sharding is enabled. This also applies to queries evaluated by
# the ruler (internally or remotely).
# CLI flag: -querier.timeout
#timeout: 2m
# Maximum number of samples a single query can load into memory. This config
# option should be set on query-frontend too when query sharding is enabled.
# CLI flag: -querier.max-samples
#max_samples: 50000000
# (advanced) The default evaluation interval or step size for subqueries. This
# config option should be set on query-frontend too when query sharding is
# enabled.
# CLI flag: -querier.default-evaluation-interval
#default_evaluation_interval: 1m
# (advanced) Time since the last sample after which a time series is considered
# stale and ignored by expression evaluations. This config option should be set
# on query-frontend too when query sharding is enabled.
# CLI flag: -querier.lookback-delta
#lookback_delta: 5m
# (experimental) Enable experimental PromQL functions. This config option should
# be set on query-frontend too when query sharding is enabled.
# CLI flag: -querier.promql-experimental-functions-enabled
#promql_experimental_functions_enabled: false
# The ingester_client block configures how the distributors connect to the
# ingesters.
ingester_client: # Optional
# Configures the gRPC client used to communicate with ingesters from
# distributors, queriers and rulers.
# The CLI flags prefix for this block configuration is: ingester.client
#grpc_client_config: <grpc_client>
circuit_breaker:
# (experimental) Enable circuit breaking when making requests to ingesters
# CLI flag: -ingester.client.circuit-breaker.enabled
#enabled: false
# (experimental) Max percentage of requests that can fail over period before
# the circuit breaker opens
# CLI flag: -ingester.client.circuit-breaker.failure-threshold
#failure_threshold: 10
# (experimental) How many requests must have been executed in period for the
# circuit breaker to be eligible to open for the rate of failures
# CLI flag: -ingester.client.circuit-breaker.failure-execution-threshold
#failure_execution_threshold: 100
# (experimental) Moving window of time that the percentage of failed requests
# is computed over
# CLI flag: -ingester.client.circuit-breaker.thresholding-period
#thresholding_period: 1m
# (experimental) How long the circuit breaker will stay in the open state
# before allowing some requests
# CLI flag: -ingester.client.circuit-breaker.cooldown-period
#cooldown_period: 10s
# (deprecated) If set to true, gRPC status codes will be reported in
# "status_code" label of "cortex_ingester_client_request_duration_seconds"
# metric. Otherwise, they will be reported as "error"
# CLI flag: -ingester.client.report-grpc-codes-in-instrumentation-label-enabled
#report_grpc_codes_in_instrumentation_label_enabled: true
# The ingester block configures the ingester.
ingester: # Optional
ring:
# The key-value store used to share the hash ring across multiple instances.
# This option needs be set on ingesters, distributors, queriers and rulers
# when running in microservices mode.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -ingester.ring.store
#store: "memberlist"
# (advanced) The prefix for the keys in the store. Should end with a /.
# CLI flag: -ingester.ring.prefix
#prefix: "collectors/"
# The consul block configures the consul client.
# The CLI flags prefix for this block configuration is: ingester.ring
#consul: <consul>
# The etcd block configures the etcd client.
# The CLI flags prefix for this block configuration is: ingester.ring
#etcd: <etcd>
multi:
# (advanced) Primary backend storage used by multi-client.
# CLI flag: -ingester.ring.multi.primary
#primary: ""
# (advanced) Secondary backend storage used by multi-client.
# CLI flag: -ingester.ring.multi.secondary
#secondary: ""
# (advanced) Mirror writes to secondary store.
# CLI flag: -ingester.ring.multi.mirror-enabled
#mirror_enabled: false
# (advanced) Timeout for storing value to secondary store.
# CLI flag: -ingester.ring.multi.mirror-timeout
#mirror_timeout: 2s
# (advanced) Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -ingester.ring.heartbeat-period
#heartbeat_period: 15s
# (advanced) The heartbeat timeout after which ingesters are skipped for
# reads/writes. 0 = never (timeout disabled). This option needs be set on
# ingesters, distributors, queriers and rulers when running in microservices
# mode.
# CLI flag: -ingester.ring.heartbeat-timeout
#heartbeat_timeout: 1m
# Number of ingesters that each time series is replicated to. This option
# needs be set on ingesters, distributors, queriers and rulers when running in
# microservices mode.
# CLI flag: -ingester.ring.replication-factor
#replication_factor: 3
# True to enable the zone-awareness and replicate ingested samples across
# different availability zones. This option needs be set on ingesters,
# distributors, queriers and rulers when running in microservices mode.
# CLI flag: -ingester.ring.zone-awareness-enabled
#zone_awareness_enabled: false
# (advanced) Comma-separated list of zones to exclude from the ring. Instances
# in excluded zones will be filtered out from the ring. This option needs be
# set on ingesters, distributors, queriers and rulers when running in
# microservices mode.
# CLI flag: -ingester.ring.excluded-zones
#excluded_zones: ""
# File path where tokens are stored. If empty, tokens are not stored at
# shutdown and restored at startup. Must be empty if
# -ingester.ring.token-generation-strategy is set to "spread-minimizing".
# CLI flag: -ingester.ring.tokens-file-path
#tokens_file_path: ""
# (advanced) Number of tokens for each ingester.
# CLI flag: -ingester.ring.num-tokens
#num_tokens: 128
# (advanced) Instance ID to register in the ring.
# CLI flag: -ingester.ring.instance-id
#instance_id: "<hostname>"
# (advanced) List of network interface names to look up when finding the
# instance IP address.
# CLI flag: -ingester.ring.instance-interface-names
#instance_interface_names: [<private network interfaces>]
# (advanced) Port to advertise in the ring (defaults to
# -server.grpc-listen-port).
# CLI flag: -ingester.ring.instance-port
#instance_port: 0
# (advanced) IP address to advertise in the ring. Default is auto-detected.
# CLI flag: -ingester.ring.instance-addr
#instance_addr: ""
# (advanced) Enable using a IPv6 instance address. (default false)
# CLI flag: -ingester.ring.instance-enable-ipv6
#instance_enable_ipv6: false
# (advanced) The availability zone where this instance is running.
# CLI flag: -ingester.ring.instance-availability-zone
#instance_availability_zone: ""
# (advanced) Unregister from the ring upon clean shutdown. It can be useful to
# disable for rolling restarts with consistent naming.
# CLI flag: -ingester.ring.unregister-on-shutdown
#unregister_on_shutdown: true
# (advanced) Observe tokens after generating to resolve collisions. Useful
# when using gossiping ring.
# CLI flag: -ingester.ring.observe-period
#observe_period: 0s
# (advanced) Minimum duration to wait after the internal readiness checks have
# passed but before succeeding the readiness endpoint. This is used to
# slowdown deployment controllers (eg. Kubernetes) after an instance is ready
# and before they proceed with a rolling update, to give the rest of the
# cluster instances enough time to receive ring updates.
# CLI flag: -ingester.ring.min-ready-duration
#min_ready_duration: 15s
# (advanced) Duration to sleep for before exiting, to ensure metrics are
# scraped.
# CLI flag: -ingester.ring.final-sleep
#final_sleep: 0s
# (advanced) Specifies the strategy used for generating tokens for ingesters.
# Supported values are: random,spread-minimizing.
# CLI flag: -ingester.ring.token-generation-strategy
#token_generation_strategy: "random"
# (advanced) True to allow this ingester registering tokens in the ring only
# after all previous ingesters (with ID lower than the current one) have
# already been registered. This configuration option is supported only when
# the token generation strategy is set to "spread-minimizing".
# CLI flag: -ingester.ring.spread-minimizing-join-ring-in-order
#spread_minimizing_join_ring_in_order: false
# (advanced) Comma-separated list of zones in which spread minimizing strategy
# is used for token generation. This value must include all zones in which
# ingesters are deployed, and must not change over time. This configuration is
# used only when "token-generation-strategy" is set to "spread-minimizing".
# CLI flag: -ingester.ring.spread-minimizing-zones
#spread_minimizing_zones: ""
# (advanced) Period at which metadata we have not seen will remain in memory
# before being deleted.
# CLI flag: -ingester.metadata-retain-period
#metadata_retain_period: 10m
# (advanced) Period with which to update the per-tenant ingestion rates.
# CLI flag: -ingester.rate-update-period
#rate_update_period: 15s
# (advanced) Enable tracking of active series and export them as metrics.
# CLI flag: -ingester.active-series-metrics-enabled
#active_series_metrics_enabled: true
# (advanced) How often to update active series metrics.
# CLI flag: -ingester.active-series-metrics-update-period
#active_series_metrics_update_period: 1m
# (advanced) After what time a series is considered to be inactive.
# CLI flag: -ingester.active-series-metrics-idle-timeout
#active_series_metrics_idle_timeout: 10m
# (experimental) Period with which to update the per-tenant TSDB configuration.
# CLI flag: -ingester.tsdb-config-update-period
#tsdb_config_update_period: 15s
instance_limits:
# (advanced) Max ingestion rate (samples/sec) that ingester will accept. This
# limit is per-ingester, not per-tenant. Additional push requests will be
# rejected. Current ingestion rate is computed as exponentially weighted
# moving average, updated every second. 0 = unlimited.
# CLI flag: -ingester.instance-limits.max-ingestion-rate
#max_ingestion_rate: 0
# (advanced) Max tenants that this ingester can hold. Requests from additional
# tenants will be rejected. 0 = unlimited.
# CLI flag: -ingester.instance-limits.max-tenants
#max_tenants: 0
# (advanced) Max series that this ingester can hold (across all tenants).
# Requests to create additional series will be rejected. 0 = unlimited.
# CLI flag: -ingester.instance-limits.max-series
#max_series: 0
# (advanced) Max inflight push requests that this ingester can handle (across
# all tenants). Additional requests will be rejected. 0 = unlimited.
# CLI flag: -ingester.instance-limits.max-inflight-push-requests
#max_inflight_push_requests: 30000
# (advanced) The sum of the request sizes in bytes of inflight push requests
# that this ingester can handle. This limit is per-ingester, not per-tenant.
# Additional requests will be rejected. 0 = unlimited.
# CLI flag: -ingester.instance-limits.max-inflight-push-requests-bytes
#max_inflight_push_requests_bytes: 0
# (advanced) Comma-separated list of metric names, for which the
# -ingester.max-global-series-per-metric limit will be ignored. Does not affect
# the -ingester.max-global-series-per-user limit.
# CLI flag: -ingester.ignore-series-limit-for-metric-names
#ignore_series_limit_for_metric_names: ""
# (experimental) CPU utilization limit, as CPU cores, for CPU/memory utilization
# based read request limiting. Use 0 to disable it.
# CLI flag: -ingester.read-path-cpu-utilization-limit
#read_path_cpu_utilization_limit: 0
# (experimental) Memory limit, in bytes, for CPU/memory utilization based read
# request limiting. Use 0 to disable it.
# CLI flag: -ingester.read-path-memory-utilization-limit
#read_path_memory_utilization_limit: 0
# (experimental) Enable logging of utilization based limiter CPU samples.
# CLI flag: -ingester.log-utilization-based-limiter-cpu-samples
#log_utilization_based_limiter_cpu_samples: false
# (deprecated) When enabled, in-flight write requests limit is checked as soon
# as the gRPC request is received, before the request is decoded and parsed.
# CLI flag: -ingester.limit-inflight-requests-using-grpc-method-limiter
#limit_inflight_requests_using_grpc_method_limiter: true
# (experimental) Each error will be logged once in this many times. Use 0 to log
# all of them.
# CLI flag: -ingester.error-sample-rate
#error_sample_rate: 0
# (deprecated) When enabled only gRPC errors will be returned by the ingester.
# CLI flag: -ingester.return-only-grpc-errors
#return_only_grpc_errors: true
# (experimental) When enabled, only series currently owned by ingester according
# to the ring are used when checking user per-tenant series limit.
# CLI flag: -ingester.use-ingester-owned-series-for-limits
#use_ingester_owned_series_for_limits: false
# (experimental) This option enables tracking of ingester-owned series based on
# ring state, even if -ingester.use-ingester-owned-series-for-limits is
# disabled.
# CLI flag: -ingester.track-ingester-owned-series
#track_ingester_owned_series: false
# (experimental) How often to check for ring changes and possibly recompute
# owned series as a result of detected change.
# CLI flag: -ingester.owned-series-update-interval
#owned_series_update_interval: 15s
# The flusher block configures the WAL flusher target, used to manually run
# one-time flushes when scaling down ingesters.
flusher: # Optional
# (advanced) Stop after flush has finished. If false, process will keep running,
# doing nothing.
# CLI flag: -flusher.exit-after-flush
#exit_after_flush: true
# The limits block configures default and per-tenant limits imposed by
# components.
limits: # Optional
# Per-tenant push request rate limit in requests per second. 0 to disable.
# CLI flag: -distributor.request-rate-limit
#request_rate: 0
# Per-tenant allowed push request burst size. 0 to disable.
# CLI flag: -distributor.request-burst-size
#request_burst_size: 0
# Per-tenant ingestion rate limit in samples per second.
# CLI flag: -distributor.ingestion-rate-limit
#ingestion_rate: 10000
# Per-tenant allowed ingestion burst size (in number of samples).
# CLI flag: -distributor.ingestion-burst-size
#ingestion_burst_size: 200000
# (experimental) Per-tenant burst factor which is the maximum burst size allowed
# as a multiple of the per-tenant ingestion rate, this burst-factor must be
# greater than or equal to 1. If this is set it will override the
# ingestion-burst-size option.
# CLI flag: -distributor.ingestion-burst-factor
#ingestion_burst_factor: 0
# Flag to enable, for all tenants, handling of samples with external labels
# identifying replicas in an HA Prometheus setup.
# CLI flag: -distributor.ha-tracker.enable-for-all-users
#accept_ha_samples: false
# Prometheus label to look for in samples to identify a Prometheus HA cluster.
# CLI flag: -distributor.ha-tracker.cluster
#ha_cluster_label: "cluster"
# Prometheus label to look for in samples to identify a Prometheus HA replica.
# CLI flag: -distributor.ha-tracker.replica
#ha_replica_label: "__replica__"
# Maximum number of clusters that HA tracker will keep track of for a single
# tenant. 0 to disable the limit.
# CLI flag: -distributor.ha-tracker.max-clusters
#ha_max_clusters: 100
# (advanced) This flag can be used to specify label names that to drop during
# sample ingestion within the distributor and can be repeated in order to drop
# multiple labels.
# CLI flag: -distributor.drop-label
#drop_labels: []
# Maximum length accepted for label names
# CLI flag: -validation.max-length-label-name
#max_label_name_length: 1024
# Maximum length accepted for label value. This setting also applies to the
# metric name
# CLI flag: -validation.max-length-label-value
#max_label_value_length: 2048
# Maximum number of label names per series.
# CLI flag: -validation.max-label-names-per-series
#max_label_names_per_series: 30
# Maximum length accepted for metric metadata. Metadata refers to Metric Name,
# HELP and UNIT. Longer metadata is dropped except for HELP which is truncated.
# CLI flag: -validation.max-metadata-length
#max_metadata_length: 1024
# Maximum number of buckets per native histogram sample. 0 to disable the limit.
# CLI flag: -validation.max-native-histogram-buckets
#max_native_histogram_buckets: 0
# Whether to reduce or reject native histogram samples with more buckets than
# the configured limit.
# CLI flag: -validation.reduce-native-histogram-over-max-buckets
#reduce_native_histogram_over_max_buckets: true
# (advanced) Controls how far into the future incoming samples and exemplars are
# accepted compared to the wall clock. Any sample or exemplar will be rejected
# if its timestamp is greater than '(now + grace_period)'. This configuration is
# enforced in the distributor, ingester and query-frontend (to avoid querying
# too far into the future).
# CLI flag: -validation.create-grace-period
#creation_grace_period: 10m
# (advanced) Enforce every metadata has a metric name.
# CLI flag: -validation.enforce-metadata-metric-name
#enforce_metadata_metric_name: true
# The tenant's shard size used by shuffle-sharding. This value is the total size
# of the shard (ie. it is not the number of ingesters in the shard per zone, but
# the number of ingesters in the shard across all zones, if zone-awareness is
# enabled). Must be set both on ingesters and distributors. 0 disables shuffle
# sharding.
# CLI flag: -distributor.ingestion-tenant-shard-size
#ingestion_tenant_shard_size: 0
# (experimental) List of metric relabel configurations. Note that in most
# situations, it is more effective to use metrics relabeling directly in the
# Prometheus server, e.g. remote_write.write_relabel_configs. Labels available
# during the relabeling phase and cleaned afterwards: __meta_tenant_id
#metric_relabel_configs:
# (experimental) Enable metric relabeling for the tenant. This configuration
# option can be used to forcefully disable metric relabeling on a per-tenant
# basis.
# CLI flag: -distributor.metric-relabeling-enabled
#metric_relabeling_enabled: true
# (experimental) If enabled, rate limit errors will be reported to the client
# with HTTP status code 529 (Service is overloaded). If disabled, status code
# 429 (Too Many Requests) is used. Enabling
# -distributor.retry-after-header.enabled before utilizing this option is
# strongly recommended as it helps prevent premature request retries by the
# client.
# CLI flag: -distributor.service-overload-status-code-on-rate-limit-enabled
#service_overload_status_code_on_rate_limit_enabled: false
# The maximum number of in-memory series per tenant, across the cluster before
# replication. 0 to disable.
# CLI flag: -ingester.max-global-series-per-user
#max_global_series_per_user: 150000
# The maximum number of in-memory series per metric name, across the cluster
# before replication. 0 to disable.
# CLI flag: -ingester.max-global-series-per-metric
#max_global_series_per_metric: 0
# The maximum number of in-memory metrics with metadata per tenant, across the
# cluster. 0 to disable.
# CLI flag: -ingester.max-global-metadata-per-user
#max_global_metadata_per_user: 0
# The maximum number of metadata per metric, across the cluster. 0 to disable.
# CLI flag: -ingester.max-global-metadata-per-metric
#max_global_metadata_per_metric: 0
# (experimental) The maximum number of exemplars in memory, across the cluster.
# 0 to disable exemplars ingestion.
# CLI flag: -ingester.max-global-exemplars-per-user
#max_global_exemplars_per_user: 0
# (experimental) Enable ingestion of native histogram samples. If false, native
# histogram samples are ignored without an error. To query native histograms
# with query-sharding enabled make sure to set
# -query-frontend.query-result-response-format to 'protobuf'.
# CLI flag: -ingester.native-histograms-ingestion-enabled
#native_histograms_ingestion_enabled: false
# (advanced) Additional custom trackers for active metrics. If there are active
# series matching a provided matcher (map value), the count will be exposed in
# the custom trackers metric labeled using the tracker name (map key). Zero
# valued counts are not exposed (and removed when they go back to zero).
# Example:
# The following configuration will count the active series coming from dev and
# prod namespaces for each tenant and label them as {name="dev"} and
# {name="prod"} in the cortex_ingester_active_series_custom_tracker metric.
# active_series_custom_trackers:
# dev: '{namespace=~"dev-.*"}'
# prod: '{namespace=~"prod-.*"}'
# CLI flag: -ingester.active-series-custom-trackers
#active_series_custom_trackers:
# (experimental) Non-zero value enables out-of-order support for most recent
# samples that are within the time window in relation to the TSDB's maximum
# time, i.e., within [db.maxTime-timeWindow, db.maxTime]). The ingester will
# need more memory as a factor of rate of out-of-order samples being ingested
# and the number of series that are getting out-of-order samples. If query falls
# into this window, cached results will use value from
# -query-frontend.results-cache-ttl-for-out-of-order-time-window option to
# specify TTL for resulting cache entry.
# CLI flag: -ingester.out-of-order-time-window
#out_of_order_time_window: 0s
# (experimental) Whether the shipper should label out-of-order blocks with an
# external label before uploading them. Setting this label will compact
# out-of-order blocks separately from non-out-of-order blocks
# CLI flag: -ingester.out-of-order-blocks-external-label-enabled
#out_of_order_blocks_external_label_enabled: false
# (experimental) Label used to define the group label for metrics separation.
# For each write request, the group is obtained from the first non-empty group
# label from the first timeseries in the incoming list of timeseries. Specific
# distributor and ingester metrics will be further separated adding a 'group'
# label with group label's value. Currently applies to the following metrics:
# cortex_discarded_samples_total
# CLI flag: -validation.separate-metrics-group-label
#separate_metrics_group_label: ""
# Maximum number of chunks that can be fetched in a single query from ingesters
# and long-term storage. This limit is enforced in the querier, ruler and
# store-gateway. 0 to disable.
# CLI flag: -querier.max-fetched-chunks-per-query
#max_fetched_chunks_per_query: 2000000
# (experimental) Maximum number of chunks estimated to be fetched in a single
# query from ingesters and long-term storage, as a multiple of
# -querier.max-fetched-chunks-per-query. This limit is enforced in the querier.
# Must be greater than or equal to 1, or 0 to disable.
# CLI flag: -querier.max-estimated-fetched-chunks-per-query-multiplier
#max_estimated_fetched_chunks_per_query_multiplier: 0
# The maximum number of unique series for which a query can fetch samples from
# each ingesters and storage. This limit is enforced in the querier, ruler and
# store-gateway. 0 to disable
# CLI flag: -querier.max-fetched-series-per-query
#max_fetched_series_per_query: 0
# The maximum size of all chunks in bytes that a query can fetch from each
# ingester and storage. This limit is enforced in the querier and ruler. 0 to
# disable.
# CLI flag: -querier.max-fetched-chunk-bytes-per-query
#max_fetched_chunk_bytes_per_query: 0
# Limit how long back data (series and metadata) can be queried, up until
# <lookback> duration ago. This limit is enforced in the query-frontend, querier
# and ruler. If the requested time range is outside the allowed range, the
# request will not fail but will be manipulated to only query data within the
# allowed time range. 0 to disable.
# CLI flag: -querier.max-query-lookback
#max_query_lookback: 0s
# Limit the time range for partial queries at the querier level.
# CLI flag: -querier.max-partial-query-length
#max_partial_query_length: 0s
# Maximum number of split (by time) or partial (by shard) queries that will be
# scheduled in parallel by the query-frontend for a single input query. This
# limit is introduced to have a fairer query scheduling and avoid a single query
# over a large time range saturating all available queriers.
# CLI flag: -querier.max-query-parallelism
#max_query_parallelism: 14
# Limit the time range (end - start time) of series, label names and values
# queries. This limit is enforced in the querier. If the requested time range is
# outside the allowed range, the request will not fail but will be manipulated
# to only query data within the allowed time range. 0 to disable.
# CLI flag: -store.max-labels-query-length
#max_labels_query_length: 0s
# (advanced) Most recent allowed cacheable result per-tenant, to prevent caching
# very recent results that might still be in flux.
# CLI flag: -query-frontend.max-cache-freshness
#max_cache_freshness: 10m
# Maximum number of queriers that can handle requests for a single tenant. If
# set to 0 or value higher than number of available queriers, *all* queriers
# will handle requests for the tenant. Each frontend (or query-scheduler, if
# used) will select the same set of queriers for the same tenant (given that all
# queriers are connected to all frontends / query-schedulers). This option only
# works with queriers connecting to the query-frontend / query-scheduler, not
# when using downstream URL.
# CLI flag: -query-frontend.max-queriers-per-tenant
#max_queriers_per_tenant: 0
# The amount of shards to use when doing parallelisation via query sharding by
# tenant. 0 to disable query sharding for tenant. Query sharding implementation
# will adjust the number of query shards based on compactor shards. This allows
# querier to not search the blocks which cannot possibly have the series for
# given query shard.
# CLI flag: -query-frontend.query-sharding-total-shards
#query_sharding_total_shards: 16
# The max number of sharded queries that can be run for a given received query.
# 0 to disable limit.
# CLI flag: -query-frontend.query-sharding-max-sharded-queries
#query_sharding_max_sharded_queries: 128
# Disable query sharding for any query containing a regular expression matcher
# longer than the configured number of bytes. 0 to disable the limit.
# CLI flag: -query-frontend.query-sharding-max-regexp-size-bytes
#query_sharding_max_regexp_size_bytes: 4096
# (experimental) Split instant queries by an interval and execute in parallel. 0
# to disable it.
# CLI flag: -query-frontend.split-instant-queries-by-interval
#split_instant_queries_by_interval: 0s
# (advanced) Maximum lookback beyond which queries are not sent to ingester. 0
# means all queries are sent to ingester.
# CLI flag: -querier.query-ingesters-within
#query_ingesters_within: 13h
# Limit the total query time range (end - start time). This limit is enforced in
# the query-frontend on the received query.
# CLI flag: -query-frontend.max-total-query-length
#max_total_query_length: 0s
# Time to live duration for cached query results. If query falls into
# out-of-order time window,
# -query-frontend.results-cache-ttl-for-out-of-order-time-window is used
# instead.
# CLI flag: -query-frontend.results-cache-ttl
#results_cache_ttl: 1w
# Time to live duration for cached query results if query falls into
# out-of-order time window. This is lower than -query-frontend.results-cache-ttl
# so that incoming out-of-order samples are returned in the query results
# sooner.
# CLI flag: -query-frontend.results-cache-ttl-for-out-of-order-time-window
#results_cache_ttl_for_out_of_order_time_window: 10m
# Time to live duration for cached cardinality query results. The value 0
# disables the cache.
# CLI flag: -query-frontend.results-cache-ttl-for-cardinality-query
#results_cache_ttl_for_cardinality_query: 0s
# Time to live duration for cached label names and label values query results.
# The value 0 disables the cache.
# CLI flag: -query-frontend.results-cache-ttl-for-labels-query
#results_cache_ttl_for_labels_query: 0s
# (advanced) Cache requests that are not step-aligned.
# CLI flag: -query-frontend.cache-unaligned-requests
#cache_unaligned_requests: false
# Max size of the raw query, in bytes. 0 to not apply a limit to the size of the
# query.
# CLI flag: -query-frontend.max-query-expression-size-bytes
#max_query_expression_size_bytes: 0
# (experimental) List of queries to block.
#blocked_queries:
# Mutate incoming queries to align their start and end with their step to
# improve result caching.
# CLI flag: -query-frontend.align-queries-with-step
#align_queries_with_step: false
# Enables endpoints used for cardinality analysis.
# CLI flag: -querier.cardinality-analysis-enabled
#cardinality_analysis_enabled: false
# Maximum size in bytes of distinct label names and values. When querier
# receives response from ingester, it merges the response with responses from
# other ingesters. This maximum size limit is applied to the merged(distinct)
# results. If the limit is reached, an error is returned.
# CLI flag: -querier.label-names-and-values-results-max-size-bytes
#label_names_and_values_results_max_size_bytes: 419430400
# Maximum number of label names allowed to be queried in a single
# /api/v1/cardinality/label_values API call.
# CLI flag: -querier.label-values-max-cardinality-label-names-per-request
#label_values_max_cardinality_label_names_per_request: 100
# (experimental) Maximum size of an active series request result shard in bytes.
# 0 to disable.
# CLI flag: -querier.active-series-results-max-size-bytes
#active_series_results_max_size_bytes: 419430400
# Duration to delay the evaluation of rules to ensure the underlying metrics
# have been pushed.
# CLI flag: -ruler.evaluation-delay-duration
#ruler_evaluation_delay_duration: 1m
# The tenant's shard size when sharding is used by ruler. Value of 0 disables
# shuffle sharding for the tenant, and tenant rules will be sharded across all
# ruler replicas.
# CLI flag: -ruler.tenant-shard-size
#ruler_tenant_shard_size: 0
# Maximum number of rules per rule group per-tenant. 0 to disable.
# CLI flag: -ruler.max-rules-per-rule-group
#ruler_max_rules_per_rule_group: 20
# Maximum number of rule groups per-tenant. 0 to disable.
# CLI flag: -ruler.max-rule-groups-per-tenant
#ruler_max_rule_groups_per_tenant: 70
# (experimental) Controls whether recording rules evaluation is enabled. This
# configuration option can be used to forcefully disable recording rules
# evaluation on a per-tenant basis.
# CLI flag: -ruler.recording-rules-evaluation-enabled
#ruler_recording_rules_evaluation_enabled: true
# (experimental) Controls whether alerting rules evaluation is enabled. This
# configuration option can be used to forcefully disable alerting rules
# evaluation on a per-tenant basis.
# CLI flag: -ruler.alerting-rules-evaluation-enabled
#ruler_alerting_rules_evaluation_enabled: true
# (advanced) True to enable a re-sync of the configured rule groups as soon as
# they're changed via ruler's config API. This re-sync is in addition of the
# periodic syncing. When enabled, it may take up to few tens of seconds before a
# configuration change triggers the re-sync.
# CLI flag: -ruler.sync-rules-on-changes-enabled
#ruler_sync_rules_on_changes_enabled: true
# The tenant's shard size, used when store-gateway sharding is enabled. Value of
# 0 disables shuffle sharding for the tenant, that is all tenant blocks are
# sharded across all store-gateway replicas.
# CLI flag: -store-gateway.tenant-shard-size
#store_gateway_tenant_shard_size: 0
# Delete blocks containing samples older than the specified retention period.
# Also used by query-frontend to avoid querying beyond the retention period. 0
# to disable.
# CLI flag: -compactor.blocks-retention-period
#compactor_blocks_retention_period: 0s
# The number of shards to use when splitting blocks. 0 to disable splitting.
# CLI flag: -compactor.split-and-merge-shards
#compactor_split_and_merge_shards: 0
# Number of groups that blocks for splitting should be grouped into. Each group
# of blocks is then split separately. Number of output split shards is
# controlled by -compactor.split-and-merge-shards.
# CLI flag: -compactor.split-groups
#compactor_split_groups: 1
# Max number of compactors that can compact blocks for single tenant. 0 to
# disable the limit and use all compactors.
# CLI flag: -compactor.compactor-tenant-shard-size
#compactor_tenant_shard_size: 0
# If a partial block (unfinished block without meta.json file) hasn't been
# modified for this time, it will be marked for deletion. The minimum accepted
# value is 4h0m0s: a lower value will be ignored and the feature disabled. 0 to
# disable.
# CLI flag: -compactor.partial-block-deletion-delay
#compactor_partial_block_deletion_delay: 1d
# Enable block upload API for the tenant.
# CLI flag: -compactor.block-upload-enabled
#compactor_block_upload_enabled: false
# Enable block upload validation for the tenant.
# CLI flag: -compactor.block-upload-validation-enabled
#compactor_block_upload_validation_enabled: true
# Verify chunks when uploading blocks via the upload API for the tenant.
# CLI flag: -compactor.block-upload-verify-chunks
#compactor_block_upload_verify_chunks: true
# (advanced) Maximum size in bytes of a block that is allowed to be uploaded or
# validated. 0 = no limit.
# CLI flag: -compactor.block-upload-max-block-size-bytes
#compactor_block_upload_max_block_size_bytes: 0
# S3 server-side encryption type. Required to enable server-side encryption
# overrides for a specific tenant. If not set, the default S3 client settings
# are used.
#s3_sse_type: ""
# S3 server-side encryption KMS Key ID. Ignored if the SSE type override is not
# set.
#s3_sse_kms_key_id: ""
# S3 server-side encryption KMS encryption context. If unset and the key ID
# override is set, the encryption context will not be provided to S3. Ignored if
# the SSE type override is not set.
#s3_sse_kms_encryption_context: ""
# Comma-separated list of network CIDRs to block in Alertmanager receiver
# integrations.
# CLI flag: -alertmanager.receivers-firewall-block-cidr-networks
#alertmanager_receivers_firewall_block_cidr_networks: ""
# True to block private and local addresses in Alertmanager receiver
# integrations. It blocks private addresses defined by RFC 1918 (IPv4
# addresses) and RFC 4193 (IPv6 addresses), as well as loopback, local unicast
# and local multicast addresses.
# CLI flag: -alertmanager.receivers-firewall-block-private-addresses
#alertmanager_receivers_firewall_block_private_addresses: false
# Per-tenant rate limit for sending notifications from Alertmanager in
# notifications/sec. 0 = rate limit disabled. Negative value = no notifications
# are allowed.
# CLI flag: -alertmanager.notification-rate-limit
#alertmanager_notification_rate_limit: 0
# Per-integration notification rate limits. Value is a map, where each key is
# integration name and value is a rate-limit (float). On command line, this map
# is given in JSON format. Rate limit has the same meaning as
# -alertmanager.notification-rate-limit, but only applies for specific
# integration. Allowed integration names: webhook, email, pagerduty, opsgenie,
# wechat, slack, victorops, pushover, sns, webex, telegram, discord, msteams.
# CLI flag: -alertmanager.notification-rate-limit-per-integration
#alertmanager_notification_rate_limit_per_integration: {}
# Maximum size of configuration file for Alertmanager that tenant can upload via
# Alertmanager API. 0 = no limit.
# CLI flag: -alertmanager.max-config-size-bytes
#alertmanager_max_config_size_bytes: 0
# Maximum number of templates in tenant's Alertmanager configuration uploaded
# via Alertmanager API. 0 = no limit.
# CLI flag: -alertmanager.max-templates-count
#alertmanager_max_templates_count: 0
# Maximum size of single template in tenant's Alertmanager configuration
# uploaded via Alertmanager API. 0 = no limit.
# CLI flag: -alertmanager.max-template-size-bytes
#alertmanager_max_template_size_bytes: 0
# Maximum number of aggregation groups in Alertmanager's dispatcher that a
# tenant can have. Each active aggregation group uses single goroutine. When the
# limit is reached, dispatcher will not dispatch alerts that belong to
# additional aggregation groups, but existing groups will keep working properly.
# 0 = no limit.
# CLI flag: -alertmanager.max-dispatcher-aggregation-groups
#alertmanager_max_dispatcher_aggregation_groups: 0
# Maximum number of alerts that a single tenant can have. Inserting more alerts
# will fail with a log message and metric increment. 0 = no limit.
# CLI flag: -alertmanager.max-alerts-count
#alertmanager_max_alerts_count: 0
# Maximum total size of alerts that a single tenant can have, alert size is the
# sum of the bytes of its labels, annotations and generatorURL. Inserting more
# alerts will fail with a log message and metric increment. 0 = no limit.
# CLI flag: -alertmanager.max-alerts-size-bytes
#alertmanager_max_alerts_size_bytes: 0
# (advanced) Whether to enable automatic suffixes to names of metrics ingested
# through OTLP.
# CLI flag: -distributor.otel-metric-suffixes-enabled
#otel_metric_suffixes_enabled: false
# The frontend_worker block configures the worker running within the querier,
# picking up and executing queries enqueued by the query-frontend or the
# query-scheduler.
frontend_worker: # Optional
# Address of the query-frontend component, in host:port format. If multiple
# query-frontends are running, the host should be a DNS resolving to all
# query-frontend instances. This option should be set only when query-scheduler
# component is not in use.
# CLI flag: -querier.frontend-address
#frontend_address: ""
# Address of the query-scheduler component, in host:port format. The host should
# resolve to all query-scheduler instances. This option should be set only when
# query-scheduler component is in use and
# -query-scheduler.service-discovery-mode is set to 'dns'.
# CLI flag: -querier.scheduler-address
#scheduler_address: ""
# (advanced) How often to query DNS for query-frontend or query-scheduler
# address.
# CLI flag: -querier.dns-lookup-period
#dns_lookup_duration: 10s
# (advanced) Querier ID, sent to the query-frontend to identify requests from
# the same querier. Defaults to hostname.
# CLI flag: -querier.id
#id: ""
# Configures the gRPC client used to communicate between the querier and the
# query-frontend.
# The CLI flags prefix for this block configuration is: querier.frontend-client
#grpc_client_config: <grpc_client>
# Configures the gRPC client used to communicate between the querier and the
# query-scheduler.
# The CLI flags prefix for this block configuration is: querier.scheduler-client
#query_scheduler_grpc_client_config: <grpc_client>
# (experimental) Enables streaming of responses from querier to query-frontend
# for response types that support it (currently only `active_series` responses
# do).
# CLI flag: -querier.response-streaming-enabled
#response_streaming_enabled: false
# The frontend block configures the query-frontend.
frontend: # Optional
# Log queries that are slower than the specified duration. Set to 0 to disable.
# Set to < 0 to enable on all queries.
# CLI flag: -query-frontend.log-queries-longer-than
#log_queries_longer_than: 0s
# (advanced) Comma-separated list of request header names to include in query
# logs. Applies to both query stats and slow queries logs.
# CLI flag: -query-frontend.log-query-request-headers
#log_query_request_headers: ""
# (advanced) Max body size for downstream prometheus.
# CLI flag: -query-frontend.max-body-size
#max_body_size: 10485760
# (advanced) False to disable query statistics tracking. When enabled, a message
# with some statistics is logged for every query.
# CLI flag: -query-frontend.query-stats-enabled
#query_stats_enabled: true
# (experimental) Timeout for writing active series responses. 0 means the value
# from `-server.http-write-timeout` is used.
# CLI flag: -query-frontend.active-series-write-timeout
#active_series_write_timeout: 5m
# (advanced) Maximum number of outstanding requests per tenant per frontend;
# requests beyond this error with HTTP 429.
# CLI flag: -querier.max-outstanding-requests-per-tenant
#max_outstanding_per_tenant: 100
# (experimental) If a querier disconnects without sending notification about
# graceful shutdown, the query-frontend will keep the querier in the tenant's
# shard until the forget delay has passed. This feature is useful to reduce the
# blast radius when shuffle-sharding is enabled.
# CLI flag: -query-frontend.querier-forget-delay
#querier_forget_delay: 0s
# Address of the query-scheduler component, in host:port format. The host should
# resolve to all query-scheduler instances. This option should be set only when
# query-scheduler component is in use and
# -query-scheduler.service-discovery-mode is set to 'dns'.
# CLI flag: -query-frontend.scheduler-address
#scheduler_address: ""
# (advanced) How often to resolve the scheduler-address, in order to look for
# new query-scheduler instances.
# CLI flag: -query-frontend.scheduler-dns-lookup-period
#scheduler_dns_lookup_period: 10s
# (advanced) Number of concurrent workers forwarding queries to single
# query-scheduler.
# CLI flag: -query-frontend.scheduler-worker-concurrency
#scheduler_worker_concurrency: 5
# Configures the gRPC client used to communicate between the query-frontends and
# the query-schedulers.
# The CLI flags prefix for this block configuration is:
# query-frontend.grpc-client-config
#grpc_client_config: <grpc_client>
# (advanced) List of network interface names to look up when finding the
# instance IP address. This address is sent to query-scheduler and querier,
# which uses it to send the query response back to query-frontend.
# CLI flag: -query-frontend.instance-interface-names
#instance_interface_names: [<private network interfaces>]
# (advanced) Enable using a IPv6 instance address (default false).
# CLI flag: -query-frontend.instance-enable-ipv6
#instance_enable_ipv6: false
# (advanced) IP address to advertise to the querier (via scheduler) (default is
# auto-detected from network interfaces).
# CLI flag: -query-frontend.instance-addr
#address: ""
# (advanced) Port to advertise to querier (via scheduler) (defaults to
# server.grpc-listen-port).
# CLI flag: -query-frontend.instance-port
#port: 0
# (experimental) Enqueue query requests with additional queue dimensions to
# split tenant request queues into subqueues. This enables separate requests to
# proceed from a tenant's subqueues even when other subqueues are blocked on
# slow query requests. Must be set on both query-frontend and scheduler to take
# effect. (default false)
# CLI flag: -query-frontend.additional-query-queue-dimensions-enabled
#additional_query_queue_dimensions_enabled: false
# (advanced) Split range queries by an interval and execute in parallel. You
# should use a multiple of 24 hours to optimize querying blocks. 0 to disable
# it.
# CLI flag: -query-frontend.split-queries-by-interval
#split_queries_by_interval: 24h
results_cache:
# Backend for query-frontend results cache, if not empty. Supported values:
# memcached, redis.
# CLI flag: -query-frontend.results-cache.backend
#backend: ""
# The memcached block configures the Memcached-based caching backend.
# The CLI flags prefix for this block configuration is:
# query-frontend.results-cache
memcached: # Optional
# Comma-separated list of memcached addresses. Each address can be an IP
# address, hostname, or an entry specified in the DNS Service Discovery format.
# CLI flag: -<prefix>.memcached.addresses
#addresses: ""
# The socket read/write timeout.
# CLI flag: -<prefix>.memcached.timeout
#timeout: 200ms
# The connection timeout.
# CLI flag: -<prefix>.memcached.connect-timeout
#connect_timeout: 200ms
# (experimental) The size of the write buffer (in bytes). The buffer is
# allocated for each connection to memcached.
# CLI flag: -<prefix>.memcached.write-buffer-size-bytes
#write_buffer_size_bytes: 4096
# (experimental) The size of the read buffer (in bytes). The buffer is allocated
# for each connection to memcached.
# CLI flag: -<prefix>.memcached.read-buffer-size-bytes
#read_buffer_size_bytes: 4096
# (advanced) The minimum number of idle connections to keep open as a percentage
# (0-100) of the number of recently used idle connections. If negative, idle
# connections are kept open indefinitely.
# CLI flag: -<prefix>.memcached.min-idle-connections-headroom-percentage
#min_idle_connections_headroom_percentage: -1
# (advanced) The maximum number of idle connections that will be maintained per
# address.
# CLI flag: -<prefix>.memcached.max-idle-connections
#max_idle_connections: 100
# (advanced) The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -<prefix>.memcached.max-async-concurrency
#max_async_concurrency: 50
# (advanced) The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -<prefix>.memcached.max-async-buffer-size
#max_async_buffer_size: 25000
# (advanced) The maximum number of concurrent connections running get
# operations. If set to 0, concurrency is unlimited.
# CLI flag: -<prefix>.memcached.max-get-multi-concurrency
#max_get_multi_concurrency: 100
# (advanced) The maximum number of keys a single underlying get operation should
# run. If more keys are specified, internally keys are split into multiple
# batches and fetched concurrently, honoring the max concurrency. If set to 0,
# the max batch size is unlimited.
# CLI flag: -<prefix>.memcached.max-get-multi-batch-size
#max_get_multi_batch_size: 100
# (advanced) The maximum size of an item stored in memcached, in bytes. Bigger
# items are not stored. If set to 0, no maximum size is enforced.
# CLI flag: -<prefix>.memcached.max-item-size
#max_item_size: 1048576
# (advanced) Enable connecting to Memcached with TLS.
# CLI flag: -<prefix>.memcached.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.memcached.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -<prefix>.memcached.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.memcached.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -<prefix>.memcached.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -<prefix>.memcached.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.memcached.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.memcached.tls-min-version
#tls_min_version: ""
# The redis block configures the Redis-based caching backend.
# The CLI flags prefix for this block configuration is:
# query-frontend.results-cache
redis: # Optional
# Redis Server or Cluster configuration endpoint to use for caching. A
# comma-separated list of endpoints for Redis Cluster or Redis Sentinel.
# CLI flag: -<prefix>.redis.endpoint
#endpoint: ""
# Username to use when connecting to Redis.
# CLI flag: -<prefix>.redis.username
#username: ""
# Password to use when connecting to Redis.
# CLI flag: -<prefix>.redis.password
#password: ""
# Database index.
# CLI flag: -<prefix>.redis.db
#db: 0
# (advanced) Redis Sentinel master name. An empty string for Redis Server or
# Redis Cluster.
# CLI flag: -<prefix>.redis.master-name
#master_name: ""
# (advanced) Client dial timeout.
# CLI flag: -<prefix>.redis.dial-timeout
#dial_timeout: 5s
# (advanced) Client read timeout.
# CLI flag: -<prefix>.redis.read-timeout
#read_timeout: 3s
# (advanced) Client write timeout.
# CLI flag: -<prefix>.redis.write-timeout
#write_timeout: 3s
# (advanced) Maximum number of connections in the pool.
# CLI flag: -<prefix>.redis.connection-pool-size
#connection_pool_size: 100
# (advanced) Maximum duration to wait to get a connection from pool.
# CLI flag: -<prefix>.redis.connection-pool-timeout
#connection_pool_timeout: 4s
# (advanced) Minimum number of idle connections.
# CLI flag: -<prefix>.redis.min-idle-connections
#min_idle_connections: 10
# (advanced) Amount of time after which client closes idle connections.
# CLI flag: -<prefix>.redis.idle-timeout
#idle_timeout: 5m
# (advanced) Close connections older than this duration. If the value is zero,
# then the pool does not close connections based on age.
# CLI flag: -<prefix>.redis.max-connection-age
#max_connection_age: 0s
# (advanced) The maximum size of an item stored in Redis. Bigger items are not
# stored. If set to 0, no maximum size is enforced.
# CLI flag: -<prefix>.redis.max-item-size
#max_item_size: 16777216
# (advanced) The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -<prefix>.redis.max-async-concurrency
#max_async_concurrency: 50
# (advanced) The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -<prefix>.redis.max-async-buffer-size
#max_async_buffer_size: 25000
# (advanced) The maximum number of concurrent connections running get
# operations. If set to 0, concurrency is unlimited.
# CLI flag: -<prefix>.redis.max-get-multi-concurrency
#max_get_multi_concurrency: 100
# (advanced) The maximum size per batch for mget operations.
# CLI flag: -<prefix>.redis.max-get-multi-batch-size
#max_get_multi_batch_size: 100
# (advanced) Enable connecting to Redis with TLS.
# CLI flag: -<prefix>.redis.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.redis.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -<prefix>.redis.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.redis.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -<prefix>.redis.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -<prefix>.redis.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.redis.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.redis.tls-min-version
#tls_min_version: ""
# Enable cache compression, if not empty. Supported values are: snappy.
# CLI flag: -query-frontend.results-cache.compression
#compression: ""
# Cache query results.
# CLI flag: -query-frontend.cache-results
#cache_results: false
# (advanced) Maximum number of retries for a single request; beyond this, the
# downstream error is returned.
# CLI flag: -query-frontend.max-retries-per-request
#max_retries: 5
# (advanced) Maximum time to wait for the query-frontend to become ready before
# rejecting requests received before the frontend was ready. 0 to disable (i.e.
# fail immediately if a request is received while the frontend is still starting
# up)
# CLI flag: -query-frontend.not-running-timeout
#not_running_timeout: 2s
# True to enable query sharding.
# CLI flag: -query-frontend.parallelize-shardable-queries
#parallelize_shardable_queries: false
# (advanced) How many series a single sharded partial query should load at most.
# This is not a strict requirement guaranteed to be honoured by query sharding,
# but a hint given to the query sharding when the query execution is initially
# planned. 0 to disable cardinality-based hints.
# CLI flag: -query-frontend.query-sharding-target-series-per-shard
#query_sharding_target_series_per_shard: 0
# (experimental) True to enable sharding of active series queries.
# CLI flag: -query-frontend.shard-active-series-queries
#shard_active_series_queries: false
# Format to use when retrieving query results from queriers. Supported values:
# json, protobuf
# CLI flag: -query-frontend.query-result-response-format
#query_result_response_format: "protobuf"
# (advanced) URL of downstream Prometheus.
# CLI flag: -query-frontend.downstream-url
#downstream_url: ""
# The blocks_storage block configures the blocks storage.
blocks_storage: # Optional
# Backend storage to use. Supported backends are: s3, gcs, azure, swift,
# filesystem.
# CLI flag: -blocks-storage.backend
#backend: "filesystem"
# The s3_backend block configures the connection to Amazon S3 object storage
# backend.
# The CLI flags prefix for this block configuration is: blocks-storage
s3: # Optional
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -<prefix>.s3.endpoint
#endpoint: ""
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call to
# autodetect it.
# CLI flag: -<prefix>.s3.region
#region: ""
# S3 bucket name
# CLI flag: -<prefix>.s3.bucket-name
#bucket_name: ""
# S3 secret access key
# CLI flag: -<prefix>.s3.secret-access-key
#secret_access_key: ""
# S3 access key ID
# CLI flag: -<prefix>.s3.access-key-id
#access_key_id: ""
# (advanced) If enabled, use http:// for the S3 endpoint instead of https://.
# This could be useful in local dev/test environments while using an
# S3-compatible backend storage, like Minio.
# CLI flag: -<prefix>.s3.insecure
#insecure: false
# (advanced) The signature version to use for authenticating against S3.
# Supported values are: v4, v2.
# CLI flag: -<prefix>.s3.signature-version
#signature_version: "v4"
# (advanced) Use a specific version of the S3 list object API. Supported values
# are v1 or v2. Default is unset.
# CLI flag: -<prefix>.s3.list-objects-version
#list_objects_version: ""
# (experimental) The S3 storage class to use, not set by default. Details can be
# found at https://aws.amazon.com/s3/storage-classes/. Supported values are:
# STANDARD, REDUCED_REDUNDANCY, GLACIER, STANDARD_IA, ONEZONE_IA,
# INTELLIGENT_TIERING, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
# CLI flag: -<prefix>.s3.storage-class
#storage_class: ""
# (experimental) If enabled, it will use the default authentication methods of
# the AWS SDK for go based on known environment variables and known AWS config
# files.
# CLI flag: -<prefix>.s3.native-aws-auth-enabled
#native_aws_auth_enabled: false
# (experimental) The minimum file size in bytes used for multipart uploads. If
# 0, the value is optimally computed for each object.
# CLI flag: -<prefix>.s3.part-size
#part_size: 0
# (experimental) If enabled, a Content-MD5 header is sent with S3 Put Object
# requests. Consumes more resources to compute the MD5, but may improve
# compatibility with object storage services that do not support checksums.
# CLI flag: -<prefix>.s3.send-content-md5
#send_content_md5: false
# Accessing S3 resources using temporary, secure credentials provided by AWS
# Security Token Service.
# CLI flag: -<prefix>.s3.sts-endpoint
#sts_endpoint: ""
sse:
# Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
# CLI flag: -<prefix>.s3.sse.type
#type: ""
# KMS Key ID used to encrypt objects in S3
# CLI flag: -<prefix>.s3.sse.kms-key-id
#kms_key_id: ""
# KMS Encryption Context used for object encryption. It expects JSON formatted
# string.
# CLI flag: -<prefix>.s3.sse.kms-encryption-context
#kms_encryption_context: ""
http:
# (advanced) The time an idle connection will remain idle before closing.
# CLI flag: -<prefix>.s3.http.idle-conn-timeout
#idle_conn_timeout: 1m30s
# (advanced) The amount of time the client will wait for a servers response
# headers.
# CLI flag: -<prefix>.s3.http.response-header-timeout
#response_header_timeout: 2m
# (advanced) If the client connects to S3 via HTTPS and this option is
# enabled, the client will accept any certificate and hostname.
# CLI flag: -<prefix>.s3.http.insecure-skip-verify
#insecure_skip_verify: false
# (advanced) Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -<prefix>.s3.tls-handshake-timeout
#tls_handshake_timeout: 10s
# (advanced) The time to wait for a server's first response headers after
# fully writing the request headers if the request has an Expect header. 0 to
# send the request body immediately.
# CLI flag: -<prefix>.s3.expect-continue-timeout
#expect_continue_timeout: 1s
# (advanced) Maximum number of idle (keep-alive) connections across all hosts.
# 0 means no limit.
# CLI flag: -<prefix>.s3.max-idle-connections
#max_idle_connections: 100
# (advanced) Maximum number of idle (keep-alive) connections to keep per-host.
# If 0, a built-in default value is used.
# CLI flag: -<prefix>.s3.max-idle-connections-per-host
#max_idle_connections_per_host: 100
# (advanced) Maximum number of connections per host. 0 means no limit.
# CLI flag: -<prefix>.s3.max-connections-per-host
#max_connections_per_host: 0
# The gcs_backend block configures the connection to Google Cloud Storage object
# storage backend.
# The CLI flags prefix for this block configuration is: blocks-storage
#gcs: <gcs_storage_backend>
# The azure_storage_backend block configures the connection to Azure object
# storage backend.
# The CLI flags prefix for this block configuration is: blocks-storage
#azure: <azure_storage_backend>
# The swift_storage_backend block configures the connection to OpenStack Object
# Storage (Swift) object storage backend.
# The CLI flags prefix for this block configuration is: blocks-storage
#swift: <swift_storage_backend>
# The filesystem_storage_backend block configures the usage of local file system
# as object storage backend.
# The CLI flags prefix for this block configuration is: blocks-storage
filesystem: # Optional
# Local filesystem storage directory.
# CLI flag: -<prefix>.filesystem.dir
#dir: ""
# Prefix for all objects stored in the backend storage. For simplicity, it may
# only contain digits and English alphabet letters.
# CLI flag: -blocks-storage.storage-prefix
#storage_prefix: ""
# This configures how the querier and store-gateway discover and synchronize
# blocks stored in the bucket.
bucket_store:
# Directory to store synchronized TSDB index headers. This directory is not
# required to be persisted between restarts, but it's highly recommended in
# order to improve the store-gateway startup time.
# CLI flag: -blocks-storage.bucket-store.sync-dir
#sync_dir: "./tsdb-sync/"
# (advanced) How frequently to scan the bucket, or to refresh the bucket index
# (if enabled), in order to look for changes (new blocks shipped by ingesters
# and blocks deleted by retention or compaction).
# CLI flag: -blocks-storage.bucket-store.sync-interval
#sync_interval: 15m
# (advanced) Max number of concurrent queries to execute against the long-term
# storage. The limit is shared across all tenants.
# CLI flag: -blocks-storage.bucket-store.max-concurrent
#max_concurrent: 100
# (advanced) Maximum number of concurrent tenants synching blocks.
# CLI flag: -blocks-storage.bucket-store.tenant-sync-concurrency
#tenant_sync_concurrency: 1
# (advanced) Maximum number of concurrent blocks synching per tenant.
# CLI flag: -blocks-storage.bucket-store.block-sync-concurrency
#block_sync_concurrency: 4
# (advanced) Number of Go routines to use when syncing block meta files from
# object storage per tenant.
# CLI flag: -blocks-storage.bucket-store.meta-sync-concurrency
#meta_sync_concurrency: 20
index_cache:
# The index cache backend type. Supported values: inmemory, memcached,
# redis.
# CLI flag: -blocks-storage.bucket-store.index-cache.backend
#backend: "inmemory"
# The memcached block configures the Memcached-based caching backend.
# The CLI flags prefix for this block configuration is:
# blocks-storage.bucket-store.index-cache
memcached: # Optional
# Comma-separated list of memcached addresses. Each address can be an IP
# address, hostname, or an entry specified in the DNS Service Discovery format.
# CLI flag: -<prefix>.memcached.addresses
#addresses: ""
# The socket read/write timeout.
# CLI flag: -<prefix>.memcached.timeout
#timeout: 200ms
# The connection timeout.
# CLI flag: -<prefix>.memcached.connect-timeout
#connect_timeout: 200ms
# (experimental) The size of the write buffer (in bytes). The buffer is
# allocated for each connection to memcached.
# CLI flag: -<prefix>.memcached.write-buffer-size-bytes
#write_buffer_size_bytes: 4096
# (experimental) The size of the read buffer (in bytes). The buffer is allocated
# for each connection to memcached.
# CLI flag: -<prefix>.memcached.read-buffer-size-bytes
#read_buffer_size_bytes: 4096
# (advanced) The minimum number of idle connections to keep open as a percentage
# (0-100) of the number of recently used idle connections. If negative, idle
# connections are kept open indefinitely.
# CLI flag: -<prefix>.memcached.min-idle-connections-headroom-percentage
#min_idle_connections_headroom_percentage: -1
# (advanced) The maximum number of idle connections that will be maintained per
# address.
# CLI flag: -<prefix>.memcached.max-idle-connections
#max_idle_connections: 100
# (advanced) The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -<prefix>.memcached.max-async-concurrency
#max_async_concurrency: 50
# (advanced) The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -<prefix>.memcached.max-async-buffer-size
#max_async_buffer_size: 25000
# (advanced) The maximum number of concurrent connections running get
# operations. If set to 0, concurrency is unlimited.
# CLI flag: -<prefix>.memcached.max-get-multi-concurrency
#max_get_multi_concurrency: 100
# (advanced) The maximum number of keys a single underlying get operation should
# run. If more keys are specified, internally keys are split into multiple
# batches and fetched concurrently, honoring the max concurrency. If set to 0,
# the max batch size is unlimited.
# CLI flag: -<prefix>.memcached.max-get-multi-batch-size
#max_get_multi_batch_size: 100
# (advanced) The maximum size of an item stored in memcached, in bytes. Bigger
# items are not stored. If set to 0, no maximum size is enforced.
# CLI flag: -<prefix>.memcached.max-item-size
#max_item_size: 1048576
# (advanced) Enable connecting to Memcached with TLS.
# CLI flag: -<prefix>.memcached.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.memcached.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -<prefix>.memcached.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.memcached.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -<prefix>.memcached.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -<prefix>.memcached.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.memcached.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.memcached.tls-min-version
#tls_min_version: ""
# The redis block configures the Redis-based caching backend.
# The CLI flags prefix for this block configuration is:
# blocks-storage.bucket-store.index-cache
redis: # Optional
# Redis Server or Cluster configuration endpoint to use for caching. A
# comma-separated list of endpoints for Redis Cluster or Redis Sentinel.
# CLI flag: -<prefix>.redis.endpoint
#endpoint: ""
# Username to use when connecting to Redis.
# CLI flag: -<prefix>.redis.username
#username: ""
# Password to use when connecting to Redis.
# CLI flag: -<prefix>.redis.password
#password: ""
# Database index.
# CLI flag: -<prefix>.redis.db
#db: 0
# (advanced) Redis Sentinel master name. An empty string for Redis Server or
# Redis Cluster.
# CLI flag: -<prefix>.redis.master-name
#master_name: ""
# (advanced) Client dial timeout.
# CLI flag: -<prefix>.redis.dial-timeout
#dial_timeout: 5s
# (advanced) Client read timeout.
# CLI flag: -<prefix>.redis.read-timeout
#read_timeout: 3s
# (advanced) Client write timeout.
# CLI flag: -<prefix>.redis.write-timeout
#write_timeout: 3s
# (advanced) Maximum number of connections in the pool.
# CLI flag: -<prefix>.redis.connection-pool-size
#connection_pool_size: 100
# (advanced) Maximum duration to wait to get a connection from pool.
# CLI flag: -<prefix>.redis.connection-pool-timeout
#connection_pool_timeout: 4s
# (advanced) Minimum number of idle connections.
# CLI flag: -<prefix>.redis.min-idle-connections
#min_idle_connections: 10
# (advanced) Amount of time after which client closes idle connections.
# CLI flag: -<prefix>.redis.idle-timeout
#idle_timeout: 5m
# (advanced) Close connections older than this duration. If the value is zero,
# then the pool does not close connections based on age.
# CLI flag: -<prefix>.redis.max-connection-age
#max_connection_age: 0s
# (advanced) The maximum size of an item stored in Redis. Bigger items are not
# stored. If set to 0, no maximum size is enforced.
# CLI flag: -<prefix>.redis.max-item-size
#max_item_size: 16777216
# (advanced) The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -<prefix>.redis.max-async-concurrency
#max_async_concurrency: 50
# (advanced) The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -<prefix>.redis.max-async-buffer-size
#max_async_buffer_size: 25000
# (advanced) The maximum number of concurrent connections running get
# operations. If set to 0, concurrency is unlimited.
# CLI flag: -<prefix>.redis.max-get-multi-concurrency
#max_get_multi_concurrency: 100
# (advanced) The maximum size per batch for mget operations.
# CLI flag: -<prefix>.redis.max-get-multi-batch-size
#max_get_multi_batch_size: 100
# (advanced) Enable connecting to Redis with TLS.
# CLI flag: -<prefix>.redis.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.redis.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -<prefix>.redis.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.redis.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -<prefix>.redis.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -<prefix>.redis.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.redis.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.redis.tls-min-version
#tls_min_version: ""
inmemory:
# Maximum size in bytes of in-memory index cache used to speed up blocks
# index lookups (shared between all tenants).
# CLI flag: -blocks-storage.bucket-store.index-cache.inmemory.max-size-bytes
#max_size_bytes: 1073741824
chunks_cache:
# Backend for chunks cache, if not empty. Supported values: memcached,
# redis.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.backend
#backend: ""
# The memcached block configures the Memcached-based caching backend.
# The CLI flags prefix for this block configuration is:
# blocks-storage.bucket-store.chunks-cache
memcached: # Optional
# Comma-separated list of memcached addresses. Each address can be an IP
# address, hostname, or an entry specified in the DNS Service Discovery format.
# CLI flag: -<prefix>.memcached.addresses
#addresses: ""
# The socket read/write timeout.
# CLI flag: -<prefix>.memcached.timeout
#timeout: 200ms
# The connection timeout.
# CLI flag: -<prefix>.memcached.connect-timeout
#connect_timeout: 200ms
# (experimental) The size of the write buffer (in bytes). The buffer is
# allocated for each connection to memcached.
# CLI flag: -<prefix>.memcached.write-buffer-size-bytes
#write_buffer_size_bytes: 4096
# (experimental) The size of the read buffer (in bytes). The buffer is allocated
# for each connection to memcached.
# CLI flag: -<prefix>.memcached.read-buffer-size-bytes
#read_buffer_size_bytes: 4096
# (advanced) The minimum number of idle connections to keep open as a percentage
# (0-100) of the number of recently used idle connections. If negative, idle
# connections are kept open indefinitely.
# CLI flag: -<prefix>.memcached.min-idle-connections-headroom-percentage
#min_idle_connections_headroom_percentage: -1
# (advanced) The maximum number of idle connections that will be maintained per
# address.
# CLI flag: -<prefix>.memcached.max-idle-connections
#max_idle_connections: 100
# (advanced) The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -<prefix>.memcached.max-async-concurrency
#max_async_concurrency: 50
# (advanced) The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -<prefix>.memcached.max-async-buffer-size
#max_async_buffer_size: 25000
# (advanced) The maximum number of concurrent connections running get
# operations. If set to 0, concurrency is unlimited.
# CLI flag: -<prefix>.memcached.max-get-multi-concurrency
#max_get_multi_concurrency: 100
# (advanced) The maximum number of keys a single underlying get operation should
# run. If more keys are specified, internally keys are split into multiple
# batches and fetched concurrently, honoring the max concurrency. If set to 0,
# the max batch size is unlimited.
# CLI flag: -<prefix>.memcached.max-get-multi-batch-size
#max_get_multi_batch_size: 100
# (advanced) The maximum size of an item stored in memcached, in bytes. Bigger
# items are not stored. If set to 0, no maximum size is enforced.
# CLI flag: -<prefix>.memcached.max-item-size
#max_item_size: 1048576
# (advanced) Enable connecting to Memcached with TLS.
# CLI flag: -<prefix>.memcached.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.memcached.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -<prefix>.memcached.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.memcached.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -<prefix>.memcached.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -<prefix>.memcached.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.memcached.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.memcached.tls-min-version
#tls_min_version: ""
# The redis block configures the Redis-based caching backend.
# The CLI flags prefix for this block configuration is:
# blocks-storage.bucket-store.chunks-cache
redis: # Optional
# Redis Server or Cluster configuration endpoint to use for caching. A
# comma-separated list of endpoints for Redis Cluster or Redis Sentinel.
# CLI flag: -<prefix>.redis.endpoint
#endpoint: ""
# Username to use when connecting to Redis.
# CLI flag: -<prefix>.redis.username
#username: ""
# Password to use when connecting to Redis.
# CLI flag: -<prefix>.redis.password
#password: ""
# Database index.
# CLI flag: -<prefix>.redis.db
#db: 0
# (advanced) Redis Sentinel master name. An empty string for Redis Server or
# Redis Cluster.
# CLI flag: -<prefix>.redis.master-name
#master_name: ""
# (advanced) Client dial timeout.
# CLI flag: -<prefix>.redis.dial-timeout
#dial_timeout: 5s
# (advanced) Client read timeout.
# CLI flag: -<prefix>.redis.read-timeout
#read_timeout: 3s
# (advanced) Client write timeout.
# CLI flag: -<prefix>.redis.write-timeout
#write_timeout: 3s
# (advanced) Maximum number of connections in the pool.
# CLI flag: -<prefix>.redis.connection-pool-size
#connection_pool_size: 100
# (advanced) Maximum duration to wait to get a connection from pool.
# CLI flag: -<prefix>.redis.connection-pool-timeout
#connection_pool_timeout: 4s
# (advanced) Minimum number of idle connections.
# CLI flag: -<prefix>.redis.min-idle-connections
#min_idle_connections: 10
# (advanced) Amount of time after which client closes idle connections.
# CLI flag: -<prefix>.redis.idle-timeout
#idle_timeout: 5m
# (advanced) Close connections older than this duration. If the value is zero,
# then the pool does not close connections based on age.
# CLI flag: -<prefix>.redis.max-connection-age
#max_connection_age: 0s
# (advanced) The maximum size of an item stored in Redis. Bigger items are not
# stored. If set to 0, no maximum size is enforced.
# CLI flag: -<prefix>.redis.max-item-size
#max_item_size: 16777216
# (advanced) The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -<prefix>.redis.max-async-concurrency
#max_async_concurrency: 50
# (advanced) The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -<prefix>.redis.max-async-buffer-size
#max_async_buffer_size: 25000
# (advanced) The maximum number of concurrent connections running get
# operations. If set to 0, concurrency is unlimited.
# CLI flag: -<prefix>.redis.max-get-multi-concurrency
#max_get_multi_concurrency: 100
# (advanced) The maximum size per batch for mget operations.
# CLI flag: -<prefix>.redis.max-get-multi-batch-size
#max_get_multi_batch_size: 100
# (advanced) Enable connecting to Redis with TLS.
# CLI flag: -<prefix>.redis.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.redis.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -<prefix>.redis.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.redis.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -<prefix>.redis.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -<prefix>.redis.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.redis.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.redis.tls-min-version
#tls_min_version: ""
# (advanced) Maximum number of sub-GetRange requests that a single GetRange
# request can be split into when fetching chunks. Zero or negative value =
# unlimited number of sub-requests.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.max-get-range-requests
#max_get_range_requests: 3
# (advanced) TTL for caching object attributes for chunks. If the metadata
# cache is configured, attributes will be stored under this cache backend,
# otherwise attributes are stored in the chunks cache backend.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.attributes-ttl
#attributes_ttl: 168h
# (advanced) Maximum number of object attribute items to keep in a first
# level in-memory LRU cache. Metadata will be stored and fetched in-memory
# before hitting the cache backend. 0 to disable the in-memory cache.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.attributes-in-memory-max-items
#attributes_in_memory_max_items: 50000
# (advanced) TTL for caching individual chunks subranges.
# CLI flag: -blocks-storage.bucket-store.chunks-cache.subrange-ttl
#subrange_ttl: 24h
metadata_cache:
# Backend for metadata cache, if not empty. Supported values: memcached,
# redis.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.backend
#backend: ""
# The memcached block configures the Memcached-based caching backend.
# The CLI flags prefix for this block configuration is:
# blocks-storage.bucket-store.metadata-cache
memcached: # Optional
# Comma-separated list of memcached addresses. Each address can be an IP
# address, hostname, or an entry specified in the DNS Service Discovery format.
# CLI flag: -<prefix>.memcached.addresses
#addresses: ""
# The socket read/write timeout.
# CLI flag: -<prefix>.memcached.timeout
#timeout: 200ms
# The connection timeout.
# CLI flag: -<prefix>.memcached.connect-timeout
#connect_timeout: 200ms
# (experimental) The size of the write buffer (in bytes). The buffer is
# allocated for each connection to memcached.
# CLI flag: -<prefix>.memcached.write-buffer-size-bytes
#write_buffer_size_bytes: 4096
# (experimental) The size of the read buffer (in bytes). The buffer is allocated
# for each connection to memcached.
# CLI flag: -<prefix>.memcached.read-buffer-size-bytes
#read_buffer_size_bytes: 4096
# (advanced) The minimum number of idle connections to keep open as a percentage
# (0-100) of the number of recently used idle connections. If negative, idle
# connections are kept open indefinitely.
# CLI flag: -<prefix>.memcached.min-idle-connections-headroom-percentage
#min_idle_connections_headroom_percentage: -1
# (advanced) The maximum number of idle connections that will be maintained per
# address.
# CLI flag: -<prefix>.memcached.max-idle-connections
#max_idle_connections: 100
# (advanced) The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -<prefix>.memcached.max-async-concurrency
#max_async_concurrency: 50
# (advanced) The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -<prefix>.memcached.max-async-buffer-size
#max_async_buffer_size: 25000
# (advanced) The maximum number of concurrent connections running get
# operations. If set to 0, concurrency is unlimited.
# CLI flag: -<prefix>.memcached.max-get-multi-concurrency
#max_get_multi_concurrency: 100
# (advanced) The maximum number of keys a single underlying get operation should
# run. If more keys are specified, internally keys are split into multiple
# batches and fetched concurrently, honoring the max concurrency. If set to 0,
# the max batch size is unlimited.
# CLI flag: -<prefix>.memcached.max-get-multi-batch-size
#max_get_multi_batch_size: 100
# (advanced) The maximum size of an item stored in memcached, in bytes. Bigger
# items are not stored. If set to 0, no maximum size is enforced.
# CLI flag: -<prefix>.memcached.max-item-size
#max_item_size: 1048576
# (advanced) Enable connecting to Memcached with TLS.
# CLI flag: -<prefix>.memcached.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.memcached.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -<prefix>.memcached.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.memcached.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -<prefix>.memcached.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -<prefix>.memcached.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.memcached.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.memcached.tls-min-version
#tls_min_version: ""
# The redis block configures the Redis-based caching backend.
# The CLI flags prefix for this block configuration is:
# blocks-storage.bucket-store.metadata-cache
redis: # Optional
# Redis Server or Cluster configuration endpoint to use for caching. A
# comma-separated list of endpoints for Redis Cluster or Redis Sentinel.
# CLI flag: -<prefix>.redis.endpoint
#endpoint: ""
# Username to use when connecting to Redis.
# CLI flag: -<prefix>.redis.username
#username: ""
# Password to use when connecting to Redis.
# CLI flag: -<prefix>.redis.password
#password: ""
# Database index.
# CLI flag: -<prefix>.redis.db
#db: 0
# (advanced) Redis Sentinel master name. An empty string for Redis Server or
# Redis Cluster.
# CLI flag: -<prefix>.redis.master-name
#master_name: ""
# (advanced) Client dial timeout.
# CLI flag: -<prefix>.redis.dial-timeout
#dial_timeout: 5s
# (advanced) Client read timeout.
# CLI flag: -<prefix>.redis.read-timeout
#read_timeout: 3s
# (advanced) Client write timeout.
# CLI flag: -<prefix>.redis.write-timeout
#write_timeout: 3s
# (advanced) Maximum number of connections in the pool.
# CLI flag: -<prefix>.redis.connection-pool-size
#connection_pool_size: 100
# (advanced) Maximum duration to wait to get a connection from pool.
# CLI flag: -<prefix>.redis.connection-pool-timeout
#connection_pool_timeout: 4s
# (advanced) Minimum number of idle connections.
# CLI flag: -<prefix>.redis.min-idle-connections
#min_idle_connections: 10
# (advanced) Amount of time after which client closes idle connections.
# CLI flag: -<prefix>.redis.idle-timeout
#idle_timeout: 5m
# (advanced) Close connections older than this duration. If the value is zero,
# then the pool does not close connections based on age.
# CLI flag: -<prefix>.redis.max-connection-age
#max_connection_age: 0s
# (advanced) The maximum size of an item stored in Redis. Bigger items are not
# stored. If set to 0, no maximum size is enforced.
# CLI flag: -<prefix>.redis.max-item-size
#max_item_size: 16777216
# (advanced) The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -<prefix>.redis.max-async-concurrency
#max_async_concurrency: 50
# (advanced) The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -<prefix>.redis.max-async-buffer-size
#max_async_buffer_size: 25000
# (advanced) The maximum number of concurrent connections running get
# operations. If set to 0, concurrency is unlimited.
# CLI flag: -<prefix>.redis.max-get-multi-concurrency
#max_get_multi_concurrency: 100
# (advanced) The maximum size per batch for mget operations.
# CLI flag: -<prefix>.redis.max-get-multi-batch-size
#max_get_multi_batch_size: 100
# (advanced) Enable connecting to Redis with TLS.
# CLI flag: -<prefix>.redis.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.redis.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -<prefix>.redis.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.redis.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -<prefix>.redis.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -<prefix>.redis.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.redis.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.redis.tls-min-version
#tls_min_version: ""
# (advanced) How long to cache list of tenants in the bucket.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.tenants-list-ttl
#tenants_list_ttl: 15m
# (advanced) How long to cache list of blocks for each tenant.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.tenant-blocks-list-ttl
#tenant_blocks_list_ttl: 5m
# (advanced) How long to cache list of chunks for a block.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.chunks-list-ttl
#chunks_list_ttl: 24h
# (advanced) How long to cache information that block metafile exists. Also
# used for tenant deletion mark file.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-exists-ttl
#metafile_exists_ttl: 2h
# (advanced) How long to cache information that block metafile doesn't
# exist. Also used for tenant deletion mark file.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-doesnt-exist-ttl
#metafile_doesnt_exist_ttl: 5m
# (advanced) How long to cache content of the metafile.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-content-ttl
#metafile_content_ttl: 24h
# (advanced) Maximum size of metafile content to cache in bytes. Caching
# will be skipped if the content exceeds this size. This is useful to avoid
# network round trip for large content if the configured caching backend has
# an hard limit on cached items size (in this case, you should set this
# limit to the same limit in the caching backend).
# CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-max-size-bytes
#metafile_max_size_bytes: 1048576
# (advanced) How long to cache attributes of the block metafile.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-attributes-ttl
#metafile_attributes_ttl: 168h
# (advanced) How long to cache attributes of the block index.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.block-index-attributes-ttl
#block_index_attributes_ttl: 168h
# (advanced) How long to cache content of the bucket index.
# CLI flag: -blocks-storage.bucket-store.metadata-cache.bucket-index-content-ttl
#bucket_index_content_ttl: 5m
# (advanced) Maximum size of bucket index content to cache in bytes. Caching
# will be skipped if the content exceeds this size. This is useful to avoid
# network round trip for large content if the configured caching backend has
# an hard limit on cached items size (in this case, you should set this
# limit to the same limit in the caching backend).
# CLI flag: -blocks-storage.bucket-store.metadata-cache.bucket-index-max-size-bytes
#bucket_index_max_size_bytes: 1048576
# (advanced) Duration after which the blocks marked for deletion will be
# filtered out while fetching blocks. The idea of ignore-deletion-marks-delay
# is to ignore blocks that are marked for deletion with some delay. This
# ensures store can still serve blocks that are meant to be deleted but do not
# have a replacement yet.
# CLI flag: -blocks-storage.bucket-store.ignore-deletion-marks-delay
#ignore_deletion_mark_delay: 1h
bucket_index:
# (advanced) How frequently a bucket index, which previously failed to load,
# should be tried to load again. This option is used only by querier.
# CLI flag: -blocks-storage.bucket-store.bucket-index.update-on-error-interval
#update_on_error_interval: 1m
# (advanced) How long a unused bucket index should be cached. Once this
# timeout expires, the unused bucket index is removed from the in-memory
# cache. This option is used only by querier.
# CLI flag: -blocks-storage.bucket-store.bucket-index.idle-timeout
#idle_timeout: 1h
# (advanced) The maximum allowed age of a bucket index (last updated) before
# queries start failing because the bucket index is too old. The bucket
# index is periodically updated by the compactor, and this check is enforced
# in the querier (at query time).
# CLI flag: -blocks-storage.bucket-store.bucket-index.max-stale-period
#max_stale_period: 1h
# (advanced) Blocks with minimum time within this duration are ignored, and
# not loaded by store-gateway. Useful when used together with
# -querier.query-store-after to prevent loading young blocks, because there
# are usually many of them (depending on number of ingesters) and they are not
# yet compacted. Negative values or 0 disable the filter.
# CLI flag: -blocks-storage.bucket-store.ignore-blocks-within
#ignore_blocks_within: 10h
# (advanced) Max size - in bytes - of the in-memory series hash cache. The
# cache is shared across all tenants and it's used only when query sharding is
# enabled.
# CLI flag: -blocks-storage.bucket-store.series-hash-cache-max-size-bytes
#series_hash_cache_max_size_bytes: 1073741824
# (advanced) Max size - in bytes - of a gap for which the partitioner
# aggregates together two bucket GET object requests.
# CLI flag: -blocks-storage.bucket-store.partitioner-max-gap-bytes
#partitioner_max_gap_bytes: 524288
# (advanced) Controls what is the ratio of postings offsets that the store
# will hold in memory.
# CLI flag: -blocks-storage.bucket-store.posting-offsets-in-mem-sampling
#postings_offsets_in_mem_sampling: 32
index_header:
# (advanced) Maximum number of idle file handles the store-gateway keeps
# open for each index-header file.
# CLI flag: -blocks-storage.bucket-store.index-header.max-idle-file-handles
#max_idle_file_handles: 1
# (experimental) If enabled, store-gateway will periodically persist block
# IDs of lazy loaded index-headers and load them eagerly during startup.
# Ignored if index-header lazy loading is disabled.
# CLI flag: -blocks-storage.bucket-store.index-header.eager-loading-startup-enabled
#eager_loading_startup_enabled: true
# (advanced) If enabled, store-gateway will lazy load an index-header only
# once required by a query.
# CLI flag: -blocks-storage.bucket-store.index-header.lazy-loading-enabled
#lazy_loading_enabled: true
# (advanced) If index-header lazy loading is enabled and this setting is >
# 0, the store-gateway will offload unused index-headers after 'idle
# timeout' inactivity.
# CLI flag: -blocks-storage.bucket-store.index-header.lazy-loading-idle-timeout
#lazy_loading_idle_timeout: 1h
# (advanced) Maximum number of concurrent index header loads across all
# tenants. If set to 0, concurrency is unlimited.
# CLI flag: -blocks-storage.bucket-store.index-header.lazy-loading-concurrency
#lazy_loading_concurrency: 4
# (advanced) If true, verify the checksum of index headers upon loading them
# (either on startup or lazily when lazy loading is enabled). Setting to
# true helps detect disk corruption at the cost of slowing down index header
# loading.
# CLI flag: -blocks-storage.bucket-store.index-header.verify-on-load
#verify_on_load: false
# (advanced) This option controls how many series to fetch per batch. The
# batch size must be greater than 0.
# CLI flag: -blocks-storage.bucket-store.batch-series-size
#streaming_series_batch_size: 5000
# (experimental) This option controls the strategy to selection of series and
# deferring application of matchers. A more aggressive strategy will fetch
# less posting lists at the cost of more series. This is useful when querying
# large blocks in which many series share the same label name and value.
# Supported values (most aggressive to least aggressive): speculative,
# worst-case, worst-case-small-posting-lists, all.
# CLI flag: -blocks-storage.bucket-store.series-selection-strategy
#series_selection_strategy: "worst-case"
series_selection_strategies:
# (experimental) This option is only used when
# blocks-storage.bucket-store.series-selection-strategy=worst-case.
# Increasing the series preference results in fetching more series than
# postings. Must be a positive floating point number.
# CLI flag: -blocks-storage.bucket-store.series-selection-strategies.worst-case-series-preference
#worst_case_series_preference: 0.75
tsdb:
# Directory to store TSDBs (including WAL) in the ingesters. This directory is
# required to be persisted between restarts.
# CLI flag: -blocks-storage.tsdb.dir
#dir: "./tsdb/"
# TSDB blocks retention in the ingester before a block is removed. If shipping
# is enabled, the retention will be relative to the time when the block was
# uploaded to storage. If shipping is disabled then its relative to the
# creation time of the block. This should be larger than the
# -blocks-storage.tsdb.block-ranges-period, -querier.query-store-after and
# large enough to give store-gateways and queriers enough time to discover
# newly uploaded blocks.
# CLI flag: -blocks-storage.tsdb.retention-period
#retention_period: 13h
# (advanced) How frequently the TSDB blocks are scanned and new ones are
# shipped to the storage. 0 means shipping is disabled.
# CLI flag: -blocks-storage.tsdb.ship-interval
#ship_interval: 1m
# (advanced) Maximum number of tenants concurrently shipping blocks to the
# storage.
# CLI flag: -blocks-storage.tsdb.ship-concurrency
#ship_concurrency: 10
# (advanced) How frequently the ingester checks whether the TSDB head should
# be compacted and, if so, triggers the compaction. Mimir applies a jitter to
# the first check, and subsequent checks will happen at the configured
# interval. A block is only created if data covers the smallest block range.
# The configured interval must be between 0 and 15 minutes.
# CLI flag: -blocks-storage.tsdb.head-compaction-interval
#head_compaction_interval: 1m
# (advanced) Maximum number of tenants concurrently compacting TSDB head into
# a new block
# CLI flag: -blocks-storage.tsdb.head-compaction-concurrency
#head_compaction_concurrency: 1
# (advanced) If TSDB head is idle for this duration, it is compacted. Note
# that up to 25% jitter is added to the value to avoid ingesters compacting
# concurrently. 0 means disabled.
# CLI flag: -blocks-storage.tsdb.head-compaction-idle-timeout
#head_compaction_idle_timeout: 1h
# (advanced) The write buffer size used by the head chunks mapper. Lower
# values reduce memory utilisation on clusters with a large number of tenants
# at the cost of increased disk I/O operations. The configured buffer size
# must be between 65536 and 8388608.
# CLI flag: -blocks-storage.tsdb.head-chunks-write-buffer-size-bytes
#head_chunks_write_buffer_size_bytes: 4194304
# (experimental) How much variance (as percentage between 0 and 1) should be
# applied to the chunk end time, to spread chunks writing across time. Doesn't
# apply to the last chunk of the chunk range. 0 means no variance.
# CLI flag: -blocks-storage.tsdb.head-chunks-end-time-variance
#head_chunks_end_time_variance: 0
# (advanced) The number of shards of series to use in TSDB (must be a power of
# 2). Reducing this will decrease memory footprint, but can negatively impact
# performance.
# CLI flag: -blocks-storage.tsdb.stripe-size
#stripe_size: 16384
# (advanced) True to enable TSDB WAL compression.
# CLI flag: -blocks-storage.tsdb.wal-compression-enabled
#wal_compression_enabled: false
# (advanced) TSDB WAL segments files max size (bytes).
# CLI flag: -blocks-storage.tsdb.wal-segment-size-bytes
#wal_segment_size_bytes: 134217728
# (advanced) Maximum number of CPUs that can simultaneously processes WAL
# replay. If it is set to 0, then each TSDB is replayed with a concurrency
# equal to the number of CPU cores available on the machine.
# CLI flag: -blocks-storage.tsdb.wal-replay-concurrency
#wal_replay_concurrency: 0
# (advanced) True to flush blocks to storage on shutdown. If false, incomplete
# blocks will be reused after restart.
# CLI flag: -blocks-storage.tsdb.flush-blocks-on-shutdown
#flush_blocks_on_shutdown: false
# (advanced) If TSDB has not received any data for this duration, and all
# blocks from TSDB have been shipped, TSDB is closed and deleted from local
# disk. If set to positive value, this value should be equal or higher than
# -querier.query-ingesters-within flag to make sure that TSDB is not closed
# prematurely, which could cause partial query results. 0 or negative value
# disables closing of idle TSDB.
# CLI flag: -blocks-storage.tsdb.close-idle-tsdb-timeout
#close_idle_tsdb_timeout: 13h
# (experimental) True to enable snapshotting of in-memory TSDB data on disk
# when shutting down.
# CLI flag: -blocks-storage.tsdb.memory-snapshot-on-shutdown
#memory_snapshot_on_shutdown: false
# (advanced) The size of the write queue used by the head chunks mapper. Lower
# values reduce memory utilisation at the cost of potentially higher ingest
# latency. Value of 0 switches chunks mapper to implementation without a
# queue.
# CLI flag: -blocks-storage.tsdb.head-chunks-write-queue-size
#head_chunks_write_queue_size: 1000000
# (advanced) Max size - in bytes - of the in-memory series hash cache. The
# cache is shared across all tenants and it's used only when query sharding is
# enabled.
# CLI flag: -blocks-storage.tsdb.series-hash-cache-max-size-bytes
#series_hash_cache_max_size_bytes: 367001600
# (experimental) Maximum capacity for out of order chunks, in samples between
# 1 and 255.
# CLI flag: -blocks-storage.tsdb.out-of-order-capacity-max
#out_of_order_capacity_max: 32
# (experimental) How long to cache postings for matchers in the Head and
# OOOHead. 0 disables the cache and just deduplicates the in-flight calls.
# CLI flag: -blocks-storage.tsdb.head-postings-for-matchers-cache-ttl
#head_postings_for_matchers_cache_ttl: 10s
# (deprecated) Maximum number of entries in the cache for postings for
# matchers in the Head and OOOHead when TTL is greater than 0.
# CLI flag: -blocks-storage.tsdb.head-postings-for-matchers-cache-size
#head_postings_for_matchers_cache_size: 100
# (experimental) Maximum size in bytes of the cache for postings for matchers
# in the Head and OOOHead when TTL is greater than 0.
# CLI flag: -blocks-storage.tsdb.head-postings-for-matchers-cache-max-bytes
#head_postings_for_matchers_cache_max_bytes: 104857600
# (experimental) Force the cache to be used for postings for matchers in the
# Head and OOOHead, even if it's not a concurrent (query-sharding) call.
# CLI flag: -blocks-storage.tsdb.head-postings-for-matchers-cache-force
#head_postings_for_matchers_cache_force: false
# (experimental) How long to cache postings for matchers in each compacted
# block queried from the ingester. 0 disables the cache and just deduplicates
# the in-flight calls.
# CLI flag: -blocks-storage.tsdb.block-postings-for-matchers-cache-ttl
#block_postings_for_matchers_cache_ttl: 10s
# (deprecated) Maximum number of entries in the cache for postings for
# matchers in each compacted block when TTL is greater than 0.
# CLI flag: -blocks-storage.tsdb.block-postings-for-matchers-cache-size
#block_postings_for_matchers_cache_size: 100
# (experimental) Maximum size in bytes of the cache for postings for matchers
# in each compacted block when TTL is greater than 0.
# CLI flag: -blocks-storage.tsdb.block-postings-for-matchers-cache-max-bytes
#block_postings_for_matchers_cache_max_bytes: 104857600
# (experimental) Force the cache to be used for postings for matchers in
# compacted blocks, even if it's not a concurrent (query-sharding) call.
# CLI flag: -blocks-storage.tsdb.block-postings-for-matchers-cache-force
#block_postings_for_matchers_cache_force: false
# (experimental) When the number of in-memory series in the ingester is equal
# to or greater than this setting, the ingester tries to compact the TSDB
# Head. The early compaction removes from the memory all samples and inactive
# series up until -ingester.active-series-metrics-idle-timeout time ago. After
# an early compaction, the ingester will not accept any sample with a
# timestamp older than -ingester.active-series-metrics-idle-timeout time ago
# (unless out of order ingestion is enabled). The ingester checks every
# -blocks-storage.tsdb.head-compaction-interval whether an early compaction is
# required. Use 0 to disable it.
# CLI flag: -blocks-storage.tsdb.early-head-compaction-min-in-memory-series
#early_head_compaction_min_in_memory_series: 0
# (experimental) When the early compaction is enabled, the early compaction is
# triggered only if the estimated series reduction is at least the configured
# percentage (0-100).
# CLI flag: -blocks-storage.tsdb.early-head-compaction-min-estimated-series-reduction-percentage
#early_head_compaction_min_estimated_series_reduction_percentage: 15
# (experimental) Allows head compaction to happen when the min block range can
# no longer be appended, without requiring 1.5x the chunk range worth of data
# in the head.
# CLI flag: -blocks-storage.tsdb.timely-head-compaction-enabled
#timely_head_compaction_enabled: false
# The compactor block configures the compactor component.
compactor: # Optional
# (advanced) List of compaction time ranges.
# CLI flag: -compactor.block-ranges
#block_ranges: 2h0m0s,12h0m0s,24h0m0s
# (advanced) Number of Go routines to use when downloading blocks for compaction
# and uploading resulting blocks.
# CLI flag: -compactor.block-sync-concurrency
#block_sync_concurrency: 8
# (advanced) Number of Go routines to use when syncing block meta files from the
# long term storage.
# CLI flag: -compactor.meta-sync-concurrency
#meta_sync_concurrency: 20
# Directory to temporarily store blocks during compaction. This directory is not
# required to be persisted between restarts.
# CLI flag: -compactor.data-dir
#data_dir: "./data-compactor/"
# (advanced) The frequency at which the compaction runs
# CLI flag: -compactor.compaction-interval
#compaction_interval: 1h
# (advanced) How many times to retry a failed compaction within a single
# compaction run.
# CLI flag: -compactor.compaction-retries
#compaction_retries: 3
# (advanced) Max number of concurrent compactions running.
# CLI flag: -compactor.compaction-concurrency
#compaction_concurrency: 1
# How long the compactor waits before compacting first-level blocks that are
# uploaded by the ingesters. This configuration option allows for the reduction
# of cases where the compactor begins to compact blocks before all ingesters
# have uploaded their blocks to the storage.
# CLI flag: -compactor.first-level-compaction-wait-period
#first_level_compaction_wait_period: 25m
# (advanced) How frequently the compactor should run blocks cleanup and
# maintenance, as well as update the bucket index.
# CLI flag: -compactor.cleanup-interval
#cleanup_interval: 15m
# (advanced) Max number of tenants for which blocks cleanup and maintenance
# should run concurrently.
# CLI flag: -compactor.cleanup-concurrency
#cleanup_concurrency: 20
# (advanced) Time before a block marked for deletion is deleted from bucket. If
# not 0, blocks will be marked for deletion and the compactor component will
# permanently delete blocks marked for deletion from the bucket. If 0, blocks
# will be deleted straight away. Note that deleting blocks immediately can cause
# query failures.
# CLI flag: -compactor.deletion-delay
#deletion_delay: 12h
# (advanced) For tenants marked for deletion, this is the time between deletion
# of the last block, and doing final cleanup (marker files, debug files) of the
# tenant.
# CLI flag: -compactor.tenant-cleanup-delay
#tenant_cleanup_delay: 6h
# (advanced) Max time for starting compactions for a single tenant. After this
# time no new compactions for the tenant are started before next compaction
# cycle. This can help in multi-tenant environments to avoid single tenant using
# all compaction time, but also in single-tenant environments to force new
# discovery of blocks more often. 0 = disabled.
# CLI flag: -compactor.max-compaction-time
#max_compaction_time: 1h
# (experimental) If enabled, will delete the bucket-index, markers and debug
# files in the tenant bucket when there are no blocks left in the index.
# CLI flag: -compactor.no-blocks-file-cleanup-enabled
#no_blocks_file_cleanup_enabled: false
# (advanced) Number of goroutines opening blocks before compaction.
# CLI flag: -compactor.max-opening-blocks-concurrency
#max_opening_blocks_concurrency: 1
# (advanced) Max number of blocks that can be closed concurrently during split
# compaction. Note that closing a newly compacted block uses a lot of memory for
# writing the index.
# CLI flag: -compactor.max-closing-blocks-concurrency
#max_closing_blocks_concurrency: 1
# (advanced) Number of symbols flushers used when doing split compaction.
# CLI flag: -compactor.symbols-flushers-concurrency
#symbols_flushers_concurrency: 1
# (advanced) Max number of uploaded blocks that can be validated concurrently. 0
# = no limit.
# CLI flag: -compactor.max-block-upload-validation-concurrency
#max_block_upload_validation_concurrency: 1
# (advanced) Comma separated list of tenants that can be compacted. If
# specified, only these tenants will be compacted by the compactor, otherwise
# all tenants can be compacted. Subject to sharding.
# CLI flag: -compactor.enabled-tenants
#enabled_tenants: ""
# (advanced) Comma separated list of tenants that cannot be compacted by the
# compactor. If specified, and the compactor would normally pick a given tenant
# for compaction (via -compactor.enabled-tenants or sharding), it will be
# ignored instead.
# CLI flag: -compactor.disabled-tenants
#disabled_tenants: ""
sharding_ring:
# The key-value store used to share the hash ring across multiple instances.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -compactor.ring.store
#store: "memberlist"
# (advanced) The prefix for the keys in the store. Should end with a /.
# CLI flag: -compactor.ring.prefix
#prefix: "collectors/"
# The consul block configures the consul client.
# The CLI flags prefix for this block configuration is: compactor.ring
#consul: <consul>
# The etcd block configures the etcd client.
# The CLI flags prefix for this block configuration is: compactor.ring
#etcd: <etcd>
multi:
# (advanced) Primary backend storage used by multi-client.
# CLI flag: -compactor.ring.multi.primary
#primary: ""
# (advanced) Secondary backend storage used by multi-client.
# CLI flag: -compactor.ring.multi.secondary
#secondary: ""
# (advanced) Mirror writes to secondary store.
# CLI flag: -compactor.ring.multi.mirror-enabled
#mirror_enabled: false
# (advanced) Timeout for storing value to secondary store.
# CLI flag: -compactor.ring.multi.mirror-timeout
#mirror_timeout: 2s
# (advanced) Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -compactor.ring.heartbeat-period
#heartbeat_period: 15s
# (advanced) The heartbeat timeout after which compactors are considered
# unhealthy within the ring. 0 = never (timeout disabled).
# CLI flag: -compactor.ring.heartbeat-timeout
#heartbeat_timeout: 1m
# (advanced) Instance ID to register in the ring.
# CLI flag: -compactor.ring.instance-id
#instance_id: "<hostname>"
# List of network interface names to look up when finding the instance IP
# address.
# CLI flag: -compactor.ring.instance-interface-names
#instance_interface_names: [<private network interfaces>]
# (advanced) Port to advertise in the ring (defaults to
# -server.grpc-listen-port).
# CLI flag: -compactor.ring.instance-port
#instance_port: 0
# (advanced) IP address to advertise in the ring. Default is auto-detected.
# CLI flag: -compactor.ring.instance-addr
#instance_addr: ""
# (advanced) Enable using a IPv6 instance address. (default false)
# CLI flag: -compactor.ring.instance-enable-ipv6
#instance_enable_ipv6: false
# (advanced) Minimum time to wait for ring stability at startup. 0 to disable.
# CLI flag: -compactor.ring.wait-stability-min-duration
#wait_stability_min_duration: 0s
# (advanced) Maximum time to wait for ring stability at startup. If the
# compactor ring keeps changing after this period of time, the compactor will
# start anyway.
# CLI flag: -compactor.ring.wait-stability-max-duration
#wait_stability_max_duration: 5m
# (advanced) Timeout for waiting on compactor to become ACTIVE in the ring.
# CLI flag: -compactor.ring.wait-active-instance-timeout
#wait_active_instance_timeout: 10m
# (advanced) The sorting to use when deciding which compaction jobs should run
# first for a given tenant. Supported values are:
# smallest-range-oldest-blocks-first, newest-blocks-first.
# CLI flag: -compactor.compaction-jobs-order
#compaction_jobs_order: "smallest-range-oldest-blocks-first"
# The store_gateway block configures the store-gateway component.
store_gateway: # Optional
# The hash ring configuration.
sharding_ring:
# The key-value store used to share the hash ring across multiple instances.
# This option needs be set both on the store-gateway, querier and ruler when
# running in microservices mode.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -store-gateway.sharding-ring.store
#store: "memberlist"
# (advanced) The prefix for the keys in the store. Should end with a /.
# CLI flag: -store-gateway.sharding-ring.prefix
#prefix: "collectors/"
# The consul block configures the consul client.
# The CLI flags prefix for this block configuration is:
# store-gateway.sharding-ring
#consul: <consul>
# The etcd block configures the etcd client.
# The CLI flags prefix for this block configuration is:
# store-gateway.sharding-ring
#etcd: <etcd>
multi:
# (advanced) Primary backend storage used by multi-client.
# CLI flag: -store-gateway.sharding-ring.multi.primary
#primary: ""
# (advanced) Secondary backend storage used by multi-client.
# CLI flag: -store-gateway.sharding-ring.multi.secondary
#secondary: ""
# (advanced) Mirror writes to secondary store.
# CLI flag: -store-gateway.sharding-ring.multi.mirror-enabled
#mirror_enabled: false
# (advanced) Timeout for storing value to secondary store.
# CLI flag: -store-gateway.sharding-ring.multi.mirror-timeout
#mirror_timeout: 2s
# (advanced) Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -store-gateway.sharding-ring.heartbeat-period
#heartbeat_period: 15s
# (advanced) The heartbeat timeout after which store gateways are considered
# unhealthy within the ring. 0 = never (timeout disabled). This option needs
# be set both on the store-gateway, querier and ruler when running in
# microservices mode.
# CLI flag: -store-gateway.sharding-ring.heartbeat-timeout
#heartbeat_timeout: 1m
# (advanced) The replication factor to use when sharding blocks. This option
# needs be set both on the store-gateway, querier and ruler when running in
# microservices mode.
# CLI flag: -store-gateway.sharding-ring.replication-factor
#replication_factor: 3
# File path where tokens are stored. If empty, tokens are not stored at
# shutdown and restored at startup.
# CLI flag: -store-gateway.sharding-ring.tokens-file-path
#tokens_file_path: ""
# (advanced) Number of tokens for each store-gateway.
# CLI flag: -store-gateway.sharding-ring.num-tokens
#num_tokens: 512
# True to enable zone-awareness and replicate blocks across different
# availability zones. This option needs be set both on the store-gateway,
# querier and ruler when running in microservices mode.
# CLI flag: -store-gateway.sharding-ring.zone-awareness-enabled
#zone_awareness_enabled: false
# When enabled, a store-gateway is automatically removed from the ring after
# failing to heartbeat the ring for a period longer than 10 times the
# configured -store-gateway.sharding-ring.heartbeat-timeout.
# CLI flag: -store-gateway.sharding-ring.auto-forget-enabled
#auto_forget_enabled: true
# (advanced) Minimum time to wait for ring stability at startup, if set to
# positive value.
# CLI flag: -store-gateway.sharding-ring.wait-stability-min-duration
#wait_stability_min_duration: 0s
# (advanced) Maximum time to wait for ring stability at startup. If the
# store-gateway ring keeps changing after this period of time, the
# store-gateway will start anyway.
# CLI flag: -store-gateway.sharding-ring.wait-stability-max-duration
#wait_stability_max_duration: 5m
# (advanced) Instance ID to register in the ring.
# CLI flag: -store-gateway.sharding-ring.instance-id
#instance_id: "<hostname>"
# List of network interface names to look up when finding the instance IP
# address.
# CLI flag: -store-gateway.sharding-ring.instance-interface-names
#instance_interface_names: [<private network interfaces>]
# (advanced) Port to advertise in the ring (defaults to
# -server.grpc-listen-port).
# CLI flag: -store-gateway.sharding-ring.instance-port
#instance_port: 0
# (advanced) IP address to advertise in the ring. Default is auto-detected.
# CLI flag: -store-gateway.sharding-ring.instance-addr
#instance_addr: ""
# (advanced) Enable using a IPv6 instance address. (default false)
# CLI flag: -store-gateway.sharding-ring.instance-enable-ipv6
#instance_enable_ipv6: false
# The availability zone where this instance is running. Required if
# zone-awareness is enabled.
# CLI flag: -store-gateway.sharding-ring.instance-availability-zone
#instance_availability_zone: ""
# Unregister from the ring upon clean shutdown.
# CLI flag: -store-gateway.sharding-ring.unregister-on-shutdown
#unregister_on_shutdown: true
tenant_federation:
# If enabled on all services, queries can be federated across multiple
# tenants. The tenant IDs involved need to be specified separated by a '|'
# character in the 'X-Scope-OrgID' header.
# CLI flag: -tenant-federation.enabled
#enabled: false
# (experimental) The number of workers used for each tenant federated query.
# This setting limits the maximum number of per-tenant queries executed at a
# time for a tenant federated query.
# CLI flag: -tenant-federation.max-concurrent
#max_concurrent: 16
# (experimental) The max number of tenant IDs that may be supplied for a
# federated query if enabled. 0 to disable the limit.
# CLI flag: -tenant-federation.max-tenants
#max_tenants: 0
activity_tracker:
# File where ongoing activities are stored. If empty, activity tracking is
# disabled.
# CLI flag: -activity-tracker.filepath
#filepath: "./metrics-activity.log"
# (advanced) Max number of concurrent activities that can be tracked. Used to
# size the file in advance. Additional activities are ignored.
# CLI flag: -activity-tracker.max-entries
#max_entries: 1024
vault:
# (experimental) Enables fetching of keys and certificates from Vault
# CLI flag: -vault.enabled
#enabled: false
# (experimental) Location of the Vault server
# CLI flag: -vault.url
#url: ""
# (experimental) Location of secrets engine within Vault
# CLI flag: -vault.mount-path
#mount_path: ""
auth:
# (experimental) Authentication type to use. Supported types are: approle,
# kubernetes, userpass, token
# CLI flag: -vault.auth.type
#type: ""
approle:
# (experimental) Role ID of the AppRole
# CLI flag: -vault.auth.approle.role-id
#role_id: ""
# (experimental) Secret ID issued against the AppRole
# CLI flag: -vault.auth.approle.secret-id
#secret_id: ""
# (experimental) Response wrapping token if the Secret ID is response
# wrapped
# CLI flag: -vault.auth.approle.wrapping-token
#wrapping_token: false
# (experimental) Path if the Vault backend was mounted using a non-default
# path
# CLI flag: -vault.auth.approle.mount-path
#mount_path: ""
kubernetes:
# (experimental) The Kubernetes named role
# CLI flag: -vault.auth.kubernetes.role-name
#role_name: ""
# (experimental) The Service Account JWT
# CLI flag: -vault.auth.kubernetes.service-account-token
#service_account_token: ""
# (experimental) Path to where the Kubernetes service account token is
# mounted. By default it lives at
# /var/run/secrets/kubernetes.io/serviceaccount/token. Field will be used
# if the service_account_token is not specified.
# CLI flag: -vault.auth.kubernetes.service-account-token-path
#service_account_token_path: ""
# (experimental) Path if the Vault backend was mounted using a non-default
# path
# CLI flag: -vault.auth.kubernetes.mount-path
#mount_path: ""
userpass:
# (experimental) The userpass auth method username
# CLI flag: -vault.auth.userpass.username
#username: ""
# (experimental) The userpass auth method password
# CLI flag: -vault.auth.userpass.password
#password: ""
# (experimental) Path if the Vault backend was mounted using a non-default
# path
# CLI flag: -vault.auth.userpass.mount-path
#mount_path: ""
token:
# (experimental) The token used to authenticate against Vault
# CLI flag: -vault.auth.token
#token: ""
# The ruler block configures the ruler.
ruler: # Optional
# URL of alerts return path.
# CLI flag: -ruler.external.url
#external_url:
# Configures the gRPC client used to communicate between ruler instances.
# The CLI flags prefix for this block configuration is: ruler.client
#ruler_client: <grpc_client>
# (advanced) How frequently to evaluate rules
# CLI flag: -ruler.evaluation-interval
#evaluation_interval: 1m
# (advanced) How frequently the configured rule groups are re-synced from the
# object storage.
# CLI flag: -ruler.poll-interval
#poll_interval: 10m
# Directory to store temporary rule files loaded by the Prometheus rule
# managers. This directory is not required to be persisted between restarts.
# CLI flag: -ruler.rule-path
#rule_path: "./data-ruler/"
# Comma-separated list of URL(s) of the Alertmanager(s) to send notifications
# to. Each URL is treated as a separate group. Multiple Alertmanagers in HA per
# group can be supported by using DNS service discovery format, comprehensive of
# the scheme. Basic auth is supported as part of the URL.
# CLI flag: -ruler.alertmanager-url
#alertmanager_url: ""
# (advanced) How long to wait between refreshing DNS resolutions of Alertmanager
# hosts.
# CLI flag: -ruler.alertmanager-refresh-interval
#alertmanager_refresh_interval: 1m
# (advanced) Capacity of the queue for notifications to be sent to the
# Alertmanager.
# CLI flag: -ruler.notification-queue-capacity
#notification_queue_capacity: 10000
# (advanced) HTTP timeout duration when sending notifications to the
# Alertmanager.
# CLI flag: -ruler.notification-timeout
#notification_timeout: 10s
alertmanager_client:
# (advanced) Enable TLS for gRPC client connecting to alertmanager.
# CLI flag: -ruler.alertmanager-client.tls-enabled
#tls_enabled: true
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -ruler.alertmanager-client.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -ruler.alertmanager-client.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate
# against. If not set, the host's root CA certificates are used.
# CLI flag: -ruler.alertmanager-client.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -ruler.alertmanager-client.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -ruler.alertmanager-client.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -ruler.alertmanager-client.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -ruler.alertmanager-client.tls-min-version
#tls_min_version: ""
# HTTP Basic authentication username. It overrides the username set in the URL
# (if any).
# CLI flag: -ruler.alertmanager-client.basic-auth-username
#basic_auth_username: ""
# HTTP Basic authentication password. It overrides the password set in the URL
# (if any).
# CLI flag: -ruler.alertmanager-client.basic-auth-password
#basic_auth_password: ""
# (advanced) Max time to tolerate outage for restoring "for" state of alert.
# CLI flag: -ruler.for-outage-tolerance
#for_outage_tolerance: 1h
# (advanced) This grace period controls which alerts the ruler restores after a
# restart. Alerts with "for" duration lower than this grace period are not
# restored after a ruler restart. This means that if the alerts have been firing
# before the ruler restarted, they will now go to pending state and then to
# firing again after their "for" duration expires. Alerts with "for" duration
# greater than or equal to this grace period that have been pending before the
# ruler restart will remain in pending state for at least this grace period.
# Alerts with "for" duration greater than or equal to this grace period that
# have been firing before the ruler restart will continue to be firing after the
# restart.
# CLI flag: -ruler.for-grace-period
#for_grace_period: 2m
# (advanced) Minimum amount of time to wait before resending an alert to
# Alertmanager.
# CLI flag: -ruler.resend-delay
#resend_delay: 1m
ring:
# The key-value store used to share the hash ring across multiple instances.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -ruler.ring.store
#store: "memberlist"
# (advanced) The prefix for the keys in the store. Should end with a /.
# CLI flag: -ruler.ring.prefix
#prefix: "rulers/"
# The consul block configures the consul client.
# The CLI flags prefix for this block configuration is: ruler.ring
#consul: <consul>
# The etcd block configures the etcd client.
# The CLI flags prefix for this block configuration is: ruler.ring
#etcd: <etcd>
multi:
# (advanced) Primary backend storage used by multi-client.
# CLI flag: -ruler.ring.multi.primary
#primary: ""
# (advanced) Secondary backend storage used by multi-client.
# CLI flag: -ruler.ring.multi.secondary
#secondary: ""
# (advanced) Mirror writes to secondary store.
# CLI flag: -ruler.ring.multi.mirror-enabled
#mirror_enabled: false
# (advanced) Timeout for storing value to secondary store.
# CLI flag: -ruler.ring.multi.mirror-timeout
#mirror_timeout: 2s
# (advanced) Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -ruler.ring.heartbeat-period
#heartbeat_period: 15s
# (advanced) The heartbeat timeout after which rulers are considered unhealthy
# within the ring. 0 = never (timeout disabled).
# CLI flag: -ruler.ring.heartbeat-timeout
#heartbeat_timeout: 1m
# (advanced) Instance ID to register in the ring.
# CLI flag: -ruler.ring.instance-id
#instance_id: "<hostname>"
# List of network interface names to look up when finding the instance IP
# address.
# CLI flag: -ruler.ring.instance-interface-names
#instance_interface_names: [<private network interfaces>]
# (advanced) Port to advertise in the ring (defaults to
# -server.grpc-listen-port).
# CLI flag: -ruler.ring.instance-port
#instance_port: 0
# (advanced) IP address to advertise in the ring. Default is auto-detected.
# CLI flag: -ruler.ring.instance-addr
#instance_addr: ""
# (advanced) Enable using a IPv6 instance address. (default false)
# CLI flag: -ruler.ring.instance-enable-ipv6
#instance_enable_ipv6: false
# (advanced) Number of tokens for each ruler.
# CLI flag: -ruler.ring.num-tokens
#num_tokens: 128
# Enable the ruler config API.
# CLI flag: -ruler.enable-api
#enable_api: true
# (advanced) Comma separated list of tenants whose rules this ruler can
# evaluate. If specified, only these tenants will be handled by ruler, otherwise
# this ruler can process rules from all tenants. Subject to sharding.
# CLI flag: -ruler.enabled-tenants
#enabled_tenants: ""
# (advanced) Comma separated list of tenants whose rules this ruler cannot
# evaluate. If specified, a ruler that would normally pick the specified
# tenant(s) for processing will ignore them instead. Subject to sharding.
# CLI flag: -ruler.disabled-tenants
#disabled_tenants: ""
# (advanced) Report the wall time for ruler queries to complete as a per-tenant
# metric and as an info level log message.
# CLI flag: -ruler.query-stats-enabled
#query_stats_enabled: false
query_frontend:
# GRPC listen address of the query-frontend(s). Must be a DNS address
# (prefixed with dns:///) to enable client side load balancing.
# CLI flag: -ruler.query-frontend.address
#address: ""
# Configures the gRPC client used to communicate between the rulers and
# query-frontends.
# The CLI flags prefix for this block configuration is:
# ruler.query-frontend.grpc-client-config
#grpc_client_config: <grpc_client>
# Format to use when retrieving query results from query-frontends. Supported
# values: json, protobuf
# CLI flag: -ruler.query-frontend.query-result-response-format
#query_result_response_format: "protobuf"
tenant_federation:
# Enable rule groups to query against multiple tenants. The tenant IDs
# involved need to be in the rule group's 'source_tenants' field. If this flag
# is set to 'false' when there are federated rule groups that already exist,
# then these rules groups will be skipped during evaluations.
# CLI flag: -ruler.tenant-federation.enabled
#enabled: false
# The ruler_storage block configures the ruler storage backend.
ruler_storage: # Optional
# Backend storage to use. Supported backends are: s3, gcs, azure, swift,
# filesystem, local.
# CLI flag: -ruler-storage.backend
#backend: "filesystem"
# The s3_backend block configures the connection to Amazon S3 object storage
# backend.
# The CLI flags prefix for this block configuration is: ruler-storage
s3: # Optional
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -<prefix>.s3.endpoint
#endpoint: ""
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call to
# autodetect it.
# CLI flag: -<prefix>.s3.region
#region: ""
# S3 bucket name
# CLI flag: -<prefix>.s3.bucket-name
#bucket_name: ""
# S3 secret access key
# CLI flag: -<prefix>.s3.secret-access-key
#secret_access_key: ""
# S3 access key ID
# CLI flag: -<prefix>.s3.access-key-id
#access_key_id: ""
# (advanced) If enabled, use http:// for the S3 endpoint instead of https://.
# This could be useful in local dev/test environments while using an
# S3-compatible backend storage, like Minio.
# CLI flag: -<prefix>.s3.insecure
#insecure: false
# (advanced) The signature version to use for authenticating against S3.
# Supported values are: v4, v2.
# CLI flag: -<prefix>.s3.signature-version
#signature_version: "v4"
# (advanced) Use a specific version of the S3 list object API. Supported values
# are v1 or v2. Default is unset.
# CLI flag: -<prefix>.s3.list-objects-version
#list_objects_version: ""
# (experimental) The S3 storage class to use, not set by default. Details can be
# found at https://aws.amazon.com/s3/storage-classes/. Supported values are:
# STANDARD, REDUCED_REDUNDANCY, GLACIER, STANDARD_IA, ONEZONE_IA,
# INTELLIGENT_TIERING, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
# CLI flag: -<prefix>.s3.storage-class
#storage_class: ""
# (experimental) If enabled, it will use the default authentication methods of
# the AWS SDK for go based on known environment variables and known AWS config
# files.
# CLI flag: -<prefix>.s3.native-aws-auth-enabled
#native_aws_auth_enabled: false
# (experimental) The minimum file size in bytes used for multipart uploads. If
# 0, the value is optimally computed for each object.
# CLI flag: -<prefix>.s3.part-size
#part_size: 0
# (experimental) If enabled, a Content-MD5 header is sent with S3 Put Object
# requests. Consumes more resources to compute the MD5, but may improve
# compatibility with object storage services that do not support checksums.
# CLI flag: -<prefix>.s3.send-content-md5
#send_content_md5: false
# Accessing S3 resources using temporary, secure credentials provided by AWS
# Security Token Service.
# CLI flag: -<prefix>.s3.sts-endpoint
#sts_endpoint: ""
sse:
# Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
# CLI flag: -<prefix>.s3.sse.type
#type: ""
# KMS Key ID used to encrypt objects in S3
# CLI flag: -<prefix>.s3.sse.kms-key-id
#kms_key_id: ""
# KMS Encryption Context used for object encryption. It expects JSON formatted
# string.
# CLI flag: -<prefix>.s3.sse.kms-encryption-context
#kms_encryption_context: ""
http:
# (advanced) The time an idle connection will remain idle before closing.
# CLI flag: -<prefix>.s3.http.idle-conn-timeout
#idle_conn_timeout: 1m30s
# (advanced) The amount of time the client will wait for a servers response
# headers.
# CLI flag: -<prefix>.s3.http.response-header-timeout
#response_header_timeout: 2m
# (advanced) If the client connects to S3 via HTTPS and this option is
# enabled, the client will accept any certificate and hostname.
# CLI flag: -<prefix>.s3.http.insecure-skip-verify
#insecure_skip_verify: false
# (advanced) Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -<prefix>.s3.tls-handshake-timeout
#tls_handshake_timeout: 10s
# (advanced) The time to wait for a server's first response headers after
# fully writing the request headers if the request has an Expect header. 0 to
# send the request body immediately.
# CLI flag: -<prefix>.s3.expect-continue-timeout
#expect_continue_timeout: 1s
# (advanced) Maximum number of idle (keep-alive) connections across all hosts.
# 0 means no limit.
# CLI flag: -<prefix>.s3.max-idle-connections
#max_idle_connections: 100
# (advanced) Maximum number of idle (keep-alive) connections to keep per-host.
# If 0, a built-in default value is used.
# CLI flag: -<prefix>.s3.max-idle-connections-per-host
#max_idle_connections_per_host: 100
# (advanced) Maximum number of connections per host. 0 means no limit.
# CLI flag: -<prefix>.s3.max-connections-per-host
#max_connections_per_host: 0
# The gcs_backend block configures the connection to Google Cloud Storage object
# storage backend.
# The CLI flags prefix for this block configuration is: ruler-storage
#gcs: <gcs_storage_backend>
# The azure_storage_backend block configures the connection to Azure object
# storage backend.
# The CLI flags prefix for this block configuration is: ruler-storage
#azure: <azure_storage_backend>
# The swift_storage_backend block configures the connection to OpenStack Object
# Storage (Swift) object storage backend.
# The CLI flags prefix for this block configuration is: ruler-storage
#swift: <swift_storage_backend>
# The filesystem_storage_backend block configures the usage of local file system
# as object storage backend.
# The CLI flags prefix for this block configuration is: ruler-storage
filesystem: # Optional
# Local filesystem storage directory.
# CLI flag: -<prefix>.filesystem.dir
#dir: ""
# Prefix for all objects stored in the backend storage. For simplicity, it may
# only contain digits and English alphabet letters.
# CLI flag: -ruler-storage.storage-prefix
#storage_prefix: ""
local:
# Directory to scan for rules
# CLI flag: -ruler-storage.local.directory
#directory: ""
cache:
# Backend for ruler storage cache, if not empty. The cache is supported for
# any storage backend except "local". Supported values: memcached, redis.
# CLI flag: -ruler-storage.cache.backend
#backend: ""
# The memcached block configures the Memcached-based caching backend.
# The CLI flags prefix for this block configuration is: ruler-storage.cache
memcached: # Optional
# Comma-separated list of memcached addresses. Each address can be an IP
# address, hostname, or an entry specified in the DNS Service Discovery format.
# CLI flag: -<prefix>.memcached.addresses
#addresses: ""
# The socket read/write timeout.
# CLI flag: -<prefix>.memcached.timeout
#timeout: 200ms
# The connection timeout.
# CLI flag: -<prefix>.memcached.connect-timeout
#connect_timeout: 200ms
# (experimental) The size of the write buffer (in bytes). The buffer is
# allocated for each connection to memcached.
# CLI flag: -<prefix>.memcached.write-buffer-size-bytes
#write_buffer_size_bytes: 4096
# (experimental) The size of the read buffer (in bytes). The buffer is allocated
# for each connection to memcached.
# CLI flag: -<prefix>.memcached.read-buffer-size-bytes
#read_buffer_size_bytes: 4096
# (advanced) The minimum number of idle connections to keep open as a percentage
# (0-100) of the number of recently used idle connections. If negative, idle
# connections are kept open indefinitely.
# CLI flag: -<prefix>.memcached.min-idle-connections-headroom-percentage
#min_idle_connections_headroom_percentage: -1
# (advanced) The maximum number of idle connections that will be maintained per
# address.
# CLI flag: -<prefix>.memcached.max-idle-connections
#max_idle_connections: 100
# (advanced) The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -<prefix>.memcached.max-async-concurrency
#max_async_concurrency: 50
# (advanced) The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -<prefix>.memcached.max-async-buffer-size
#max_async_buffer_size: 25000
# (advanced) The maximum number of concurrent connections running get
# operations. If set to 0, concurrency is unlimited.
# CLI flag: -<prefix>.memcached.max-get-multi-concurrency
#max_get_multi_concurrency: 100
# (advanced) The maximum number of keys a single underlying get operation should
# run. If more keys are specified, internally keys are split into multiple
# batches and fetched concurrently, honoring the max concurrency. If set to 0,
# the max batch size is unlimited.
# CLI flag: -<prefix>.memcached.max-get-multi-batch-size
#max_get_multi_batch_size: 100
# (advanced) The maximum size of an item stored in memcached, in bytes. Bigger
# items are not stored. If set to 0, no maximum size is enforced.
# CLI flag: -<prefix>.memcached.max-item-size
#max_item_size: 1048576
# (advanced) Enable connecting to Memcached with TLS.
# CLI flag: -<prefix>.memcached.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.memcached.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -<prefix>.memcached.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.memcached.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -<prefix>.memcached.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -<prefix>.memcached.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.memcached.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.memcached.tls-min-version
#tls_min_version: ""
# The redis block configures the Redis-based caching backend.
# The CLI flags prefix for this block configuration is: ruler-storage.cache
redis: # Optional
# Redis Server or Cluster configuration endpoint to use for caching. A
# comma-separated list of endpoints for Redis Cluster or Redis Sentinel.
# CLI flag: -<prefix>.redis.endpoint
#endpoint: ""
# Username to use when connecting to Redis.
# CLI flag: -<prefix>.redis.username
#username: ""
# Password to use when connecting to Redis.
# CLI flag: -<prefix>.redis.password
#password: ""
# Database index.
# CLI flag: -<prefix>.redis.db
#db: 0
# (advanced) Redis Sentinel master name. An empty string for Redis Server or
# Redis Cluster.
# CLI flag: -<prefix>.redis.master-name
#master_name: ""
# (advanced) Client dial timeout.
# CLI flag: -<prefix>.redis.dial-timeout
#dial_timeout: 5s
# (advanced) Client read timeout.
# CLI flag: -<prefix>.redis.read-timeout
#read_timeout: 3s
# (advanced) Client write timeout.
# CLI flag: -<prefix>.redis.write-timeout
#write_timeout: 3s
# (advanced) Maximum number of connections in the pool.
# CLI flag: -<prefix>.redis.connection-pool-size
#connection_pool_size: 100
# (advanced) Maximum duration to wait to get a connection from pool.
# CLI flag: -<prefix>.redis.connection-pool-timeout
#connection_pool_timeout: 4s
# (advanced) Minimum number of idle connections.
# CLI flag: -<prefix>.redis.min-idle-connections
#min_idle_connections: 10
# (advanced) Amount of time after which client closes idle connections.
# CLI flag: -<prefix>.redis.idle-timeout
#idle_timeout: 5m
# (advanced) Close connections older than this duration. If the value is zero,
# then the pool does not close connections based on age.
# CLI flag: -<prefix>.redis.max-connection-age
#max_connection_age: 0s
# (advanced) The maximum size of an item stored in Redis. Bigger items are not
# stored. If set to 0, no maximum size is enforced.
# CLI flag: -<prefix>.redis.max-item-size
#max_item_size: 16777216
# (advanced) The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -<prefix>.redis.max-async-concurrency
#max_async_concurrency: 50
# (advanced) The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -<prefix>.redis.max-async-buffer-size
#max_async_buffer_size: 25000
# (advanced) The maximum number of concurrent connections running get
# operations. If set to 0, concurrency is unlimited.
# CLI flag: -<prefix>.redis.max-get-multi-concurrency
#max_get_multi_concurrency: 100
# (advanced) The maximum size per batch for mget operations.
# CLI flag: -<prefix>.redis.max-get-multi-batch-size
#max_get_multi_batch_size: 100
# (advanced) Enable connecting to Redis with TLS.
# CLI flag: -<prefix>.redis.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -<prefix>.redis.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -<prefix>.redis.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -<prefix>.redis.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -<prefix>.redis.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -<prefix>.redis.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.redis.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.redis.tls-min-version
#tls_min_version: ""
# The alertmanager block configures the alertmanager.
alertmanager: # Optional
# Directory to store Alertmanager state and temporarily configuration files. The
# content of this directory is not required to be persisted between restarts
# unless Alertmanager replication has been disabled.
# CLI flag: -alertmanager.storage.path
#data_dir: "./data-alertmanager/"
# (advanced) How long should we store stateful data (notification logs and
# silences). For notification log entries, refers to how long should we keep
# entries before they expire and are deleted. For silences, refers to how long
# should tenants view silences after they expire and are deleted.
# CLI flag: -alertmanager.storage.retention
#retention: 120h
# The URL under which Alertmanager is externally reachable (eg. could be
# different than -http.alertmanager-http-prefix in case Alertmanager is served
# via a reverse proxy). This setting is used both to configure the internal
# requests router and to generate links in alert templates. If the external URL
# has a path portion, it will be used to prefix all HTTP endpoints served by
# Alertmanager, both the UI and API.
# CLI flag: -alertmanager.web.external-url
#external_url: http://localhost:8080/alertmanager
# (advanced) How frequently to poll Alertmanager configs.
# CLI flag: -alertmanager.configs.poll-interval
#poll_interval: 15s
# (advanced) Maximum size (bytes) of an accepted HTTP request body.
# CLI flag: -alertmanager.max-recv-msg-size
#max_recv_msg_size: 104857600
sharding_ring:
# The key-value store used to share the hash ring across multiple instances.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -alertmanager.sharding-ring.store
#store: "memberlist"
# (advanced) The prefix for the keys in the store. Should end with a /.
# CLI flag: -alertmanager.sharding-ring.prefix
#prefix: "alertmanagers/"
# The consul block configures the consul client.
# The CLI flags prefix for this block configuration is:
# alertmanager.sharding-ring
#consul: <consul>
# The etcd block configures the etcd client.
# The CLI flags prefix for this block configuration is:
# alertmanager.sharding-ring
#etcd: <etcd>
multi:
# (advanced) Primary backend storage used by multi-client.
# CLI flag: -alertmanager.sharding-ring.multi.primary
#primary: ""
# (advanced) Secondary backend storage used by multi-client.
# CLI flag: -alertmanager.sharding-ring.multi.secondary
#secondary: ""
# (advanced) Mirror writes to secondary store.
# CLI flag: -alertmanager.sharding-ring.multi.mirror-enabled
#mirror_enabled: false
# (advanced) Timeout for storing value to secondary store.
# CLI flag: -alertmanager.sharding-ring.multi.mirror-timeout
#mirror_timeout: 2s
# (advanced) Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -alertmanager.sharding-ring.heartbeat-period
#heartbeat_period: 15s
# (advanced) The heartbeat timeout after which alertmanagers are considered
# unhealthy within the ring. 0 = never (timeout disabled).
# CLI flag: -alertmanager.sharding-ring.heartbeat-timeout
#heartbeat_timeout: 1m
# (advanced) Instance ID to register in the ring.
# CLI flag: -alertmanager.sharding-ring.instance-id
#instance_id: "<hostname>"
# List of network interface names to look up when finding the instance IP
# address.
# CLI flag: -alertmanager.sharding-ring.instance-interface-names
#instance_interface_names: [<private network interfaces>]
# (advanced) Port to advertise in the ring (defaults to
# -server.grpc-listen-port).
# CLI flag: -alertmanager.sharding-ring.instance-port
#instance_port: 0
# (advanced) IP address to advertise in the ring. Default is auto-detected.
# CLI flag: -alertmanager.sharding-ring.instance-addr
#instance_addr: ""
# (advanced) Enable using a IPv6 instance address. (default false)
# CLI flag: -alertmanager.sharding-ring.instance-enable-ipv6
#instance_enable_ipv6: false
# (advanced) The replication factor to use when sharding the alertmanager.
# CLI flag: -alertmanager.sharding-ring.replication-factor
#replication_factor: 3
# (advanced) True to enable zone-awareness and replicate alerts across
# different availability zones.
# CLI flag: -alertmanager.sharding-ring.zone-awareness-enabled
#zone_awareness_enabled: false
# (advanced) The availability zone where this instance is running. Required if
# zone-awareness is enabled.
# CLI flag: -alertmanager.sharding-ring.instance-availability-zone
#instance_availability_zone: ""
# Filename of fallback config to use if none specified for instance.
# CLI flag: -alertmanager.configs.fallback
#fallback_config_file: ""
# (advanced) Time to wait between peers to send notifications.
# CLI flag: -alertmanager.peer-timeout
#peer_timeout: 15s
# (advanced) Enable the alertmanager config API.
# CLI flag: -alertmanager.enable-api
#enable_api: true
# (experimental) Enable routes to support the migration and operation of the
# Grafana Alertmanager.
# CLI flag: -alertmanager.grafana-alertmanager-compatibility-enabled
#grafana_alertmanager_compatibility_enabled: false
# (advanced) Maximum number of concurrent GET requests allowed per tenant. The
# zero value (and negative values) result in a limit of GOMAXPROCS or 8,
# whichever is larger. Status code 503 is served for GET requests that would
# exceed the concurrency limit.
# CLI flag: -alertmanager.max-concurrent-get-requests-per-tenant
#max_concurrent_get_requests_per_tenant: 0
alertmanager_client:
# (advanced) Timeout for downstream alertmanagers.
# CLI flag: -alertmanager.alertmanager-client.remote-timeout
#remote_timeout: 2s
# (advanced) gRPC client max receive message size (bytes).
# CLI flag: -alertmanager.alertmanager-client.grpc-max-recv-msg-size
#max_recv_msg_size: 104857600
# (advanced) gRPC client max send message size (bytes).
# CLI flag: -alertmanager.alertmanager-client.grpc-max-send-msg-size
#max_send_msg_size: 104857600
# (advanced) Use compression when sending messages. Supported values are:
# 'gzip', 'snappy' and '' (disable compression)
# CLI flag: -alertmanager.alertmanager-client.grpc-compression
#grpc_compression: ""
# (advanced) Rate limit for gRPC client; 0 means disabled.
# CLI flag: -alertmanager.alertmanager-client.grpc-client-rate-limit
#rate_limit: 0
# (advanced) Rate limit burst for gRPC client.
# CLI flag: -alertmanager.alertmanager-client.grpc-client-rate-limit-burst
#rate_limit_burst: 0
# (advanced) Enable backoff and retry when we hit rate limits.
# CLI flag: -alertmanager.alertmanager-client.backoff-on-ratelimits
#backoff_on_ratelimits: false
backoff_config:
# (advanced) Minimum delay when backing off.
# CLI flag: -alertmanager.alertmanager-client.backoff-min-period
#min_period: 100ms
# (advanced) Maximum delay when backing off.
# CLI flag: -alertmanager.alertmanager-client.backoff-max-period
#max_period: 10s
# (advanced) Number of times to backoff and retry before failing.
# CLI flag: -alertmanager.alertmanager-client.backoff-retries
#max_retries: 10
# (experimental) Initial stream window size. Values less than the default are
# not supported and are ignored. Setting this to a value other than the
# default disables the BDP estimator.
# CLI flag: -alertmanager.alertmanager-client.initial-stream-window-size
#initial_stream_window_size: 63KiB1023B
# (experimental) Initial connection window size. Values less than the default
# are not supported and are ignored. Setting this to a value other than the
# default disables the BDP estimator.
# CLI flag: -alertmanager.alertmanager-client.initial-connection-window-size
#initial_connection_window_size: 63KiB1023B
# (advanced) Enable TLS in the gRPC client. This flag needs to be enabled when
# any other TLS flag is set. If set to false, insecure connection to gRPC
# server will be used.
# CLI flag: -alertmanager.alertmanager-client.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -alertmanager.alertmanager-client.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -alertmanager.alertmanager-client.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate
# against. If not set, the host's root CA certificates are used.
# CLI flag: -alertmanager.alertmanager-client.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -alertmanager.alertmanager-client.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -alertmanager.alertmanager-client.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -alertmanager.alertmanager-client.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -alertmanager.alertmanager-client.tls-min-version
#tls_min_version: ""
# (advanced) The maximum amount of time to establish a connection. A value of
# 0 means default gRPC client connect timeout and backoff.
# CLI flag: -alertmanager.alertmanager-client.connect-timeout
#connect_timeout: 5s
# (advanced) Initial backoff delay after first connection failure. Only
# relevant if ConnectTimeout > 0.
# CLI flag: -alertmanager.alertmanager-client.connect-backoff-base-delay
#connect_backoff_base_delay: 1s
# (advanced) Maximum backoff delay when establishing a connection. Only
# relevant if ConnectTimeout > 0.
# CLI flag: -alertmanager.alertmanager-client.connect-backoff-max-delay
#connect_backoff_max_delay: 5s
# (advanced) The interval between persisting the current alertmanager state
# (notification log and silences) to object storage. This is only used when
# sharding is enabled. This state is read when all replicas for a shard can not
# be contacted. In this scenario, having persisted the state more frequently
# will result in potentially fewer lost silences, and fewer duplicate
# notifications.
# CLI flag: -alertmanager.persist-interval
#persist_interval: 15m
# (advanced) Enables periodic cleanup of alertmanager stateful data
# (notification logs and silences) from object storage. When enabled, data is
# removed for any tenant that does not have a configuration.
# CLI flag: -alertmanager.enable-state-cleanup
#enable_state_cleanup: true
# (experimental) Enable UTF-8 strict mode. Allows UTF-8 characters in the
# matchers for routes and inhibition rules, in silences, and in the labels for
# alerts. It is recommended to check both alertmanager_matchers_disagree_total
# and alertmanager_matchers_incompatible_total metrics before using this mode as
# otherwise some tenant configurations might fail to load.
# CLI flag: -alertmanager.utf8-strict-mode-enabled
#utf8_strict_mode: false
# The alertmanager_storage block configures the alertmanager storage backend.
alertmanager_storage: # Optional
# Backend storage to use. Supported backends are: s3, gcs, azure, swift,
# filesystem, local.
# CLI flag: -alertmanager-storage.backend
#backend: "filesystem"
# The s3_backend block configures the connection to Amazon S3 object storage
# backend.
# The CLI flags prefix for this block configuration is: alertmanager-storage
s3: # Optional
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -<prefix>.s3.endpoint
#endpoint: ""
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call to
# autodetect it.
# CLI flag: -<prefix>.s3.region
#region: ""
# S3 bucket name
# CLI flag: -<prefix>.s3.bucket-name
#bucket_name: ""
# S3 secret access key
# CLI flag: -<prefix>.s3.secret-access-key
#secret_access_key: ""
# S3 access key ID
# CLI flag: -<prefix>.s3.access-key-id
#access_key_id: ""
# (advanced) If enabled, use http:// for the S3 endpoint instead of https://.
# This could be useful in local dev/test environments while using an
# S3-compatible backend storage, like Minio.
# CLI flag: -<prefix>.s3.insecure
#insecure: false
# (advanced) The signature version to use for authenticating against S3.
# Supported values are: v4, v2.
# CLI flag: -<prefix>.s3.signature-version
#signature_version: "v4"
# (advanced) Use a specific version of the S3 list object API. Supported values
# are v1 or v2. Default is unset.
# CLI flag: -<prefix>.s3.list-objects-version
#list_objects_version: ""
# (experimental) The S3 storage class to use, not set by default. Details can be
# found at https://aws.amazon.com/s3/storage-classes/. Supported values are:
# STANDARD, REDUCED_REDUNDANCY, GLACIER, STANDARD_IA, ONEZONE_IA,
# INTELLIGENT_TIERING, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
# CLI flag: -<prefix>.s3.storage-class
#storage_class: ""
# (experimental) If enabled, it will use the default authentication methods of
# the AWS SDK for go based on known environment variables and known AWS config
# files.
# CLI flag: -<prefix>.s3.native-aws-auth-enabled
#native_aws_auth_enabled: false
# (experimental) The minimum file size in bytes used for multipart uploads. If
# 0, the value is optimally computed for each object.
# CLI flag: -<prefix>.s3.part-size
#part_size: 0
# (experimental) If enabled, a Content-MD5 header is sent with S3 Put Object
# requests. Consumes more resources to compute the MD5, but may improve
# compatibility with object storage services that do not support checksums.
# CLI flag: -<prefix>.s3.send-content-md5
#send_content_md5: false
# Accessing S3 resources using temporary, secure credentials provided by AWS
# Security Token Service.
# CLI flag: -<prefix>.s3.sts-endpoint
#sts_endpoint: ""
sse:
# Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
# CLI flag: -<prefix>.s3.sse.type
#type: ""
# KMS Key ID used to encrypt objects in S3
# CLI flag: -<prefix>.s3.sse.kms-key-id
#kms_key_id: ""
# KMS Encryption Context used for object encryption. It expects JSON formatted
# string.
# CLI flag: -<prefix>.s3.sse.kms-encryption-context
#kms_encryption_context: ""
http:
# (advanced) The time an idle connection will remain idle before closing.
# CLI flag: -<prefix>.s3.http.idle-conn-timeout
#idle_conn_timeout: 1m30s
# (advanced) The amount of time the client will wait for a servers response
# headers.
# CLI flag: -<prefix>.s3.http.response-header-timeout
#response_header_timeout: 2m
# (advanced) If the client connects to S3 via HTTPS and this option is
# enabled, the client will accept any certificate and hostname.
# CLI flag: -<prefix>.s3.http.insecure-skip-verify
#insecure_skip_verify: false
# (advanced) Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -<prefix>.s3.tls-handshake-timeout
#tls_handshake_timeout: 10s
# (advanced) The time to wait for a server's first response headers after
# fully writing the request headers if the request has an Expect header. 0 to
# send the request body immediately.
# CLI flag: -<prefix>.s3.expect-continue-timeout
#expect_continue_timeout: 1s
# (advanced) Maximum number of idle (keep-alive) connections across all hosts.
# 0 means no limit.
# CLI flag: -<prefix>.s3.max-idle-connections
#max_idle_connections: 100
# (advanced) Maximum number of idle (keep-alive) connections to keep per-host.
# If 0, a built-in default value is used.
# CLI flag: -<prefix>.s3.max-idle-connections-per-host
#max_idle_connections_per_host: 100
# (advanced) Maximum number of connections per host. 0 means no limit.
# CLI flag: -<prefix>.s3.max-connections-per-host
#max_connections_per_host: 0
# The gcs_backend block configures the connection to Google Cloud Storage object
# storage backend.
# The CLI flags prefix for this block configuration is: alertmanager-storage
#gcs: <gcs_storage_backend>
# The azure_storage_backend block configures the connection to Azure object
# storage backend.
# The CLI flags prefix for this block configuration is: alertmanager-storage
#azure: <azure_storage_backend>
# The swift_storage_backend block configures the connection to OpenStack Object
# Storage (Swift) object storage backend.
# The CLI flags prefix for this block configuration is: alertmanager-storage
#swift: <swift_storage_backend>
# The filesystem_storage_backend block configures the usage of local file system
# as object storage backend.
# The CLI flags prefix for this block configuration is: alertmanager-storage
filesystem: # Optional
# Local filesystem storage directory.
# CLI flag: -<prefix>.filesystem.dir
#dir: ""
# Prefix for all objects stored in the backend storage. For simplicity, it may
# only contain digits and English alphabet letters.
# CLI flag: -alertmanager-storage.storage-prefix
#storage_prefix: ""
local:
# Path at which alertmanager configurations are stored.
# CLI flag: -alertmanager-storage.local.path
#path: ""
runtime_config:
# (advanced) How often to check runtime config files.
# CLI flag: -runtime-config.reload-period
#period: 10s
# Comma separated list of yaml files with the configuration that can be
# updated at runtime. Runtime config files will be merged from left to right.
# CLI flag: -runtime-config.file
#file: ""
# The memberlist block configures the Gossip memberlist.
memberlist: # Optional
# (advanced) Name of the node in memberlist cluster. Defaults to hostname.
# CLI flag: -memberlist.nodename
#node_name: ""
# (advanced) Add random suffix to the node name.
# CLI flag: -memberlist.randomize-node-name
#randomize_node_name: true
# (advanced) The timeout for establishing a connection with a remote node, and
# for read/write operations.
# CLI flag: -memberlist.stream-timeout
#stream_timeout: 2s
# (advanced) Multiplication factor used when sending out messages (factor *
# log(N+1)).
# CLI flag: -memberlist.retransmit-factor
#retransmit_factor: 4
# (advanced) How often to use pull/push sync.
# CLI flag: -memberlist.pullpush-interval
#pull_push_interval: 30s
# (advanced) How often to gossip.
# CLI flag: -memberlist.gossip-interval
#gossip_interval: 200ms
# (advanced) How many nodes to gossip to.
# CLI flag: -memberlist.gossip-nodes
#gossip_nodes: 3
# (advanced) How long to keep gossiping to dead nodes, to give them chance to
# refute their death.
# CLI flag: -memberlist.gossip-to-dead-nodes-time
#gossip_to_dead_nodes_time: 30s
# (advanced) How soon can dead node's name be reclaimed with new address. 0 to
# disable.
# CLI flag: -memberlist.dead-node-reclaim-time
#dead_node_reclaim_time: 0s
# (advanced) Enable message compression. This can be used to reduce bandwidth
# usage at the cost of slightly more CPU utilization.
# CLI flag: -memberlist.compression-enabled
#compression_enabled: true
# Gossip address to advertise to other members in the cluster. Used for NAT
# traversal.
# CLI flag: -memberlist.advertise-addr
#advertise_addr: ""
# Gossip port to advertise to other members in the cluster. Used for NAT
# traversal.
# CLI flag: -memberlist.advertise-port
#advertise_port: 7946
# (advanced) The cluster label is an optional string to include in outbound
# packets and gossip streams. Other members in the memberlist cluster will
# discard any message whose label doesn't match the configured one, unless the
# 'cluster-label-verification-disabled' configuration option is set to true.
# CLI flag: -memberlist.cluster-label
#cluster_label: ""
# (advanced) When true, memberlist doesn't verify that inbound packets and
# gossip streams have the cluster label matching the configured one. This
# verification should be disabled while rolling out the change to the configured
# cluster label in a live memberlist cluster.
# CLI flag: -memberlist.cluster-label-verification-disabled
#cluster_label_verification_disabled: false
# Other cluster members to join. Can be specified multiple times. It can be an
# IP, hostname or an entry specified in the DNS Service Discovery format.
# CLI flag: -memberlist.join
#join_members: []
# (advanced) Min backoff duration to join other cluster members.
# CLI flag: -memberlist.min-join-backoff
#min_join_backoff: 1s
# (advanced) Max backoff duration to join other cluster members.
# CLI flag: -memberlist.max-join-backoff
#max_join_backoff: 1m
# (advanced) Max number of retries to join other cluster members.
# CLI flag: -memberlist.max-join-retries
#max_join_retries: 10
# If this node fails to join memberlist cluster, abort.
# CLI flag: -memberlist.abort-if-join-fails
#abort_if_cluster_join_fails: false
# (advanced) If not 0, how often to rejoin the cluster. Occasional rejoin can
# help to fix the cluster split issue, and is harmless otherwise. For example
# when using only few components as a seed nodes (via -memberlist.join), then
# it's recommended to use rejoin. If -memberlist.join points to dynamic service
# that resolves to all gossiping nodes (eg. Kubernetes headless service), then
# rejoin is not needed.
# CLI flag: -memberlist.rejoin-interval
#rejoin_interval: 0s
# (advanced) How long to keep LEFT ingesters in the ring.
# CLI flag: -memberlist.left-ingesters-timeout
#left_ingesters_timeout: 5m
# (advanced) Timeout for leaving memberlist cluster.
# CLI flag: -memberlist.leave-timeout
#leave_timeout: 20s
# (advanced) How much space to use for keeping received and sent messages in
# memory for troubleshooting (two buffers). 0 to disable.
# CLI flag: -memberlist.message-history-buffer-bytes
#message_history_buffer_bytes: 0
# IP address to listen on for gossip messages. Multiple addresses may be
# specified. Defaults to 0.0.0.0
# CLI flag: -memberlist.bind-addr
#bind_addr: []
# Port to listen on for gossip messages.
# CLI flag: -memberlist.bind-port
#bind_port: 7946
# (advanced) Timeout used when connecting to other nodes to send packet.
# CLI flag: -memberlist.packet-dial-timeout
#packet_dial_timeout: 2s
# (advanced) Timeout for writing 'packet' data.
# CLI flag: -memberlist.packet-write-timeout
#packet_write_timeout: 5s
# (advanced) Enable TLS on the memberlist transport layer.
# CLI flag: -memberlist.tls-enabled
#tls_enabled: false
# (advanced) Path to the client certificate, which will be used for
# authenticating with the server. Also requires the key path to be configured.
# CLI flag: -memberlist.tls-cert-path
#tls_cert_path: ""
# (advanced) Path to the key for the client certificate. Also requires the
# client certificate to be configured.
# CLI flag: -memberlist.tls-key-path
#tls_key_path: ""
# (advanced) Path to the CA certificates to validate server certificate against.
# If not set, the host's root CA certificates are used.
# CLI flag: -memberlist.tls-ca-path
#tls_ca_path: ""
# (advanced) Override the expected name on the server certificate.
# CLI flag: -memberlist.tls-server-name
#tls_server_name: ""
# (advanced) Skip validating server certificate.
# CLI flag: -memberlist.tls-insecure-skip-verify
#tls_insecure_skip_verify: false
# (advanced) Override the default cipher suite list (separated by commas).
# Allowed values:
#
# Secure Ciphers:
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -memberlist.tls-cipher-suites
#tls_cipher_suites: ""
# (advanced) Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -memberlist.tls-min-version
#tls_min_version: ""
# The query_scheduler block configures the query-scheduler.
query_scheduler: # Optional
# Maximum number of outstanding requests per tenant per query-scheduler.
# In-flight requests above this limit will fail with HTTP response status code
# 429.
# CLI flag: -query-scheduler.max-outstanding-requests-per-tenant
#max_outstanding_requests_per_tenant: 100
# (experimental) Enqueue query requests with additional queue dimensions to
# split tenant request queues into subqueues. This enables separate requests to
# proceed from a tenant's subqueues even when other subqueues are blocked on
# slow query requests. Must be set on both query-frontend and scheduler to take
# effect. (default false)
# CLI flag: -query-scheduler.additional-query-queue-dimensions-enabled
#additional_query_queue_dimensions_enabled: false
# (experimental) If a querier disconnects without sending notification about
# graceful shutdown, the query-scheduler will keep the querier in the tenant's
# shard until the forget delay has passed. This feature is useful to reduce the
# blast radius when shuffle-sharding is enabled.
# CLI flag: -query-scheduler.querier-forget-delay
#querier_forget_delay: 0s
# This configures the gRPC client used to report errors back to the
# query-frontend.
# The CLI flags prefix for this block configuration is:
# query-scheduler.grpc-client-config
#grpc_client_config: <grpc_client>
# (experimental) Service discovery mode that query-frontends and queriers use to
# find query-scheduler instances. When query-scheduler ring-based service
# discovery is enabled, this option needs be set on query-schedulers,
# query-frontends and queriers. Supported values are: dns, ring.
# CLI flag: -query-scheduler.service-discovery-mode
#service_discovery_mode: "dns"
# The hash ring configuration. The query-schedulers hash ring is used for
# service discovery.
ring:
# The key-value store used to share the hash ring across multiple instances.
# When query-scheduler ring-based service discovery is enabled, this option
# needs be set on query-schedulers, query-frontends and queriers.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -query-scheduler.ring.store
#store: "memberlist"
# (advanced) The prefix for the keys in the store. Should end with a /.
# CLI flag: -query-scheduler.ring.prefix
#prefix: "collectors/"
# The consul block configures the consul client.
# The CLI flags prefix for this block configuration is: query-scheduler.ring
#consul: <consul>
# The etcd block configures the etcd client.
# The CLI flags prefix for this block configuration is: query-scheduler.ring
#etcd: <etcd>
multi:
# (advanced) Primary backend storage used by multi-client.
# CLI flag: -query-scheduler.ring.multi.primary
#primary: ""
# (advanced) Secondary backend storage used by multi-client.
# CLI flag: -query-scheduler.ring.multi.secondary
#secondary: ""
# (advanced) Mirror writes to secondary store.
# CLI flag: -query-scheduler.ring.multi.mirror-enabled
#mirror_enabled: false
# (advanced) Timeout for storing value to secondary store.
# CLI flag: -query-scheduler.ring.multi.mirror-timeout
#mirror_timeout: 2s
# (advanced) Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -query-scheduler.ring.heartbeat-period
#heartbeat_period: 15s
# (advanced) The heartbeat timeout after which query-schedulers are considered
# unhealthy within the ring. When query-scheduler ring-based service discovery
# is enabled, this option needs be set on query-schedulers, query-frontends
# and queriers.
# CLI flag: -query-scheduler.ring.heartbeat-timeout
#heartbeat_timeout: 1m
# (advanced) Instance ID to register in the ring.
# CLI flag: -query-scheduler.ring.instance-id
#instance_id: "<hostname>"
# List of network interface names to look up when finding the instance IP
# address.
# CLI flag: -query-scheduler.ring.instance-interface-names
#instance_interface_names: [<private network interfaces>]
# (advanced) Port to advertise in the ring (defaults to
# -server.grpc-listen-port).
# CLI flag: -query-scheduler.ring.instance-port
#instance_port: 0
# (advanced) IP address to advertise in the ring. Default is auto-detected.
# CLI flag: -query-scheduler.ring.instance-addr
#instance_addr: ""
# (advanced) Enable using a IPv6 instance address. (default false)
# CLI flag: -query-scheduler.ring.instance-enable-ipv6
#instance_enable_ipv6: false
# The maximum number of query-scheduler instances to use, regardless how many
# replicas are running. This option can be set only when
# -query-scheduler.service-discovery-mode is set to 'ring'. 0 to use all
# available query-scheduler instances.
# CLI flag: -query-scheduler.max-used-instances
#max_used_instances: 0
usage_stats:
# Enable anonymous usage reporting.
# CLI flag: -usage-stats.enabled
#enabled: true
# Installation mode. Supported values: custom, helm, jsonnet.
# CLI flag: -usage-stats.installation-mode
#installation_mode: "custom"
overrides_exporter:
ring:
# Enable the ring used by override-exporters to deduplicate exported limit
# metrics.
# CLI flag: -overrides-exporter.ring.enabled
#enabled: false
# The key-value store used to share the hash ring across multiple instances.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -overrides-exporter.ring.store
#store: "memberlist"
# (advanced) The prefix for the keys in the store. Should end with a /.
# CLI flag: -overrides-exporter.ring.prefix
#prefix: "collectors/"
# The consul block configures the consul client.
# The CLI flags prefix for this block configuration is:
# overrides-exporter.ring
#consul: <consul>
# The etcd block configures the etcd client.
# The CLI flags prefix for this block configuration is:
# overrides-exporter.ring
#etcd: <etcd>
multi:
# (advanced) Primary backend storage used by multi-client.
# CLI flag: -overrides-exporter.ring.multi.primary
#primary: ""
# (advanced) Secondary backend storage used by multi-client.
# CLI flag: -overrides-exporter.ring.multi.secondary
#secondary: ""
# (advanced) Mirror writes to secondary store.
# CLI flag: -overrides-exporter.ring.multi.mirror-enabled
#mirror_enabled: false
# (advanced) Timeout for storing value to secondary store.
# CLI flag: -overrides-exporter.ring.multi.mirror-timeout
#mirror_timeout: 2s
# (advanced) Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -overrides-exporter.ring.heartbeat-period
#heartbeat_period: 15s
# (advanced) The heartbeat timeout after which overrides-exporters are
# considered unhealthy within the ring. 0 = never (timeout disabled).
# CLI flag: -overrides-exporter.ring.heartbeat-timeout
#heartbeat_timeout: 1m
# (advanced) Instance ID to register in the ring.
# CLI flag: -overrides-exporter.ring.instance-id
#instance_id: "<hostname>"
# List of network interface names to look up when finding the instance IP
# address.
# CLI flag: -overrides-exporter.ring.instance-interface-names
#instance_interface_names: [<private network interfaces>]
# (advanced) Port to advertise in the ring (defaults to
# -server.grpc-listen-port).
# CLI flag: -overrides-exporter.ring.instance-port
#instance_port: 0
# (advanced) IP address to advertise in the ring. Default is auto-detected.
# CLI flag: -overrides-exporter.ring.instance-addr
#instance_addr: ""
# (advanced) Enable using a IPv6 instance address. (default false)
# CLI flag: -overrides-exporter.ring.instance-enable-ipv6
#instance_enable_ipv6: false
# (advanced) Minimum time to wait for ring stability at startup, if set to
# positive value. Set to 0 to disable.
# CLI flag: -overrides-exporter.ring.wait-stability-min-duration
#wait_stability_min_duration: 0s
# (advanced) Maximum time to wait for ring stability at startup. If the
# overrides-exporter ring keeps changing after this period of time, it will
# start anyway.
# CLI flag: -overrides-exporter.ring.wait-stability-max-duration
#wait_stability_max_duration: 5m
# Comma-separated list of metrics to include in the exporter. Allowed metric
# names: ingestion_rate, ingestion_burst_size, max_global_series_per_user,
# max_global_series_per_metric, max_global_exemplars_per_user,
# max_fetched_chunks_per_query, max_fetched_series_per_query,
# max_fetched_chunk_bytes_per_query, ruler_max_rules_per_rule_group,
# ruler_max_rule_groups_per_tenant, max_global_metadata_per_user,
# max_global_metadata_per_metric, request_rate, request_burst_size,
# alertmanager_notification_rate_limit,
# alertmanager_max_dispatcher_aggregation_groups,
# alertmanager_max_alerts_count, alertmanager_max_alerts_size_bytes.
# CLI flag: -overrides-exporter.enabled-metrics
#enabled_metrics: "ingestion_rate,ingestion_burst_size,max_global_series_per_user,max_global_series_per_metric,max_global_exemplars_per_user,max_fetched_chunks_per_query,max_fetched_series_per_query,max_fetched_chunk_bytes_per_query,ruler_max_rules_per_rule_group,ruler_max_rule_groups_per_tenant"
# The common block holds configurations that configure multiple components at a
# time.
common: # Optional
storage:
# Backend storage to use. Supported backends are: s3, gcs, azure, swift,
# filesystem.
# CLI flag: -common.storage.backend
#backend: "filesystem"
# The s3_backend block configures the connection to Amazon S3 object storage
# backend.
# The CLI flags prefix for this block configuration is: common.storage
s3: # Optional
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -<prefix>.s3.endpoint
#endpoint: ""
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call to
# autodetect it.
# CLI flag: -<prefix>.s3.region
#region: ""
# S3 bucket name
# CLI flag: -<prefix>.s3.bucket-name
#bucket_name: ""
# S3 secret access key
# CLI flag: -<prefix>.s3.secret-access-key
#secret_access_key: ""
# S3 access key ID
# CLI flag: -<prefix>.s3.access-key-id
#access_key_id: ""
# (advanced) If enabled, use http:// for the S3 endpoint instead of https://.
# This could be useful in local dev/test environments while using an
# S3-compatible backend storage, like Minio.
# CLI flag: -<prefix>.s3.insecure
#insecure: false
# (advanced) The signature version to use for authenticating against S3.
# Supported values are: v4, v2.
# CLI flag: -<prefix>.s3.signature-version
#signature_version: "v4"
# (advanced) Use a specific version of the S3 list object API. Supported values
# are v1 or v2. Default is unset.
# CLI flag: -<prefix>.s3.list-objects-version
#list_objects_version: ""
# (experimental) The S3 storage class to use, not set by default. Details can be
# found at https://aws.amazon.com/s3/storage-classes/. Supported values are:
# STANDARD, REDUCED_REDUNDANCY, GLACIER, STANDARD_IA, ONEZONE_IA,
# INTELLIGENT_TIERING, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
# CLI flag: -<prefix>.s3.storage-class
#storage_class: ""
# (experimental) If enabled, it will use the default authentication methods of
# the AWS SDK for go based on known environment variables and known AWS config
# files.
# CLI flag: -<prefix>.s3.native-aws-auth-enabled
#native_aws_auth_enabled: false
# (experimental) The minimum file size in bytes used for multipart uploads. If
# 0, the value is optimally computed for each object.
# CLI flag: -<prefix>.s3.part-size
#part_size: 0
# (experimental) If enabled, a Content-MD5 header is sent with S3 Put Object
# requests. Consumes more resources to compute the MD5, but may improve
# compatibility with object storage services that do not support checksums.
# CLI flag: -<prefix>.s3.send-content-md5
#send_content_md5: false
# Accessing S3 resources using temporary, secure credentials provided by AWS
# Security Token Service.
# CLI flag: -<prefix>.s3.sts-endpoint
#sts_endpoint: ""
sse:
# Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
# CLI flag: -<prefix>.s3.sse.type
#type: ""
# KMS Key ID used to encrypt objects in S3
# CLI flag: -<prefix>.s3.sse.kms-key-id
#kms_key_id: ""
# KMS Encryption Context used for object encryption. It expects JSON formatted
# string.
# CLI flag: -<prefix>.s3.sse.kms-encryption-context
#kms_encryption_context: ""
http:
# (advanced) The time an idle connection will remain idle before closing.
# CLI flag: -<prefix>.s3.http.idle-conn-timeout
#idle_conn_timeout: 1m30s
# (advanced) The amount of time the client will wait for a servers response
# headers.
# CLI flag: -<prefix>.s3.http.response-header-timeout
#response_header_timeout: 2m
# (advanced) If the client connects to S3 via HTTPS and this option is
# enabled, the client will accept any certificate and hostname.
# CLI flag: -<prefix>.s3.http.insecure-skip-verify
#insecure_skip_verify: false
# (advanced) Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -<prefix>.s3.tls-handshake-timeout
#tls_handshake_timeout: 10s
# (advanced) The time to wait for a server's first response headers after
# fully writing the request headers if the request has an Expect header. 0 to
# send the request body immediately.
# CLI flag: -<prefix>.s3.expect-continue-timeout
#expect_continue_timeout: 1s
# (advanced) Maximum number of idle (keep-alive) connections across all hosts.
# 0 means no limit.
# CLI flag: -<prefix>.s3.max-idle-connections
#max_idle_connections: 100
# (advanced) Maximum number of idle (keep-alive) connections to keep per-host.
# If 0, a built-in default value is used.
# CLI flag: -<prefix>.s3.max-idle-connections-per-host
#max_idle_connections_per_host: 100
# (advanced) Maximum number of connections per host. 0 means no limit.
# CLI flag: -<prefix>.s3.max-connections-per-host
#max_connections_per_host: 0
# The gcs_backend block configures the connection to Google Cloud Storage
# object storage backend.
# The CLI flags prefix for this block configuration is: common.storage
#gcs: <gcs_storage_backend>
# The azure_storage_backend block configures the connection to Azure object
# storage backend.
# The CLI flags prefix for this block configuration is: common.storage
#azure: <azure_storage_backend>
# The swift_storage_backend block configures the connection to OpenStack
# Object Storage (Swift) object storage backend.
# The CLI flags prefix for this block configuration is: common.storage
#swift: <swift_storage_backend>
# The filesystem_storage_backend block configures the usage of local file
# system as object storage backend.
# The CLI flags prefix for this block configuration is: common.storage
filesystem: # Optional
# Local filesystem storage directory.
# CLI flag: -<prefix>.filesystem.dir
#dir: ""
# (experimental) Enables optimized marshaling of timeseries.
# CLI flag: -timeseries-unmarshal-caching-optimization-enabled
#timeseries_unmarshal_caching_optimization_enabled: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment