菜单
开源
Pyroscope 配置参数
您可以使用 YAML 文件或代表配置参数的命令行标志来配置 Pyroscope。要指定 YAML 文件,请使用 -config.file 命令行选项。如果您同时指定命令行标志和 YAML 配置参数,命令行标志将优先于 YAML 文件中的值。
要查看任何组件的当前配置,请访问 /config HTTP API 端点。此端点已过滤掉密码。
参数采用 YAML 格式编写,方括号表示参数是可选的。
通用占位符
<boolean>: 一个布尔值,可以是true或false<int>: 与正则表达式[1-9]+[0-9]*匹配的任何整数<duration>: 与正则表达式[0-9]+(ns|us|µs|ms|s|m|h|d|w|y)匹配的持续时间,其中 y = 365 天<string>: 一个字符串<url>: 一个 URL<filepath>: 一个包含磁盘上文件的绝对或相对路径和文件名的字符串<prefix>: 基于上下文的 CLI 标志前缀(查看父配置块以确定应使用哪个 CLI 标志前缀)<relabel_config>: 一个 Prometheus relabeling 配置<time>: 一个时间戳,可用格式包括2006-01-20(午夜,本地时区)2006-01-20T15:04(本地时区)- RFC 3339 格式:
2006-01-20T15:04:05Z(UTC) 或2006-01-20T15:04:05+07:00(指定时区)
在配置中使用环境变量
您可以在 YAML 配置文件中使用环境变量引用来设置在部署期间需要配置的值。为此,请在命令行上传递 -config.expand-env=true 并使用 ${VAR},其中 VAR 是环境变量的名称。
每个变量引用在启动时都会被环境变量的值替换。替换是区分大小写的,并在解析 YAML 文件之前发生。未定义变量的引用将被空字符串替换,除非您指定了默认值或自定义错误文本。
要指定默认值,请使用 ${VAR:-default_value},其中 default_value 是当环境变量未定义时使用的值。
配置参数
# Comma-separated list of Pyroscope modules to load. The alias 'all' can be used
# in the list to load a number of core modules and will enable single-binary
# mode.
# CLI flag: -target
[target: <string> | default = "all"]
api:
# base URL for when the server is behind a reverse proxy with a different path
# CLI flag: -api.base-url
[base-url: <string> | default = ""]
# The server block configures the HTTP and gRPC server of the launched
# service(s).
[server: <server>]
# The distributor block configures the distributor.
[distributor: <distributor>]
# The querier block configures the querier.
[querier: <querier>]
# The query_frontend block configures the query-frontend.
[frontend: <query_frontend>]
# The frontend_worker block configures the frontend-worker.
[frontend_worker: <frontend_worker>]
# The limits block configures default and per-tenant limits imposed by
# components.
[limits: <limits>]
# The query_scheduler block configures the query-scheduler.
[query_scheduler: <query_scheduler>]
# The ingester block configures the ingester.
[ingester: <ingester>]
# The store_gateway block configures the store-gateway.
[store_gateway: <store_gateway>]
# The memberlist block configures the Gossip memberlist.
[memberlist: <memberlist>]
pyroscopedb:
# Directory used for local storage.
# CLI flag: -pyroscopedb.data-path
[data_path: <string> | default = "./data"]
# Upper limit to the duration of a Pyroscope block.
# CLI flag: -pyroscopedb.max-block-duration
[max_block_duration: <duration> | default = 1h]
# How big should a single row group be uncompressed
# CLI flag: -pyroscopedb.row-group-target-size
[row_group_target_size: <int> | default = 1342177280]
# Specifies the dimension by which symbols are partitioned. By default, the
# partitioning is determined automatically.
# CLI flag: -pyroscopedb.symbols-partition-label
[symbols_partition_label: <string> | default = ""]
# How much available disk space to keep in GiB
# CLI flag: -pyroscopedb.retention-policy-min-free-disk-gb
[min_free_disk_gb: <int> | default = 10]
# Which percentage of free disk space to keep
# CLI flag: -pyroscopedb.retention-policy-min-disk-available-percentage
[min_disk_available_percentage: <float> | default = 0.05]
# How often to enforce disk retention
# CLI flag: -pyroscopedb.retention-policy-enforcement-interval
[enforcement_interval: <duration> | default = 5m]
# Disable retention policy enforcement
# CLI flag: -pyroscopedb.retention-policy-disable
[disable_enforcement: <boolean> | default = false]
tracing:
# Set to false to disable tracing.
# CLI flag: -tracing.enabled
[enabled: <boolean> | default = true]
runtime_config:
# How often to check runtime config files.
# CLI flag: -runtime-config.reload-period
[period: <duration> | default = 10s]
# Comma separated list of yaml files with the configuration that can be
# updated at runtime. Runtime config files will be merged from left to right.
# CLI flag: -runtime-config.file
[file: <string> | default = ""]
# The compactor block configures the compactor.
[compactor: <compactor>]
tenant_settings:
collection_rules:
# Enable the storing of collection config in tenant settings.
# CLI flag: -tenant-settings.collection-rules.enabled
[enabled: <boolean> | default = false]
# The public facing URL of the Pyroscope instance.
# CLI flag: -tenant-settings.collection-rules.pyroscope-url
[pyroscope_url: <string> | default = ""]
# Override the default alloy go template.
# CLI flag: -tenant-settings.collection-rules.alloy-template-path
[alloy_template_path: <string> | default = ""]
recording_rules:
# Enable the storing of recording rules in tenant settings.
# CLI flag: -tenant-settings.recording-rules.enabled
[enabled: <boolean> | default = false]
storage:
# Backend storage to use. Supported backends are: s3, gcs, azure, swift,
# filesystem, cos.
# CLI flag: -storage.backend
[backend: <string> | default = ""]
# The s3_backend block configures the connection to Amazon S3 object storage
# backend.
[s3: <s3_storage_backend>]
# The gcs_backend block configures the connection to Google Cloud Storage
# object storage backend.
[gcs: <gcs_storage_backend>]
# The azure_storage_backend block configures the connection to Azure object
# storage backend.
[azure: <azure_storage_backend>]
# The swift_storage_backend block configures the connection to OpenStack
# Object Storage (Swift) object storage backend.
[swift: <swift_storage_backend>]
cos:
# COS bucket name
# CLI flag: -storage.cos.bucket
[bucket: <string> | default = ""]
# COS region name
# CLI flag: -storage.cos.region
[region: <string> | default = ""]
# COS app id
# CLI flag: -storage.cos.app-id
[app_id: <string> | default = ""]
# COS storage endpoint
# CLI flag: -storage.cos.endpoint
[endpoint: <string> | default = ""]
# COS secret key
# CLI flag: -storage.cos.secret-key
[secret_key: <string> | default = ""]
# COS secret id
# CLI flag: -storage.cos.secret-id
[secret_id: <string> | default = ""]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -storage.cos.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -storage.cos.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects to COS via HTTPS and this option is enabled, the
# client will accept any certificate and hostname.
# CLI flag: -storage.cos.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -storage.cos.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully
# writing the request headers if the request has an Expect header. 0 to
# send the request body immediately.
# CLI flag: -storage.cos.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0
# means no limit.
# CLI flag: -storage.cos.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0,
# a built-in default value is used.
# CLI flag: -storage.cos.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -storage.cos.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
# The filesystem_storage_backend block configures the usage of local file
# system as object storage backend.
[filesystem: <filesystem_storage_backend>]
# Prefix for all objects stored in the backend storage. For simplicity, it may
# only contain digits and English alphabet letters.
# CLI flag: -storage.storage-prefix
[storage_prefix: <string> | default = ""]
self_profiling:
# When running in single binary (--target=all) Pyroscope will push (Go SDK)
# profiles to itself. Set to true to disable self-profiling.
# CLI flag: -self-profiling.disable-push
[disable_push: <boolean> | default = false]
# CLI flag: -self-profiling.mutex-profile-fraction
[mutex_profile_fraction: <int> | default = 5]
# CLI flag: -self-profiling.block-profile-rate
[block_profile_rate: <int> | default = 5]
# Read k6 labels from request headers and set them as dynamic profile tags.
# CLI flag: -self-profiling.use-k6-middleware
[use_k6_middleware: <boolean> | default = false]
# When set to true, incoming HTTP requests must specify tenant ID in HTTP
# X-Scope-OrgId header. When set to false, tenant ID anonymous is used instead.
# CLI flag: -auth.multitenancy-enabled
[multitenancy_enabled: <boolean> | default = false]
# The analytics block configures usage statistics collection. For more details
# about usage statistics, refer to [Anonymous usage statistics
# reporting](../anonymous-usage-statistics-reporting)
[analytics: <analytics>]
# Prints the application banner at startup.
# CLI flag: -config.show_banner
[show_banner: <boolean> | default = true]
# Wait time before shutting down after a termination signal.
# CLI flag: -shutdown-delay
[shutdown_delay: <duration> | default = 0s]
embedded_grafana:
# The directory where the Grafana data will be stored.
# CLI flag: -embedded-grafana.data-path
[data_path: <string> | default = "./data/__embedded_grafana/"]
# The port on which the Grafana will listen.
# CLI flag: -embedded-grafana.listen-port
[listen_port: <int> | default = 4041]
# The URL of the Pyroscope instance to use for the Grafana datasources.
# CLI flag: -embedded-grafana.pyroscope-url
[pyroscope_url: <string> | default = "https://:4040"]server
server 块配置启动的服务所使用的 HTTP 和 gRPC 服务器。
# HTTP server listen network, default tcp
# CLI flag: -server.http-listen-network
[http_listen_network: <string> | default = "tcp"]
# HTTP server listen address.
# CLI flag: -server.http-listen-address
[http_listen_address: <string> | default = ""]
# HTTP server listen port.
# CLI flag: -server.http-listen-port
[http_listen_port: <int> | default = 4040]
# Maximum number of simultaneous http connections, <=0 to disable
# CLI flag: -server.http-conn-limit
[http_listen_conn_limit: <int> | default = 0]
# gRPC server listen network
# CLI flag: -server.grpc-listen-network
[grpc_listen_network: <string> | default = "tcp"]
# gRPC server listen address.
# CLI flag: -server.grpc-listen-address
[grpc_listen_address: <string> | default = ""]
# gRPC server listen port.
# CLI flag: -server.grpc-listen-port
[grpc_listen_port: <int> | default = 9095]
# Maximum number of simultaneous grpc connections, <=0 to disable
# CLI flag: -server.grpc-conn-limit
[grpc_listen_conn_limit: <int> | default = 0]
# Comma-separated list of cipher suites to use. If blank, the default Go cipher
# suites is used.
# CLI flag: -server.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Minimum TLS version to use. Allowed values: VersionTLS10, VersionTLS11,
# VersionTLS12, VersionTLS13. If blank, the Go TLS minimum version is used.
# CLI flag: -server.tls-min-version
[tls_min_version: <string> | default = ""]
http_tls_config:
# Server TLS certificate. This configuration parameter is YAML only.
[cert: <string> | default = ""]
# Server TLS key. This configuration parameter is YAML only.
[key: <string> | default = ""]
# Root certificate authority used to verify client certificates. This
# configuration parameter is YAML only.
[client_ca: <string> | default = ""]
# HTTP server cert path.
# CLI flag: -server.http-tls-cert-path
[cert_file: <string> | default = ""]
# HTTP server key path.
# CLI flag: -server.http-tls-key-path
[key_file: <string> | default = ""]
# HTTP TLS Client Auth type.
# CLI flag: -server.http-tls-client-auth
[client_auth_type: <string> | default = ""]
# HTTP TLS Client CA path.
# CLI flag: -server.http-tls-ca-path
[client_ca_file: <string> | default = ""]
grpc_tls_config:
# Server TLS certificate. This configuration parameter is YAML only.
[cert: <string> | default = ""]
# Server TLS key. This configuration parameter is YAML only.
[key: <string> | default = ""]
# Root certificate authority used to verify client certificates. This
# configuration parameter is YAML only.
[client_ca: <string> | default = ""]
# GRPC TLS server cert path.
# CLI flag: -server.grpc-tls-cert-path
[cert_file: <string> | default = ""]
# GRPC TLS server key path.
# CLI flag: -server.grpc-tls-key-path
[key_file: <string> | default = ""]
# GRPC TLS Client Auth type.
# CLI flag: -server.grpc-tls-client-auth
[client_auth_type: <string> | default = ""]
# GRPC TLS Client CA path.
# CLI flag: -server.grpc-tls-ca-path
[client_ca_file: <string> | default = ""]
# Register the intrumentation handlers (/metrics etc).
# CLI flag: -server.register-instrumentation
[register_instrumentation: <boolean> | default = true]
# If set to true, gRPC statuses will be reported in instrumentation labels with
# their string representations. Otherwise, they will be reported as "error".
# CLI flag: -server.report-grpc-codes-in-instrumentation-label-enabled
[report_grpc_codes_in_instrumentation_label_enabled: <boolean> | default = false]
# Timeout for graceful shutdowns
# CLI flag: -server.graceful-shutdown-timeout
[graceful_shutdown_timeout: <duration> | default = 30s]
# Read timeout for entire HTTP request, including headers and body.
# CLI flag: -server.http-read-timeout
[http_server_read_timeout: <duration> | default = 30s]
# Read timeout for HTTP request headers. If set to 0, value of
# -server.http-read-timeout is used.
# CLI flag: -server.http-read-header-timeout
[http_server_read_header_timeout: <duration> | default = 0s]
# Write timeout for HTTP server
# CLI flag: -server.http-write-timeout
[http_server_write_timeout: <duration> | default = 30s]
# Idle timeout for HTTP server
# CLI flag: -server.http-idle-timeout
[http_server_idle_timeout: <duration> | default = 2m]
# Log closed connections that did not receive any response, most likely because
# client didn't send any request within timeout.
# CLI flag: -server.http-log-closed-connections-without-response-enabled
[http_log_closed_connections_without_response_enabled: <boolean> | default = false]
# Limit on the size of a gRPC message this server can receive (bytes).
# CLI flag: -server.grpc-max-recv-msg-size-bytes
[grpc_server_max_recv_msg_size: <int> | default = 4194304]
# Limit on the size of a gRPC message this server can send (bytes).
# CLI flag: -server.grpc-max-send-msg-size-bytes
[grpc_server_max_send_msg_size: <int> | default = 4194304]
# Limit on the number of concurrent streams for gRPC calls per client connection
# (0 = unlimited)
# CLI flag: -server.grpc-max-concurrent-streams
[grpc_server_max_concurrent_streams: <int> | default = 100]
# The duration after which an idle connection should be closed. Default:
# infinity
# CLI flag: -server.grpc.keepalive.max-connection-idle
[grpc_server_max_connection_idle: <duration> | default = 2562047h47m16.854775807s]
# The duration for the maximum amount of time a connection may exist before it
# will be closed. Default: infinity
# CLI flag: -server.grpc.keepalive.max-connection-age
[grpc_server_max_connection_age: <duration> | default = 2562047h47m16.854775807s]
# An additive period after max-connection-age after which the connection will be
# forcibly closed. Default: infinity
# CLI flag: -server.grpc.keepalive.max-connection-age-grace
[grpc_server_max_connection_age_grace: <duration> | default = 2562047h47m16.854775807s]
# Duration after which a keepalive probe is sent in case of no activity over the
# connection., Default: 2h
# CLI flag: -server.grpc.keepalive.time
[grpc_server_keepalive_time: <duration> | default = 2h]
# After having pinged for keepalive check, the duration after which an idle
# connection should be closed, Default: 20s
# CLI flag: -server.grpc.keepalive.timeout
[grpc_server_keepalive_timeout: <duration> | default = 20s]
# Minimum amount of time a client should wait before sending a keepalive ping.
# If client sends keepalive ping more often, server will send GOAWAY and close
# the connection.
# CLI flag: -server.grpc.keepalive.min-time-between-pings
[grpc_server_min_time_between_pings: <duration> | default = 5m]
# If true, server allows keepalive pings even when there are no active
# streams(RPCs). If false, and client sends ping when there are no active
# streams, server will send GOAWAY and close the connection.
# CLI flag: -server.grpc.keepalive.ping-without-stream-allowed
[grpc_server_ping_without_stream_allowed: <boolean> | default = false]
# If non-zero, configures the amount of GRPC server workers used to serve the
# requests.
# CLI flag: -server.grpc.num-workers
[grpc_server_num_workers: <int> | default = 0]
# Output log messages in the given format. Valid formats: [logfmt, json]
# CLI flag: -log.format
[log_format: <string> | default = "logfmt"]
# Only log messages with the given severity or above. Valid levels: [debug,
# info, warn, error]
# CLI flag: -log.level
[log_level: <string> | default = "info"]
# Optionally log the source IPs.
# CLI flag: -server.log-source-ips-enabled
[log_source_ips_enabled: <boolean> | default = false]
# Header field storing the source IPs. Only used if
# server.log-source-ips-enabled is true. If not set the default Forwarded,
# X-Real-IP and X-Forwarded-For headers are used
# CLI flag: -server.log-source-ips-header
[log_source_ips_header: <string> | default = ""]
# Regex for matching the source IPs. Only used if server.log-source-ips-enabled
# is true. If not set the default Forwarded, X-Real-IP and X-Forwarded-For
# headers are used
# CLI flag: -server.log-source-ips-regex
[log_source_ips_regex: <string> | default = ""]
# Optionally log request headers.
# CLI flag: -server.log-request-headers
[log_request_headers: <boolean> | default = false]
# Optionally log requests at info level instead of debug level. Applies to
# request headers as well if server.log-request-headers is enabled.
# CLI flag: -server.log-request-at-info-level-enabled
[log_request_at_info_level_enabled: <boolean> | default = false]
# Comma separated list of headers to exclude from loggin. Only used if
# server.log-request-headers is true.
# CLI flag: -server.log-request-headers-exclude-list
[log_request_exclude_headers_list: <string> | default = ""]
# Base path to serve all API routes from (e.g. /v1/)
# CLI flag: -server.path-prefix
[http_path_prefix: <string> | default = ""]distributor
distributor 块配置分发器。
# Timeout when pushing data to ingester.
# CLI flag: -distributor.push.timeout
[pushtimeout: <duration> | default = 5s]
pool_config:
# How frequently to clean up clients for ingesters that have gone away.
# CLI flag: -distributor.client-cleanup-period
[client_cleanup_period: <duration> | default = 15s]
# Run a health check on each ingester client during periodic cleanup.
# CLI flag: -distributor.health-check-ingesters
[health_check_ingesters: <boolean> | default = true]
# Timeout for ingester client healthcheck RPCs.
# CLI flag: -distributor.health-check-timeout
[remote_timeout: <duration> | default = 5s]
ring:
# The key-value store used to share the hash ring across multiple instances.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -distributor.ring.store
[store: <string> | default = "memberlist"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -distributor.ring.prefix
[prefix: <string> | default = "collectors/"]
consul:
# Hostname and port of Consul.
# CLI flag: -distributor.ring.consul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -distributor.ring.consul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul
# CLI flag: -distributor.ring.consul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -distributor.ring.consul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per
# second. 0 disables the rate limit.
# CLI flag: -distributor.ring.consul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -distributor.ring.consul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Maximum duration to wait before retrying a Compare And Swap (CAS)
# operation.
# CLI flag: -distributor.ring.consul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]
etcd:
# The etcd endpoints to connect to.
# CLI flag: -distributor.ring.etcd.endpoints
[endpoints: <list of strings> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -distributor.ring.etcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -distributor.ring.etcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -distributor.ring.etcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -distributor.ring.etcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -distributor.ring.etcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -distributor.ring.etcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -distributor.ring.etcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -distributor.ring.etcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas). Allowed
# values:
#
# Secure Ciphers:
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -distributor.ring.etcd.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -distributor.ring.etcd.tls-min-version
[tls_min_version: <string> | default = ""]
# Etcd username.
# CLI flag: -distributor.ring.etcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -distributor.ring.etcd.password
[password: <string> | default = ""]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -distributor.ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -distributor.ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -distributor.ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -distributor.ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -distributor.ring.heartbeat-period
[heartbeat_period: <duration> | default = 15s]
# The heartbeat timeout after which distributors are considered unhealthy
# within the ring. 0 = never (timeout disabled).
# CLI flag: -distributor.ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# Instance ID to register in the ring.
# CLI flag: -distributor.ring.instance-id
[instance_id: <string> | default = "<hostname>"]
# List of network interface names to look up when finding the instance IP
# address.
# CLI flag: -distributor.ring.instance-interface-names
[instance_interface_names: <list of strings> | default = [<private network interfaces>]]
# Port to advertise in the ring (defaults to -server.http-listen-port).
# CLI flag: -distributor.ring.instance-port
[instance_port: <int> | default = 0]
# IP address to advertise in the ring. Default is auto-detected.
# CLI flag: -distributor.ring.instance-addr
[instance_addr: <string> | default = ""]
# Enable using a IPv6 instance address. (default false)
# CLI flag: -distributor.ring.instance-enable-ipv6
[instance_enable_ipv6: <boolean> | default = false]ingester
ingester 块配置摄取器。
lifecycler:
ring:
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -ring.store
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -ring.prefix
[prefix: <string> | default = "collectors/"]
consul:
# Hostname and port of Consul.
# CLI flag: -consul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -consul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul
# CLI flag: -consul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -consul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per
# second. 0 disables the rate limit.
# CLI flag: -consul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -consul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Maximum duration to wait before retrying a Compare And Swap (CAS)
# operation.
# CLI flag: -consul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]
etcd:
# The etcd endpoints to connect to.
# CLI flag: -etcd.endpoints
[endpoints: <list of strings> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -etcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -etcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -etcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -etcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -etcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -etcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -etcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -etcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas). Allowed
# values:
#
# Secure Ciphers:
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -etcd.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -etcd.tls-min-version
[tls_min_version: <string> | default = ""]
# Etcd username.
# CLI flag: -etcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -etcd.password
[password: <string> | default = ""]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# The heartbeat timeout after which ingesters are skipped for reads/writes.
# 0 = never (timeout disabled).
# CLI flag: -ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# The number of ingesters to write to and read from.
# CLI flag: -distributor.replication-factor
[replication_factor: <int> | default = 1]
# True to enable the zone-awareness and replicate ingested samples across
# different availability zones.
# CLI flag: -distributor.zone-awareness-enabled
[zone_awareness_enabled: <boolean> | default = false]
# Comma-separated list of zones to exclude from the ring. Instances in
# excluded zones will be filtered out from the ring.
# CLI flag: -distributor.excluded-zones
[excluded_zones: <string> | default = ""]
# Number of tokens for each ingester.
# CLI flag: -ingester.num-tokens
[num_tokens: <int> | default = 128]
# Period at which to heartbeat to consul. 0 = disabled.
# CLI flag: -ingester.heartbeat-period
[heartbeat_period: <duration> | default = 5s]
# Heartbeat timeout after which instance is assumed to be unhealthy. 0 =
# disabled.
# CLI flag: -ingester.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# Observe tokens after generating to resolve collisions. Useful when using
# gossiping ring.
# CLI flag: -ingester.observe-period
[observe_period: <duration> | default = 0s]
# Period to wait for a claim from another member; will join automatically
# after this.
# CLI flag: -ingester.join-after
[join_after: <duration> | default = 0s]
# Minimum duration to wait after the internal readiness checks have passed but
# before succeeding the readiness endpoint. This is used to slowdown
# deployment controllers (eg. Kubernetes) after an instance is ready and
# before they proceed with a rolling update, to give the rest of the cluster
# instances enough time to receive ring updates.
# CLI flag: -ingester.min-ready-duration
[min_ready_duration: <duration> | default = 15s]
# Name of network interface to read address from.
# CLI flag: -ingester.lifecycler.interface
[interface_names: <list of strings> | default = [<private network interfaces>]]
# Enable IPv6 support. Required to make use of IP addresses from IPv6
# interfaces.
# CLI flag: -ingester.enable-inet6
[enable_inet6: <boolean> | default = false]
# Duration to sleep for before exiting, to ensure metrics are scraped.
# CLI flag: -ingester.final-sleep
[final_sleep: <duration> | default = 0s]
# File path where tokens are stored. If empty, tokens are not stored at
# shutdown and restored at startup.
# CLI flag: -ingester.tokens-file-path
[tokens_file_path: <string> | default = ""]
# The availability zone where this instance is running.
# CLI flag: -ingester.availability-zone
[availability_zone: <string> | default = ""]
# Unregister from the ring upon clean shutdown. It can be useful to disable
# for rolling restarts with consistent naming in conjunction with
# -distributor.extend-writes=false.
# CLI flag: -ingester.unregister-on-shutdown
[unregister_on_shutdown: <boolean> | default = true]
# When enabled the readiness probe succeeds only after all instances are
# ACTIVE and healthy in the ring, otherwise only the instance itself is
# checked. This option should be disabled if in your cluster multiple
# instances can be rolled out simultaneously, otherwise rolling updates may be
# slowed down.
# CLI flag: -ingester.readiness-check-ring-health
[readiness_check_ring_health: <boolean> | default = true]
# IP address to advertise in the ring.
# CLI flag: -ingester.lifecycler.addr
[address: <string> | default = ""]
# port to advertise in consul (defaults to server.grpc-listen-port).
# CLI flag: -ingester.lifecycler.port
[port: <int> | default = 0]
# ID to register in the ring.
# CLI flag: -ingester.lifecycler.ID
[id: <string> | default = "<hostname>"]querier
querier 块配置查询器。
pool_config:
# How frequently to clean up clients for ingesters that have gone away.
# CLI flag: -querier.client-cleanup-period
[client_cleanup_period: <duration> | default = 15s]
# Run a health check on each ingester client during periodic cleanup.
# CLI flag: -querier.health-check-ingesters
[health_check_ingesters: <boolean> | default = true]
# Timeout for ingester client healthcheck RPCs.
# CLI flag: -querier.health-check-timeout
[remote_timeout: <duration> | default = 5s]
# The time after which a metric should be queried from storage and not just
# ingesters. 0 means all queries are sent to store. If this option is enabled,
# the time range of the query sent to the store-gateway will be manipulated to
# ensure the query end is not more recent than 'now - query-store-after'.
# CLI flag: -querier.query-store-after
[query_store_after: <duration> | default = 4h]query_frontend
query_frontend 块配置查询前端。
# Number of concurrent workers forwarding queries to single query-scheduler.
# CLI flag: -query-frontend.scheduler-worker-concurrency
[scheduler_worker_concurrency: <int> | default = 5]
# Configures the gRPC client used to communicate between the query-frontends and
# the query-schedulers.
# The CLI flags prefix for this block configuration is:
# query-frontend.grpc-client-config
[grpc_client_config: <grpc_client>]
# List of network interface names to look up when finding the instance IP
# address. This address is sent to query-scheduler and querier, which uses it to
# send the query response back to query-frontend.
# CLI flag: -query-frontend.instance-interface-names
[instance_interface_names: <list of strings> | default = [<private network interfaces>]]
# IP address to advertise to the querier (via scheduler) (default is
# auto-detected from network interfaces).
# CLI flag: -query-frontend.instance-addr
[instance_addr: <string> | default = ""]
# Enable using a IPv6 instance address. (default false)
# CLI flag: -query-frontend.instance-enable-ipv6
[instance_enable_ipv6: <boolean> | default = false]
# Port to advertise to query-scheduler and querier (defaults to
# -server.http-listen-port).
# CLI flag: -query-frontend.instance-port
[instance_port: <int> | default = 0]frontend_worker
frontend_worker 块配置前端工作器。
# Querier ID, sent to the query-frontend to identify requests from the same
# querier. Defaults to hostname.
# CLI flag: -querier.id
[id: <string> | default = ""]
# Configures the gRPC client used to communicate between the queriers and the
# query-frontends / query-schedulers.
# The CLI flags prefix for this block configuration is: querier.frontend-client
[grpc_client_config: <grpc_client>]
# The maximum number of concurrent queries allowed.
# CLI flag: -querier.max-concurrent
[max_concurrent: <int> | default = 4]query_scheduler
query_scheduler 块配置查询调度器。
# Maximum number of outstanding requests per tenant per query-scheduler.
# In-flight requests above this limit will fail with HTTP response status code
# 429.
# CLI flag: -query-scheduler.max-outstanding-requests-per-tenant
[max_outstanding_requests_per_tenant: <int> | default = 100]
# If a querier disconnects without sending notification about graceful shutdown,
# the query-scheduler will keep the querier in the tenant's shard until the
# forget delay has passed. This feature is useful to reduce the blast radius
# when shuffle-sharding is enabled.
# CLI flag: -query-scheduler.querier-forget-delay
[querier_forget_delay: <duration> | default = 0s]
# This configures the gRPC client used to report errors back to the
# query-frontend.
# The CLI flags prefix for this block configuration is:
# query-scheduler.grpc-client-config
[grpc_client_config: <grpc_client>]
# The maximum number of query-scheduler instances to use, regardless how many
# replicas are running. This option can be set only when
# -query-scheduler.service-discovery-mode is set to 'ring'. 0 to use all
# available query-scheduler instances.
# CLI flag: -query-scheduler.max-used-instances
[max_used_instances: <int> | default = 0]store_gateway
store_gateway 块配置存储网关。
# The hash ring configuration.
sharding_ring:
# The key-value store used to share the hash ring across multiple instances.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -store-gateway.sharding-ring.store
[store: <string> | default = "memberlist"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -store-gateway.sharding-ring.prefix
[prefix: <string> | default = "collectors/"]
consul:
# Hostname and port of Consul.
# CLI flag: -store-gateway.sharding-ring.consul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -store-gateway.sharding-ring.consul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul
# CLI flag: -store-gateway.sharding-ring.consul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -store-gateway.sharding-ring.consul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per
# second. 0 disables the rate limit.
# CLI flag: -store-gateway.sharding-ring.consul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -store-gateway.sharding-ring.consul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Maximum duration to wait before retrying a Compare And Swap (CAS)
# operation.
# CLI flag: -store-gateway.sharding-ring.consul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]
etcd:
# The etcd endpoints to connect to.
# CLI flag: -store-gateway.sharding-ring.etcd.endpoints
[endpoints: <list of strings> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -store-gateway.sharding-ring.etcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -store-gateway.sharding-ring.etcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -store-gateway.sharding-ring.etcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -store-gateway.sharding-ring.etcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -store-gateway.sharding-ring.etcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -store-gateway.sharding-ring.etcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -store-gateway.sharding-ring.etcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -store-gateway.sharding-ring.etcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas). Allowed
# values:
#
# Secure Ciphers:
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -store-gateway.sharding-ring.etcd.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -store-gateway.sharding-ring.etcd.tls-min-version
[tls_min_version: <string> | default = ""]
# Etcd username.
# CLI flag: -store-gateway.sharding-ring.etcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -store-gateway.sharding-ring.etcd.password
[password: <string> | default = ""]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -store-gateway.sharding-ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -store-gateway.sharding-ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -store-gateway.sharding-ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -store-gateway.sharding-ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -store-gateway.sharding-ring.heartbeat-period
[heartbeat_period: <duration> | default = 15s]
# The heartbeat timeout after which store-gateways are considered unhealthy
# within the ring. 0 = never (timeout disabled).
# CLI flag: -store-gateway.sharding-ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# Instance ID to register in the ring.
# CLI flag: -store-gateway.sharding-ring.instance-id
[instance_id: <string> | default = "<hostname>"]
# List of network interface names to look up when finding the instance IP
# address.
# CLI flag: -store-gateway.sharding-ring.instance-interface-names
[instance_interface_names: <list of strings> | default = [<private network interfaces>]]
# Port to advertise in the ring (defaults to -server.http-listen-port).
# CLI flag: -store-gateway.sharding-ring.instance-port
[instance_port: <int> | default = 0]
# IP address to advertise in the ring. Default is auto-detected.
# CLI flag: -store-gateway.sharding-ring.instance-addr
[instance_addr: <string> | default = ""]
# Enable using a IPv6 instance address. (default false)
# CLI flag: -store-gateway.sharding-ring.instance-enable-ipv6
[instance_enable_ipv6: <boolean> | default = false]
# The replication factor to use when sharding blocks. This option needs be set
# both on the store-gateway and querier when running in microservices mode.
# CLI flag: -store-gateway.sharding-ring.replication-factor
[replication_factor: <int> | default = 1]
# File path where tokens are stored. If empty, tokens are not stored at
# shutdown and restored at startup.
# CLI flag: -store-gateway.sharding-ring.tokens-file-path
[tokens_file_path: <string> | default = ""]
# True to enable zone-awareness and replicate blocks across different
# availability zones. This option needs be set both on the store-gateway and
# querier when running in microservices mode.
# CLI flag: -store-gateway.sharding-ring.zone-awareness-enabled
[zone_awareness_enabled: <boolean> | default = false]
# Minimum time to wait for ring stability at startup, if set to positive
# value.
# CLI flag: -store-gateway.sharding-ring.wait-stability-min-duration
[wait_stability_min_duration: <duration> | default = 0s]
# Maximum time to wait for ring stability at startup. If the store-gateway
# ring keeps changing after this period of time, the store-gateway will start
# anyway.
# CLI flag: -store-gateway.sharding-ring.wait-stability-max-duration
[wait_stability_max_duration: <duration> | default = 5m]
# The availability zone where this instance is running. Required if
# zone-awareness is enabled.
# CLI flag: -store-gateway.sharding-ring.instance-availability-zone
[instance_availability_zone: <string> | default = ""]
# Unregister from the ring upon clean shutdown.
# CLI flag: -store-gateway.sharding-ring.unregister-on-shutdown
[unregister_on_shutdown: <boolean> | default = true]
bucket_store:
# Directory to store synchronized pyroscope block headers. This directory is
# not required to be persisted between restarts, but it's highly recommended
# in order to improve the store-gateway startup time.
# CLI flag: -blocks-storage.bucket-store.sync-dir
[sync_dir: <string> | default = "./data/pyroscope-sync/"]
# How frequently to scan the bucket, or to refresh the bucket index (if
# enabled), in order to look for changes (new blocks shipped by ingesters and
# blocks deleted by retention or compaction).
# CLI flag: -blocks-storage.bucket-store.sync-interval
[sync_interval: <duration> | default = 15m]
# Maximum number of concurrent tenants synching blocks.
# CLI flag: -blocks-storage.bucket-store.tenant-sync-concurrency
[tenant_sync_concurrency: <int> | default = 10]
# Blocks with minimum time within this duration are ignored, and not loaded by
# store-gateway. Useful when used together with -querier.query-store-after to
# prevent loading young blocks, because there are usually many of them
# (depending on number of ingesters) and they are not yet compacted. Negative
# values or 0 disable the filter.
# CLI flag: -blocks-storage.bucket-store.ignore-blocks-within
[ignore_blocks_within: <duration> | default = 3h]
# Number of Go routines to use when syncing block meta files from object
# storage per tenant.
# CLI flag: -blocks-storage.bucket-store.meta-sync-concurrency
[meta_sync_concurrency: <int> | default = 20]
# Duration after which the blocks marked for deletion will be filtered out
# while fetching blocks. The idea of ignore-deletion-marks-delay is to ignore
# blocks that are marked for deletion with some delay. This ensures store can
# still serve blocks that are meant to be deleted but do not have a
# replacement yet.
# CLI flag: -blocks-storage.bucket-store.ignore-deletion-marks-delay
[ignore_deletion_mark_delay: <duration> | default = 30m]compactor
compactor 块配置压缩器。
# List of compaction time ranges.
# CLI flag: -compactor.block-ranges
[block_ranges: <list of durations> | default = 1h0m0s,2h0m0s,8h0m0s]
# Number of Go routines to use when downloading blocks for compaction and
# uploading resulting blocks.
# CLI flag: -compactor.block-sync-concurrency
[block_sync_concurrency: <int> | default = 8]
# Number of Go routines to use when syncing block meta files from the long term
# storage.
# CLI flag: -compactor.meta-sync-concurrency
[meta_sync_concurrency: <int> | default = 20]
# Directory to temporarily store blocks during compaction. This directory is not
# required to be persisted between restarts.
# CLI flag: -compactor.data-dir
[data_dir: <string> | default = "./data-compactor"]
# The frequency at which the compaction runs
# CLI flag: -compactor.compaction-interval
[compaction_interval: <duration> | default = 30m]
# How many times to retry a failed compaction within a single compaction run.
# CLI flag: -compactor.compaction-retries
[compaction_retries: <int> | default = 3]
# Max number of concurrent compactions running.
# CLI flag: -compactor.compaction-concurrency
[compaction_concurrency: <int> | default = 1]
# How long the compactor waits before compacting first-level blocks that are
# uploaded by the ingesters. This configuration option allows for the reduction
# of cases where the compactor begins to compact blocks before all ingesters
# have uploaded their blocks to the storage.
# CLI flag: -compactor.first-level-compaction-wait-period
[first_level_compaction_wait_period: <duration> | default = 25m]
# How frequently compactor should run blocks cleanup and maintenance, as well as
# update the bucket index.
# CLI flag: -compactor.cleanup-interval
[cleanup_interval: <duration> | default = 15m]
# Max number of tenants for which blocks cleanup and maintenance should run
# concurrently.
# CLI flag: -compactor.cleanup-concurrency
[cleanup_concurrency: <int> | default = 20]
# Time before a block marked for deletion is deleted from bucket. If not 0,
# blocks will be marked for deletion and compactor component will permanently
# delete blocks marked for deletion from the bucket. If 0, blocks will be
# deleted straight away. Note that deleting blocks immediately can cause query
# failures.
# CLI flag: -compactor.deletion-delay
[deletion_delay: <duration> | default = 12h]
[tenant_cleanup_delay: <duration> | default = ]
# Max time for starting compactions for a single tenant. After this time no new
# compactions for the tenant are started before next compaction cycle. This can
# help in multi-tenant environments to avoid single tenant using all compaction
# time, but also in single-tenant environments to force new discovery of blocks
# more often. 0 = disabled.
# CLI flag: -compactor.max-compaction-time
[max_compaction_time: <duration> | default = 1h]
# If enabled, will delete the bucket-index, markers and debug files in the
# tenant bucket when there are no blocks left in the index.
# CLI flag: -compactor.no-blocks-file-cleanup-enabled
[no_blocks_file_cleanup_enabled: <boolean> | default = false]
# If enabled, the compactor will downsample profiles in blocks at compaction
# level 3 and above. The original profiles are also kept.
# CLI flag: -compactor.downsampler-enabled
[downsampler_enabled: <boolean> | default = false]
# Number of goroutines opening blocks before compaction.
# CLI flag: -compactor.max-opening-blocks-concurrency
[max_opening_blocks_concurrency: <int> | default = 16]
# Comma separated list of tenants that can be compacted. If specified, only
# these tenants will be compacted by compactor, otherwise all tenants can be
# compacted. Subject to sharding.
# CLI flag: -compactor.enabled-tenants
[enabled_tenants: <string> | default = ""]
# Comma separated list of tenants that cannot be compacted by this compactor. If
# specified, and compactor would normally pick given tenant for compaction (via
# -compactor.enabled-tenants or sharding), it will be ignored instead.
# CLI flag: -compactor.disabled-tenants
[disabled_tenants: <string> | default = ""]
sharding_ring:
# The key-value store used to share the hash ring across multiple instances.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -compactor.ring.store
[store: <string> | default = "memberlist"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -compactor.ring.prefix
[prefix: <string> | default = "collectors/"]
consul:
# Hostname and port of Consul.
# CLI flag: -compactor.ring.consul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -compactor.ring.consul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul
# CLI flag: -compactor.ring.consul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -compactor.ring.consul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per
# second. 0 disables the rate limit.
# CLI flag: -compactor.ring.consul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -compactor.ring.consul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Maximum duration to wait before retrying a Compare And Swap (CAS)
# operation.
# CLI flag: -compactor.ring.consul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]
etcd:
# The etcd endpoints to connect to.
# CLI flag: -compactor.ring.etcd.endpoints
[endpoints: <list of strings> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -compactor.ring.etcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -compactor.ring.etcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -compactor.ring.etcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -compactor.ring.etcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -compactor.ring.etcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -compactor.ring.etcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -compactor.ring.etcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -compactor.ring.etcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas). Allowed
# values:
#
# Secure Ciphers:
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -compactor.ring.etcd.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -compactor.ring.etcd.tls-min-version
[tls_min_version: <string> | default = ""]
# Etcd username.
# CLI flag: -compactor.ring.etcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -compactor.ring.etcd.password
[password: <string> | default = ""]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -compactor.ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -compactor.ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -compactor.ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -compactor.ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Period at which to heartbeat to the ring. 0 = disabled.
# CLI flag: -compactor.ring.heartbeat-period
[heartbeat_period: <duration> | default = 15s]
# The heartbeat timeout after which compactors are considered unhealthy within
# the ring. 0 = never (timeout disabled).
# CLI flag: -compactor.ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# Instance ID to register in the ring.
# CLI flag: -compactor.ring.instance-id
[instance_id: <string> | default = "<hostname>"]
# List of network interface names to look up when finding the instance IP
# address.
# CLI flag: -compactor.ring.instance-interface-names
[instance_interface_names: <list of strings> | default = [<private network interfaces>]]
# Port to advertise in the ring (defaults to -server.http-listen-port).
# CLI flag: -compactor.ring.instance-port
[instance_port: <int> | default = 0]
# IP address to advertise in the ring. Default is auto-detected.
# CLI flag: -compactor.ring.instance-addr
[instance_addr: <string> | default = ""]
# Enable using a IPv6 instance address. (default false)
# CLI flag: -compactor.ring.instance-enable-ipv6
[instance_enable_ipv6: <boolean> | default = false]
# Minimum time to wait for ring stability at startup. 0 to disable.
# CLI flag: -compactor.ring.wait-stability-min-duration
[wait_stability_min_duration: <duration> | default = 0s]
# Maximum time to wait for ring stability at startup. If the compactor ring
# keeps changing after this period of time, the compactor will start anyway.
# CLI flag: -compactor.ring.wait-stability-max-duration
[wait_stability_max_duration: <duration> | default = 5m]
# Timeout for waiting on compactor to become ACTIVE in the ring.
# CLI flag: -compactor.ring.wait-active-instance-timeout
[wait_active_instance_timeout: <duration> | default = 10m]
# The sorting to use when deciding which compaction jobs should run first for a
# given tenant. Supported values are: smallest-range-oldest-blocks-first,
# newest-blocks-first.
# CLI flag: -compactor.compaction-jobs-order
[compaction_jobs_order: <string> | default = "smallest-range-oldest-blocks-first"]
# Experimental: The strategy to use when splitting blocks during compaction.
# Supported values are: fingerprint, stacktracePartition.
# CLI flag: -compactor.compaction-split-by
[compaction_split_by: <string> | default = "fingerprint"]grpc_client
grpc_client 块配置用于在两个 Pyroscope 组件之间通信的 gRPC 客户端。用于引用此配置块的受支持 CLI 标志 <prefix> 包括
querier.frontend-clientquery-frontend.grpc-client-configquery-scheduler.grpc-client-config
# gRPC client max receive message size (bytes).
# CLI flag: -<prefix>.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -<prefix>.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 104857600]
# Use compression when sending messages. Supported values are: 'gzip', 'snappy'
# and '' (disable compression)
# CLI flag: -<prefix>.grpc-compression
[grpc_compression: <string> | default = ""]
# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -<prefix>.grpc-client-rate-limit
[rate_limit: <float> | default = 0]
# Rate limit burst for gRPC client.
# CLI flag: -<prefix>.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]
# Enable backoff and retry when we hit rate limits.
# CLI flag: -<prefix>.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# Minimum delay when backing off.
# CLI flag: -<prefix>.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -<prefix>.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -<prefix>.backoff-retries
[max_retries: <int> | default = 10]
# Initial stream window size. Values less than the default are not supported and
# are ignored. Setting this to a value other than the default disables the BDP
# estimator.
# CLI flag: -<prefix>.initial-stream-window-size
[initial_stream_window_size: <int> | default = 63KiB1023B]
# Initial connection window size. Values less than the default are not supported
# and are ignored. Setting this to a value other than the default disables the
# BDP estimator.
# CLI flag: -<prefix>.initial-connection-window-size
[initial_connection_window_size: <int> | default = 63KiB1023B]
# Enable TLS in the gRPC client. This flag needs to be enabled when any other
# TLS flag is set. If set to false, insecure connection to gRPC server will be
# used.
# CLI flag: -<prefix>.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating with the
# server. Also requires the key path to be configured.
# CLI flag: -<prefix>.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -<prefix>.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -<prefix>.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -<prefix>.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -<prefix>.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas). Allowed values:
#
# Secure Ciphers:
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.tls-min-version
[tls_min_version: <string> | default = ""]
# The maximum amount of time to establish a connection. A value of 0 means
# default gRPC client connect timeout and backoff.
# CLI flag: -<prefix>.connect-timeout
[connect_timeout: <duration> | default = 5s]
# Initial backoff delay after first connection failure. Only relevant if
# ConnectTimeout > 0.
# CLI flag: -<prefix>.connect-backoff-base-delay
[connect_backoff_base_delay: <duration> | default = 1s]
# Maximum backoff delay when establishing a connection. Only relevant if
# ConnectTimeout > 0.
# CLI flag: -<prefix>.connect-backoff-max-delay
[connect_backoff_max_delay: <duration> | default = 5s]memberlist
memberlist 块配置 Gossip memberlist。
# Name of the node in memberlist cluster. Defaults to hostname.
# CLI flag: -memberlist.nodename
[node_name: <string> | default = ""]
# Add random suffix to the node name.
# CLI flag: -memberlist.randomize-node-name
[randomize_node_name: <boolean> | default = true]
# The timeout for establishing a connection with a remote node, and for
# read/write operations.
# CLI flag: -memberlist.stream-timeout
[stream_timeout: <duration> | default = 10s]
# Multiplication factor used when sending out messages (factor * log(N+1)).
# CLI flag: -memberlist.retransmit-factor
[retransmit_factor: <int> | default = 4]
# How often to use pull/push sync.
# CLI flag: -memberlist.pullpush-interval
[pull_push_interval: <duration> | default = 30s]
# How often to gossip.
# CLI flag: -memberlist.gossip-interval
[gossip_interval: <duration> | default = 200ms]
# How many nodes to gossip to.
# CLI flag: -memberlist.gossip-nodes
[gossip_nodes: <int> | default = 3]
# How long to keep gossiping to dead nodes, to give them chance to refute their
# death.
# CLI flag: -memberlist.gossip-to-dead-nodes-time
[gossip_to_dead_nodes_time: <duration> | default = 30s]
# How soon can dead node's name be reclaimed with new address. 0 to disable.
# CLI flag: -memberlist.dead-node-reclaim-time
[dead_node_reclaim_time: <duration> | default = 0s]
# Enable message compression. This can be used to reduce bandwidth usage at the
# cost of slightly more CPU utilization.
# CLI flag: -memberlist.compression-enabled
[compression_enabled: <boolean> | default = true]
# Gossip address to advertise to other members in the cluster. Used for NAT
# traversal.
# CLI flag: -memberlist.advertise-addr
[advertise_addr: <string> | default = ""]
# Gossip port to advertise to other members in the cluster. Used for NAT
# traversal.
# CLI flag: -memberlist.advertise-port
[advertise_port: <int> | default = 7946]
# The cluster label is an optional string to include in outbound packets and
# gossip streams. Other members in the memberlist cluster will discard any
# message whose label doesn't match the configured one, unless the
# 'cluster-label-verification-disabled' configuration option is set to true.
# CLI flag: -memberlist.cluster-label
[cluster_label: <string> | default = ""]
# When true, memberlist doesn't verify that inbound packets and gossip streams
# have the cluster label matching the configured one. This verification should
# be disabled while rolling out the change to the configured cluster label in a
# live memberlist cluster.
# CLI flag: -memberlist.cluster-label-verification-disabled
[cluster_label_verification_disabled: <boolean> | default = false]
# Other cluster members to join. Can be specified multiple times. It can be an
# IP, hostname or an entry specified in the DNS Service Discovery format.
# CLI flag: -memberlist.join
[join_members: <list of strings> | default = []]
# Min backoff duration to join other cluster members.
# CLI flag: -memberlist.min-join-backoff
[min_join_backoff: <duration> | default = 1s]
# Max backoff duration to join other cluster members.
# CLI flag: -memberlist.max-join-backoff
[max_join_backoff: <duration> | default = 1m]
# Max number of retries to join other cluster members.
# CLI flag: -memberlist.max-join-retries
[max_join_retries: <int> | default = 10]
# If this node fails to join memberlist cluster, abort.
# CLI flag: -memberlist.abort-if-join-fails
[abort_if_cluster_join_fails: <boolean> | default = false]
# If not 0, how often to rejoin the cluster. Occasional rejoin can help to fix
# the cluster split issue, and is harmless otherwise. For example when using
# only few components as a seed nodes (via -memberlist.join), then it's
# recommended to use rejoin. If -memberlist.join points to dynamic service that
# resolves to all gossiping nodes (eg. Kubernetes headless service), then rejoin
# is not needed.
# CLI flag: -memberlist.rejoin-interval
[rejoin_interval: <duration> | default = 0s]
# How long to keep LEFT ingesters in the ring.
# CLI flag: -memberlist.left-ingesters-timeout
[left_ingesters_timeout: <duration> | default = 5m]
# Timeout for leaving memberlist cluster.
# CLI flag: -memberlist.leave-timeout
[leave_timeout: <duration> | default = 20s]
# How much space to use for keeping received and sent messages in memory for
# troubleshooting (two buffers). 0 to disable.
# CLI flag: -memberlist.message-history-buffer-bytes
[message_history_buffer_bytes: <int> | default = 0]
# IP address to listen on for gossip messages. Multiple addresses may be
# specified. Defaults to 0.0.0.0
# CLI flag: -memberlist.bind-addr
[bind_addr: <list of strings> | default = []]
# Port to listen on for gossip messages.
# CLI flag: -memberlist.bind-port
[bind_port: <int> | default = 7946]
# Timeout used when connecting to other nodes to send packet.
# CLI flag: -memberlist.packet-dial-timeout
[packet_dial_timeout: <duration> | default = 2s]
# Timeout for writing 'packet' data.
# CLI flag: -memberlist.packet-write-timeout
[packet_write_timeout: <duration> | default = 5s]
# Enable TLS on the memberlist transport layer.
# CLI flag: -memberlist.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating with the
# server. Also requires the key path to be configured.
# CLI flag: -memberlist.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -memberlist.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -memberlist.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -memberlist.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -memberlist.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas). Allowed values:
#
# Secure Ciphers:
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -memberlist.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -memberlist.tls-min-version
[tls_min_version: <string> | default = ""]limits
limits 块配置由组件施加的默认和每租户限制。
# Per-tenant ingestion rate limit in sample size per second. Units in MB.
# CLI flag: -distributor.ingestion-rate-limit-mb
[ingestion_rate_mb: <float> | default = 4]
# Per-tenant allowed ingestion burst size (in sample size). Units in MB. The
# burst size refers to the per-distributor local rate limiter, and should be set
# at least to the maximum profile size expected in a single push request.
# CLI flag: -distributor.ingestion-burst-size-mb
[ingestion_burst_size_mb: <float> | default = 2]
# Maximum length accepted for label names.
# CLI flag: -validation.max-length-label-name
[max_label_name_length: <int> | default = 1024]
# Maximum length accepted for label value. This setting also applies to the
# metric name.
# CLI flag: -validation.max-length-label-value
[max_label_value_length: <int> | default = 2048]
# Maximum number of label names per series.
# CLI flag: -validation.max-label-names-per-series
[max_label_names_per_series: <int> | default = 30]
# Maximum number of sessions per series. 0 to disable.
# CLI flag: -validation.max-sessions-per-series
[max_sessions_per_series: <int> | default = 0]
# Enforce labels order optimization.
# CLI flag: -validation.enforce-labels-order
[enforce_labels_order: <boolean> | default = false]
# Maximum size of a profile in bytes. This is based off the uncompressed size. 0
# to disable.
# CLI flag: -validation.max-profile-size-bytes
[max_profile_size_bytes: <int> | default = 4194304]
# Maximum number of samples in a profile. 0 to disable.
# CLI flag: -validation.max-profile-stacktrace-samples
[max_profile_stacktrace_samples: <int> | default = 16000]
# Maximum number of labels in a profile sample. 0 to disable.
# CLI flag: -validation.max-profile-stacktrace-sample-labels
[max_profile_stacktrace_sample_labels: <int> | default = 100]
# Maximum depth of a profile stacktrace. Profiles are not rejected instead
# stacktraces are truncated. 0 to disable.
# CLI flag: -validation.max-profile-stacktrace-depth
[max_profile_stacktrace_depth: <int> | default = 1000]
# Maximum length of a profile symbol value (labels, function names and
# filenames, etc...). Profiles are not rejected instead symbol values are
# truncated. 0 to disable.
# CLI flag: -validation.max-profile-symbol-value-length
[max_profile_symbol_value_length: <int> | default = 65535]
distributor_usage_groups:
# Duration of the distributor aggregation window. Requires aggregation period to
# be specified. 0 to disable.
# CLI flag: -distributor.aggregation-window
[distributor_aggregation_window: <duration> | default = 0s]
# Duration of the distributor aggregation period. Requires aggregation window to
# be specified. 0 to disable.
# CLI flag: -distributor.aggregation-period
[distributor_aggregation_period: <duration> | default = 0s]
# List of ingestion relabel configurations. The relabeling rules work the same
# way, as those of
# [Prometheus](https://prometheus.ac.cn/docs/prometheus/latest/configuration/configuration/#relabel_config).
# All rules are applied in the order they are specified. Note: In most
# situations, it is more effective to use relabeling directly in Grafana Alloy.
# Example:
# This example consists of two rules, the first one will drop all profiles
# received with an label 'environment="secrets"' and the second rule will add
# a label 'powered_by="Grafana Labs"' to all profile series.
# ingestion_relabeling_rules:
# - action: drop
# regex: secret
# source_labels:
# - environment
# - action: replace
# replacement: grafana-labs
# target_label: powered_by
# CLI flag: -distributor.ingestion-relabeling-rules
[ingestion_relabeling_rules: <list of Configs> | default = []]
# Position of the default ingestion relabeling rules in relation to relabel
# rules from overrides. Valid values are 'first', 'last' or 'disabled'.
# CLI flag: -distributor.ingestion-relabeling-default-rules-position
[ingestion_relabeling_default_rules_position: <string> | default = "first"]
# The tenant's shard size used by shuffle-sharding. Must be set both on
# ingesters and distributors. 0 disables shuffle sharding.
# CLI flag: -distributor.ingestion-tenant-shard-size
[ingestion_tenant_shard_size: <int> | default = 0]
# Maximum number of active series of profiles per tenant, per ingester. 0 to
# disable.
# CLI flag: -ingester.max-local-series-per-tenant
[max_local_series_per_tenant: <int> | default = 0]
# Maximum number of active series of profiles per tenant, across the cluster. 0
# to disable. When the global limit is enabled, each ingester is configured with
# a dynamic local limit based on the replication factor and the current number
# of healthy ingesters, and is kept updated whenever the number of ingesters
# change.
# CLI flag: -ingester.max-global-series-per-tenant
[max_global_series_per_tenant: <int> | default = 5000]
# Limit how far back in profiling data can be queried, up until lookback
# duration ago. This limit is enforced in the query frontend. If the requested
# time range is outside the allowed range, the request will not fail, but will
# be modified to only query data within the allowed time range. 0 to disable,
# default to 7d.
# CLI flag: -querier.max-query-lookback
[max_query_lookback: <duration> | default = 1w]
# The limit to length of queries. 0 to disable.
# CLI flag: -querier.max-query-length
[max_query_length: <duration> | default = 1d]
# Maximum number of queries that will be scheduled in parallel by the frontend.
# CLI flag: -querier.max-query-parallelism
[max_query_parallelism: <int> | default = 0]
# Whether query analysis is enabled in the query frontend. If disabled, the
# /AnalyzeQuery endpoint will return an empty response.
# CLI flag: -querier.query-analysis-enabled
[query_analysis_enabled: <boolean> | default = true]
# Whether the series portion of query analysis is enabled. If disabled, no
# series data (e.g., series count) will be calculated by the /AnalyzeQuery
# endpoint.
# CLI flag: -querier.query-analysis-series-enabled
[query_analysis_series_enabled: <boolean> | default = false]
# Maximum number of flame graph nodes by default. 0 to disable.
# CLI flag: -querier.max-flamegraph-nodes-default
[max_flamegraph_nodes_default: <int> | default = 8192]
# Maximum number of flame graph nodes allowed. 0 to disable.
# CLI flag: -querier.max-flamegraph-nodes-max
[max_flamegraph_nodes_max: <int> | default = 0]
# The tenant's shard size, used when store-gateway sharding is enabled. Value of
# 0 disables shuffle sharding for the tenant, that is all tenant blocks are
# sharded across all store-gateway replicas.
# CLI flag: -store-gateway.tenant-shard-size
[store_gateway_tenant_shard_size: <int> | default = 0]
# Split queries by a time interval and execute in parallel. The value 0 disables
# splitting by time
# CLI flag: -querier.split-queries-by-interval
[split_queries_by_interval: <duration> | default = 0s]
# Delete blocks containing samples older than the specified retention period. 0
# to disable.
# CLI flag: -compactor.blocks-retention-period
[compactor_blocks_retention_period: <duration> | default = 0s]
# The number of shards to use when splitting blocks. 0 to disable splitting.
# CLI flag: -compactor.split-and-merge-shards
[compactor_split_and_merge_shards: <int> | default = 0]
# Number of stages split shards will be written to. Number of output split
# shards is controlled by -compactor.split-and-merge-shards.
# CLI flag: -compactor.split-and-merge-stage-size
[compactor_split_and_merge_stage_size: <int> | default = 0]
# Number of groups that blocks for splitting should be grouped into. Each group
# of blocks is then split separately. Number of output split shards is
# controlled by -compactor.split-and-merge-shards.
# CLI flag: -compactor.split-groups
[compactor_split_groups: <int> | default = 1]
# Max number of compactors that can compact blocks for single tenant. 0 to
# disable the limit and use all compactors.
# CLI flag: -compactor.compactor-tenant-shard-size
[compactor_tenant_shard_size: <int> | default = 0]
# If a partial block (unfinished block without meta.json file) hasn't been
# modified for this time, it will be marked for deletion. The minimum accepted
# value is 4h0m0s: a lower value will be ignored and the feature disabled. 0 to
# disable.
# CLI flag: -compactor.partial-block-deletion-delay
[compactor_partial_block_deletion_delay: <duration> | default = 1d]
# If enabled, the compactor will downsample profiles in blocks at compaction
# level 3 and above. The original profiles are also kept.
# CLI flag: -compactor.compactor-downsampler-enabled
[compactor_downsampler_enabled: <boolean> | default = true]
# S3 server-side encryption type. Required to enable server-side encryption
# overrides for a specific tenant. If not set, the default S3 client settings
# are used.
[s3_sse_type: <string> | default = ""]
# S3 server-side encryption KMS Key ID. Ignored if the SSE type override is not
# set.
[s3_sse_kms_key_id: <string> | default = ""]
# S3 server-side encryption KMS encryption context. If unset and the key ID
# override is set, the encryption context will not be provided to S3. Ignored if
# the SSE type override is not set.
[s3_sse_kms_encryption_context: <string> | default = ""]
# This limits how far into the past profiling data can be ingested. This limit
# is enforced in the distributor. 0 to disable, defaults to 1h.
# CLI flag: -validation.reject-older-than
[reject_older_than: <duration> | default = 1h]
# This limits how far into the future profiling data can be ingested. This limit
# is enforced in the distributor. 0 to disable, defaults to 10m.
# CLI flag: -validation.reject-newer-than
[reject_newer_than: <duration> | default = 10m]s3_storage_backend
s3_backend 块配置与 Amazon S3 对象存储后端的连接。
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -storage.s3.endpoint
[endpoint: <string> | default = ""]
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call to
# autodetect it.
# CLI flag: -storage.s3.region
[region: <string> | default = ""]
# S3 bucket name
# CLI flag: -storage.s3.bucket-name
[bucket_name: <string> | default = ""]
# S3 secret access key
# CLI flag: -storage.s3.secret-access-key
[secret_access_key: <string> | default = ""]
# S3 access key ID
# CLI flag: -storage.s3.access-key-id
[access_key_id: <string> | default = ""]
# If enabled, use http:// for the S3 endpoint instead of https://. This could be
# useful in local dev/test environments while using an S3-compatible backend
# storage, like Minio.
# CLI flag: -storage.s3.insecure
[insecure: <boolean> | default = false]
# The signature version to use for authenticating against S3. Supported values
# are: v4, v2.
# CLI flag: -storage.s3.signature-version
[signature_version: <string> | default = "v4"]
# Deprecated, use s3.bucket-lookup-type instead. Set this to `true` to force the
# bucket lookup to be using path-style.
# CLI flag: -storage.s3.force-path-style
[force_path_style: <boolean> | default = false]
# S3 bucket lookup style, use one of: [path-style virtual-hosted-style auto]
# CLI flag: -storage.s3.bucket-lookup-type
[bucket_lookup_type: <string> | default = "auto"]
sse:
# Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
# CLI flag: -storage.s3.sse.type
[type: <string> | default = ""]
# KMS Key ID used to encrypt objects in S3
# CLI flag: -storage.s3.sse.kms-key-id
[kms_key_id: <string> | default = ""]
# KMS Encryption Context used for object encryption. It expects JSON formatted
# string.
# CLI flag: -storage.s3.sse.kms-encryption-context
[kms_encryption_context: <string> | default = ""]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -storage.s3.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -storage.s3.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects to S3 via HTTPS and this option is enabled, the
# client will accept any certificate and hostname.
# CLI flag: -storage.s3.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -storage.s3.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully writing
# the request headers if the request has an Expect header. 0 to send the
# request body immediately.
# CLI flag: -storage.s3.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0 means no
# limit.
# CLI flag: -storage.s3.max-idle-connections
[max_idle_connections: <int> | default = 0]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
# built-in default value is used.
# CLI flag: -storage.s3.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -storage.s3.max-connections-per-host
[max_connections_per_host: <int> | default = 0]gcs_storage_backend
gcs_backend 块配置与 Google Cloud Storage 对象存储后端的连接。
# GCS bucket name
# CLI flag: -storage.gcs.bucket-name
[bucket_name: <string> | default = ""]
# JSON either from a Google Developers Console client_credentials.json file, or
# a Google Developers service account key. Needs to be valid JSON, not a
# filesystem path. If empty, fallback to Google default logic:
# 1. A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS
# environment variable. For workload identity federation, refer to
# https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation on
# how to generate the JSON configuration file for on-prem/non-Google cloud
# platforms.
# 2. A JSON file in a location known to the gcloud command-line tool:
# $HOME/.config/gcloud/application_default_credentials.json.
# 3. On Google Compute Engine it fetches credentials from the metadata server.
# CLI flag: -storage.gcs.service-account
[service_account: <string> | default = ""]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -storage.gcs.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -storage.gcs.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects to GCS via HTTPS and this option is enabled, the
# client will accept any certificate and hostname.
# CLI flag: -storage.gcs.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -storage.gcs.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully writing
# the request headers if the request has an Expect header. 0 to send the
# request body immediately.
# CLI flag: -storage.gcs.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0 means no
# limit.
# CLI flag: -storage.gcs.max-idle-connections
[max_idle_conns: <int> | default = 0]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
# built-in default value is used.
# CLI flag: -storage.gcs.max-idle-connections-per-host
[max_idle_conns_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -storage.gcs.max-connections-per-host
[max_conns_per_host: <int> | default = 0]azure_storage_backend
azure_storage_backend 块配置与 Azure 对象存储后端的连接。
# Azure storage account name
# CLI flag: -storage.azure.account-name
[account_name: <string> | default = ""]
# Azure storage account key. If unset, Azure managed identities will be used for
# authentication instead.
# CLI flag: -storage.azure.account-key
[account_key: <string> | default = ""]
# If `connection-string` is set, the value of `endpoint-suffix` will not be
# used. Use this method over `account-key` if you need to authenticate via a SAS
# token. Or if you use the Azurite emulator.
# CLI flag: -storage.azure.connection-string
[connection_string: <string> | default = ""]
# Azure storage container name
# CLI flag: -storage.azure.container-name
[container_name: <string> | default = ""]
# Azure storage endpoint suffix without schema. The account name will be
# prefixed to this value to create the FQDN. If set to empty string, default
# endpoint suffix is used.
# CLI flag: -storage.azure.endpoint-suffix
[endpoint_suffix: <string> | default = ""]
# Number of retries for recoverable errors
# CLI flag: -storage.azure.max-retries
[max_retries: <int> | default = 3]
# User assigned managed identity. If empty, then System assigned identity is
# used.
# CLI flag: -storage.azure.user-assigned-id
[user_assigned_id: <string> | default = ""]swift_storage_backend
swift_storage_backend 块配置与 OpenStack Object Storage (Swift) 对象存储后端的连接。
# OpenStack Swift authentication API version. 0 to autodetect.
# CLI flag: -storage.swift.auth-version
[auth_version: <int> | default = 0]
# OpenStack Swift authentication URL
# CLI flag: -storage.swift.auth-url
[auth_url: <string> | default = ""]
# OpenStack Swift username.
# CLI flag: -storage.swift.username
[username: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -storage.swift.user-domain-name
[user_domain_name: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -storage.swift.user-domain-id
[user_domain_id: <string> | default = ""]
# OpenStack Swift user ID.
# CLI flag: -storage.swift.user-id
[user_id: <string> | default = ""]
# OpenStack Swift API key.
# CLI flag: -storage.swift.password
[password: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -storage.swift.domain-id
[domain_id: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -storage.swift.domain-name
[domain_name: <string> | default = ""]
# OpenStack Swift project ID (v2,v3 auth only).
# CLI flag: -storage.swift.project-id
[project_id: <string> | default = ""]
# OpenStack Swift project name (v2,v3 auth only).
# CLI flag: -storage.swift.project-name
[project_name: <string> | default = ""]
# ID of the OpenStack Swift project's domain (v3 auth only), only needed if it
# differs the from user domain.
# CLI flag: -storage.swift.project-domain-id
[project_domain_id: <string> | default = ""]
# Name of the OpenStack Swift project's domain (v3 auth only), only needed if it
# differs from the user domain.
# CLI flag: -storage.swift.project-domain-name
[project_domain_name: <string> | default = ""]
# OpenStack Swift Region to use (v2,v3 auth only).
# CLI flag: -storage.swift.region-name
[region_name: <string> | default = ""]
# Name of the OpenStack Swift container to put chunks in.
# CLI flag: -storage.swift.container-name
[container_name: <string> | default = ""]
# Max retries on requests error.
# CLI flag: -storage.swift.max-retries
[max_retries: <int> | default = 3]
# Time after which a connection attempt is aborted.
# CLI flag: -storage.swift.connect-timeout
[connect_timeout: <duration> | default = 10s]
# Time after which an idle request is aborted. The timeout watchdog is reset
# each time some data is received, so the timeout triggers after X time no data
# is received on a request.
# CLI flag: -storage.swift.request-timeout
[request_timeout: <duration> | default = 5s]filesystem_storage_backend
filesystem_storage_backend 块配置将本地文件系统用作对象存储后端。
# Local filesystem storage directory.
# CLI flag: -storage.filesystem.dir
[dir: <string> | default = "./data-shared"]analytics
analytics 块配置使用统计信息收集。有关使用统计信息的更多详细信息,请参阅匿名使用统计报告
# Enable anonymous usage statistics collection. For more details about usage
# statistics, refer to
# https://grafana.org.cn/docs/pyroscope/latest/configure-server/anonymous-usage-statistics-reporting/
# CLI flag: -usage-stats.enabled
[reporting_enabled: <boolean> | default = true]
