diff --git a/Makefile b/Makefile index c47bc2b2ce0..4fd7721a9e0 100644 --- a/Makefile +++ b/Makefile @@ -260,6 +260,7 @@ doc: clean-doc go run -tags slicelabels ./tools/doc-generator ./docs/guides/encryption-at-rest.template > ./docs/guides/encryption-at-rest.md embedmd -w docs/operations/requests-mirroring-to-secondary-cluster.md embedmd -w docs/guides/overrides-exporter.md + go run -tags slicelabels ./tools/doc-generator -json-schema > ./schemas/cortex-config-schema.json endif diff --git a/schemas/cortex-config-schema.json b/schemas/cortex-config-schema.json new file mode 100644 index 00000000000..13839752ab6 --- /dev/null +++ b/schemas/cortex-config-schema.json @@ -0,0 +1,8474 @@ +{ + "$id": "https://cortexmetrics.io/schemas/cortex-config.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", + "definitions": { + "DisabledRuleGroup": { + "properties": { + "name": { + "description": "name of the rule group", + "type": "string" + }, + "namespace": { + "description": "namespace in which the rule group belongs", + "type": "string" + } + }, + "type": "object" + }, + "Label": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "LimitsPerLabelSet": { + "properties": { + "label_set": { + "additionalProperties": true, + "default": [], + "description": "LabelSet which the limit should be applied. If no labels are provided, it becomes the default partition which matches any series that doesn't match any other explicitly defined label sets.'", + "type": "object" + }, + "limits": { + "properties": { + "max_series": { + "description": "The maximum number of active series per LabelSet, across the cluster before replication. Setting the value 0 will enable the monitoring (metrics) but would not enforce any limits.", + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "PriorityDef": { + "properties": { + "priority": { + "default": 0, + "description": "Priority level. Must be a unique value.", + "type": "number" + }, + "query_attributes": { + "default": [], + "description": "List of query_attributes to match and assign priority to queries. A query is assigned to this priority if it matches any query_attribute in this list. Each query_attribute has several properties (e.g., regex, time_window, user_agent), and all specified properties must match for a query_attribute to be considered a match. Only the specified properties are checked, and an AND operator is applied to them.", + "items": { + "type": "string" + }, + "type": "array" + }, + "reserved_queriers": { + "default": 0, + "description": "Number of reserved queriers to handle priorities higher or equal to the priority level. Value between 0 and 1 will be used as a percentage.", + "type": "number" + } + }, + "type": "object" + }, + "QueryAttribute": { + "properties": { + "api_type": { + "description": "API type for the query. Should be one of the query, query_range, series, labels, label_values. If not set, it won't be checked.", + "type": "string" + }, + "dashboard_uid": { + "description": "Grafana includes X-Dashboard-Uid header in query requests. If this field is provided then X-Dashboard-Uid header of request should match this value. If not set, it won't be checked. This property won't be applied to metadata queries.", + "type": "string" + }, + "panel_id": { + "description": "Grafana includes X-Panel-Id header in query requests. If this field is provided then X-Panel-Id header of request should match this value. If not set, it won't be checked. This property won't be applied to metadata queries.", + "type": "string" + }, + "query_step_limit": { + "description": "If query step provided should be within this limit to match. If not set, it won't be checked. This property only applied to range queries and ignored for other types of queries.", + "properties": { + "max": { + "default": 0, + "description": "Query step should be below or equal to this value to match. If set to 0, it won't be checked.", + "type": "number" + }, + "min": { + "default": 0, + "description": "Query step should be above or equal to this value to match. If set to 0, it won't be checked.", + "type": "number" + } + }, + "type": "object" + }, + "regex": { + "description": "Regex that the query string (or at least one of the matchers in metadata query) should match. If not set, it won't be checked.", + "type": "string" + }, + "time_range_limit": { + "description": "Query time range should be within this limit to match. Depending on where it was used, in most of the use-cases, either min or max value will be used. If not set, it won't be checked.", + "properties": { + "max": { + "default": 0, + "description": "This will be duration (12h, 1d, 15d etc.). Query time range should be below or equal to this value to match. Ex: if this value is 24h, then queries whose range is smaller than or equal to 24h will match.If set to 0, it won't be checked.", + "type": "number" + }, + "min": { + "default": 0, + "description": "This will be duration (12h, 1d, 15d etc.). Query time range should be above or equal to this value to match. Ex: if this value is 20d, then queries whose range is bigger than or equal to 20d will match. If set to 0, it won't be checked.", + "type": "number" + } + }, + "type": "object" + }, + "time_window": { + "description": "Overall data select time window (including range selectors, modifiers and lookback delta) that the query should be within. If not set, it won't be checked.", + "properties": { + "end": { + "default": 0, + "description": "End of the data select time window (including range selectors, modifiers and lookback delta) that the query should be within. If set to 0, it won't be checked.", + "type": "number" + }, + "start": { + "default": 0, + "description": "Start of the data select time window (including range selectors, modifiers and lookback delta) that the query should be within. If set to 0, it won't be checked.", + "type": "number" + } + }, + "type": "object" + }, + "user_agent_regex": { + "description": "Regex that User-Agent header of the request should match. If not set, it won't be checked.", + "type": "string" + } + }, + "type": "object" + }, + "alertmanager_config": { + "description": "The alertmanager_config configures the Cortex alertmanager.", + "properties": { + "alertmanager_client": { + "properties": { + "connect_timeout": { + "default": "5s", + "description": "The maximum amount of time to establish a connection. A value of 0 means using default gRPC client connect timeout 5s.", + "type": "string", + "x-cli-flag": "alertmanager.alertmanager-client.connect-timeout", + "x-format": "duration" + }, + "grpc_compression": { + "description": "Use compression when sending messages. Supported values are: 'gzip', 'snappy' and '' (disable compression)", + "type": "string", + "x-cli-flag": "alertmanager.alertmanager-client.grpc-compression" + }, + "max_recv_msg_size": { + "default": 16777216, + "description": "gRPC client max receive message size (bytes).", + "type": "number", + "x-cli-flag": "alertmanager.alertmanager-client.grpc-max-recv-msg-size" + }, + "max_send_msg_size": { + "default": 4194304, + "description": "gRPC client max send message size (bytes).", + "type": "number", + "x-cli-flag": "alertmanager.alertmanager-client.grpc-max-send-msg-size" + }, + "remote_timeout": { + "default": "2s", + "description": "Timeout for downstream alertmanagers.", + "type": "string", + "x-cli-flag": "alertmanager.alertmanager-client.remote-timeout", + "x-format": "duration" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "alertmanager.alertmanager-client.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "alertmanager.alertmanager-client.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS in the GRPC client. This flag needs to be enabled when any other TLS flag is set. If set to false, insecure connection to gRPC server will be used.", + "type": "boolean", + "x-cli-flag": "alertmanager.alertmanager-client.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "alertmanager.alertmanager-client.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "alertmanager.alertmanager-client.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "alertmanager.alertmanager-client.tls-server-name" + } + }, + "type": "object" + }, + "api_concurrency": { + "default": 0, + "description": "Maximum number of concurrent GET API requests before returning an error.", + "type": "number", + "x-cli-flag": "alertmanager.api-concurrency" + }, + "auto_webhook_root": { + "description": "Root of URL to generate if config is http://internal.monitor", + "type": "string", + "x-cli-flag": "alertmanager.configs.auto-webhook-root" + }, + "cluster": { + "properties": { + "advertise_address": { + "description": "Explicit address or hostname to advertise in cluster.", + "type": "string", + "x-cli-flag": "alertmanager.cluster.advertise-address" + }, + "gossip_interval": { + "default": "200ms", + "description": "The interval between sending gossip messages. By lowering this value (more frequent) gossip messages are propagated across cluster more quickly at the expense of increased bandwidth usage.", + "type": "string", + "x-cli-flag": "alertmanager.cluster.gossip-interval", + "x-format": "duration" + }, + "listen_address": { + "default": "0.0.0.0:9094", + "description": "Listen address and port for the cluster. Not specifying this flag disables high-availability mode.", + "type": "string", + "x-cli-flag": "alertmanager.cluster.listen-address" + }, + "peer_timeout": { + "default": "15s", + "description": "Time to wait between peers to send notifications.", + "type": "string", + "x-cli-flag": "alertmanager.cluster.peer-timeout", + "x-format": "duration" + }, + "peers": { + "description": "Comma-separated list of initial peers.", + "type": "string", + "x-cli-flag": "alertmanager.cluster.peers" + }, + "push_pull_interval": { + "default": "1m0s", + "description": "The interval between gossip state syncs. Setting this interval lower (more frequent) will increase convergence speeds across larger clusters at the expense of increased bandwidth usage.", + "type": "string", + "x-cli-flag": "alertmanager.cluster.push-pull-interval", + "x-format": "duration" + } + }, + "type": "object" + }, + "data_dir": { + "default": "data/", + "description": "Base path for data storage.", + "type": "string", + "x-cli-flag": "alertmanager.storage.path" + }, + "disabled_tenants": { + "description": "Comma separated list of tenants whose alerts this alertmanager cannot process. If specified, a alertmanager that would normally pick the specified tenant(s) for processing will ignore them instead.", + "type": "string", + "x-cli-flag": "alertmanager.disabled-tenants" + }, + "enable_api": { + "default": false, + "description": "Enable the experimental alertmanager config api.", + "type": "boolean", + "x-cli-flag": "experimental.alertmanager.enable-api" + }, + "enabled_tenants": { + "description": "Comma separated list of tenants whose alerts this alertmanager can process. If specified, only these tenants will be handled by alertmanager, otherwise this alertmanager can process alerts from all tenants.", + "type": "string", + "x-cli-flag": "alertmanager.enabled-tenants" + }, + "external_url": { + "description": "The URL under which Alertmanager is externally reachable (for example, if Alertmanager is served via a reverse proxy). Used for generating relative and absolute links back to Alertmanager itself. If the URL has a path portion, it will be used to prefix all HTTP endpoints served by Alertmanager. If omitted, relevant URL components will be derived automatically.", + "format": "uri", + "type": "string", + "x-cli-flag": "alertmanager.web.external-url" + }, + "fallback_config_file": { + "description": "Filename of fallback config to use if none specified for instance.", + "type": "string", + "x-cli-flag": "alertmanager.configs.fallback" + }, + "gc_interval": { + "default": "30m0s", + "description": "Alertmanager alerts Garbage collection interval.", + "type": "string", + "x-cli-flag": "alertmanager.alerts-gc-interval", + "x-format": "duration" + }, + "max_recv_msg_size": { + "default": 16777216, + "description": "Maximum size (bytes) of an accepted HTTP request body.", + "type": "number", + "x-cli-flag": "alertmanager.max-recv-msg-size" + }, + "persist_interval": { + "default": "15m0s", + "description": "The interval between persisting the current alertmanager state (notification log and silences) to object storage. This is only used when sharding is enabled. This state is read when all replicas for a shard can not be contacted. In this scenario, having persisted the state more frequently will result in potentially fewer lost silences, and fewer duplicate notifications.", + "type": "string", + "x-cli-flag": "alertmanager.persist-interval", + "x-format": "duration" + }, + "poll_interval": { + "default": "15s", + "description": "How frequently to poll Cortex configs", + "type": "string", + "x-cli-flag": "alertmanager.configs.poll-interval", + "x-format": "duration" + }, + "retention": { + "default": "120h0m0s", + "description": "How long to keep data for.", + "type": "string", + "x-cli-flag": "alertmanager.storage.retention", + "x-format": "duration" + }, + "sharding_enabled": { + "default": false, + "description": "Shard tenants across multiple alertmanager instances.", + "type": "boolean", + "x-cli-flag": "alertmanager.sharding-enabled" + }, + "sharding_ring": { + "properties": { + "detailed_metrics_enabled": { + "default": true, + "description": "Set to true to enable ring detailed metrics. These metrics provide detailed information, such as token count and ownership per tenant. Disabling them can significantly decrease the number of metrics emitted.", + "type": "boolean", + "x-cli-flag": "alertmanager.sharding-ring.detailed-metrics-enabled" + }, + "final_sleep": { + "default": "0s", + "description": "The sleep seconds when alertmanager is shutting down. Need to be close to or larger than KV Store information propagation delay", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.final-sleep", + "x-format": "duration" + }, + "heartbeat_period": { + "default": "15s", + "description": "Period at which to heartbeat to the ring. 0 = disabled.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.heartbeat-period", + "x-format": "duration" + }, + "heartbeat_timeout": { + "default": "1m0s", + "description": "The heartbeat timeout after which alertmanagers are considered unhealthy within the ring. 0 = never (timeout disabled).", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.heartbeat-timeout", + "x-format": "duration" + }, + "instance_availability_zone": { + "description": "The availability zone where this instance is running. Required if zone-awareness is enabled.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.instance-availability-zone" + }, + "instance_interface_names": { + "default": "[eth0 en0]", + "description": "Name of network interface to read address from.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "alertmanager.sharding-ring.instance-interface-names" + }, + "keep_instance_in_the_ring_on_shutdown": { + "default": false, + "description": "Keep instance in the ring on shut down.", + "type": "boolean", + "x-cli-flag": "alertmanager.sharding-ring.keep-instance-in-the-ring-on-shutdown" + }, + "kvstore": { + "description": "The key-value store used to share the hash ring across multiple instances.", + "properties": { + "consul": { + "$ref": "#/definitions/consul_config" + }, + "dynamodb": { + "properties": { + "max_cas_retries": { + "default": 10, + "description": "Maximum number of retries for DDB KV CAS.", + "type": "number", + "x-cli-flag": "alertmanager.sharding-ring.dynamodb.max-cas-retries" + }, + "puller_sync_time": { + "default": "1m0s", + "description": "Time to refresh local ring with information on dynamodb.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.dynamodb.puller-sync-time", + "x-format": "duration" + }, + "region": { + "description": "Region to access dynamodb.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.dynamodb.region" + }, + "table_name": { + "description": "Table name to use on dynamodb.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.dynamodb.table-name" + }, + "timeout": { + "default": "2m0s", + "description": "Timeout of dynamoDbClient requests. Default is 2m.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.dynamodb.timeout", + "x-format": "duration" + }, + "ttl": { + "default": "0s", + "description": "Time to expire items on dynamodb.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.dynamodb.ttl-time", + "x-format": "duration" + } + }, + "type": "object" + }, + "etcd": { + "$ref": "#/definitions/etcd_config" + }, + "multi": { + "properties": { + "mirror_enabled": { + "default": false, + "description": "Mirror writes to secondary store.", + "type": "boolean", + "x-cli-flag": "alertmanager.sharding-ring.multi.mirror-enabled" + }, + "mirror_timeout": { + "default": "2s", + "description": "Timeout for storing value to secondary store.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.multi.mirror-timeout", + "x-format": "duration" + }, + "primary": { + "description": "Primary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.multi.primary" + }, + "secondary": { + "description": "Secondary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.multi.secondary" + } + }, + "type": "object" + }, + "prefix": { + "default": "alertmanagers/", + "description": "The prefix for the keys in the store. Should end with a /.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.prefix" + }, + "store": { + "default": "consul", + "description": "Backend storage to use for the ring. Supported values are: consul, etcd, inmemory, memberlist, multi.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.store" + } + }, + "type": "object" + }, + "replication_factor": { + "default": 3, + "description": "The replication factor to use when sharding the alertmanager.", + "type": "number", + "x-cli-flag": "alertmanager.sharding-ring.replication-factor" + }, + "tokens_file_path": { + "description": "File path where tokens are stored. If empty, tokens are not stored at shutdown and restored at startup.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.tokens-file-path" + }, + "wait_instance_state_timeout": { + "default": "10m0s", + "description": "Timeout for waiting on alertmanager to become desired state in the ring.", + "type": "string", + "x-cli-flag": "alertmanager.sharding-ring.wait-instance-state-timeout", + "x-format": "duration" + }, + "zone_awareness_enabled": { + "default": false, + "description": "True to enable zone-awareness and replicate alerts across different availability zones.", + "type": "boolean", + "x-cli-flag": "alertmanager.sharding-ring.zone-awareness-enabled" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "alertmanager_storage_config": { + "description": "The alertmanager_storage_config configures the Cortex alertmanager storage backend.", + "properties": { + "azure": { + "properties": { + "account_key": { + "description": "Azure storage account key", + "type": "string", + "x-cli-flag": "alertmanager-storage.azure.account-key" + }, + "account_name": { + "description": "Azure storage account name", + "type": "string", + "x-cli-flag": "alertmanager-storage.azure.account-name" + }, + "connection_string": { + "description": "The values of `account-name` and `endpoint-suffix` values will not be ignored if `connection-string` is set. Use this method over `account-key` if you need to authenticate via a SAS token or if you use the Azurite emulator.", + "type": "string", + "x-cli-flag": "alertmanager-storage.azure.connection-string" + }, + "container_name": { + "description": "Azure storage container name", + "type": "string", + "x-cli-flag": "alertmanager-storage.azure.container-name" + }, + "endpoint_suffix": { + "description": "Azure storage endpoint suffix without schema. The account name will be prefixed to this value to create the FQDN", + "type": "string", + "x-cli-flag": "alertmanager-storage.azure.endpoint-suffix" + }, + "http": { + "properties": { + "expect_continue_timeout": { + "default": "1s", + "description": "The time to wait for a server's first response headers after fully writing the request headers if the request has an Expect header. 0 to send the request body immediately.", + "type": "string", + "x-cli-flag": "alertmanager-storage.azure.expect-continue-timeout", + "x-format": "duration" + }, + "idle_conn_timeout": { + "default": "1m30s", + "description": "The time an idle connection will remain idle before closing.", + "type": "string", + "x-cli-flag": "alertmanager-storage.azure.http.idle-conn-timeout", + "x-format": "duration" + }, + "insecure_skip_verify": { + "default": false, + "description": "If the client connects via HTTPS and this option is enabled, the client will accept any certificate and hostname.", + "type": "boolean", + "x-cli-flag": "alertmanager-storage.azure.http.insecure-skip-verify" + }, + "max_connections_per_host": { + "default": 0, + "description": "Maximum number of connections per host. 0 means no limit.", + "type": "number", + "x-cli-flag": "alertmanager-storage.azure.max-connections-per-host" + }, + "max_idle_connections": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections across all hosts. 0 means no limit.", + "type": "number", + "x-cli-flag": "alertmanager-storage.azure.max-idle-connections" + }, + "max_idle_connections_per_host": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections to keep per-host. If 0, a built-in default value is used.", + "type": "number", + "x-cli-flag": "alertmanager-storage.azure.max-idle-connections-per-host" + }, + "response_header_timeout": { + "default": "2m0s", + "description": "The amount of time the client will wait for a servers response headers.", + "type": "string", + "x-cli-flag": "alertmanager-storage.azure.http.response-header-timeout", + "x-format": "duration" + }, + "tls_handshake_timeout": { + "default": "10s", + "description": "Maximum time to wait for a TLS handshake. 0 means no limit.", + "type": "string", + "x-cli-flag": "alertmanager-storage.azure.tls-handshake-timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "max_retries": { + "default": 20, + "description": "Number of retries for recoverable errors", + "type": "number", + "x-cli-flag": "alertmanager-storage.azure.max-retries" + }, + "msi_resource": { + "description": "Deprecated: Azure storage MSI resource. It will be set automatically by Azure SDK.", + "type": "string", + "x-cli-flag": "alertmanager-storage.azure.msi-resource" + }, + "user_assigned_id": { + "description": "Azure storage MSI resource managed identity client Id. If not supplied default Azure credential will be used. Set it to empty if you need to authenticate via Azure Workload Identity.", + "type": "string", + "x-cli-flag": "alertmanager-storage.azure.user-assigned-id" + } + }, + "type": "object" + }, + "backend": { + "default": "s3", + "description": "Backend storage to use. Supported backends are: s3, gcs, azure, swift, filesystem, configdb, local.", + "type": "string", + "x-cli-flag": "alertmanager-storage.backend" + }, + "configdb": { + "$ref": "#/definitions/configstore_config" + }, + "filesystem": { + "properties": { + "dir": { + "description": "Local filesystem storage directory.", + "type": "string", + "x-cli-flag": "alertmanager-storage.filesystem.dir" + } + }, + "type": "object" + }, + "gcs": { + "properties": { + "bucket_name": { + "description": "GCS bucket name", + "type": "string", + "x-cli-flag": "alertmanager-storage.gcs.bucket-name" + }, + "service_account": { + "description": "JSON representing either a Google Developers Console client_credentials.json file or a Google Developers service account key file. If empty, fallback to Google default logic.", + "type": "string", + "x-cli-flag": "alertmanager-storage.gcs.service-account" + } + }, + "type": "object" + }, + "local": { + "properties": { + "path": { + "description": "Path at which alertmanager configurations are stored.", + "type": "string", + "x-cli-flag": "alertmanager-storage.local.path" + } + }, + "type": "object" + }, + "s3": { + "properties": { + "access_key_id": { + "description": "S3 access key ID", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.access-key-id" + }, + "bucket_lookup_type": { + "default": "auto", + "description": "The s3 bucket lookup style. Supported values are: auto, virtual-hosted, path.", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.bucket-lookup-type" + }, + "bucket_name": { + "description": "S3 bucket name", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.bucket-name" + }, + "disable_dualstack": { + "default": false, + "description": "If enabled, S3 endpoint will use the non-dualstack variant.", + "type": "boolean", + "x-cli-flag": "alertmanager-storage.s3.disable-dualstack" + }, + "endpoint": { + "description": "The S3 bucket endpoint. It could be an AWS S3 endpoint listed at https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an S3-compatible service in hostname:port format.", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.endpoint" + }, + "http": { + "properties": { + "expect_continue_timeout": { + "default": "1s", + "description": "The time to wait for a server's first response headers after fully writing the request headers if the request has an Expect header. 0 to send the request body immediately.", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.expect-continue-timeout", + "x-format": "duration" + }, + "idle_conn_timeout": { + "default": "1m30s", + "description": "The time an idle connection will remain idle before closing.", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.http.idle-conn-timeout", + "x-format": "duration" + }, + "insecure_skip_verify": { + "default": false, + "description": "If the client connects via HTTPS and this option is enabled, the client will accept any certificate and hostname.", + "type": "boolean", + "x-cli-flag": "alertmanager-storage.s3.http.insecure-skip-verify" + }, + "max_connections_per_host": { + "default": 0, + "description": "Maximum number of connections per host. 0 means no limit.", + "type": "number", + "x-cli-flag": "alertmanager-storage.s3.max-connections-per-host" + }, + "max_idle_connections": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections across all hosts. 0 means no limit.", + "type": "number", + "x-cli-flag": "alertmanager-storage.s3.max-idle-connections" + }, + "max_idle_connections_per_host": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections to keep per-host. If 0, a built-in default value is used.", + "type": "number", + "x-cli-flag": "alertmanager-storage.s3.max-idle-connections-per-host" + }, + "response_header_timeout": { + "default": "2m0s", + "description": "The amount of time the client will wait for a servers response headers.", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.http.response-header-timeout", + "x-format": "duration" + }, + "tls_handshake_timeout": { + "default": "10s", + "description": "Maximum time to wait for a TLS handshake. 0 means no limit.", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.tls-handshake-timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "insecure": { + "default": false, + "description": "If enabled, use http:// for the S3 endpoint instead of https://. This could be useful in local dev/test environments while using an S3-compatible backend storage, like Minio.", + "type": "boolean", + "x-cli-flag": "alertmanager-storage.s3.insecure" + }, + "list_objects_version": { + "description": "The list api version. Supported values are: v1, v2, and ''.", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.list-objects-version" + }, + "region": { + "description": "S3 region. If unset, the client will issue a S3 GetBucketLocation API call to autodetect it.", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.region" + }, + "secret_access_key": { + "description": "S3 secret access key", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.secret-access-key" + }, + "send_content_md5": { + "default": true, + "description": "If true, attach MD5 checksum when upload objects and S3 uses MD5 checksum algorithm to verify the provided digest. If false, use CRC32C algorithm instead.", + "type": "boolean", + "x-cli-flag": "alertmanager-storage.s3.send-content-md5" + }, + "signature_version": { + "default": "v4", + "description": "The signature version to use for authenticating against S3. Supported values are: v4, v2.", + "type": "string", + "x-cli-flag": "alertmanager-storage.s3.signature-version" + }, + "sse": { + "$ref": "#/definitions/s3_sse_config" + } + }, + "type": "object" + }, + "swift": { + "properties": { + "application_credential_id": { + "description": "OpenStack Swift application credential ID.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.application-credential-id" + }, + "application_credential_name": { + "description": "OpenStack Swift application credential name.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.application-credential-name" + }, + "application_credential_secret": { + "description": "OpenStack Swift application credential secret.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.application-credential-secret" + }, + "auth_url": { + "description": "OpenStack Swift authentication URL", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.auth-url" + }, + "auth_version": { + "default": 0, + "description": "OpenStack Swift authentication API version. 0 to autodetect.", + "type": "number", + "x-cli-flag": "alertmanager-storage.swift.auth-version" + }, + "connect_timeout": { + "default": "10s", + "description": "Time after which a connection attempt is aborted.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.connect-timeout", + "x-format": "duration" + }, + "container_name": { + "description": "Name of the OpenStack Swift container to put chunks in.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.container-name" + }, + "domain_id": { + "description": "OpenStack Swift user's domain ID.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.domain-id" + }, + "domain_name": { + "description": "OpenStack Swift user's domain name.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.domain-name" + }, + "max_retries": { + "default": 3, + "description": "Max retries on requests error.", + "type": "number", + "x-cli-flag": "alertmanager-storage.swift.max-retries" + }, + "password": { + "description": "OpenStack Swift API key.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.password" + }, + "project_domain_id": { + "description": "ID of the OpenStack Swift project's domain (v3 auth only), only needed if it differs the from user domain.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.project-domain-id" + }, + "project_domain_name": { + "description": "Name of the OpenStack Swift project's domain (v3 auth only), only needed if it differs from the user domain.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.project-domain-name" + }, + "project_id": { + "description": "OpenStack Swift project ID (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.project-id" + }, + "project_name": { + "description": "OpenStack Swift project name (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.project-name" + }, + "region_name": { + "description": "OpenStack Swift Region to use (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.region-name" + }, + "request_timeout": { + "default": "5s", + "description": "Time after which an idle request is aborted. The timeout watchdog is reset each time some data is received, so the timeout triggers after X time no data is received on a request.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.request-timeout", + "x-format": "duration" + }, + "user_domain_id": { + "description": "OpenStack Swift user's domain ID.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.user-domain-id" + }, + "user_domain_name": { + "description": "OpenStack Swift user's domain name.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.user-domain-name" + }, + "user_id": { + "description": "OpenStack Swift user ID.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.user-id" + }, + "username": { + "description": "OpenStack Swift username.", + "type": "string", + "x-cli-flag": "alertmanager-storage.swift.username" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "blocks_storage_config": { + "description": "The blocks_storage_config configures the blocks storage.", + "properties": { + "azure": { + "properties": { + "account_key": { + "description": "Azure storage account key", + "type": "string", + "x-cli-flag": "blocks-storage.azure.account-key" + }, + "account_name": { + "description": "Azure storage account name", + "type": "string", + "x-cli-flag": "blocks-storage.azure.account-name" + }, + "connection_string": { + "description": "The values of `account-name` and `endpoint-suffix` values will not be ignored if `connection-string` is set. Use this method over `account-key` if you need to authenticate via a SAS token or if you use the Azurite emulator.", + "type": "string", + "x-cli-flag": "blocks-storage.azure.connection-string" + }, + "container_name": { + "description": "Azure storage container name", + "type": "string", + "x-cli-flag": "blocks-storage.azure.container-name" + }, + "endpoint_suffix": { + "description": "Azure storage endpoint suffix without schema. The account name will be prefixed to this value to create the FQDN", + "type": "string", + "x-cli-flag": "blocks-storage.azure.endpoint-suffix" + }, + "http": { + "properties": { + "expect_continue_timeout": { + "default": "1s", + "description": "The time to wait for a server's first response headers after fully writing the request headers if the request has an Expect header. 0 to send the request body immediately.", + "type": "string", + "x-cli-flag": "blocks-storage.azure.expect-continue-timeout", + "x-format": "duration" + }, + "idle_conn_timeout": { + "default": "1m30s", + "description": "The time an idle connection will remain idle before closing.", + "type": "string", + "x-cli-flag": "blocks-storage.azure.http.idle-conn-timeout", + "x-format": "duration" + }, + "insecure_skip_verify": { + "default": false, + "description": "If the client connects via HTTPS and this option is enabled, the client will accept any certificate and hostname.", + "type": "boolean", + "x-cli-flag": "blocks-storage.azure.http.insecure-skip-verify" + }, + "max_connections_per_host": { + "default": 0, + "description": "Maximum number of connections per host. 0 means no limit.", + "type": "number", + "x-cli-flag": "blocks-storage.azure.max-connections-per-host" + }, + "max_idle_connections": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections across all hosts. 0 means no limit.", + "type": "number", + "x-cli-flag": "blocks-storage.azure.max-idle-connections" + }, + "max_idle_connections_per_host": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections to keep per-host. If 0, a built-in default value is used.", + "type": "number", + "x-cli-flag": "blocks-storage.azure.max-idle-connections-per-host" + }, + "response_header_timeout": { + "default": "2m0s", + "description": "The amount of time the client will wait for a servers response headers.", + "type": "string", + "x-cli-flag": "blocks-storage.azure.http.response-header-timeout", + "x-format": "duration" + }, + "tls_handshake_timeout": { + "default": "10s", + "description": "Maximum time to wait for a TLS handshake. 0 means no limit.", + "type": "string", + "x-cli-flag": "blocks-storage.azure.tls-handshake-timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "max_retries": { + "default": 20, + "description": "Number of retries for recoverable errors", + "type": "number", + "x-cli-flag": "blocks-storage.azure.max-retries" + }, + "msi_resource": { + "description": "Deprecated: Azure storage MSI resource. It will be set automatically by Azure SDK.", + "type": "string", + "x-cli-flag": "blocks-storage.azure.msi-resource" + }, + "user_assigned_id": { + "description": "Azure storage MSI resource managed identity client Id. If not supplied default Azure credential will be used. Set it to empty if you need to authenticate via Azure Workload Identity.", + "type": "string", + "x-cli-flag": "blocks-storage.azure.user-assigned-id" + } + }, + "type": "object" + }, + "backend": { + "default": "s3", + "description": "Backend storage to use. Supported backends are: s3, gcs, azure, swift, filesystem.", + "type": "string", + "x-cli-flag": "blocks-storage.backend" + }, + "bucket_store": { + "description": "This configures how the querier and store-gateway discover and synchronize blocks stored in the bucket.", + "properties": { + "block_discovery_strategy": { + "default": "concurrent", + "description": "One of concurrent, recursive, bucket_index. When set to concurrent, stores will concurrently issue one call per directory to discover active blocks in the bucket. The recursive strategy iterates through all objects in the bucket, recursively traversing into each directory. This avoids N+1 calls at the expense of having slower bucket iterations. bucket_index strategy can be used in Compactor only and utilizes the existing bucket index to fetch block IDs to sync. This avoids iterating the bucket but can be impacted by delays of cleaner creating bucket index.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.block-discovery-strategy" + }, + "block_sync_concurrency": { + "default": 20, + "description": "Maximum number of concurrent blocks syncing per tenant.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.block-sync-concurrency" + }, + "bucket_index": { + "properties": { + "enabled": { + "default": false, + "description": "True to enable querier and store-gateway to discover blocks in the storage via bucket index instead of bucket scanning.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.bucket-index.enabled" + }, + "idle_timeout": { + "default": "1h0m0s", + "description": "How long a unused bucket index should be cached. Once this timeout expires, the unused bucket index is removed from the in-memory cache. This option is used only by querier.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.bucket-index.idle-timeout", + "x-format": "duration" + }, + "max_stale_period": { + "default": "1h0m0s", + "description": "The maximum allowed age of a bucket index (last updated) before queries start failing because the bucket index is too old. The bucket index is periodically updated by the compactor, while this check is enforced in the querier (at query time).", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.bucket-index.max-stale-period", + "x-format": "duration" + }, + "update_on_error_interval": { + "default": "1m0s", + "description": "How frequently a bucket index, which previously failed to load, should be tried to load again. This option is used only by querier.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.bucket-index.update-on-error-interval", + "x-format": "duration" + } + }, + "type": "object" + }, + "chunks_cache": { + "properties": { + "attributes_ttl": { + "default": "168h0m0s", + "description": "TTL for caching object attributes for chunks.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.attributes-ttl", + "x-format": "duration" + }, + "backend": { + "description": "The chunks cache backend type. Single or Multiple cache backend can be provided. Supported values in single cache: memcached, redis, inmemory, and '' (disable). Supported values in multi level cache: a comma-separated list of (inmemory, memcached, redis)", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.backend" + }, + "inmemory": { + "properties": { + "max_size_bytes": { + "default": 1073741824, + "description": "Maximum size in bytes of in-memory chunks cache used (shared between all tenants).", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.inmemory.max-size-bytes" + } + }, + "type": "object" + }, + "max_get_range_requests": { + "default": 3, + "description": "Maximum number of sub-GetRange requests that a single GetRange request can be split into when fetching chunks. Zero or negative value = unlimited number of sub-requests.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.max-get-range-requests" + }, + "memcached": { + "properties": { + "addresses": { + "description": "Comma separated list of memcached addresses. Supported prefixes are: dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query, dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after that).", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.addresses" + }, + "auto_discovery": { + "default": false, + "description": "Use memcached auto-discovery mechanism provided by some cloud provider like GCP and AWS", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.auto-discovery" + }, + "max_async_buffer_size": { + "default": 10000, + "description": "The maximum number of enqueued asynchronous operations allowed.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.max-async-buffer-size" + }, + "max_async_concurrency": { + "default": 3, + "description": "The maximum number of concurrent asynchronous operations can occur.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.max-async-concurrency" + }, + "max_get_multi_batch_size": { + "default": 0, + "description": "The maximum number of keys a single underlying get operation should run. If more keys are specified, internally keys are split into multiple batches and fetched concurrently, honoring the max concurrency. If set to 0, the max batch size is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.max-get-multi-batch-size" + }, + "max_get_multi_concurrency": { + "default": 100, + "description": "The maximum number of concurrent connections running get operations. If set to 0, concurrency is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.max-get-multi-concurrency" + }, + "max_idle_connections": { + "default": 16, + "description": "The maximum number of idle connections that will be maintained per address.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.max-idle-connections" + }, + "max_item_size": { + "default": 1048576, + "description": "The maximum size of an item stored in memcached. Bigger items are not stored. If set to 0, no maximum size is enforced.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.max-item-size" + }, + "set_async_circuit_breaker_config": { + "properties": { + "consecutive_failures": { + "default": 5, + "description": "Consecutive failures to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.consecutive-failures" + }, + "enabled": { + "default": false, + "description": "If true, enable circuit breaker.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.enabled" + }, + "failure_percent": { + "default": 0.05, + "description": "Failure percentage to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.failure-percent" + }, + "half_open_max_requests": { + "default": 10, + "description": "Maximum number of requests allowed to pass through when the circuit breaker is half-open. If set to 0, by default it allows 1 request.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.half-open-max-requests" + }, + "min_requests": { + "default": 50, + "description": "Minimal requests to trigger the circuit breaker.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.min-requests" + }, + "open_duration": { + "default": "5s", + "description": "Period of the open state after which the state of the circuit breaker becomes half-open. If set to 0, by default open duration is 60 seconds.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.set-async.circuit-breaker.open-duration", + "x-format": "duration" + } + }, + "type": "object" + }, + "timeout": { + "default": "100ms", + "description": "The socket read/write timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.memcached.timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "multilevel": { + "properties": { + "max_async_buffer_size": { + "default": 10000, + "description": "The maximum number of enqueued asynchronous operations allowed when backfilling cache items.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.multilevel.max-async-buffer-size" + }, + "max_async_concurrency": { + "default": 3, + "description": "The maximum number of concurrent asynchronous operations can occur when backfilling cache items.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.multilevel.max-async-concurrency" + }, + "max_backfill_items": { + "default": 10000, + "description": "The maximum number of items to backfill per asynchronous operation.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.multilevel.max-backfill-items" + } + }, + "type": "object" + }, + "redis": { + "properties": { + "addresses": { + "description": "Comma separated list of redis addresses. Supported prefixes are: dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query, dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after that).", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.addresses" + }, + "cache_size": { + "default": 0, + "description": "If not zero then client-side caching is enabled. Client-side caching is when data is stored in memory instead of fetching data each time. See https://redis.io/docs/manual/client-side-caching/ for more info.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.cache-size" + }, + "db": { + "default": 0, + "description": "Database to be selected after connecting to the server.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.db" + }, + "dial_timeout": { + "default": "5s", + "description": "Client dial timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.dial-timeout", + "x-format": "duration" + }, + "get_multi_batch_size": { + "default": 100, + "description": "The maximum size per batch for mget.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.get-multi-batch-size" + }, + "master_name": { + "description": "Specifies the master's name. Must be not empty for Redis Sentinel.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.master-name" + }, + "max_async_buffer_size": { + "default": 10000, + "description": "The maximum number of enqueued asynchronous operations allowed.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.max-async-buffer-size" + }, + "max_async_concurrency": { + "default": 3, + "description": "The maximum number of concurrent asynchronous operations can occur.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.max-async-concurrency" + }, + "max_get_multi_concurrency": { + "default": 100, + "description": "The maximum number of concurrent GetMulti() operations. If set to 0, concurrency is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.max-get-multi-concurrency" + }, + "max_set_multi_concurrency": { + "default": 100, + "description": "The maximum number of concurrent SetMulti() operations. If set to 0, concurrency is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.max-set-multi-concurrency" + }, + "password": { + "description": "Redis password.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.password" + }, + "read_timeout": { + "default": "3s", + "description": "Client read timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.read-timeout", + "x-format": "duration" + }, + "set_async_circuit_breaker_config": { + "properties": { + "consecutive_failures": { + "default": 5, + "description": "Consecutive failures to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.consecutive-failures" + }, + "enabled": { + "default": false, + "description": "If true, enable circuit breaker.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.enabled" + }, + "failure_percent": { + "default": 0.05, + "description": "Failure percentage to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.failure-percent" + }, + "half_open_max_requests": { + "default": 10, + "description": "Maximum number of requests allowed to pass through when the circuit breaker is half-open. If set to 0, by default it allows 1 request.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.half-open-max-requests" + }, + "min_requests": { + "default": 50, + "description": "Minimal requests to trigger the circuit breaker.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.min-requests" + }, + "open_duration": { + "default": "5s", + "description": "Period of the open state after which the state of the circuit breaker becomes half-open. If set to 0, by default open duration is 60 seconds.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.set-async.circuit-breaker.open-duration", + "x-format": "duration" + } + }, + "type": "object" + }, + "set_multi_batch_size": { + "default": 100, + "description": "The maximum size per batch for pipeline set.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.set-multi-batch-size" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Whether to enable tls for redis connection.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.tls-server-name" + }, + "username": { + "description": "Redis username.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.username" + }, + "write_timeout": { + "default": "3s", + "description": "Client write timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.redis.write-timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "subrange_size": { + "default": 16000, + "description": "Size of each subrange that bucket object is split into for better caching.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.subrange-size" + }, + "subrange_ttl": { + "default": "24h0m0s", + "description": "TTL for caching individual chunks subranges.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.chunks-cache.subrange-ttl", + "x-format": "duration" + } + }, + "type": "object" + }, + "consistency_delay": { + "default": "0s", + "description": "Minimum age of a block before it's being read. Set it to safe value (e.g 30m) if your object storage is eventually consistent. GCS and S3 are (roughly) strongly consistent.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.consistency-delay", + "x-format": "duration" + }, + "ignore_blocks_before": { + "default": "0s", + "description": "The blocks created before `now() - ignore_blocks_before` will not be synced. 0 to disable.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.ignore-blocks-before", + "x-format": "duration" + }, + "ignore_blocks_within": { + "default": "0s", + "description": "The blocks created since `now() - ignore_blocks_within` will not be synced. This should be used together with `-querier.query-store-after` to filter out the blocks that are too new to be queried. A reasonable value for this flag would be `-querier.query-store-after - blocks-storage.bucket-store.bucket-index.max-stale-period` to give some buffer. 0 to disable.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.ignore-blocks-within", + "x-format": "duration" + }, + "ignore_deletion_mark_delay": { + "default": "6h0m0s", + "description": "Duration after which the blocks marked for deletion will be filtered out while fetching blocks. The idea of ignore-deletion-marks-delay is to ignore blocks that are marked for deletion with some delay. This ensures store can still serve blocks that are meant to be deleted but do not have a replacement yet. Default is 6h, half of the default value for -compactor.deletion-delay.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.ignore-deletion-marks-delay", + "x-format": "duration" + }, + "index_cache": { + "properties": { + "backend": { + "default": "inmemory", + "description": "The index cache backend type. Multiple cache backend can be provided as a comma-separated ordered list to enable the implementation of a cache hierarchy. Supported values: inmemory, memcached, redis.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.backend" + }, + "inmemory": { + "properties": { + "enabled_items": { + "default": [], + "description": "Selectively cache index item types. Supported values are Postings, ExpandedPostings and Series", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.inmemory.enabled-items" + }, + "max_size_bytes": { + "default": 1073741824, + "description": "Maximum size in bytes of in-memory index cache used to speed up blocks index lookups (shared between all tenants).", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.inmemory.max-size-bytes" + } + }, + "type": "object" + }, + "memcached": { + "properties": { + "addresses": { + "description": "Comma separated list of memcached addresses. Supported prefixes are: dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query, dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after that).", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.addresses" + }, + "auto_discovery": { + "default": false, + "description": "Use memcached auto-discovery mechanism provided by some cloud provider like GCP and AWS", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.auto-discovery" + }, + "enabled_items": { + "default": [], + "description": "Selectively cache index item types. Supported values are Postings, ExpandedPostings and Series", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.enabled-items" + }, + "max_async_buffer_size": { + "default": 10000, + "description": "The maximum number of enqueued asynchronous operations allowed.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.max-async-buffer-size" + }, + "max_async_concurrency": { + "default": 3, + "description": "The maximum number of concurrent asynchronous operations can occur.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.max-async-concurrency" + }, + "max_get_multi_batch_size": { + "default": 0, + "description": "The maximum number of keys a single underlying get operation should run. If more keys are specified, internally keys are split into multiple batches and fetched concurrently, honoring the max concurrency. If set to 0, the max batch size is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.max-get-multi-batch-size" + }, + "max_get_multi_concurrency": { + "default": 100, + "description": "The maximum number of concurrent connections running get operations. If set to 0, concurrency is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.max-get-multi-concurrency" + }, + "max_idle_connections": { + "default": 16, + "description": "The maximum number of idle connections that will be maintained per address.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.max-idle-connections" + }, + "max_item_size": { + "default": 1048576, + "description": "The maximum size of an item stored in memcached. Bigger items are not stored. If set to 0, no maximum size is enforced.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.max-item-size" + }, + "set_async_circuit_breaker_config": { + "properties": { + "consecutive_failures": { + "default": 5, + "description": "Consecutive failures to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.consecutive-failures" + }, + "enabled": { + "default": false, + "description": "If true, enable circuit breaker.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.enabled" + }, + "failure_percent": { + "default": 0.05, + "description": "Failure percentage to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.failure-percent" + }, + "half_open_max_requests": { + "default": 10, + "description": "Maximum number of requests allowed to pass through when the circuit breaker is half-open. If set to 0, by default it allows 1 request.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.half-open-max-requests" + }, + "min_requests": { + "default": 50, + "description": "Minimal requests to trigger the circuit breaker.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.min-requests" + }, + "open_duration": { + "default": "5s", + "description": "Period of the open state after which the state of the circuit breaker becomes half-open. If set to 0, by default open duration is 60 seconds.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.set-async.circuit-breaker.open-duration", + "x-format": "duration" + } + }, + "type": "object" + }, + "timeout": { + "default": "100ms", + "description": "The socket read/write timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.memcached.timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "multilevel": { + "properties": { + "max_async_buffer_size": { + "default": 10000, + "description": "The maximum number of enqueued asynchronous operations allowed when backfilling cache items.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.multilevel.max-async-buffer-size" + }, + "max_async_concurrency": { + "default": 3, + "description": "The maximum number of concurrent asynchronous operations can occur when backfilling cache items.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.multilevel.max-async-concurrency" + }, + "max_backfill_items": { + "default": 10000, + "description": "The maximum number of items to backfill per asynchronous operation.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.multilevel.max-backfill-items" + } + }, + "type": "object" + }, + "redis": { + "properties": { + "addresses": { + "description": "Comma separated list of redis addresses. Supported prefixes are: dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query, dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after that).", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.addresses" + }, + "cache_size": { + "default": 0, + "description": "If not zero then client-side caching is enabled. Client-side caching is when data is stored in memory instead of fetching data each time. See https://redis.io/docs/manual/client-side-caching/ for more info.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.cache-size" + }, + "db": { + "default": 0, + "description": "Database to be selected after connecting to the server.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.db" + }, + "dial_timeout": { + "default": "5s", + "description": "Client dial timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.dial-timeout", + "x-format": "duration" + }, + "enabled_items": { + "default": [], + "description": "Selectively cache index item types. Supported values are Postings, ExpandedPostings and Series", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.enabled-items" + }, + "get_multi_batch_size": { + "default": 100, + "description": "The maximum size per batch for mget.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.get-multi-batch-size" + }, + "master_name": { + "description": "Specifies the master's name. Must be not empty for Redis Sentinel.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.master-name" + }, + "max_async_buffer_size": { + "default": 10000, + "description": "The maximum number of enqueued asynchronous operations allowed.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.max-async-buffer-size" + }, + "max_async_concurrency": { + "default": 3, + "description": "The maximum number of concurrent asynchronous operations can occur.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.max-async-concurrency" + }, + "max_get_multi_concurrency": { + "default": 100, + "description": "The maximum number of concurrent GetMulti() operations. If set to 0, concurrency is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.max-get-multi-concurrency" + }, + "max_set_multi_concurrency": { + "default": 100, + "description": "The maximum number of concurrent SetMulti() operations. If set to 0, concurrency is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.max-set-multi-concurrency" + }, + "password": { + "description": "Redis password.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.password" + }, + "read_timeout": { + "default": "3s", + "description": "Client read timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.read-timeout", + "x-format": "duration" + }, + "set_async_circuit_breaker_config": { + "properties": { + "consecutive_failures": { + "default": 5, + "description": "Consecutive failures to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.consecutive-failures" + }, + "enabled": { + "default": false, + "description": "If true, enable circuit breaker.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.enabled" + }, + "failure_percent": { + "default": 0.05, + "description": "Failure percentage to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.failure-percent" + }, + "half_open_max_requests": { + "default": 10, + "description": "Maximum number of requests allowed to pass through when the circuit breaker is half-open. If set to 0, by default it allows 1 request.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.half-open-max-requests" + }, + "min_requests": { + "default": 50, + "description": "Minimal requests to trigger the circuit breaker.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.min-requests" + }, + "open_duration": { + "default": "5s", + "description": "Period of the open state after which the state of the circuit breaker becomes half-open. If set to 0, by default open duration is 60 seconds.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.set-async.circuit-breaker.open-duration", + "x-format": "duration" + } + }, + "type": "object" + }, + "set_multi_batch_size": { + "default": 100, + "description": "The maximum size per batch for pipeline set.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.set-multi-batch-size" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Whether to enable tls for redis connection.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.tls-server-name" + }, + "username": { + "description": "Redis username.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.username" + }, + "write_timeout": { + "default": "3s", + "description": "Client write timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-cache.redis.write-timeout", + "x-format": "duration" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "index_header_lazy_loading_enabled": { + "default": false, + "description": "If enabled, store-gateway will lazily memory-map an index-header only once required by a query.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.index-header-lazy-loading-enabled" + }, + "index_header_lazy_loading_idle_timeout": { + "default": "20m0s", + "description": "If index-header lazy loading is enabled and this setting is \u003e 0, the store-gateway will release memory-mapped index-headers after 'idle timeout' inactivity.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.index-header-lazy-loading-idle-timeout", + "x-format": "duration" + }, + "lazy_expanded_posting_group_max_key_series_ratio": { + "default": 100, + "description": "Mark posting group as lazy if it fetches more keys than R * max series the query should fetch. With R set to 100, a posting group which fetches 100K keys will be marked as lazy if the current query only fetches 1000 series. This config is only valid if lazy expanded posting is enabled. 0 disables the limit.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.lazy-expanded-posting-group-max-key-series-ratio" + }, + "lazy_expanded_postings_enabled": { + "default": false, + "description": "If true, Store Gateway will estimate postings size and try to lazily expand postings if it downloads less data than expanding all postings.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.lazy-expanded-postings-enabled" + }, + "matchers_cache_max_items": { + "default": 0, + "description": "Maximum number of entries in the regex matchers cache. 0 to disable.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.matchers-cache-max-items" + }, + "max_chunk_pool_bytes": { + "default": 2147483648, + "description": "Max size - in bytes - of a chunks pool, used to reduce memory allocations. The pool is shared across all tenants. 0 to disable the limit.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.max-chunk-pool-bytes" + }, + "max_concurrent": { + "default": 100, + "description": "Max number of concurrent queries to execute against the long-term storage. The limit is shared across all tenants.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.max-concurrent" + }, + "max_inflight_requests": { + "default": 0, + "description": "Max number of inflight queries to execute against the long-term storage. The limit is shared across all tenants. 0 to disable.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.max-inflight-requests" + }, + "meta_sync_concurrency": { + "default": 20, + "description": "Number of Go routines to use when syncing block meta files from object storage per tenant.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.meta-sync-concurrency" + }, + "metadata_cache": { + "properties": { + "backend": { + "description": "The metadata cache backend type. Single or Multiple cache backend can be provided. Supported values in single cache: memcached, redis, inmemory, and '' (disable). Supported values in multi level cache: a comma-separated list of (inmemory, memcached, redis)", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.backend" + }, + "block_index_attributes_ttl": { + "default": "168h0m0s", + "description": "How long to cache attributes of the block index.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.block-index-attributes-ttl", + "x-format": "duration" + }, + "bucket_index_content_ttl": { + "default": "5m0s", + "description": "How long to cache content of the bucket index.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.bucket-index-content-ttl", + "x-format": "duration" + }, + "bucket_index_max_size_bytes": { + "default": 1048576, + "description": "Maximum size of bucket index content to cache in bytes. Caching will be skipped if the content exceeds this size. This is useful to avoid network round trip for large content if the configured caching backend has an hard limit on cached items size (in this case, you should set this limit to the same limit in the caching backend).", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.bucket-index-max-size-bytes" + }, + "chunks_list_ttl": { + "default": "24h0m0s", + "description": "How long to cache list of chunks for a block.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.chunks-list-ttl", + "x-format": "duration" + }, + "inmemory": { + "properties": { + "max_size_bytes": { + "default": 1073741824, + "description": "Maximum size in bytes of in-memory metadata cache used (shared between all tenants).", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.inmemory.max-size-bytes" + } + }, + "type": "object" + }, + "memcached": { + "properties": { + "addresses": { + "description": "Comma separated list of memcached addresses. Supported prefixes are: dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query, dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after that).", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.addresses" + }, + "auto_discovery": { + "default": false, + "description": "Use memcached auto-discovery mechanism provided by some cloud provider like GCP and AWS", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.auto-discovery" + }, + "max_async_buffer_size": { + "default": 10000, + "description": "The maximum number of enqueued asynchronous operations allowed.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.max-async-buffer-size" + }, + "max_async_concurrency": { + "default": 3, + "description": "The maximum number of concurrent asynchronous operations can occur.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.max-async-concurrency" + }, + "max_get_multi_batch_size": { + "default": 0, + "description": "The maximum number of keys a single underlying get operation should run. If more keys are specified, internally keys are split into multiple batches and fetched concurrently, honoring the max concurrency. If set to 0, the max batch size is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.max-get-multi-batch-size" + }, + "max_get_multi_concurrency": { + "default": 100, + "description": "The maximum number of concurrent connections running get operations. If set to 0, concurrency is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.max-get-multi-concurrency" + }, + "max_idle_connections": { + "default": 16, + "description": "The maximum number of idle connections that will be maintained per address.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.max-idle-connections" + }, + "max_item_size": { + "default": 1048576, + "description": "The maximum size of an item stored in memcached. Bigger items are not stored. If set to 0, no maximum size is enforced.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.max-item-size" + }, + "set_async_circuit_breaker_config": { + "properties": { + "consecutive_failures": { + "default": 5, + "description": "Consecutive failures to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.consecutive-failures" + }, + "enabled": { + "default": false, + "description": "If true, enable circuit breaker.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.enabled" + }, + "failure_percent": { + "default": 0.05, + "description": "Failure percentage to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.failure-percent" + }, + "half_open_max_requests": { + "default": 10, + "description": "Maximum number of requests allowed to pass through when the circuit breaker is half-open. If set to 0, by default it allows 1 request.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.half-open-max-requests" + }, + "min_requests": { + "default": 50, + "description": "Minimal requests to trigger the circuit breaker.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.min-requests" + }, + "open_duration": { + "default": "5s", + "description": "Period of the open state after which the state of the circuit breaker becomes half-open. If set to 0, by default open duration is 60 seconds.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.set-async.circuit-breaker.open-duration", + "x-format": "duration" + } + }, + "type": "object" + }, + "timeout": { + "default": "100ms", + "description": "The socket read/write timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.memcached.timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "metafile_attributes_ttl": { + "default": "168h0m0s", + "description": "How long to cache attributes of the block metafile.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.metafile-attributes-ttl", + "x-format": "duration" + }, + "metafile_content_ttl": { + "default": "24h0m0s", + "description": "How long to cache content of the metafile.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.metafile-content-ttl", + "x-format": "duration" + }, + "metafile_doesnt_exist_ttl": { + "default": "5m0s", + "description": "How long to cache information that block metafile doesn't exist. Also used for user deletion mark file.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.metafile-doesnt-exist-ttl", + "x-format": "duration" + }, + "metafile_exists_ttl": { + "default": "2h0m0s", + "description": "How long to cache information that block metafile exists. Also used for user deletion mark file.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.metafile-exists-ttl", + "x-format": "duration" + }, + "metafile_max_size_bytes": { + "default": 1048576, + "description": "Maximum size of metafile content to cache in bytes. Caching will be skipped if the content exceeds this size. This is useful to avoid network round trip for large content if the configured caching backend has an hard limit on cached items size (in this case, you should set this limit to the same limit in the caching backend).", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.metafile-max-size-bytes" + }, + "multilevel": { + "properties": { + "max_async_buffer_size": { + "default": 10000, + "description": "The maximum number of enqueued asynchronous operations allowed when backfilling cache items.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.multilevel.max-async-buffer-size" + }, + "max_async_concurrency": { + "default": 3, + "description": "The maximum number of concurrent asynchronous operations can occur when backfilling cache items.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.multilevel.max-async-concurrency" + }, + "max_backfill_items": { + "default": 10000, + "description": "The maximum number of items to backfill per asynchronous operation.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.multilevel.max-backfill-items" + } + }, + "type": "object" + }, + "partitioned_groups_list_ttl": { + "default": "0s", + "description": "How long to cache list of partitioned groups for an user. 0 disables caching", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.partitioned-groups-list-ttl", + "x-format": "duration" + }, + "redis": { + "properties": { + "addresses": { + "description": "Comma separated list of redis addresses. Supported prefixes are: dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query, dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after that).", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.addresses" + }, + "cache_size": { + "default": 0, + "description": "If not zero then client-side caching is enabled. Client-side caching is when data is stored in memory instead of fetching data each time. See https://redis.io/docs/manual/client-side-caching/ for more info.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.cache-size" + }, + "db": { + "default": 0, + "description": "Database to be selected after connecting to the server.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.db" + }, + "dial_timeout": { + "default": "5s", + "description": "Client dial timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.dial-timeout", + "x-format": "duration" + }, + "get_multi_batch_size": { + "default": 100, + "description": "The maximum size per batch for mget.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.get-multi-batch-size" + }, + "master_name": { + "description": "Specifies the master's name. Must be not empty for Redis Sentinel.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.master-name" + }, + "max_async_buffer_size": { + "default": 10000, + "description": "The maximum number of enqueued asynchronous operations allowed.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.max-async-buffer-size" + }, + "max_async_concurrency": { + "default": 3, + "description": "The maximum number of concurrent asynchronous operations can occur.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.max-async-concurrency" + }, + "max_get_multi_concurrency": { + "default": 100, + "description": "The maximum number of concurrent GetMulti() operations. If set to 0, concurrency is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.max-get-multi-concurrency" + }, + "max_set_multi_concurrency": { + "default": 100, + "description": "The maximum number of concurrent SetMulti() operations. If set to 0, concurrency is unlimited.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.max-set-multi-concurrency" + }, + "password": { + "description": "Redis password.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.password" + }, + "read_timeout": { + "default": "3s", + "description": "Client read timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.read-timeout", + "x-format": "duration" + }, + "set_async_circuit_breaker_config": { + "properties": { + "consecutive_failures": { + "default": 5, + "description": "Consecutive failures to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.consecutive-failures" + }, + "enabled": { + "default": false, + "description": "If true, enable circuit breaker.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.enabled" + }, + "failure_percent": { + "default": 0.05, + "description": "Failure percentage to determine if the circuit breaker should open.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.failure-percent" + }, + "half_open_max_requests": { + "default": 10, + "description": "Maximum number of requests allowed to pass through when the circuit breaker is half-open. If set to 0, by default it allows 1 request.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.half-open-max-requests" + }, + "min_requests": { + "default": 50, + "description": "Minimal requests to trigger the circuit breaker.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.min-requests" + }, + "open_duration": { + "default": "5s", + "description": "Period of the open state after which the state of the circuit breaker becomes half-open. If set to 0, by default open duration is 60 seconds.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.set-async.circuit-breaker.open-duration", + "x-format": "duration" + } + }, + "type": "object" + }, + "set_multi_batch_size": { + "default": 100, + "description": "The maximum size per batch for pipeline set.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.set-multi-batch-size" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Whether to enable tls for redis connection.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.tls-server-name" + }, + "username": { + "description": "Redis username.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.username" + }, + "write_timeout": { + "default": "3s", + "description": "Client write timeout.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.redis.write-timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "tenant_blocks_list_ttl": { + "default": "5m0s", + "description": "How long to cache list of blocks for each tenant.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.tenant-blocks-list-ttl", + "x-format": "duration" + }, + "tenants_list_ttl": { + "default": "15m0s", + "description": "How long to cache list of tenants in the bucket.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.metadata-cache.tenants-list-ttl", + "x-format": "duration" + } + }, + "type": "object" + }, + "series_batch_size": { + "default": 10000, + "description": "Controls how many series to fetch per batch in Store Gateway. Default value is 10000.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.series-batch-size" + }, + "sync_dir": { + "default": "tsdb-sync", + "description": "Directory to store synchronized TSDB index headers.", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.sync-dir" + }, + "sync_interval": { + "default": "15m0s", + "description": "How frequently to scan the bucket, or to refresh the bucket index (if enabled), in order to look for changes (new blocks shipped by ingesters and blocks deleted by retention or compaction).", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.sync-interval", + "x-format": "duration" + }, + "tenant_sync_concurrency": { + "default": 10, + "description": "Maximum number of concurrent tenants syncing blocks.", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.tenant-sync-concurrency" + }, + "token_bucket_bytes_limiter": { + "properties": { + "instance_token_bucket_size": { + "default": 859832320, + "description": "Instance token bucket size", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.token-bucket-bytes-limiter.instance-token-bucket-size" + }, + "mode": { + "default": "disabled", + "description": "Token bucket bytes limiter mode. Supported values are: disabled, dryrun, enabled", + "type": "string", + "x-cli-flag": "blocks-storage.bucket-store.token-bucket-bytes-limiter.mode" + }, + "request_token_bucket_size": { + "default": 4194304, + "description": "Request token bucket size", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.token-bucket-bytes-limiter.request-token-bucket-size" + }, + "user_token_bucket_size": { + "default": 644874240, + "description": "User token bucket size", + "type": "number", + "x-cli-flag": "blocks-storage.bucket-store.token-bucket-bytes-limiter.user-token-bucket-size" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "filesystem": { + "properties": { + "dir": { + "description": "Local filesystem storage directory.", + "type": "string", + "x-cli-flag": "blocks-storage.filesystem.dir" + } + }, + "type": "object" + }, + "gcs": { + "properties": { + "bucket_name": { + "description": "GCS bucket name", + "type": "string", + "x-cli-flag": "blocks-storage.gcs.bucket-name" + }, + "service_account": { + "description": "JSON representing either a Google Developers Console client_credentials.json file or a Google Developers service account key file. If empty, fallback to Google default logic.", + "type": "string", + "x-cli-flag": "blocks-storage.gcs.service-account" + } + }, + "type": "object" + }, + "s3": { + "properties": { + "access_key_id": { + "description": "S3 access key ID", + "type": "string", + "x-cli-flag": "blocks-storage.s3.access-key-id" + }, + "bucket_lookup_type": { + "default": "auto", + "description": "The s3 bucket lookup style. Supported values are: auto, virtual-hosted, path.", + "type": "string", + "x-cli-flag": "blocks-storage.s3.bucket-lookup-type" + }, + "bucket_name": { + "description": "S3 bucket name", + "type": "string", + "x-cli-flag": "blocks-storage.s3.bucket-name" + }, + "disable_dualstack": { + "default": false, + "description": "If enabled, S3 endpoint will use the non-dualstack variant.", + "type": "boolean", + "x-cli-flag": "blocks-storage.s3.disable-dualstack" + }, + "endpoint": { + "description": "The S3 bucket endpoint. It could be an AWS S3 endpoint listed at https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an S3-compatible service in hostname:port format.", + "type": "string", + "x-cli-flag": "blocks-storage.s3.endpoint" + }, + "http": { + "properties": { + "expect_continue_timeout": { + "default": "1s", + "description": "The time to wait for a server's first response headers after fully writing the request headers if the request has an Expect header. 0 to send the request body immediately.", + "type": "string", + "x-cli-flag": "blocks-storage.s3.expect-continue-timeout", + "x-format": "duration" + }, + "idle_conn_timeout": { + "default": "1m30s", + "description": "The time an idle connection will remain idle before closing.", + "type": "string", + "x-cli-flag": "blocks-storage.s3.http.idle-conn-timeout", + "x-format": "duration" + }, + "insecure_skip_verify": { + "default": false, + "description": "If the client connects via HTTPS and this option is enabled, the client will accept any certificate and hostname.", + "type": "boolean", + "x-cli-flag": "blocks-storage.s3.http.insecure-skip-verify" + }, + "max_connections_per_host": { + "default": 0, + "description": "Maximum number of connections per host. 0 means no limit.", + "type": "number", + "x-cli-flag": "blocks-storage.s3.max-connections-per-host" + }, + "max_idle_connections": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections across all hosts. 0 means no limit.", + "type": "number", + "x-cli-flag": "blocks-storage.s3.max-idle-connections" + }, + "max_idle_connections_per_host": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections to keep per-host. If 0, a built-in default value is used.", + "type": "number", + "x-cli-flag": "blocks-storage.s3.max-idle-connections-per-host" + }, + "response_header_timeout": { + "default": "2m0s", + "description": "The amount of time the client will wait for a servers response headers.", + "type": "string", + "x-cli-flag": "blocks-storage.s3.http.response-header-timeout", + "x-format": "duration" + }, + "tls_handshake_timeout": { + "default": "10s", + "description": "Maximum time to wait for a TLS handshake. 0 means no limit.", + "type": "string", + "x-cli-flag": "blocks-storage.s3.tls-handshake-timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "insecure": { + "default": false, + "description": "If enabled, use http:// for the S3 endpoint instead of https://. This could be useful in local dev/test environments while using an S3-compatible backend storage, like Minio.", + "type": "boolean", + "x-cli-flag": "blocks-storage.s3.insecure" + }, + "list_objects_version": { + "description": "The list api version. Supported values are: v1, v2, and ''.", + "type": "string", + "x-cli-flag": "blocks-storage.s3.list-objects-version" + }, + "region": { + "description": "S3 region. If unset, the client will issue a S3 GetBucketLocation API call to autodetect it.", + "type": "string", + "x-cli-flag": "blocks-storage.s3.region" + }, + "secret_access_key": { + "description": "S3 secret access key", + "type": "string", + "x-cli-flag": "blocks-storage.s3.secret-access-key" + }, + "send_content_md5": { + "default": true, + "description": "If true, attach MD5 checksum when upload objects and S3 uses MD5 checksum algorithm to verify the provided digest. If false, use CRC32C algorithm instead.", + "type": "boolean", + "x-cli-flag": "blocks-storage.s3.send-content-md5" + }, + "signature_version": { + "default": "v4", + "description": "The signature version to use for authenticating against S3. Supported values are: v4, v2.", + "type": "string", + "x-cli-flag": "blocks-storage.s3.signature-version" + }, + "sse": { + "$ref": "#/definitions/s3_sse_config" + } + }, + "type": "object" + }, + "swift": { + "properties": { + "application_credential_id": { + "description": "OpenStack Swift application credential ID.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.application-credential-id" + }, + "application_credential_name": { + "description": "OpenStack Swift application credential name.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.application-credential-name" + }, + "application_credential_secret": { + "description": "OpenStack Swift application credential secret.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.application-credential-secret" + }, + "auth_url": { + "description": "OpenStack Swift authentication URL", + "type": "string", + "x-cli-flag": "blocks-storage.swift.auth-url" + }, + "auth_version": { + "default": 0, + "description": "OpenStack Swift authentication API version. 0 to autodetect.", + "type": "number", + "x-cli-flag": "blocks-storage.swift.auth-version" + }, + "connect_timeout": { + "default": "10s", + "description": "Time after which a connection attempt is aborted.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.connect-timeout", + "x-format": "duration" + }, + "container_name": { + "description": "Name of the OpenStack Swift container to put chunks in.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.container-name" + }, + "domain_id": { + "description": "OpenStack Swift user's domain ID.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.domain-id" + }, + "domain_name": { + "description": "OpenStack Swift user's domain name.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.domain-name" + }, + "max_retries": { + "default": 3, + "description": "Max retries on requests error.", + "type": "number", + "x-cli-flag": "blocks-storage.swift.max-retries" + }, + "password": { + "description": "OpenStack Swift API key.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.password" + }, + "project_domain_id": { + "description": "ID of the OpenStack Swift project's domain (v3 auth only), only needed if it differs the from user domain.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.project-domain-id" + }, + "project_domain_name": { + "description": "Name of the OpenStack Swift project's domain (v3 auth only), only needed if it differs from the user domain.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.project-domain-name" + }, + "project_id": { + "description": "OpenStack Swift project ID (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "blocks-storage.swift.project-id" + }, + "project_name": { + "description": "OpenStack Swift project name (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "blocks-storage.swift.project-name" + }, + "region_name": { + "description": "OpenStack Swift Region to use (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "blocks-storage.swift.region-name" + }, + "request_timeout": { + "default": "5s", + "description": "Time after which an idle request is aborted. The timeout watchdog is reset each time some data is received, so the timeout triggers after X time no data is received on a request.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.request-timeout", + "x-format": "duration" + }, + "user_domain_id": { + "description": "OpenStack Swift user's domain ID.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.user-domain-id" + }, + "user_domain_name": { + "description": "OpenStack Swift user's domain name.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.user-domain-name" + }, + "user_id": { + "description": "OpenStack Swift user ID.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.user-id" + }, + "username": { + "description": "OpenStack Swift username.", + "type": "string", + "x-cli-flag": "blocks-storage.swift.username" + } + }, + "type": "object" + }, + "tsdb": { + "properties": { + "block_ranges_period": { + "default": "2h0m0s", + "description": "TSDB blocks range period.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "blocks-storage.tsdb.block-ranges-period" + }, + "close_idle_tsdb_timeout": { + "default": "0s", + "description": "If TSDB has not received any data for this duration, and all blocks from TSDB have been shipped, TSDB is closed and deleted from local disk. If set to positive value, this value should be equal or higher than -querier.query-ingesters-within flag to make sure that TSDB is not closed prematurely, which could cause partial query results. 0 or negative value disables closing of idle TSDB.", + "type": "string", + "x-cli-flag": "blocks-storage.tsdb.close-idle-tsdb-timeout", + "x-format": "duration" + }, + "dir": { + "default": "tsdb", + "description": "Local directory to store TSDBs in the ingesters.", + "type": "string", + "x-cli-flag": "blocks-storage.tsdb.dir" + }, + "expanded_postings_cache": { + "description": "[EXPERIMENTAL] If enabled, ingesters will cache expanded postings when querying blocks. Caching can be configured separately for the head and compacted blocks.", + "properties": { + "blocks": { + "description": "If enabled, ingesters will cache expanded postings for the compacted blocks. The cache is shared between all blocks.", + "properties": { + "enabled": { + "default": false, + "description": "Whether the postings cache is enabled or not", + "type": "boolean", + "x-cli-flag": "blocks-storage.expanded_postings_cache.block.enabled" + }, + "max_bytes": { + "default": 10485760, + "description": "Max bytes for postings cache", + "type": "number", + "x-cli-flag": "blocks-storage.expanded_postings_cache.block.max-bytes" + }, + "ttl": { + "default": "10m0s", + "description": "TTL for postings cache", + "type": "string", + "x-cli-flag": "blocks-storage.expanded_postings_cache.block.ttl", + "x-format": "duration" + } + }, + "type": "object" + }, + "head": { + "description": "If enabled, ingesters will cache expanded postings for the head block. Only queries with with an equal matcher for metric __name__ are cached.", + "properties": { + "enabled": { + "default": false, + "description": "Whether the postings cache is enabled or not", + "type": "boolean", + "x-cli-flag": "blocks-storage.expanded_postings_cache.head.enabled" + }, + "max_bytes": { + "default": 10485760, + "description": "Max bytes for postings cache", + "type": "number", + "x-cli-flag": "blocks-storage.expanded_postings_cache.head.max-bytes" + }, + "ttl": { + "default": "10m0s", + "description": "TTL for postings cache", + "type": "string", + "x-cli-flag": "blocks-storage.expanded_postings_cache.head.ttl", + "x-format": "duration" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "flush_blocks_on_shutdown": { + "default": false, + "description": "True to flush blocks to storage on shutdown. If false, incomplete blocks will be reused after restart.", + "type": "boolean", + "x-cli-flag": "blocks-storage.tsdb.flush-blocks-on-shutdown" + }, + "head_chunks_write_buffer_size_bytes": { + "default": 4194304, + "description": "The write buffer size used by the head chunks mapper. Lower values reduce memory utilisation on clusters with a large number of tenants at the cost of increased disk I/O operations.", + "type": "number", + "x-cli-flag": "blocks-storage.tsdb.head-chunks-write-buffer-size-bytes" + }, + "head_chunks_write_queue_size": { + "default": 0, + "description": "The size of the in-memory queue used before flushing chunks to the disk.", + "type": "number", + "x-cli-flag": "blocks-storage.tsdb.head-chunks-write-queue-size" + }, + "head_compaction_concurrency": { + "default": 5, + "description": "Maximum number of tenants concurrently compacting TSDB head into a new block", + "type": "number", + "x-cli-flag": "blocks-storage.tsdb.head-compaction-concurrency" + }, + "head_compaction_idle_timeout": { + "default": "1h0m0s", + "description": "If TSDB head is idle for this duration, it is compacted. Note that up to 25% jitter is added to the value to avoid ingesters compacting concurrently. 0 means disabled.", + "type": "string", + "x-cli-flag": "blocks-storage.tsdb.head-compaction-idle-timeout", + "x-format": "duration" + }, + "head_compaction_interval": { + "default": "1m0s", + "description": "How frequently does Cortex try to compact TSDB head. Block is only created if data covers smallest block range. Must be greater than 0 and max 30 minutes. Note that up to 50% jitter is added to the value for the first compaction to avoid ingesters compacting concurrently.", + "type": "string", + "x-cli-flag": "blocks-storage.tsdb.head-compaction-interval", + "x-format": "duration" + }, + "max_exemplars": { + "default": 0, + "description": "Deprecated, use maxExemplars in limits instead. If the MaxExemplars value in limits is set to zero, cortex will fallback on this value. This setting enables support for exemplars in TSDB and sets the maximum number that will be stored. 0 or less means disabled.", + "type": "number", + "x-cli-flag": "blocks-storage.tsdb.max-exemplars" + }, + "max_tsdb_opening_concurrency_on_startup": { + "default": 10, + "description": "limit the number of concurrently opening TSDB's on startup", + "type": "number", + "x-cli-flag": "blocks-storage.tsdb.max-tsdb-opening-concurrency-on-startup" + }, + "memory_snapshot_on_shutdown": { + "default": false, + "description": "True to enable snapshotting of in-memory TSDB data on disk when shutting down.", + "type": "boolean", + "x-cli-flag": "blocks-storage.tsdb.memory-snapshot-on-shutdown" + }, + "out_of_order_cap_max": { + "default": 32, + "description": "[EXPERIMENTAL] Configures the maximum number of samples per chunk that can be out-of-order.", + "type": "number", + "x-cli-flag": "blocks-storage.tsdb.out-of-order-cap-max" + }, + "retention_period": { + "default": "6h0m0s", + "description": "TSDB blocks retention in the ingester before a block is removed. This should be larger than the block_ranges_period and large enough to give store-gateways and queriers enough time to discover newly uploaded blocks.", + "type": "string", + "x-cli-flag": "blocks-storage.tsdb.retention-period", + "x-format": "duration" + }, + "ship_concurrency": { + "default": 10, + "description": "Maximum number of tenants concurrently shipping blocks to the storage.", + "type": "number", + "x-cli-flag": "blocks-storage.tsdb.ship-concurrency" + }, + "ship_interval": { + "default": "1m0s", + "description": "How frequently the TSDB blocks are scanned and new ones are shipped to the storage. 0 means shipping is disabled.", + "type": "string", + "x-cli-flag": "blocks-storage.tsdb.ship-interval", + "x-format": "duration" + }, + "stripe_size": { + "default": 16384, + "description": "The number of shards of series to use in TSDB (must be a power of 2). Reducing this will decrease memory footprint, but can negatively impact performance.", + "type": "number", + "x-cli-flag": "blocks-storage.tsdb.stripe-size" + }, + "wal_compression_type": { + "description": "TSDB WAL type. Supported values are: 'snappy', 'zstd' and '' (disable compression)", + "type": "string", + "x-cli-flag": "blocks-storage.tsdb.wal-compression-type" + }, + "wal_segment_size_bytes": { + "default": 134217728, + "description": "TSDB WAL segments files max size (bytes).", + "type": "number", + "x-cli-flag": "blocks-storage.tsdb.wal-segment-size-bytes" + } + }, + "type": "object" + }, + "users_scanner": { + "properties": { + "cache_ttl": { + "default": "0s", + "description": "TTL of the cached users. 0 disables caching and relies on caching at bucket client level.", + "type": "string", + "x-cli-flag": "blocks-storage.users-scanner.cache-ttl", + "x-format": "duration" + }, + "max_stale_period": { + "default": "1h0m0s", + "description": "Maximum period of time to consider the user index as stale. Fall back to the base scanner if stale. Only valid when strategy is user_index.", + "type": "string", + "x-cli-flag": "blocks-storage.users-scanner.user-index.max-stale-period", + "x-format": "duration" + }, + "strategy": { + "default": "list", + "description": "Strategy to use to scan users. Supported values are: list, user_index.", + "type": "string", + "x-cli-flag": "blocks-storage.users-scanner.strategy" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "compactor_config": { + "description": "The compactor_config configures the compactor for the blocks storage.", + "properties": { + "accept_malformed_index": { + "default": false, + "description": "When enabled, index verification will ignore out of order label names.", + "type": "boolean", + "x-cli-flag": "compactor.accept-malformed-index" + }, + "block_deletion_marks_migration_enabled": { + "default": false, + "description": "When enabled, at compactor startup the bucket will be scanned and all found deletion marks inside the block location will be copied to the markers global location too. This option can (and should) be safely disabled as soon as the compactor has successfully run at least once.", + "type": "boolean", + "x-cli-flag": "compactor.block-deletion-marks-migration-enabled" + }, + "block_files_concurrency": { + "default": 10, + "description": "Number of goroutines to use when fetching/uploading block files from object storage.", + "type": "number", + "x-cli-flag": "compactor.block-files-concurrency" + }, + "block_ranges": { + "default": "2h0m0s,12h0m0s,24h0m0s", + "description": "List of compaction time ranges.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "compactor.block-ranges" + }, + "block_sync_concurrency": { + "default": 20, + "description": "Number of Go routines to use when syncing block index and chunks files from the long term storage.", + "type": "number", + "x-cli-flag": "compactor.block-sync-concurrency" + }, + "blocks_fetch_concurrency": { + "default": 3, + "description": "Number of goroutines to use when fetching blocks from object storage when compacting.", + "type": "number", + "x-cli-flag": "compactor.blocks-fetch-concurrency" + }, + "caching_bucket_enabled": { + "default": false, + "description": "When enabled, caching bucket will be used for compactor, except cleaner service, which serves as the source of truth for block status", + "type": "boolean", + "x-cli-flag": "compactor.caching-bucket-enabled" + }, + "cleaner_caching_bucket_enabled": { + "default": false, + "description": "When enabled, caching bucket will be used for cleaner", + "type": "boolean", + "x-cli-flag": "compactor.cleaner-caching-bucket-enabled" + }, + "cleaner_visit_marker_file_update_interval": { + "default": "5m0s", + "description": "How frequently cleaner visit marker file should be updated when cleaning user.", + "type": "string", + "x-cli-flag": "compactor.cleaner-visit-marker-file-update-interval", + "x-format": "duration" + }, + "cleaner_visit_marker_timeout": { + "default": "10m0s", + "description": "How long cleaner visit marker file should be considered as expired and able to be picked up by cleaner again. The value should be smaller than -compactor.cleanup-interval", + "type": "string", + "x-cli-flag": "compactor.cleaner-visit-marker-timeout", + "x-format": "duration" + }, + "cleanup_concurrency": { + "default": 20, + "description": "Max number of tenants for which blocks cleanup and maintenance should run concurrently.", + "type": "number", + "x-cli-flag": "compactor.cleanup-concurrency" + }, + "cleanup_interval": { + "default": "15m0s", + "description": "How frequently compactor should run blocks cleanup and maintenance, as well as update the bucket index.", + "type": "string", + "x-cli-flag": "compactor.cleanup-interval", + "x-format": "duration" + }, + "compaction_concurrency": { + "default": 1, + "description": "Max number of concurrent compactions running.", + "type": "number", + "x-cli-flag": "compactor.compaction-concurrency" + }, + "compaction_interval": { + "default": "1h0m0s", + "description": "The frequency at which the compaction runs", + "type": "string", + "x-cli-flag": "compactor.compaction-interval", + "x-format": "duration" + }, + "compaction_retries": { + "default": 3, + "description": "How many times to retry a failed compaction within a single compaction run.", + "type": "number", + "x-cli-flag": "compactor.compaction-retries" + }, + "compaction_strategy": { + "default": "default", + "description": "The compaction strategy to use. Supported values are: default, partitioning.", + "type": "string", + "x-cli-flag": "compactor.compaction-strategy" + }, + "compaction_visit_marker_file_update_interval": { + "default": "1m0s", + "description": "How frequently compaction visit marker file should be updated duration compaction.", + "type": "string", + "x-cli-flag": "compactor.compaction-visit-marker-file-update-interval", + "x-format": "duration" + }, + "compaction_visit_marker_timeout": { + "default": "10m0s", + "description": "How long compaction visit marker file should be considered as expired and able to be picked up by compactor again.", + "type": "string", + "x-cli-flag": "compactor.compaction-visit-marker-timeout", + "x-format": "duration" + }, + "consistency_delay": { + "default": "0s", + "description": "Minimum age of fresh (non-compacted) blocks before they are being processed. Malformed blocks older than the maximum of consistency-delay and 48h0m0s will be removed.", + "type": "string", + "x-cli-flag": "compactor.consistency-delay", + "x-format": "duration" + }, + "data_dir": { + "default": "./data", + "description": "Data directory in which to cache blocks and process compactions", + "type": "string", + "x-cli-flag": "compactor.data-dir" + }, + "deletion_delay": { + "default": "12h0m0s", + "description": "Time before a block marked for deletion is deleted from bucket. If not 0, blocks will be marked for deletion and compactor component will permanently delete blocks marked for deletion from the bucket. If 0, blocks will be deleted straight away. Note that deleting blocks immediately can cause query failures.", + "type": "string", + "x-cli-flag": "compactor.deletion-delay", + "x-format": "duration" + }, + "disabled_tenants": { + "description": "Comma separated list of tenants that cannot be compacted by this compactor. If specified, and compactor would normally pick given tenant for compaction (via -compactor.enabled-tenants or sharding), it will be ignored instead.", + "type": "string", + "x-cli-flag": "compactor.disabled-tenants" + }, + "enabled_tenants": { + "description": "Comma separated list of tenants that can be compacted. If specified, only these tenants will be compacted by compactor, otherwise all tenants can be compacted. Subject to sharding.", + "type": "string", + "x-cli-flag": "compactor.enabled-tenants" + }, + "meta_sync_concurrency": { + "default": 20, + "description": "Number of Go routines to use when syncing block meta files from the long term storage.", + "type": "number", + "x-cli-flag": "compactor.meta-sync-concurrency" + }, + "sharding_enabled": { + "default": false, + "description": "Shard tenants across multiple compactor instances. Sharding is required if you run multiple compactor instances, in order to coordinate compactions and avoid race conditions leading to the same tenant blocks simultaneously compacted by different instances.", + "type": "boolean", + "x-cli-flag": "compactor.sharding-enabled" + }, + "sharding_planner_delay": { + "default": "10s", + "description": "How long shuffle sharding planner would wait before running planning code. This delay would prevent double compaction when two compactors claimed same partition in grouper at same time.", + "type": "string", + "x-cli-flag": "compactor.sharding-planner-delay", + "x-format": "duration" + }, + "sharding_ring": { + "properties": { + "auto_forget_delay": { + "default": "2m0s", + "description": "Time since last heartbeat before compactor will be removed from ring. 0 to disable", + "type": "string", + "x-cli-flag": "compactor.auto-forget-delay", + "x-format": "duration" + }, + "detailed_metrics_enabled": { + "default": true, + "description": "Set to true to enable ring detailed metrics. These metrics provide detailed information, such as token count and ownership per tenant. Disabling them can significantly decrease the number of metrics emitted.", + "type": "boolean", + "x-cli-flag": "compactor.ring.detailed-metrics-enabled" + }, + "heartbeat_period": { + "default": "5s", + "description": "Period at which to heartbeat to the ring. 0 = disabled.", + "type": "string", + "x-cli-flag": "compactor.ring.heartbeat-period", + "x-format": "duration" + }, + "heartbeat_timeout": { + "default": "1m0s", + "description": "The heartbeat timeout after which compactors are considered unhealthy within the ring. 0 = never (timeout disabled).", + "type": "string", + "x-cli-flag": "compactor.ring.heartbeat-timeout", + "x-format": "duration" + }, + "instance_interface_names": { + "default": "[eth0 en0]", + "description": "Name of network interface to read address from.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "compactor.ring.instance-interface-names" + }, + "kvstore": { + "properties": { + "consul": { + "$ref": "#/definitions/consul_config" + }, + "dynamodb": { + "properties": { + "max_cas_retries": { + "default": 10, + "description": "Maximum number of retries for DDB KV CAS.", + "type": "number", + "x-cli-flag": "compactor.ring.dynamodb.max-cas-retries" + }, + "puller_sync_time": { + "default": "1m0s", + "description": "Time to refresh local ring with information on dynamodb.", + "type": "string", + "x-cli-flag": "compactor.ring.dynamodb.puller-sync-time", + "x-format": "duration" + }, + "region": { + "description": "Region to access dynamodb.", + "type": "string", + "x-cli-flag": "compactor.ring.dynamodb.region" + }, + "table_name": { + "description": "Table name to use on dynamodb.", + "type": "string", + "x-cli-flag": "compactor.ring.dynamodb.table-name" + }, + "timeout": { + "default": "2m0s", + "description": "Timeout of dynamoDbClient requests. Default is 2m.", + "type": "string", + "x-cli-flag": "compactor.ring.dynamodb.timeout", + "x-format": "duration" + }, + "ttl": { + "default": "0s", + "description": "Time to expire items on dynamodb.", + "type": "string", + "x-cli-flag": "compactor.ring.dynamodb.ttl-time", + "x-format": "duration" + } + }, + "type": "object" + }, + "etcd": { + "$ref": "#/definitions/etcd_config" + }, + "multi": { + "properties": { + "mirror_enabled": { + "default": false, + "description": "Mirror writes to secondary store.", + "type": "boolean", + "x-cli-flag": "compactor.ring.multi.mirror-enabled" + }, + "mirror_timeout": { + "default": "2s", + "description": "Timeout for storing value to secondary store.", + "type": "string", + "x-cli-flag": "compactor.ring.multi.mirror-timeout", + "x-format": "duration" + }, + "primary": { + "description": "Primary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "compactor.ring.multi.primary" + }, + "secondary": { + "description": "Secondary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "compactor.ring.multi.secondary" + } + }, + "type": "object" + }, + "prefix": { + "default": "collectors/", + "description": "The prefix for the keys in the store. Should end with a /.", + "type": "string", + "x-cli-flag": "compactor.ring.prefix" + }, + "store": { + "default": "consul", + "description": "Backend storage to use for the ring. Supported values are: consul, etcd, inmemory, memberlist, multi.", + "type": "string", + "x-cli-flag": "compactor.ring.store" + } + }, + "type": "object" + }, + "tokens_file_path": { + "description": "File path where tokens are stored. If empty, tokens are not stored at shutdown and restored at startup.", + "type": "string", + "x-cli-flag": "compactor.ring.tokens-file-path" + }, + "unregister_on_shutdown": { + "default": true, + "description": "Unregister the compactor during shutdown if true.", + "type": "boolean", + "x-cli-flag": "compactor.ring.unregister-on-shutdown" + }, + "wait_active_instance_timeout": { + "default": "10m0s", + "description": "Timeout for waiting on compactor to become ACTIVE in the ring.", + "type": "string", + "x-cli-flag": "compactor.ring.wait-active-instance-timeout", + "x-format": "duration" + }, + "wait_stability_max_duration": { + "default": "5m0s", + "description": "Maximum time to wait for ring stability at startup. If the compactor ring keeps changing after this period of time, the compactor will start anyway.", + "type": "string", + "x-cli-flag": "compactor.ring.wait-stability-max-duration", + "x-format": "duration" + }, + "wait_stability_min_duration": { + "default": "1m0s", + "description": "Minimum time to wait for ring stability at startup. 0 to disable.", + "type": "string", + "x-cli-flag": "compactor.ring.wait-stability-min-duration", + "x-format": "duration" + } + }, + "type": "object" + }, + "sharding_strategy": { + "default": "default", + "description": "The sharding strategy to use. Supported values are: default, shuffle-sharding.", + "type": "string", + "x-cli-flag": "compactor.sharding-strategy" + }, + "skip_blocks_with_out_of_order_chunks_enabled": { + "default": false, + "description": "When enabled, mark blocks containing index with out-of-order chunks for no compact instead of halting the compaction.", + "type": "boolean", + "x-cli-flag": "compactor.skip-blocks-with-out-of-order-chunks-enabled" + }, + "tenant_cleanup_delay": { + "default": "6h0m0s", + "description": "For tenants marked for deletion, this is time between deleting of last block, and doing final cleanup (marker files, debug files) of the tenant.", + "type": "string", + "x-cli-flag": "compactor.tenant-cleanup-delay", + "x-format": "duration" + } + }, + "type": "object" + }, + "configs_config": { + "description": "The configs_config configures the Cortex Configs DB and API.", + "properties": { + "api": { + "properties": { + "notifications": { + "properties": { + "disable_email": { + "default": false, + "description": "Disable Email notifications for Alertmanager.", + "type": "boolean", + "x-cli-flag": "configs.notifications.disable-email" + }, + "disable_webhook": { + "default": false, + "description": "Disable WebHook notifications for Alertmanager.", + "type": "boolean", + "x-cli-flag": "configs.notifications.disable-webhook" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "database": { + "properties": { + "migrations_dir": { + "description": "Path where the database migration files can be found", + "type": "string", + "x-cli-flag": "configs.database.migrations-dir" + }, + "password_file": { + "description": "File containing password (username goes in URI)", + "type": "string", + "x-cli-flag": "configs.database.password-file" + }, + "uri": { + "default": "postgres://postgres@configs-db.weave.local/configs?sslmode=disable", + "description": "URI where the database can be found (for dev you can use memory://)", + "type": "string", + "x-cli-flag": "configs.database.uri" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "configstore_config": { + "description": "The configstore_config configures the config database storing rules and alerts, and is used by the Cortex alertmanager.", + "properties": { + "client_timeout": { + "default": "5s", + "description": "Timeout for requests to Weave Cloud configs service.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.configs.client-timeout", + "x-format": "duration" + }, + "configs_api_url": { + "description": "URL of configs API server.", + "format": "uri", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.configs.url" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.configs.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.configs.tls-cert-path" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "\u003cprefix\u003e.configs.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.configs.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.configs.tls-server-name" + } + }, + "type": "object" + }, + "consul_config": { + "description": "The consul_config configures the consul client.", + "properties": { + "acl_token": { + "description": "ACL Token used to interact with Consul.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.consul.acl-token" + }, + "consistent_reads": { + "default": false, + "description": "Enable consistent reads to Consul.", + "type": "boolean", + "x-cli-flag": "\u003cprefix\u003e.consul.consistent-reads" + }, + "host": { + "default": "localhost:8500", + "description": "Hostname and port of Consul.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.consul.hostname" + }, + "http_client_timeout": { + "default": "20s", + "description": "HTTP timeout when talking to Consul.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.consul.client-timeout", + "x-format": "duration" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.consul.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.consul.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS.", + "type": "boolean", + "x-cli-flag": "\u003cprefix\u003e.consul.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "\u003cprefix\u003e.consul.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.consul.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.consul.tls-server-name" + }, + "watch_burst_size": { + "default": 1, + "description": "Burst size used in rate limit. Values less than 1 are treated as 1.", + "type": "number", + "x-cli-flag": "\u003cprefix\u003e.consul.watch-burst-size" + }, + "watch_rate_limit": { + "default": 1, + "description": "Rate limit when watching key or prefix in Consul, in requests per second. 0 disables the rate limit.", + "type": "number", + "x-cli-flag": "\u003cprefix\u003e.consul.watch-rate-limit" + } + }, + "type": "object" + }, + "distributor_config": { + "description": "The distributor_config configures the Cortex distributor.", + "properties": { + "extend_writes": { + "default": true, + "description": "Try writing to an additional ingester in the presence of an ingester not in the ACTIVE state. It is useful to disable this along with -ingester.unregister-on-shutdown=false in order to not spread samples to extra ingesters during rolling restarts with consistent naming.", + "type": "boolean", + "x-cli-flag": "distributor.extend-writes" + }, + "extra_queue_delay": { + "default": "0s", + "description": "Time to wait before sending more than the minimum successful query requests.", + "type": "string", + "x-cli-flag": "distributor.extra-query-delay", + "x-format": "duration" + }, + "ha_tracker": { + "properties": { + "enable_ha_tracker": { + "default": false, + "description": "Enable the distributors HA tracker so that it can accept samples from Prometheus HA replicas gracefully (requires labels).", + "type": "boolean", + "x-cli-flag": "distributor.ha-tracker.enable" + }, + "ha_tracker_failover_timeout": { + "default": "30s", + "description": "If we don't receive any samples from the accepted replica for a cluster in this amount of time we will failover to the next replica we receive a sample from. This value must be greater than the update timeout", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.failover-timeout", + "x-format": "duration" + }, + "ha_tracker_update_timeout": { + "default": "15s", + "description": "Update the timestamp in the KV store for a given cluster/replica only after this amount of time has passed since the current stored timestamp.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.update-timeout", + "x-format": "duration" + }, + "ha_tracker_update_timeout_jitter_max": { + "default": "5s", + "description": "Maximum jitter applied to the update timeout, in order to spread the HA heartbeats over time.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.update-timeout-jitter-max", + "x-format": "duration" + }, + "kvstore": { + "description": "Backend storage to use for the ring. Please be aware that memberlist is not supported by the HA tracker since gossip propagation is too slow for HA purposes.", + "properties": { + "consul": { + "$ref": "#/definitions/consul_config" + }, + "dynamodb": { + "properties": { + "max_cas_retries": { + "default": 10, + "description": "Maximum number of retries for DDB KV CAS.", + "type": "number", + "x-cli-flag": "distributor.ha-tracker.dynamodb.max-cas-retries" + }, + "puller_sync_time": { + "default": "1m0s", + "description": "Time to refresh local ring with information on dynamodb.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.dynamodb.puller-sync-time", + "x-format": "duration" + }, + "region": { + "description": "Region to access dynamodb.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.dynamodb.region" + }, + "table_name": { + "description": "Table name to use on dynamodb.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.dynamodb.table-name" + }, + "timeout": { + "default": "2m0s", + "description": "Timeout of dynamoDbClient requests. Default is 2m.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.dynamodb.timeout", + "x-format": "duration" + }, + "ttl": { + "default": "0s", + "description": "Time to expire items on dynamodb.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.dynamodb.ttl-time", + "x-format": "duration" + } + }, + "type": "object" + }, + "etcd": { + "$ref": "#/definitions/etcd_config" + }, + "multi": { + "properties": { + "mirror_enabled": { + "default": false, + "description": "Mirror writes to secondary store.", + "type": "boolean", + "x-cli-flag": "distributor.ha-tracker.multi.mirror-enabled" + }, + "mirror_timeout": { + "default": "2s", + "description": "Timeout for storing value to secondary store.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.multi.mirror-timeout", + "x-format": "duration" + }, + "primary": { + "description": "Primary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.multi.primary" + }, + "secondary": { + "description": "Secondary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.multi.secondary" + } + }, + "type": "object" + }, + "prefix": { + "default": "ha-tracker/", + "description": "The prefix for the keys in the store. Should end with a /.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.prefix" + }, + "store": { + "default": "consul", + "description": "Backend storage to use for the ring. Supported values are: consul, etcd, inmemory, memberlist, multi.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.store" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "instance_limits": { + "properties": { + "max_inflight_client_requests": { + "default": 0, + "description": "Max inflight ingester client requests that this distributor can handle. This limit is per-distributor, not per-tenant. Additional requests will be rejected. 0 = unlimited.", + "type": "number", + "x-cli-flag": "distributor.instance-limits.max-inflight-client-requests" + }, + "max_inflight_push_requests": { + "default": 0, + "description": "Max inflight push requests that this distributor can handle. This limit is per-distributor, not per-tenant. Additional requests will be rejected. 0 = unlimited.", + "type": "number", + "x-cli-flag": "distributor.instance-limits.max-inflight-push-requests" + }, + "max_ingestion_rate": { + "default": 0, + "description": "Max ingestion rate (samples/sec) that this distributor will accept. This limit is per-distributor, not per-tenant. Additional push requests will be rejected. Current ingestion rate is computed as exponentially weighted moving average, updated every second. 0 = unlimited.", + "type": "number", + "x-cli-flag": "distributor.instance-limits.max-ingestion-rate" + } + }, + "type": "object" + }, + "max_recv_msg_size": { + "default": 104857600, + "description": "remote_write API max receive message size (bytes).", + "type": "number", + "x-cli-flag": "distributor.max-recv-msg-size" + }, + "num_push_workers": { + "default": 0, + "description": "EXPERIMENTAL: Number of go routines to handle push calls from distributors to ingesters. When no workers are available, a new goroutine will be spawned automatically. If set to 0 (default), workers are disabled, and a new goroutine will be created for each push request.", + "type": "number", + "x-cli-flag": "distributor.num-push-workers" + }, + "otlp": { + "properties": { + "allow_delta_temporality": { + "default": false, + "description": "EXPERIMENTAL: If true, delta temporality otlp metrics to be ingested.", + "type": "boolean", + "x-cli-flag": "distributor.otlp.allow-delta-temporality" + }, + "convert_all_attributes": { + "default": false, + "description": "If true, all resource attributes are converted to labels.", + "type": "boolean", + "x-cli-flag": "distributor.otlp.convert-all-attributes" + }, + "disable_target_info": { + "default": false, + "description": "If true, a target_info metric is not ingested. (refer to: https://github.com/prometheus/OpenMetrics/blob/main/specification/OpenMetrics.md#supporting-target-metadata-in-both-push-based-and-pull-based-systems)", + "type": "boolean", + "x-cli-flag": "distributor.otlp.disable-target-info" + } + }, + "type": "object" + }, + "otlp_max_recv_msg_size": { + "default": 104857600, + "description": "Maximum OTLP request size in bytes that the Distributor can accept.", + "type": "number", + "x-cli-flag": "distributor.otlp-max-recv-msg-size" + }, + "pool": { + "properties": { + "client_cleanup_period": { + "default": "15s", + "description": "How frequently to clean up clients for ingesters that have gone away.", + "type": "string", + "x-cli-flag": "distributor.client-cleanup-period", + "x-format": "duration" + }, + "health_check_ingesters": { + "default": true, + "description": "Run a health check on each ingester client during periodic cleanup.", + "type": "boolean", + "x-cli-flag": "distributor.health-check-ingesters" + } + }, + "type": "object" + }, + "remote_timeout": { + "default": "2s", + "description": "Timeout for downstream ingesters.", + "type": "string", + "x-cli-flag": "distributor.remote-timeout", + "x-format": "duration" + }, + "ring": { + "properties": { + "detailed_metrics_enabled": { + "default": true, + "description": "Set to true to enable ring detailed metrics. These metrics provide detailed information, such as token count and ownership per tenant. Disabling them can significantly decrease the number of metrics emitted.", + "type": "boolean", + "x-cli-flag": "distributor.ring.detailed-metrics-enabled" + }, + "heartbeat_period": { + "default": "5s", + "description": "Period at which to heartbeat to the ring. 0 = disabled.", + "type": "string", + "x-cli-flag": "distributor.ring.heartbeat-period", + "x-format": "duration" + }, + "heartbeat_timeout": { + "default": "1m0s", + "description": "The heartbeat timeout after which distributors are considered unhealthy within the ring. 0 = never (timeout disabled).", + "type": "string", + "x-cli-flag": "distributor.ring.heartbeat-timeout", + "x-format": "duration" + }, + "instance_interface_names": { + "default": "[eth0 en0]", + "description": "Name of network interface to read address from.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "distributor.ring.instance-interface-names" + }, + "kvstore": { + "properties": { + "consul": { + "$ref": "#/definitions/consul_config" + }, + "dynamodb": { + "properties": { + "max_cas_retries": { + "default": 10, + "description": "Maximum number of retries for DDB KV CAS.", + "type": "number", + "x-cli-flag": "distributor.ring.dynamodb.max-cas-retries" + }, + "puller_sync_time": { + "default": "1m0s", + "description": "Time to refresh local ring with information on dynamodb.", + "type": "string", + "x-cli-flag": "distributor.ring.dynamodb.puller-sync-time", + "x-format": "duration" + }, + "region": { + "description": "Region to access dynamodb.", + "type": "string", + "x-cli-flag": "distributor.ring.dynamodb.region" + }, + "table_name": { + "description": "Table name to use on dynamodb.", + "type": "string", + "x-cli-flag": "distributor.ring.dynamodb.table-name" + }, + "timeout": { + "default": "2m0s", + "description": "Timeout of dynamoDbClient requests. Default is 2m.", + "type": "string", + "x-cli-flag": "distributor.ring.dynamodb.timeout", + "x-format": "duration" + }, + "ttl": { + "default": "0s", + "description": "Time to expire items on dynamodb.", + "type": "string", + "x-cli-flag": "distributor.ring.dynamodb.ttl-time", + "x-format": "duration" + } + }, + "type": "object" + }, + "etcd": { + "$ref": "#/definitions/etcd_config" + }, + "multi": { + "properties": { + "mirror_enabled": { + "default": false, + "description": "Mirror writes to secondary store.", + "type": "boolean", + "x-cli-flag": "distributor.ring.multi.mirror-enabled" + }, + "mirror_timeout": { + "default": "2s", + "description": "Timeout for storing value to secondary store.", + "type": "string", + "x-cli-flag": "distributor.ring.multi.mirror-timeout", + "x-format": "duration" + }, + "primary": { + "description": "Primary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "distributor.ring.multi.primary" + }, + "secondary": { + "description": "Secondary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "distributor.ring.multi.secondary" + } + }, + "type": "object" + }, + "prefix": { + "default": "collectors/", + "description": "The prefix for the keys in the store. Should end with a /.", + "type": "string", + "x-cli-flag": "distributor.ring.prefix" + }, + "store": { + "default": "consul", + "description": "Backend storage to use for the ring. Supported values are: consul, etcd, inmemory, memberlist, multi.", + "type": "string", + "x-cli-flag": "distributor.ring.store" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shard_by_all_labels": { + "default": false, + "description": "Distribute samples based on all labels, as opposed to solely by user and metric name.", + "type": "boolean", + "x-cli-flag": "distributor.shard-by-all-labels" + }, + "sharding_strategy": { + "default": "default", + "description": "The sharding strategy to use. Supported values are: default, shuffle-sharding.", + "type": "string", + "x-cli-flag": "distributor.sharding-strategy" + }, + "sign_write_requests": { + "default": false, + "description": "EXPERIMENTAL: If enabled, sign the write request between distributors and ingesters.", + "type": "boolean", + "x-cli-flag": "distributor.sign-write-requests" + }, + "use_stream_push": { + "default": false, + "description": "EXPERIMENTAL: If enabled, distributor would use stream connection to send requests to ingesters.", + "type": "boolean", + "x-cli-flag": "distributor.use-stream-push" + } + }, + "type": "object" + }, + "etcd_config": { + "description": "The etcd_config configures the etcd client.", + "properties": { + "dial_timeout": { + "default": "10s", + "description": "The dial timeout for the etcd connection.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.etcd.dial-timeout", + "x-format": "duration" + }, + "endpoints": { + "default": [], + "description": "The etcd endpoints to connect to.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "\u003cprefix\u003e.etcd.endpoints" + }, + "max_retries": { + "default": 10, + "description": "The maximum number of retries to do for failed ops.", + "type": "number", + "x-cli-flag": "\u003cprefix\u003e.etcd.max-retries" + }, + "password": { + "description": "Etcd password.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.etcd.password" + }, + "ping-without-stream-allowed": { + "default": true, + "description": "Send Keepalive pings with no streams.", + "type": "boolean", + "x-cli-flag": "\u003cprefix\u003e.etcd.ping-without-stream-allowed" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.etcd.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.etcd.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS.", + "type": "boolean", + "x-cli-flag": "\u003cprefix\u003e.etcd.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "\u003cprefix\u003e.etcd.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.etcd.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.etcd.tls-server-name" + }, + "username": { + "description": "Etcd username.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.etcd.username" + } + }, + "type": "object" + }, + "fifo_cache_config": { + "description": "The fifo_cache_config configures the local in-memory cache.", + "properties": { + "max_size_bytes": { + "description": "Maximum memory size of the cache in bytes. A unit suffix (KB, MB, GB) may be applied.", + "type": "string", + "x-cli-flag": "frontend.fifocache.max-size-bytes" + }, + "max_size_items": { + "default": 0, + "description": "Maximum number of entries in the cache.", + "type": "number", + "x-cli-flag": "frontend.fifocache.max-size-items" + }, + "size": { + "default": 0, + "description": "Deprecated (use max-size-items or max-size-bytes instead): The number of entries to cache. ", + "type": "number", + "x-cli-flag": "frontend.fifocache.size" + }, + "validity": { + "default": "0s", + "description": "The expiry duration for the cache.", + "type": "string", + "x-cli-flag": "frontend.fifocache.duration", + "x-format": "duration" + } + }, + "type": "object" + }, + "flusher_config": { + "description": "The flusher_config configures the WAL flusher target, used to manually run one-time flushes when scaling down ingesters.", + "properties": { + "exit_after_flush": { + "default": true, + "description": "Stop Cortex after flush has finished. If false, Cortex process will keep running, doing nothing.", + "type": "boolean", + "x-cli-flag": "flusher.exit-after-flush" + } + }, + "type": "object" + }, + "frontend_worker_config": { + "description": "The frontend_worker_config configures the worker - running within the Cortex querier - picking up and executing queries enqueued by the query-frontend or query-scheduler.", + "properties": { + "dns_lookup_duration": { + "default": "10s", + "description": "How often to query DNS for query-frontend or query-scheduler address.", + "type": "string", + "x-cli-flag": "querier.dns-lookup-period", + "x-format": "duration" + }, + "frontend_address": { + "description": "Address of query frontend service, in host:port format. If -querier.scheduler-address is set as well, querier will use scheduler instead. Only one of -querier.frontend-address or -querier.scheduler-address can be set. If neither is set, queries are only received via HTTP endpoint.", + "type": "string", + "x-cli-flag": "querier.frontend-address" + }, + "grpc_client_config": { + "properties": { + "backoff_config": { + "properties": { + "max_period": { + "default": "10s", + "description": "Maximum delay when backing off.", + "type": "string", + "x-cli-flag": "querier.frontend-client.backoff-max-period", + "x-format": "duration" + }, + "max_retries": { + "default": 10, + "description": "Number of times to backoff and retry before failing.", + "type": "number", + "x-cli-flag": "querier.frontend-client.backoff-retries" + }, + "min_period": { + "default": "100ms", + "description": "Minimum delay when backing off.", + "type": "string", + "x-cli-flag": "querier.frontend-client.backoff-min-period", + "x-format": "duration" + } + }, + "type": "object" + }, + "backoff_on_ratelimits": { + "default": false, + "description": "Enable backoff and retry when we hit ratelimits.", + "type": "boolean", + "x-cli-flag": "querier.frontend-client.backoff-on-ratelimits" + }, + "connect_timeout": { + "default": "5s", + "description": "The maximum amount of time to establish a connection. A value of 0 means using default gRPC client connect timeout 20s.", + "type": "string", + "x-cli-flag": "querier.frontend-client.connect-timeout", + "x-format": "duration" + }, + "grpc_compression": { + "description": "Use compression when sending messages. Supported values are: 'gzip', 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)", + "type": "string", + "x-cli-flag": "querier.frontend-client.grpc-compression" + }, + "max_recv_msg_size": { + "default": 104857600, + "description": "gRPC client max receive message size (bytes).", + "type": "number", + "x-cli-flag": "querier.frontend-client.grpc-max-recv-msg-size" + }, + "max_send_msg_size": { + "default": 16777216, + "description": "gRPC client max send message size (bytes).", + "type": "number", + "x-cli-flag": "querier.frontend-client.grpc-max-send-msg-size" + }, + "rate_limit": { + "default": 0, + "description": "Rate limit for gRPC client; 0 means disabled.", + "type": "number", + "x-cli-flag": "querier.frontend-client.grpc-client-rate-limit" + }, + "rate_limit_burst": { + "default": 0, + "description": "Rate limit burst for gRPC client.", + "type": "number", + "x-cli-flag": "querier.frontend-client.grpc-client-rate-limit-burst" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "querier.frontend-client.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "querier.frontend-client.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS in the GRPC client. This flag needs to be enabled when any other TLS flag is set. If set to false, insecure connection to gRPC server will be used.", + "type": "boolean", + "x-cli-flag": "querier.frontend-client.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "querier.frontend-client.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "querier.frontend-client.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "querier.frontend-client.tls-server-name" + } + }, + "type": "object" + }, + "id": { + "description": "Querier ID, sent to frontend service to identify requests from the same querier. Defaults to hostname.", + "type": "string", + "x-cli-flag": "querier.id" + }, + "match_max_concurrent": { + "default": false, + "description": "Force worker concurrency to match the -querier.max-concurrent option. Overrides querier.worker-parallelism.", + "type": "boolean", + "x-cli-flag": "querier.worker-match-max-concurrent" + }, + "parallelism": { + "default": 10, + "description": "Number of simultaneous queries to process per query-frontend or query-scheduler.", + "type": "number", + "x-cli-flag": "querier.worker-parallelism" + }, + "scheduler_address": { + "description": "Hostname (and port) of scheduler that querier will periodically resolve, connect to and receive queries from. Only one of -querier.frontend-address or -querier.scheduler-address can be set. If neither is set, queries are only received via HTTP endpoint.", + "type": "string", + "x-cli-flag": "querier.scheduler-address" + } + }, + "type": "object" + }, + "ingester_client_config": { + "description": "The ingester_client_config configures how the Cortex distributors connect to the ingesters.", + "properties": { + "grpc_client_config": { + "properties": { + "backoff_config": { + "properties": { + "max_period": { + "default": "10s", + "description": "Maximum delay when backing off.", + "type": "string", + "x-cli-flag": "ingester.client.backoff-max-period", + "x-format": "duration" + }, + "max_retries": { + "default": 10, + "description": "Number of times to backoff and retry before failing.", + "type": "number", + "x-cli-flag": "ingester.client.backoff-retries" + }, + "min_period": { + "default": "100ms", + "description": "Minimum delay when backing off.", + "type": "string", + "x-cli-flag": "ingester.client.backoff-min-period", + "x-format": "duration" + } + }, + "type": "object" + }, + "backoff_on_ratelimits": { + "default": false, + "description": "Enable backoff and retry when we hit ratelimits.", + "type": "boolean", + "x-cli-flag": "ingester.client.backoff-on-ratelimits" + }, + "connect_timeout": { + "default": "5s", + "description": "The maximum amount of time to establish a connection. A value of 0 means using default gRPC client connect timeout 20s.", + "type": "string", + "x-cli-flag": "ingester.client.connect-timeout", + "x-format": "duration" + }, + "grpc_compression": { + "default": "snappy-block", + "description": "Use compression when sending messages. Supported values are: 'gzip', 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)", + "type": "string", + "x-cli-flag": "ingester.client.grpc-compression" + }, + "healthcheck_config": { + "description": "EXPERIMENTAL: If enabled, gRPC clients perform health checks for each target and fail the request if the target is marked as unhealthy.", + "properties": { + "interval": { + "default": "5s", + "description": "The approximate amount of time between health checks of an individual target.", + "type": "string", + "x-cli-flag": "ingester.client.healthcheck.interval", + "x-format": "duration" + }, + "timeout": { + "default": "1s", + "description": "The amount of time during which no response from a target means a failed health check.", + "type": "string", + "x-cli-flag": "ingester.client.healthcheck.timeout", + "x-format": "duration" + }, + "unhealthy_threshold": { + "default": 0, + "description": "The number of consecutive failed health checks required before considering a target unhealthy. 0 means disabled.", + "type": "number", + "x-cli-flag": "ingester.client.healthcheck.unhealthy-threshold" + } + }, + "type": "object" + }, + "max_recv_msg_size": { + "default": 104857600, + "description": "gRPC client max receive message size (bytes).", + "type": "number", + "x-cli-flag": "ingester.client.grpc-max-recv-msg-size" + }, + "max_send_msg_size": { + "default": 16777216, + "description": "gRPC client max send message size (bytes).", + "type": "number", + "x-cli-flag": "ingester.client.grpc-max-send-msg-size" + }, + "rate_limit": { + "default": 0, + "description": "Rate limit for gRPC client; 0 means disabled.", + "type": "number", + "x-cli-flag": "ingester.client.grpc-client-rate-limit" + }, + "rate_limit_burst": { + "default": 0, + "description": "Rate limit burst for gRPC client.", + "type": "number", + "x-cli-flag": "ingester.client.grpc-client-rate-limit-burst" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "ingester.client.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "ingester.client.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS in the GRPC client. This flag needs to be enabled when any other TLS flag is set. If set to false, insecure connection to gRPC server will be used.", + "type": "boolean", + "x-cli-flag": "ingester.client.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "ingester.client.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "ingester.client.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "ingester.client.tls-server-name" + } + }, + "type": "object" + }, + "max_inflight_push_requests": { + "default": 0, + "description": "Max inflight push requests that this ingester client can handle. This limit is per-ingester-client. Additional requests will be rejected. 0 = unlimited.", + "type": "number", + "x-cli-flag": "ingester.client.max-inflight-push-requests" + } + }, + "type": "object" + }, + "ingester_config": { + "description": "The ingester_config configures the Cortex ingester.", + "properties": { + "active_series_metrics_enabled": { + "default": true, + "description": "Enable tracking of active series and export them as metrics.", + "type": "boolean", + "x-cli-flag": "ingester.active-series-metrics-enabled" + }, + "active_series_metrics_idle_timeout": { + "default": "10m0s", + "description": "After what time a series is considered to be inactive.", + "type": "string", + "x-cli-flag": "ingester.active-series-metrics-idle-timeout", + "x-format": "duration" + }, + "active_series_metrics_update_period": { + "default": "1m0s", + "description": "How often to update active series metrics.", + "type": "string", + "x-cli-flag": "ingester.active-series-metrics-update-period", + "x-format": "duration" + }, + "admin_limit_message": { + "default": "please contact administrator to raise it", + "description": "Customize the message contained in limit errors", + "type": "string", + "x-cli-flag": "ingester.admin-limit-message" + }, + "disable_chunk_trimming": { + "default": false, + "description": "Disable trimming of matching series chunks based on query Start and End time. When disabled, the result may contain samples outside the queried time range but select performances may be improved. Note that certain query results might change by changing this option.", + "type": "boolean", + "x-cli-flag": "ingester.disable-chunk-trimming" + }, + "ignore_series_limit_for_metric_names": { + "description": "Comma-separated list of metric names, for which -ingester.max-series-per-metric and -ingester.max-global-series-per-metric limits will be ignored. Does not affect max-series-per-user or max-global-series-per-metric limits.", + "type": "string", + "x-cli-flag": "ingester.ignore-series-limit-for-metric-names" + }, + "instance_limits": { + "properties": { + "max_inflight_push_requests": { + "default": 0, + "description": "Max inflight push requests that this ingester can handle (across all tenants). Additional requests will be rejected. 0 = unlimited.", + "type": "number", + "x-cli-flag": "ingester.instance-limits.max-inflight-push-requests" + }, + "max_inflight_query_requests": { + "default": 0, + "description": "Max inflight query requests that this ingester can handle (across all tenants). Additional requests will be rejected. 0 = unlimited.", + "type": "number", + "x-cli-flag": "ingester.instance-limits.max-inflight-query-requests" + }, + "max_ingestion_rate": { + "default": 0, + "description": "Max ingestion rate (samples/sec) that ingester will accept. This limit is per-ingester, not per-tenant. Additional push requests will be rejected. Current ingestion rate is computed as exponentially weighted moving average, updated every second. This limit only works when using blocks engine. 0 = unlimited.", + "type": "number", + "x-cli-flag": "ingester.instance-limits.max-ingestion-rate" + }, + "max_series": { + "default": 0, + "description": "Max series that this ingester can hold (across all tenants). Requests to create additional series will be rejected. This limit only works when using blocks engine. 0 = unlimited.", + "type": "number", + "x-cli-flag": "ingester.instance-limits.max-series" + }, + "max_tenants": { + "default": 0, + "description": "Max users that this ingester can hold. Requests from additional users will be rejected. This limit only works when using blocks engine. 0 = unlimited.", + "type": "number", + "x-cli-flag": "ingester.instance-limits.max-tenants" + } + }, + "type": "object" + }, + "labels_string_interning_enabled": { + "default": false, + "description": "Experimental: Enable string interning for metrics labels.", + "type": "boolean", + "x-cli-flag": "ingester.labels-string-interning-enabled" + }, + "lifecycler": { + "properties": { + "availability_zone": { + "description": "The availability zone where this instance is running.", + "type": "string", + "x-cli-flag": "ingester.availability-zone" + }, + "final_sleep": { + "default": "30s", + "description": "Duration to sleep for before exiting, to ensure metrics are scraped.", + "type": "string", + "x-cli-flag": "ingester.final-sleep", + "x-format": "duration" + }, + "heartbeat_period": { + "default": "5s", + "description": "Period at which to heartbeat to consul. 0 = disabled.", + "type": "string", + "x-cli-flag": "ingester.heartbeat-period", + "x-format": "duration" + }, + "interface_names": { + "default": "[eth0 en0]", + "description": "Name of network interface to read address from.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "ingester.lifecycler.interface" + }, + "join_after": { + "default": "0s", + "description": "Period to wait for a claim from another member; will join automatically after this.", + "type": "string", + "x-cli-flag": "ingester.join-after", + "x-format": "duration" + }, + "min_ready_duration": { + "default": "15s", + "description": "Minimum duration to wait after the internal readiness checks have passed but before succeeding the readiness endpoint. This is used to slowdown deployment controllers (eg. Kubernetes) after an instance is ready and before they proceed with a rolling update, to give the rest of the cluster instances enough time to receive ring updates.", + "type": "string", + "x-cli-flag": "ingester.min-ready-duration", + "x-format": "duration" + }, + "num_tokens": { + "default": 128, + "description": "Number of tokens for each ingester.", + "type": "number", + "x-cli-flag": "ingester.num-tokens" + }, + "observe_period": { + "default": "0s", + "description": "Observe tokens after generating to resolve collisions. Useful when using gossiping ring.", + "type": "string", + "x-cli-flag": "ingester.observe-period", + "x-format": "duration" + }, + "readiness_check_ring_health": { + "default": true, + "description": "When enabled the readiness probe succeeds only after all instances are ACTIVE and healthy in the ring, otherwise only the instance itself is checked. This option should be disabled if in your cluster multiple instances can be rolled out simultaneously, otherwise rolling updates may be slowed down.", + "type": "boolean", + "x-cli-flag": "ingester.readiness-check-ring-health" + }, + "ring": { + "properties": { + "detailed_metrics_enabled": { + "default": true, + "description": "Set to true to enable ring detailed metrics. These metrics provide detailed information, such as token count and ownership per tenant. Disabling them can significantly decrease the number of metrics emitted by the distributors.", + "type": "boolean", + "x-cli-flag": "ring.detailed-metrics-enabled" + }, + "excluded_zones": { + "description": "Comma-separated list of zones to exclude from the ring. Instances in excluded zones will be filtered out from the ring.", + "type": "string", + "x-cli-flag": "distributor.excluded-zones" + }, + "heartbeat_timeout": { + "default": "1m0s", + "description": "The heartbeat timeout after which ingesters are skipped for reads/writes. 0 = never (timeout disabled).", + "type": "string", + "x-cli-flag": "ring.heartbeat-timeout", + "x-format": "duration" + }, + "kvstore": { + "properties": { + "consul": { + "$ref": "#/definitions/consul_config" + }, + "dynamodb": { + "properties": { + "max_cas_retries": { + "default": 10, + "description": "Maximum number of retries for DDB KV CAS.", + "type": "number", + "x-cli-flag": "dynamodb.max-cas-retries" + }, + "puller_sync_time": { + "default": "1m0s", + "description": "Time to refresh local ring with information on dynamodb.", + "type": "string", + "x-cli-flag": "dynamodb.puller-sync-time", + "x-format": "duration" + }, + "region": { + "description": "Region to access dynamodb.", + "type": "string", + "x-cli-flag": "dynamodb.region" + }, + "table_name": { + "description": "Table name to use on dynamodb.", + "type": "string", + "x-cli-flag": "dynamodb.table-name" + }, + "timeout": { + "default": "2m0s", + "description": "Timeout of dynamoDbClient requests. Default is 2m.", + "type": "string", + "x-cli-flag": "dynamodb.timeout", + "x-format": "duration" + }, + "ttl": { + "default": "0s", + "description": "Time to expire items on dynamodb.", + "type": "string", + "x-cli-flag": "dynamodb.ttl-time", + "x-format": "duration" + } + }, + "type": "object" + }, + "etcd": { + "$ref": "#/definitions/etcd_config" + }, + "multi": { + "properties": { + "mirror_enabled": { + "default": false, + "description": "Mirror writes to secondary store.", + "type": "boolean", + "x-cli-flag": "multi.mirror-enabled" + }, + "mirror_timeout": { + "default": "2s", + "description": "Timeout for storing value to secondary store.", + "type": "string", + "x-cli-flag": "multi.mirror-timeout", + "x-format": "duration" + }, + "primary": { + "description": "Primary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "multi.primary" + }, + "secondary": { + "description": "Secondary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "multi.secondary" + } + }, + "type": "object" + }, + "prefix": { + "default": "collectors/", + "description": "The prefix for the keys in the store. Should end with a /.", + "type": "string", + "x-cli-flag": "ring.prefix" + }, + "store": { + "default": "consul", + "description": "Backend storage to use for the ring. Supported values are: consul, etcd, inmemory, memberlist, multi.", + "type": "string", + "x-cli-flag": "ring.store" + } + }, + "type": "object" + }, + "replication_factor": { + "default": 3, + "description": "The number of ingesters to write to and read from.", + "type": "number", + "x-cli-flag": "distributor.replication-factor" + }, + "zone_awareness_enabled": { + "default": false, + "description": "True to enable the zone-awareness and replicate ingested samples across different availability zones.", + "type": "boolean", + "x-cli-flag": "distributor.zone-awareness-enabled" + } + }, + "type": "object" + }, + "tokens_file_path": { + "description": "File path where tokens are stored. If empty, tokens are not stored at shutdown and restored at startup.", + "type": "string", + "x-cli-flag": "ingester.tokens-file-path" + }, + "tokens_generator_strategy": { + "default": "random", + "description": "EXPERIMENTAL: Algorithm used to generate new ring tokens. Supported Values: random,minimize-spread", + "type": "string", + "x-cli-flag": "ingester.tokens-generator-strategy" + }, + "unregister_on_shutdown": { + "default": true, + "description": "Unregister from the ring upon clean shutdown. It can be useful to disable for rolling restarts with consistent naming in conjunction with -distributor.extend-writes=false.", + "type": "boolean", + "x-cli-flag": "ingester.unregister-on-shutdown" + } + }, + "type": "object" + }, + "matchers_cache_max_items": { + "default": 0, + "description": "Maximum number of entries in the regex matchers cache. 0 to disable.", + "type": "number", + "x-cli-flag": "ingester.matchers-cache-max-items" + }, + "metadata_retain_period": { + "default": "10m0s", + "description": "Period at which metadata we have not seen will remain in memory before being deleted.", + "type": "string", + "x-cli-flag": "ingester.metadata-retain-period", + "x-format": "duration" + }, + "query_protection": { + "properties": { + "rejection": { + "properties": { + "enabled": { + "default": false, + "description": "EXPERIMENTAL: Enable query rejection feature, where the component return 503 to all incoming query requests when the configured thresholds are breached.", + "type": "boolean", + "x-cli-flag": "ingester.query-protection.rejection.enabled" + }, + "threshold": { + "properties": { + "cpu_utilization": { + "default": 0, + "description": "EXPERIMENTAL: Max CPU utilization that this ingester can reach before rejecting new query request (across all tenants) in percentage, between 0 and 1. monitored_resources config must include the resource type. 0 to disable.", + "type": "number", + "x-cli-flag": "ingester.query-protection.rejection.threshold.cpu-utilization" + }, + "heap_utilization": { + "default": 0, + "description": "EXPERIMENTAL: Max heap utilization that this ingester can reach before rejecting new query request (across all tenants) in percentage, between 0 and 1. monitored_resources config must include the resource type. 0 to disable.", + "type": "number", + "x-cli-flag": "ingester.query-protection.rejection.threshold.heap-utilization" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "rate_update_period": { + "default": "15s", + "description": "Period with which to update the per-user ingestion rates.", + "type": "string", + "x-cli-flag": "ingester.rate-update-period", + "x-format": "duration" + }, + "skip_metadata_limits": { + "default": true, + "description": "If enabled, the metadata API returns all metadata regardless of the limits.", + "type": "boolean", + "x-cli-flag": "ingester.skip-metadata-limits" + }, + "upload_compacted_blocks_enabled": { + "default": true, + "description": "Enable uploading compacted blocks.", + "type": "boolean", + "x-cli-flag": "ingester.upload-compacted-blocks-enabled" + }, + "user_tsdb_configs_update_period": { + "default": "15s", + "description": "Period with which to update the per-user tsdb config.", + "type": "string", + "x-cli-flag": "ingester.user-tsdb-configs-update-period", + "x-format": "duration" + } + }, + "type": "object" + }, + "limits_config": { + "description": "The limits_config configures default and per-tenant limits imposed by Cortex services (ie. distributor, ingester, ...).", + "properties": { + "accept_ha_samples": { + "default": false, + "description": "Flag to enable, for all users, handling of samples with external labels identifying replicas in an HA Prometheus setup.", + "type": "boolean", + "x-cli-flag": "distributor.ha-tracker.enable-for-all-users" + }, + "accept_mixed_ha_samples": { + "default": false, + "description": "[Experimental] Flag to enable handling of samples with mixed external labels identifying replicas in an HA Prometheus setup. Supported only if -distributor.ha-tracker.enable-for-all-users is true.", + "type": "boolean", + "x-cli-flag": "experimental.distributor.ha-tracker.mixed-ha-samples" + }, + "alertmanager_max_alerts_count": { + "default": 0, + "description": "Maximum number of alerts that a single user can have. Inserting more alerts will fail with a log message and metric increment. 0 = no limit.", + "type": "number", + "x-cli-flag": "alertmanager.max-alerts-count" + }, + "alertmanager_max_alerts_size_bytes": { + "default": 0, + "description": "Maximum total size of alerts that a single user can have, alert size is the sum of the bytes of its labels, annotations and generatorURL. Inserting more alerts will fail with a log message and metric increment. 0 = no limit.", + "type": "number", + "x-cli-flag": "alertmanager.max-alerts-size-bytes" + }, + "alertmanager_max_config_size_bytes": { + "default": 0, + "description": "Maximum size of configuration file for Alertmanager that tenant can upload via Alertmanager API. 0 = no limit.", + "type": "number", + "x-cli-flag": "alertmanager.max-config-size-bytes" + }, + "alertmanager_max_dispatcher_aggregation_groups": { + "default": 0, + "description": "Maximum number of aggregation groups in Alertmanager's dispatcher that a tenant can have. Each active aggregation group uses single goroutine. When the limit is reached, dispatcher will not dispatch alerts that belong to additional aggregation groups, but existing groups will keep working properly. 0 = no limit.", + "type": "number", + "x-cli-flag": "alertmanager.max-dispatcher-aggregation-groups" + }, + "alertmanager_max_silences_count": { + "default": 0, + "description": "Maximum number of silences that a single user can have, including expired silences. 0 = no limit.", + "type": "number", + "x-cli-flag": "alertmanager.max-silences-count" + }, + "alertmanager_max_silences_size_bytes": { + "default": 0, + "description": "Maximum size of individual silences that a single user can have. 0 = no limit.", + "type": "number", + "x-cli-flag": "alertmanager.max-silences-size-bytes" + }, + "alertmanager_max_template_size_bytes": { + "default": 0, + "description": "Maximum size of single template in tenant's Alertmanager configuration uploaded via Alertmanager API. 0 = no limit.", + "type": "number", + "x-cli-flag": "alertmanager.max-template-size-bytes" + }, + "alertmanager_max_templates_count": { + "default": 0, + "description": "Maximum number of templates in tenant's Alertmanager configuration uploaded via Alertmanager API. 0 = no limit.", + "type": "number", + "x-cli-flag": "alertmanager.max-templates-count" + }, + "alertmanager_notification_rate_limit": { + "default": 0, + "description": "Per-user rate limit for sending notifications from Alertmanager in notifications/sec. 0 = rate limit disabled. Negative value = no notifications are allowed.", + "type": "number", + "x-cli-flag": "alertmanager.notification-rate-limit" + }, + "alertmanager_notification_rate_limit_per_integration": { + "additionalProperties": true, + "default": "{}", + "description": "Per-integration notification rate limits. Value is a map, where each key is integration name and value is a rate-limit (float). On command line, this map is given in JSON format. Rate limit has the same meaning as -alertmanager.notification-rate-limit, but only applies for specific integration. Allowed integration names: webhook, email, pagerduty, opsgenie, wechat, slack, victorops, pushover, sns, telegram, discord, webex, msteams, msteamsv2, jira, rocketchat.", + "type": "object", + "x-cli-flag": "alertmanager.notification-rate-limit-per-integration" + }, + "alertmanager_receivers_firewall_block_cidr_networks": { + "description": "Comma-separated list of network CIDRs to block in Alertmanager receiver integrations.", + "type": "string", + "x-cli-flag": "alertmanager.receivers-firewall-block-cidr-networks" + }, + "alertmanager_receivers_firewall_block_private_addresses": { + "default": false, + "description": "True to block private and local addresses in Alertmanager receiver integrations. It blocks private addresses defined by RFC 1918 (IPv4 addresses) and RFC 4193 (IPv6 addresses), as well as loopback, local unicast and local multicast addresses.", + "type": "boolean", + "x-cli-flag": "alertmanager.receivers-firewall-block-private-addresses" + }, + "compactor_blocks_retention_period": { + "default": "0s", + "description": "Delete blocks containing samples older than the specified retention period. 0 to disable.", + "type": "string", + "x-cli-flag": "compactor.blocks-retention-period", + "x-format": "duration" + }, + "compactor_partition_index_size_bytes": { + "default": 68719476736, + "description": "Index size limit in bytes for each compaction partition. 0 means no limit", + "type": "number", + "x-cli-flag": "compactor.partition-index-size-bytes" + }, + "compactor_partition_series_count": { + "default": 0, + "description": "Time series count limit for each compaction partition. 0 means no limit", + "type": "number", + "x-cli-flag": "compactor.partition-series-count" + }, + "compactor_tenant_shard_size": { + "default": 0, + "description": "The default tenant's shard size when the shuffle-sharding strategy is used by the compactor. When this setting is specified in the per-tenant overrides, a value of 0 disables shuffle sharding for the tenant. If the value is \u003c 1 and \u003e 0 the shard size will be a percentage of the total compactors", + "type": "number", + "x-cli-flag": "compactor.tenant-shard-size" + }, + "creation_grace_period": { + "default": "10m", + "description": "Duration which table will be created/deleted before/after it's needed; we won't accept sample from before this time.", + "type": "string", + "x-cli-flag": "validation.create-grace-period", + "x-format": "duration" + }, + "disabled_rule_groups": { + "default": [], + "description": "list of rule groups to disable", + "items": { + "type": "string" + }, + "type": "array" + }, + "drop_labels": { + "default": [], + "description": "This flag can be used to specify label names that to drop during sample ingestion within the distributor and can be repeated in order to drop multiple labels.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "distributor.drop-label" + }, + "enable_native_histograms": { + "default": false, + "description": "[EXPERIMENTAL] True to enable native histogram.", + "type": "boolean", + "x-cli-flag": "blocks-storage.tsdb.enable-native-histograms" + }, + "enforce_metadata_metric_name": { + "default": true, + "description": "Enforce every metadata has a metric name.", + "type": "boolean", + "x-cli-flag": "validation.enforce-metadata-metric-name" + }, + "enforce_metric_name": { + "default": true, + "description": "Enforce every sample has a metric name.", + "type": "boolean", + "x-cli-flag": "validation.enforce-metric-name" + }, + "ha_cluster_label": { + "default": "cluster", + "description": "Prometheus label to look for in samples to identify a Prometheus HA cluster.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.cluster" + }, + "ha_max_clusters": { + "default": 0, + "description": "Maximum number of clusters that HA tracker will keep track of for single user. 0 to disable the limit.", + "type": "number", + "x-cli-flag": "distributor.ha-tracker.max-clusters" + }, + "ha_replica_label": { + "default": "__replica__", + "description": "Prometheus label to look for in samples to identify a Prometheus HA replica.", + "type": "string", + "x-cli-flag": "distributor.ha-tracker.replica" + }, + "ingestion_burst_size": { + "default": 50000, + "description": "Per-user allowed ingestion burst size (in number of samples).", + "type": "number", + "x-cli-flag": "distributor.ingestion-burst-size" + }, + "ingestion_rate": { + "default": 25000, + "description": "Per-user ingestion rate limit in samples per second.", + "type": "number", + "x-cli-flag": "distributor.ingestion-rate-limit" + }, + "ingestion_rate_strategy": { + "default": "local", + "description": "Whether the ingestion rate limit should be applied individually to each distributor instance (local), or evenly shared across the cluster (global).", + "type": "string", + "x-cli-flag": "distributor.ingestion-rate-limit-strategy" + }, + "ingestion_tenant_shard_size": { + "default": 0, + "description": "The default tenant's shard size when the shuffle-sharding strategy is used. Must be set both on ingesters and distributors. When this setting is specified in the per-tenant overrides, a value of 0 disables shuffle sharding for the tenant.", + "type": "number", + "x-cli-flag": "distributor.ingestion-tenant-shard-size" + }, + "limits_per_label_set": { + "default": [], + "description": "[Experimental] Enable limits per LabelSet. Supported limits per labelSet: [max_series]", + "items": { + "type": "string" + }, + "type": "array" + }, + "max_cache_freshness": { + "default": "1m", + "description": "Most recent allowed cacheable result per-tenant, to prevent caching very recent results that might still be in flux.", + "type": "string", + "x-cli-flag": "frontend.max-cache-freshness", + "x-format": "duration" + }, + "max_downloaded_bytes_per_request": { + "default": 0, + "description": "The maximum number of data bytes to download per gRPC request in Store Gateway, including Series/LabelNames/LabelValues requests. 0 to disable.", + "type": "number", + "x-cli-flag": "store-gateway.max-downloaded-bytes-per-request" + }, + "max_exemplars": { + "default": 0, + "description": "Enables support for exemplars in TSDB and sets the maximum number that will be stored. less than zero means disabled. If the value is set to zero, cortex will fallback to blocks-storage.tsdb.max-exemplars value.", + "type": "number", + "x-cli-flag": "ingester.max-exemplars" + }, + "max_fetched_chunk_bytes_per_query": { + "default": 0, + "description": "Deprecated (use max-fetched-data-bytes-per-query instead): The maximum size of all chunks in bytes that a query can fetch from each ingester and storage. This limit is enforced in the querier, ruler and store-gateway. 0 to disable.", + "type": "number", + "x-cli-flag": "querier.max-fetched-chunk-bytes-per-query" + }, + "max_fetched_chunks_per_query": { + "default": 2000000, + "description": "Maximum number of chunks that can be fetched in a single query from ingesters and long-term storage. This limit is enforced in the querier, ruler and store-gateway. 0 to disable.", + "type": "number", + "x-cli-flag": "querier.max-fetched-chunks-per-query" + }, + "max_fetched_data_bytes_per_query": { + "default": 0, + "description": "The maximum combined size of all data that a query can fetch from each ingester and storage. This limit is enforced in the querier and ruler for `query`, `query_range` and `series` APIs. 0 to disable.", + "type": "number", + "x-cli-flag": "querier.max-fetched-data-bytes-per-query" + }, + "max_fetched_series_per_query": { + "default": 0, + "description": "The maximum number of unique series for which a query can fetch samples from each ingesters and blocks storage. This limit is enforced in the querier, ruler and store-gateway. 0 to disable", + "type": "number", + "x-cli-flag": "querier.max-fetched-series-per-query" + }, + "max_global_metadata_per_metric": { + "default": 0, + "description": "The maximum number of metadata per metric, across the cluster. 0 to disable.", + "type": "number", + "x-cli-flag": "ingester.max-global-metadata-per-metric" + }, + "max_global_metadata_per_user": { + "default": 0, + "description": "The maximum number of active metrics with metadata per user, across the cluster. 0 to disable. Supported only if -distributor.shard-by-all-labels is true.", + "type": "number", + "x-cli-flag": "ingester.max-global-metadata-per-user" + }, + "max_global_native_histogram_series_per_user": { + "default": 0, + "description": "The maximum number of active native histogram series per user, across the cluster before replication. 0 to disable. Supported only if -distributor.shard-by-all-labels and ingester.active-series-metrics-enabled is true.", + "type": "number", + "x-cli-flag": "ingester.max-global-native-histogram-series-per-user" + }, + "max_global_series_per_metric": { + "default": 0, + "description": "The maximum number of active series per metric name, across the cluster before replication. 0 to disable.", + "type": "number", + "x-cli-flag": "ingester.max-global-series-per-metric" + }, + "max_global_series_per_user": { + "default": 0, + "description": "The maximum number of active series per user, across the cluster before replication. 0 to disable. Supported only if -distributor.shard-by-all-labels is true.", + "type": "number", + "x-cli-flag": "ingester.max-global-series-per-user" + }, + "max_label_name_length": { + "default": 1024, + "description": "Maximum length accepted for label names", + "type": "number", + "x-cli-flag": "validation.max-length-label-name" + }, + "max_label_names_per_series": { + "default": 30, + "description": "Maximum number of label names per series.", + "type": "number", + "x-cli-flag": "validation.max-label-names-per-series" + }, + "max_label_value_length": { + "default": 2048, + "description": "Maximum length accepted for label value. This setting also applies to the metric name", + "type": "number", + "x-cli-flag": "validation.max-length-label-value" + }, + "max_labels_size_bytes": { + "default": 0, + "description": "Maximum combined size in bytes of all labels and label values accepted for a series. 0 to disable the limit.", + "type": "number", + "x-cli-flag": "validation.max-labels-size-bytes" + }, + "max_metadata_length": { + "default": 1024, + "description": "Maximum length accepted for metric metadata. Metadata refers to Metric Name, HELP and UNIT.", + "type": "number", + "x-cli-flag": "validation.max-metadata-length" + }, + "max_metadata_per_metric": { + "default": 10, + "description": "The maximum number of metadata per metric, per ingester. 0 to disable.", + "type": "number", + "x-cli-flag": "ingester.max-metadata-per-metric" + }, + "max_metadata_per_user": { + "default": 8000, + "description": "The maximum number of active metrics with metadata per user, per ingester. 0 to disable.", + "type": "number", + "x-cli-flag": "ingester.max-metadata-per-user" + }, + "max_native_histogram_buckets": { + "default": 0, + "description": "Limit on total number of positive and negative buckets allowed in a single native histogram. The resolution of a histogram with more buckets will be reduced until the number of buckets is within the limit. If the limit cannot be reached, the sample will be discarded. 0 means no limit. Enforced at Distributor.", + "type": "number", + "x-cli-flag": "validation.max-native-histogram-buckets" + }, + "max_native_histogram_sample_size_bytes": { + "default": 0, + "description": "Maximum size in bytes of a native histogram sample. 0 to disable the limit.", + "type": "number", + "x-cli-flag": "validation.max-native-histogram-sample-size-bytes" + }, + "max_native_histogram_series_per_user": { + "default": 0, + "description": "The maximum number of active native histogram series per user, per ingester. 0 to disable. Supported only if ingester.active-series-metrics-enabled is true.", + "type": "number", + "x-cli-flag": "ingester.max-native-histogram-series-per-user" + }, + "max_outstanding_requests_per_tenant": { + "default": 100, + "description": "Maximum number of outstanding requests per tenant per request queue (either query frontend or query scheduler); requests beyond this error with HTTP 429.", + "type": "number", + "x-cli-flag": "frontend.max-outstanding-requests-per-tenant" + }, + "max_queriers_per_tenant": { + "default": 0, + "description": "Maximum number of queriers that can handle requests for a single tenant. If set to 0 or value higher than number of available queriers, *all* queriers will handle requests for the tenant. If the value is \u003c 1, it will be treated as a percentage and the gets a percentage of the total queriers. Each frontend (or query-scheduler, if used) will select the same set of queriers for the same tenant (given that all queriers are connected to all frontends / query-schedulers). This option only works with queriers connecting to the query-frontend / query-scheduler, not when using downstream URL.", + "type": "number", + "x-cli-flag": "frontend.max-queriers-per-tenant" + }, + "max_query_length": { + "default": "0s", + "description": "Limit the query time range (end - start time of range query parameter and max - min of data fetched time range). This limit is enforced in the query-frontend and ruler (on the received query). 0 to disable.", + "type": "string", + "x-cli-flag": "store.max-query-length", + "x-format": "duration" + }, + "max_query_lookback": { + "default": "0s", + "description": "Limit how long back data (series and metadata) can be queried, up until \u003clookback\u003e duration ago. This limit is enforced in the query-frontend, querier and ruler. If the requested time range is outside the allowed range, the request will not fail but will be manipulated to only query data within the allowed time range. 0 to disable.", + "type": "string", + "x-cli-flag": "querier.max-query-lookback", + "x-format": "duration" + }, + "max_query_parallelism": { + "default": 14, + "description": "Maximum number of split queries will be scheduled in parallel by the frontend.", + "type": "number", + "x-cli-flag": "querier.max-query-parallelism" + }, + "max_query_response_size": { + "default": 0, + "description": "The maximum total uncompressed query response size. If the query was sharded the limit is applied to the total response size of all shards. This limit is enforced in query-frontend for `query` and `query_range` APIs. 0 to disable.", + "type": "number", + "x-cli-flag": "frontend.max-query-response-size" + }, + "max_series_per_metric": { + "default": 50000, + "description": "The maximum number of active series per metric name, per ingester. 0 to disable.", + "type": "number", + "x-cli-flag": "ingester.max-series-per-metric" + }, + "max_series_per_user": { + "default": 5000000, + "description": "The maximum number of active series per user, per ingester. 0 to disable.", + "type": "number", + "x-cli-flag": "ingester.max-series-per-user" + }, + "metric_relabel_configs": { + "default": [], + "description": "List of metric relabel configurations. Note that in most situations, it is more effective to use metrics relabeling directly in the Prometheus server, e.g. remote_write.write_relabel_configs.", + "type": "string" + }, + "native_histogram_ingestion_burst_size": { + "default": 0, + "description": "Per-user allowed native histogram ingestion burst size (in number of samples)", + "type": "number", + "x-cli-flag": "distributor.native-histogram-ingestion-burst-size" + }, + "native_histogram_ingestion_rate": { + "default": 1.7976931348623157e+308, + "description": "Per-user native histogram ingestion rate limit in samples per second. Disabled by default", + "type": "number", + "x-cli-flag": "distributor.native-histogram-ingestion-rate-limit" + }, + "out_of_order_time_window": { + "default": "0s", + "description": "[Experimental] Configures the allowed time window for ingestion of out-of-order samples. Disabled (0s) by default.", + "type": "string", + "x-cli-flag": "ingester.out-of-order-time-window", + "x-format": "duration" + }, + "promote_resource_attributes": { + "description": "Comma separated list of resource attributes that should be converted to labels.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "distributor.promote-resource-attributes" + }, + "query_partial_data": { + "default": false, + "description": "Enable to allow queries to be evaluated with data from a single zone, if other zones are not available.", + "type": "boolean" + }, + "query_priority": { + "description": "Configuration for query priority.", + "properties": { + "default_priority": { + "default": 0, + "description": "Priority assigned to all queries by default. Must be a unique value. Use this as a baseline to make certain queries higher/lower priority.", + "type": "number", + "x-cli-flag": "frontend.query-priority.default-priority" + }, + "enabled": { + "default": false, + "description": "Whether queries are assigned with priorities.", + "type": "boolean", + "x-cli-flag": "frontend.query-priority.enabled" + }, + "priorities": { + "default": [], + "description": "List of priority definitions.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "query_rejection": { + "description": "Configuration for query rejection.", + "properties": { + "enabled": { + "default": false, + "description": "Whether query rejection is enabled.", + "type": "boolean", + "x-cli-flag": "frontend.query-rejection.enabled" + }, + "query_attributes": { + "default": [], + "description": "List of query_attributes to match and reject queries. A query is rejected if it matches any query_attribute in this list. Each query_attribute has several properties (e.g., regex, time_window, user_agent), and all specified properties must match for a query_attribute to be considered a match. Only the specified properties are checked, and an AND operator is applied to them.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "reject_old_samples": { + "default": false, + "description": "Reject old samples.", + "type": "boolean", + "x-cli-flag": "validation.reject-old-samples" + }, + "reject_old_samples_max_age": { + "default": "2w", + "description": "Maximum accepted sample age before rejecting.", + "type": "string", + "x-cli-flag": "validation.reject-old-samples.max-age", + "x-format": "duration" + }, + "ruler_evaluation_delay_duration": { + "default": "0s", + "description": "Deprecated(use ruler.query-offset instead) and will be removed in v1.19.0: Duration to delay the evaluation of rules to ensure the underlying metrics have been pushed to Cortex.", + "type": "string", + "x-cli-flag": "ruler.evaluation-delay-duration", + "x-format": "duration" + }, + "ruler_external_labels": { + "additionalProperties": true, + "default": [], + "description": "external labels for alerting rules", + "type": "object" + }, + "ruler_max_rule_groups_per_tenant": { + "default": 0, + "description": "Maximum number of rule groups per-tenant. 0 to disable.", + "type": "number", + "x-cli-flag": "ruler.max-rule-groups-per-tenant" + }, + "ruler_max_rules_per_rule_group": { + "default": 0, + "description": "Maximum number of rules per rule group per-tenant. 0 to disable.", + "type": "number", + "x-cli-flag": "ruler.max-rules-per-rule-group" + }, + "ruler_query_offset": { + "default": "0s", + "description": "Duration to offset all rule evaluation queries per-tenant.", + "type": "string", + "x-cli-flag": "ruler.query-offset", + "x-format": "duration" + }, + "ruler_tenant_shard_size": { + "default": 0, + "description": "The default tenant's shard size when the shuffle-sharding strategy is used by ruler. When this setting is specified in the per-tenant overrides, a value of 0 disables shuffle sharding for the tenant. If the value is \u003c 1 the shard size will be a percentage of the total rulers.", + "type": "number", + "x-cli-flag": "ruler.tenant-shard-size" + }, + "rules_partial_data": { + "default": false, + "description": "Enable to allow rules to be evaluated with data from a single zone, if other zones are not available.", + "type": "boolean" + }, + "s3_sse_kms_encryption_context": { + "description": "S3 server-side encryption KMS encryption context. If unset and the key ID override is set, the encryption context will not be provided to S3. Ignored if the SSE type override is not set.", + "type": "string" + }, + "s3_sse_kms_key_id": { + "description": "S3 server-side encryption KMS Key ID. Ignored if the SSE type override is not set.", + "type": "string" + }, + "s3_sse_type": { + "description": "S3 server-side encryption type. Required to enable server-side encryption overrides for a specific tenant. If not set, the default S3 client settings are used.", + "type": "string" + }, + "store_gateway_tenant_shard_size": { + "default": 0, + "description": "The default tenant's shard size when the shuffle-sharding strategy is used. Must be set when the store-gateway sharding is enabled with the shuffle-sharding strategy. When this setting is specified in the per-tenant overrides, a value of 0 disables shuffle sharding for the tenant. If the value is \u003c 1 the shard size will be a percentage of the total store-gateways.", + "type": "number", + "x-cli-flag": "store-gateway.tenant-shard-size" + } + }, + "type": "object" + }, + "memberlist_config": { + "description": "The memberlist_config configures the Gossip memberlist.", + "properties": { + "abort_if_cluster_join_fails": { + "default": true, + "description": "If this node fails to join memberlist cluster, abort.", + "type": "boolean", + "x-cli-flag": "memberlist.abort-if-join-fails" + }, + "advertise_addr": { + "description": "Gossip address to advertise to other members in the cluster. Used for NAT traversal.", + "type": "string", + "x-cli-flag": "memberlist.advertise-addr" + }, + "advertise_port": { + "default": 7946, + "description": "Gossip port to advertise to other members in the cluster. Used for NAT traversal.", + "type": "number", + "x-cli-flag": "memberlist.advertise-port" + }, + "bind_addr": { + "default": [], + "description": "IP address to listen on for gossip messages. Multiple addresses may be specified. Defaults to 0.0.0.0", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "memberlist.bind-addr" + }, + "bind_port": { + "default": 7946, + "description": "Port to listen on for gossip messages.", + "type": "number", + "x-cli-flag": "memberlist.bind-port" + }, + "compression_enabled": { + "default": true, + "description": "Enable message compression. This can be used to reduce bandwidth usage at the cost of slightly more CPU utilization.", + "type": "boolean", + "x-cli-flag": "memberlist.compression-enabled" + }, + "dead_node_reclaim_time": { + "default": "0s", + "description": "How soon can dead node's name be reclaimed with new address. 0 to disable.", + "type": "string", + "x-cli-flag": "memberlist.dead-node-reclaim-time", + "x-format": "duration" + }, + "gossip_interval": { + "default": "200ms", + "description": "How often to gossip.", + "type": "string", + "x-cli-flag": "memberlist.gossip-interval", + "x-format": "duration" + }, + "gossip_nodes": { + "default": 3, + "description": "How many nodes to gossip to.", + "type": "number", + "x-cli-flag": "memberlist.gossip-nodes" + }, + "gossip_to_dead_nodes_time": { + "default": "30s", + "description": "How long to keep gossiping to dead nodes, to give them chance to refute their death.", + "type": "string", + "x-cli-flag": "memberlist.gossip-to-dead-nodes-time", + "x-format": "duration" + }, + "join_members": { + "default": [], + "description": "Other cluster members to join. Can be specified multiple times. It can be an IP, hostname or an entry specified in the DNS Service Discovery format.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "memberlist.join" + }, + "leave_timeout": { + "default": "5s", + "description": "Timeout for leaving memberlist cluster.", + "type": "string", + "x-cli-flag": "memberlist.leave-timeout", + "x-format": "duration" + }, + "left_ingesters_timeout": { + "default": "5m0s", + "description": "How long to keep LEFT ingesters in the ring.", + "type": "string", + "x-cli-flag": "memberlist.left-ingesters-timeout", + "x-format": "duration" + }, + "max_join_backoff": { + "default": "1m0s", + "description": "Max backoff duration to join other cluster members.", + "type": "string", + "x-cli-flag": "memberlist.max-join-backoff", + "x-format": "duration" + }, + "max_join_retries": { + "default": 10, + "description": "Max number of retries to join other cluster members.", + "type": "number", + "x-cli-flag": "memberlist.max-join-retries" + }, + "message_history_buffer_bytes": { + "default": 0, + "description": "How much space to use for keeping received and sent messages in memory for troubleshooting (two buffers). 0 to disable.", + "type": "number", + "x-cli-flag": "memberlist.message-history-buffer-bytes" + }, + "min_join_backoff": { + "default": "1s", + "description": "Min backoff duration to join other cluster members.", + "type": "string", + "x-cli-flag": "memberlist.min-join-backoff", + "x-format": "duration" + }, + "node_name": { + "description": "Name of the node in memberlist cluster. Defaults to hostname.", + "type": "string", + "x-cli-flag": "memberlist.nodename" + }, + "packet_dial_timeout": { + "default": "5s", + "description": "Timeout used when connecting to other nodes to send packet.", + "type": "string", + "x-cli-flag": "memberlist.packet-dial-timeout", + "x-format": "duration" + }, + "packet_write_timeout": { + "default": "5s", + "description": "Timeout for writing 'packet' data.", + "type": "string", + "x-cli-flag": "memberlist.packet-write-timeout", + "x-format": "duration" + }, + "pull_push_interval": { + "default": "30s", + "description": "How often to use pull/push sync.", + "type": "string", + "x-cli-flag": "memberlist.pullpush-interval", + "x-format": "duration" + }, + "randomize_node_name": { + "default": true, + "description": "Add random suffix to the node name.", + "type": "boolean", + "x-cli-flag": "memberlist.randomize-node-name" + }, + "rejoin_interval": { + "default": "0s", + "description": "If not 0, how often to rejoin the cluster. Occasional rejoin can help to fix the cluster split issue, and is harmless otherwise. For example when using only few components as a seed nodes (via -memberlist.join), then it's recommended to use rejoin. If -memberlist.join points to dynamic service that resolves to all gossiping nodes (eg. Kubernetes headless service), then rejoin is not needed.", + "type": "string", + "x-cli-flag": "memberlist.rejoin-interval", + "x-format": "duration" + }, + "retransmit_factor": { + "default": 4, + "description": "Multiplication factor used when sending out messages (factor * log(N+1)).", + "type": "number", + "x-cli-flag": "memberlist.retransmit-factor" + }, + "stream_timeout": { + "default": "10s", + "description": "The timeout for establishing a connection with a remote node, and for read/write operations.", + "type": "string", + "x-cli-flag": "memberlist.stream-timeout", + "x-format": "duration" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "memberlist.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "memberlist.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS on the memberlist transport layer.", + "type": "boolean", + "x-cli-flag": "memberlist.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "memberlist.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "memberlist.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "memberlist.tls-server-name" + } + }, + "type": "object" + }, + "memcached_client_config": { + "description": "The memcached_client_config configures the client used to connect to Memcached.", + "properties": { + "addresses": { + "description": "EXPERIMENTAL: Comma separated addresses list in DNS Service Discovery format: https://cortexmetrics.io/docs/configuration/arguments/#dns-service-discovery", + "type": "string", + "x-cli-flag": "frontend.memcached.addresses" + }, + "circuit_breaker_consecutive_failures": { + "default": 10, + "description": "Trip circuit-breaker after this number of consecutive dial failures (if zero then circuit-breaker is disabled).", + "type": "number", + "x-cli-flag": "frontend.memcached.circuit-breaker-consecutive-failures" + }, + "circuit_breaker_interval": { + "default": "10s", + "description": "Reset circuit-breaker counts after this long (if zero then never reset).", + "type": "string", + "x-cli-flag": "frontend.memcached.circuit-breaker-interval", + "x-format": "duration" + }, + "circuit_breaker_timeout": { + "default": "10s", + "description": "Duration circuit-breaker remains open after tripping (if zero then 60 seconds is used).", + "type": "string", + "x-cli-flag": "frontend.memcached.circuit-breaker-timeout", + "x-format": "duration" + }, + "consistent_hash": { + "default": true, + "description": "Use consistent hashing to distribute to memcache servers.", + "type": "boolean", + "x-cli-flag": "frontend.memcached.consistent-hash" + }, + "host": { + "description": "Hostname for memcached service to use. If empty and if addresses is unset, no memcached will be used.", + "type": "string", + "x-cli-flag": "frontend.memcached.hostname" + }, + "max_idle_conns": { + "default": 16, + "description": "Maximum number of idle connections in pool.", + "type": "number", + "x-cli-flag": "frontend.memcached.max-idle-conns" + }, + "max_item_size": { + "default": 0, + "description": "The maximum size of an item stored in memcached. Bigger items are not stored. If set to 0, no maximum size is enforced.", + "type": "number", + "x-cli-flag": "frontend.memcached.max-item-size" + }, + "service": { + "default": "memcached", + "description": "SRV service used to discover memcache servers.", + "type": "string", + "x-cli-flag": "frontend.memcached.service" + }, + "timeout": { + "default": "100ms", + "description": "Maximum time to wait before giving up on memcached requests.", + "type": "string", + "x-cli-flag": "frontend.memcached.timeout", + "x-format": "duration" + }, + "update_interval": { + "default": "1m0s", + "description": "Period with which to poll DNS for memcache servers.", + "type": "string", + "x-cli-flag": "frontend.memcached.update-interval", + "x-format": "duration" + } + }, + "type": "object" + }, + "memcached_config": { + "description": "The memcached_config block configures how data is stored in Memcached (ie. expiration).", + "properties": { + "batch_size": { + "default": 1024, + "description": "How many keys to fetch in each batch.", + "type": "number", + "x-cli-flag": "frontend.memcached.batchsize" + }, + "expiration": { + "default": "0s", + "description": "How long keys stay in the memcache.", + "type": "string", + "x-cli-flag": "frontend.memcached.expiration", + "x-format": "duration" + }, + "parallelism": { + "default": 100, + "description": "Maximum active requests to memcache.", + "type": "number", + "x-cli-flag": "frontend.memcached.parallelism" + } + }, + "type": "object" + }, + "querier_config": { + "description": "The querier_config configures the Cortex querier.", + "properties": { + "active_query_tracker_dir": { + "default": "./active-query-tracker", + "description": "Active query tracker monitors active queries, and writes them to the file in given directory. If Cortex discovers any queries in this log during startup, it will log them to the log file. Setting to empty value disables active query tracker, which also disables -querier.max-concurrent option.", + "type": "string", + "x-cli-flag": "querier.active-query-tracker-dir" + }, + "default_evaluation_interval": { + "default": "1m0s", + "description": "The default evaluation interval or step size for subqueries.", + "type": "string", + "x-cli-flag": "querier.default-evaluation-interval", + "x-format": "duration" + }, + "enable_parquet_queryable": { + "default": false, + "description": "[Experimental] If true, querier will try to query the parquet files if available.", + "type": "boolean", + "x-cli-flag": "querier.enable-parquet-queryable" + }, + "enable_promql_experimental_functions": { + "default": false, + "description": "[Experimental] If true, experimental promQL functions are enabled.", + "type": "boolean", + "x-cli-flag": "querier.enable-promql-experimental-functions" + }, + "ignore_max_query_length": { + "default": false, + "description": "If enabled, ignore max query length check at Querier select method. Users can choose to ignore it since the validation can be done before Querier evaluation like at Query Frontend or Ruler.", + "type": "boolean", + "x-cli-flag": "querier.ignore-max-query-length" + }, + "ingester_label_names_with_matchers": { + "default": false, + "description": "Use LabelNames ingester RPCs with match params.", + "type": "boolean", + "x-cli-flag": "querier.ingester-label-names-with-matchers" + }, + "ingester_metadata_streaming": { + "default": true, + "description": "Deprecated (This feature will be always on after v1.18): Use streaming RPCs for metadata APIs from ingester.", + "type": "boolean", + "x-cli-flag": "querier.ingester-metadata-streaming" + }, + "ingester_query_max_attempts": { + "default": 1, + "description": "The maximum number of times we attempt fetching data from ingesters for retryable errors (ex. partial data returned).", + "type": "number", + "x-cli-flag": "querier.ingester-query-max-attempts" + }, + "lookback_delta": { + "default": "5m0s", + "description": "Time since the last sample after which a time series is considered stale and ignored by expression evaluations.", + "type": "string", + "x-cli-flag": "querier.lookback-delta", + "x-format": "duration" + }, + "max_concurrent": { + "default": 20, + "description": "The maximum number of concurrent queries.", + "type": "number", + "x-cli-flag": "querier.max-concurrent" + }, + "max_query_into_future": { + "default": "10m0s", + "description": "Maximum duration into the future you can query. 0 to disable.", + "type": "string", + "x-cli-flag": "querier.max-query-into-future", + "x-format": "duration" + }, + "max_samples": { + "default": 50000000, + "description": "Maximum number of samples a single query can load into memory.", + "type": "number", + "x-cli-flag": "querier.max-samples" + }, + "max_subquery_steps": { + "default": 0, + "description": "Max number of steps allowed for every subquery expression in query. Number of steps is calculated using subquery range / step. A value \u003e 0 enables it.", + "type": "number", + "x-cli-flag": "querier.max-subquery-steps" + }, + "parquet_queryable_default_block_store": { + "default": "parquet", + "description": "[Experimental] Parquet queryable's default block store to query. Valid options are tsdb and parquet. If it is set to tsdb, parquet queryable always fallback to store gateway.", + "type": "string", + "x-cli-flag": "querier.parquet-queryable-default-block-store" + }, + "parquet_queryable_fallback_disabled": { + "default": false, + "description": "[Experimental] Disable Parquet queryable to fallback queries to Store Gateway if the block is not available as Parquet files but available in TSDB. Setting this to true will disable the fallback and users can remove Store Gateway. But need to make sure Parquet files are created before it is queryable.", + "type": "boolean", + "x-cli-flag": "querier.parquet-queryable-fallback-disabled" + }, + "parquet_queryable_shard_cache_size": { + "default": 512, + "description": "[Experimental] Maximum size of the Parquet queryable shard cache. 0 to disable.", + "type": "number", + "x-cli-flag": "querier.parquet-queryable-shard-cache-size" + }, + "per_step_stats_enabled": { + "default": false, + "description": "Enable returning samples stats per steps in query response.", + "type": "boolean", + "x-cli-flag": "querier.per-step-stats-enabled" + }, + "query_ingesters_within": { + "default": "0s", + "description": "Maximum lookback beyond which queries are not sent to ingester. 0 means all queries are sent to ingester.", + "type": "string", + "x-cli-flag": "querier.query-ingesters-within", + "x-format": "duration" + }, + "query_store_after": { + "default": "0s", + "description": "The time after which a metric should be queried from storage and not just ingesters. 0 means all queries are sent to store. When running the blocks storage, if this option is enabled, the time range of the query sent to the store will be manipulated to ensure the query end is not more recent than 'now - query-store-after'.", + "type": "string", + "x-cli-flag": "querier.query-store-after", + "x-format": "duration" + }, + "response_compression": { + "default": "gzip", + "description": "Use compression for metrics query API or instant and range query APIs. Supported compression 'gzip', 'snappy', 'zstd' and '' (disable compression)", + "type": "string", + "x-cli-flag": "querier.response-compression" + }, + "shuffle_sharding_ingesters_lookback_period": { + "default": "0s", + "description": "When distributor's sharding strategy is shuffle-sharding and this setting is \u003e 0, queriers fetch in-memory series from the minimum set of required ingesters, selecting only ingesters which may have received series since 'now - lookback period'. The lookback period should be greater or equal than the configured 'query store after' and 'query ingesters within'. If this setting is 0, queriers always query all ingesters (ingesters shuffle sharding on read path is disabled).", + "type": "string", + "x-cli-flag": "querier.shuffle-sharding-ingesters-lookback-period", + "x-format": "duration" + }, + "store_gateway_addresses": { + "description": "Comma separated list of store-gateway addresses in DNS Service Discovery format. This option should be set when using the blocks storage and the store-gateway sharding is disabled (when enabled, the store-gateway instances form a ring and addresses are picked from the ring).", + "type": "string", + "x-cli-flag": "querier.store-gateway-addresses" + }, + "store_gateway_client": { + "properties": { + "connect_timeout": { + "default": "5s", + "description": "The maximum amount of time to establish a connection. A value of 0 means using default gRPC client connect timeout 5s.", + "type": "string", + "x-cli-flag": "querier.store-gateway-client.connect-timeout", + "x-format": "duration" + }, + "grpc_compression": { + "description": "Use compression when sending messages. Supported values are: 'gzip', 'snappy' and '' (disable compression)", + "type": "string", + "x-cli-flag": "querier.store-gateway-client.grpc-compression" + }, + "healthcheck_config": { + "description": "EXPERIMENTAL: If enabled, gRPC clients perform health checks for each target and fail the request if the target is marked as unhealthy.", + "properties": { + "interval": { + "default": "5s", + "description": "The approximate amount of time between health checks of an individual target.", + "type": "string", + "x-cli-flag": "querier.store-gateway-client.healthcheck.interval", + "x-format": "duration" + }, + "timeout": { + "default": "1s", + "description": "The amount of time during which no response from a target means a failed health check.", + "type": "string", + "x-cli-flag": "querier.store-gateway-client.healthcheck.timeout", + "x-format": "duration" + }, + "unhealthy_threshold": { + "default": 0, + "description": "The number of consecutive failed health checks required before considering a target unhealthy. 0 means disabled.", + "type": "number", + "x-cli-flag": "querier.store-gateway-client.healthcheck.unhealthy-threshold" + } + }, + "type": "object" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "querier.store-gateway-client.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "querier.store-gateway-client.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS for gRPC client connecting to store-gateway.", + "type": "boolean", + "x-cli-flag": "querier.store-gateway-client.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "querier.store-gateway-client.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "querier.store-gateway-client.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "querier.store-gateway-client.tls-server-name" + } + }, + "type": "object" + }, + "store_gateway_consistency_check_max_attempts": { + "default": 3, + "description": "The maximum number of times we attempt fetching missing blocks from different store-gateways. If no more store-gateways are left (ie. due to lower replication factor) than we'll end the retries earlier", + "type": "number", + "x-cli-flag": "querier.store-gateway-consistency-check-max-attempts" + }, + "store_gateway_query_stats": { + "default": true, + "description": "If enabled, store gateway query stats will be logged using `info` log level.", + "type": "boolean", + "x-cli-flag": "querier.store-gateway-query-stats-enabled" + }, + "thanos_engine": { + "properties": { + "enable_x_functions": { + "default": false, + "description": "Enable xincrease, xdelta, xrate etc from Thanos engine.", + "type": "boolean", + "x-cli-flag": "querier.enable-x-functions" + }, + "enabled": { + "default": false, + "description": "Experimental. Use Thanos promql engine https://github.com/thanos-io/promql-engine rather than the Prometheus promql engine.", + "type": "boolean", + "x-cli-flag": "querier.thanos-engine" + }, + "optimizers": { + "default": "default", + "description": "Logical plan optimizers. Multiple optimizers can be provided as a comma-separated list. Supported values: default, all, propagate-matchers, sort-matchers, merge-selects, detect-histogram-stats", + "type": "string", + "x-cli-flag": "querier.optimizers" + } + }, + "type": "object" + }, + "timeout": { + "default": "2m0s", + "description": "The timeout for a query.", + "type": "string", + "x-cli-flag": "querier.timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "query_frontend_config": { + "description": "The query_frontend_config configures the Cortex query-frontend.", + "properties": { + "downstream_url": { + "description": "URL of downstream Prometheus.", + "type": "string", + "x-cli-flag": "frontend.downstream-url" + }, + "enabled_ruler_query_stats_log": { + "default": false, + "description": "If enabled, report the query stats log for queries coming from the ruler to evaluate rules. It only takes effect when '-ruler.frontend-address' is configured.", + "type": "boolean", + "x-cli-flag": "frontend.enabled-ruler-query-stats" + }, + "grpc_client_config": { + "properties": { + "backoff_config": { + "properties": { + "max_period": { + "default": "10s", + "description": "Maximum delay when backing off.", + "type": "string", + "x-cli-flag": "frontend.grpc-client-config.backoff-max-period", + "x-format": "duration" + }, + "max_retries": { + "default": 10, + "description": "Number of times to backoff and retry before failing.", + "type": "number", + "x-cli-flag": "frontend.grpc-client-config.backoff-retries" + }, + "min_period": { + "default": "100ms", + "description": "Minimum delay when backing off.", + "type": "string", + "x-cli-flag": "frontend.grpc-client-config.backoff-min-period", + "x-format": "duration" + } + }, + "type": "object" + }, + "backoff_on_ratelimits": { + "default": false, + "description": "Enable backoff and retry when we hit ratelimits.", + "type": "boolean", + "x-cli-flag": "frontend.grpc-client-config.backoff-on-ratelimits" + }, + "connect_timeout": { + "default": "5s", + "description": "The maximum amount of time to establish a connection. A value of 0 means using default gRPC client connect timeout 20s.", + "type": "string", + "x-cli-flag": "frontend.grpc-client-config.connect-timeout", + "x-format": "duration" + }, + "grpc_compression": { + "description": "Use compression when sending messages. Supported values are: 'gzip', 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)", + "type": "string", + "x-cli-flag": "frontend.grpc-client-config.grpc-compression" + }, + "max_recv_msg_size": { + "default": 104857600, + "description": "gRPC client max receive message size (bytes).", + "type": "number", + "x-cli-flag": "frontend.grpc-client-config.grpc-max-recv-msg-size" + }, + "max_send_msg_size": { + "default": 16777216, + "description": "gRPC client max send message size (bytes).", + "type": "number", + "x-cli-flag": "frontend.grpc-client-config.grpc-max-send-msg-size" + }, + "rate_limit": { + "default": 0, + "description": "Rate limit for gRPC client; 0 means disabled.", + "type": "number", + "x-cli-flag": "frontend.grpc-client-config.grpc-client-rate-limit" + }, + "rate_limit_burst": { + "default": 0, + "description": "Rate limit burst for gRPC client.", + "type": "number", + "x-cli-flag": "frontend.grpc-client-config.grpc-client-rate-limit-burst" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "frontend.grpc-client-config.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "frontend.grpc-client-config.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS in the GRPC client. This flag needs to be enabled when any other TLS flag is set. If set to false, insecure connection to gRPC server will be used.", + "type": "boolean", + "x-cli-flag": "frontend.grpc-client-config.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "frontend.grpc-client-config.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "frontend.grpc-client-config.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "frontend.grpc-client-config.tls-server-name" + } + }, + "type": "object" + }, + "instance_interface_names": { + "default": "[eth0 en0]", + "description": "Name of network interface to read address from. This address is sent to query-scheduler and querier, which uses it to send the query response back to query-frontend.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "frontend.instance-interface-names" + }, + "log_queries_longer_than": { + "default": "0s", + "description": "Log queries that are slower than the specified duration. Set to 0 to disable. Set to \u003c 0 to enable on all queries.", + "type": "string", + "x-cli-flag": "frontend.log-queries-longer-than", + "x-format": "duration" + }, + "max_body_size": { + "default": 10485760, + "description": "Max body size for downstream prometheus.", + "type": "number", + "x-cli-flag": "frontend.max-body-size" + }, + "querier_forget_delay": { + "default": "0s", + "description": "If a querier disconnects without sending notification about graceful shutdown, the query-frontend will keep the querier in the tenant's shard until the forget delay has passed. This feature is useful to reduce the blast radius when shuffle-sharding is enabled.", + "type": "string", + "x-cli-flag": "query-frontend.querier-forget-delay", + "x-format": "duration" + }, + "query_stats_enabled": { + "default": false, + "description": "True to enable query statistics tracking. When enabled, a message with some statistics is logged for every query.", + "type": "boolean", + "x-cli-flag": "frontend.query-stats-enabled" + }, + "retry_on_too_many_outstanding_requests": { + "default": false, + "description": "When multiple query-schedulers are available, re-enqueue queries that were rejected due to too many outstanding requests.", + "type": "boolean", + "x-cli-flag": "frontend.retry-on-too-many-outstanding-requests" + }, + "scheduler_address": { + "description": "DNS hostname used for finding query-schedulers.", + "type": "string", + "x-cli-flag": "frontend.scheduler-address" + }, + "scheduler_dns_lookup_period": { + "default": "10s", + "description": "How often to resolve the scheduler-address, in order to look for new query-scheduler instances.", + "type": "string", + "x-cli-flag": "frontend.scheduler-dns-lookup-period", + "x-format": "duration" + }, + "scheduler_worker_concurrency": { + "default": 5, + "description": "Number of concurrent workers forwarding queries to single query-scheduler.", + "type": "number", + "x-cli-flag": "frontend.scheduler-worker-concurrency" + } + }, + "type": "object" + }, + "query_range_config": { + "description": "The query_range_config configures the query splitting and caching in the Cortex query-frontend.", + "properties": { + "align_queries_with_step": { + "default": false, + "description": "Mutate incoming queries to align their start and end with their step.", + "type": "boolean", + "x-cli-flag": "querier.align-querier-with-step" + }, + "cache_results": { + "default": false, + "description": "Cache query results.", + "type": "boolean", + "x-cli-flag": "querier.cache-results" + }, + "dynamic_query_splits": { + "properties": { + "enable_dynamic_vertical_sharding": { + "default": false, + "description": "[EXPERIMENTAL] Dynamically adjust vertical shard size to maximize the total combined number of query shards and splits.", + "type": "boolean", + "x-cli-flag": "querier.enable-dynamic-vertical-sharding" + }, + "max_fetched_data_duration_per_query": { + "default": "0s", + "description": "[EXPERIMENTAL] Max total duration of data fetched from storage by all query shards, 0 disables it. Dynamically uses a multiple of split interval to maintain a total fetched duration of data lower than the value set. It takes into account additional duration fetched by matrix selectors and subqueries.", + "type": "string", + "x-cli-flag": "querier.max-fetched-data-duration-per-query", + "x-format": "duration" + }, + "max_shards_per_query": { + "default": 0, + "description": "[EXPERIMENTAL] Maximum number of shards for a query, 0 disables it. Dynamically uses a multiple of split interval to maintain a total number of shards below the set value. If vertical sharding is enabled for a query, the combined total number of interval splits and vertical shards is kept below this value.", + "type": "number", + "x-cli-flag": "querier.max-shards-per-query" + } + }, + "type": "object" + }, + "forward_headers_list": { + "default": [], + "description": "List of headers forwarded by the query Frontend to downstream querier.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "frontend.forward-headers-list" + }, + "max_retries": { + "default": 5, + "description": "Maximum number of retries for a single request; beyond this, the downstream error is returned.", + "type": "number", + "x-cli-flag": "querier.max-retries-per-request" + }, + "results_cache": { + "properties": { + "cache": { + "properties": { + "background": { + "properties": { + "writeback_buffer": { + "default": 10000, + "description": "How many key batches to buffer for background write-back.", + "type": "number", + "x-cli-flag": "frontend.background.write-back-buffer" + }, + "writeback_goroutines": { + "default": 10, + "description": "At what concurrency to write back to cache.", + "type": "number", + "x-cli-flag": "frontend.background.write-back-concurrency" + } + }, + "type": "object" + }, + "default_validity": { + "default": "0s", + "description": "The default validity of entries for caches unless overridden.", + "type": "string", + "x-cli-flag": "frontend.default-validity", + "x-format": "duration" + }, + "enable_fifocache": { + "default": false, + "description": "Enable in-memory cache.", + "type": "boolean", + "x-cli-flag": "frontend.cache.enable-fifocache" + }, + "fifocache": { + "$ref": "#/definitions/fifo_cache_config" + }, + "memcached": { + "$ref": "#/definitions/memcached_config" + }, + "memcached_client": { + "$ref": "#/definitions/memcached_client_config" + }, + "redis": { + "$ref": "#/definitions/redis_config" + } + }, + "type": "object" + }, + "cache_queryable_samples_stats": { + "default": false, + "description": "Cache Statistics queryable samples on results cache.", + "type": "boolean", + "x-cli-flag": "frontend.cache-queryable-samples-stats" + }, + "compression": { + "description": "Use compression in results cache. Supported values are: 'snappy' and '' (disable compression).", + "type": "string", + "x-cli-flag": "frontend.compression" + } + }, + "type": "object" + }, + "split_queries_by_interval": { + "default": "0s", + "description": "Split queries by an interval and execute in parallel, 0 disables it. You should use a multiple of 24 hours (same as the storage bucketing scheme), to avoid queriers downloading and processing the same chunks. This also determines how cache keys are chosen when result caching is enabled", + "type": "string", + "x-cli-flag": "querier.split-queries-by-interval", + "x-format": "duration" + } + }, + "type": "object" + }, + "redis_config": { + "description": "The redis_config configures the Redis backend cache.", + "properties": { + "db": { + "default": 0, + "description": "Database index.", + "type": "number", + "x-cli-flag": "frontend.redis.db" + }, + "endpoint": { + "description": "Redis Server endpoint to use for caching. A comma-separated list of endpoints for Redis Cluster or Redis Sentinel. If empty, no redis will be used.", + "type": "string", + "x-cli-flag": "frontend.redis.endpoint" + }, + "expiration": { + "default": "0s", + "description": "How long keys stay in the redis.", + "type": "string", + "x-cli-flag": "frontend.redis.expiration", + "x-format": "duration" + }, + "idle_timeout": { + "default": "0s", + "description": "Close connections after remaining idle for this duration. If the value is zero, then idle connections are not closed.", + "type": "string", + "x-cli-flag": "frontend.redis.idle-timeout", + "x-format": "duration" + }, + "master_name": { + "description": "Redis Sentinel master name. An empty string for Redis Server or Redis Cluster.", + "type": "string", + "x-cli-flag": "frontend.redis.master-name" + }, + "max_connection_age": { + "default": "0s", + "description": "Close connections older than this duration. If the value is zero, then the pool does not close connections based on age.", + "type": "string", + "x-cli-flag": "frontend.redis.max-connection-age", + "x-format": "duration" + }, + "password": { + "description": "Password to use when connecting to redis.", + "type": "string", + "x-cli-flag": "frontend.redis.password" + }, + "pool_size": { + "default": 0, + "description": "Maximum number of connections in the pool.", + "type": "number", + "x-cli-flag": "frontend.redis.pool-size" + }, + "timeout": { + "default": "500ms", + "description": "Maximum time to wait before giving up on redis requests.", + "type": "string", + "x-cli-flag": "frontend.redis.timeout", + "x-format": "duration" + }, + "tls_enabled": { + "default": false, + "description": "Enable connecting to redis with TLS.", + "type": "boolean", + "x-cli-flag": "frontend.redis.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "frontend.redis.tls-insecure-skip-verify" + } + }, + "type": "object" + }, + "ruler_config": { + "description": "The ruler_config configures the Cortex ruler.", + "properties": { + "alertmanager_client": { + "properties": { + "basic_auth_password": { + "description": "HTTP Basic authentication password. It overrides the password set in the URL (if any).", + "type": "string", + "x-cli-flag": "ruler.alertmanager-client.basic-auth-password" + }, + "basic_auth_username": { + "description": "HTTP Basic authentication username. It overrides the username set in the URL (if any).", + "type": "string", + "x-cli-flag": "ruler.alertmanager-client.basic-auth-username" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "ruler.alertmanager-client.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "ruler.alertmanager-client.tls-cert-path" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "ruler.alertmanager-client.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "ruler.alertmanager-client.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "ruler.alertmanager-client.tls-server-name" + } + }, + "type": "object" + }, + "alertmanager_refresh_interval": { + "default": "1m0s", + "description": "How long to wait between refreshing DNS resolutions of Alertmanager hosts.", + "type": "string", + "x-cli-flag": "ruler.alertmanager-refresh-interval", + "x-format": "duration" + }, + "alertmanager_url": { + "description": "Comma-separated list of URL(s) of the Alertmanager(s) to send notifications to. Each Alertmanager URL is treated as a separate group in the configuration. Multiple Alertmanagers in HA per group can be supported by using DNS resolution via -ruler.alertmanager-discovery.", + "type": "string", + "x-cli-flag": "ruler.alertmanager-url" + }, + "api_deduplicate_rules": { + "default": false, + "description": "EXPERIMENTAL: Remove duplicate rules in the prometheus rules and alerts API response. If there are duplicate rules the rule with the latest evaluation timestamp will be kept.", + "type": "boolean", + "x-cli-flag": "experimental.ruler.api-deduplicate-rules" + }, + "concurrent_evals_enabled": { + "default": false, + "description": "If enabled, rules from a single rule group can be evaluated concurrently if there is no dependency between each other. Max concurrency for each rule group is controlled via ruler.max-concurrent-evals flag.", + "type": "boolean", + "x-cli-flag": "ruler.concurrent-evals-enabled" + }, + "disable_rule_group_label": { + "default": false, + "description": "Disable the rule_group label on exported metrics", + "type": "boolean", + "x-cli-flag": "ruler.disable-rule-group-label" + }, + "disabled_tenants": { + "description": "Comma separated list of tenants whose rules this ruler cannot evaluate. If specified, a ruler that would normally pick the specified tenant(s) for processing will ignore them instead. Subject to sharding.", + "type": "string", + "x-cli-flag": "ruler.disabled-tenants" + }, + "enable_alertmanager_discovery": { + "default": false, + "description": "Use DNS SRV records to discover Alertmanager hosts.", + "type": "boolean", + "x-cli-flag": "ruler.alertmanager-discovery" + }, + "enable_api": { + "default": false, + "description": "Enable the ruler api", + "type": "boolean", + "x-cli-flag": "experimental.ruler.enable-api" + }, + "enable_ha_evaluation": { + "default": false, + "description": "Enable high availability", + "type": "boolean", + "x-cli-flag": "ruler.enable-ha-evaluation" + }, + "enable_sharding": { + "default": false, + "description": "Distribute rule evaluation using ring backend", + "type": "boolean", + "x-cli-flag": "ruler.enable-sharding" + }, + "enabled_tenants": { + "description": "Comma separated list of tenants whose rules this ruler can evaluate. If specified, only these tenants will be handled by ruler, otherwise this ruler can process rules from all tenants. Subject to sharding.", + "type": "string", + "x-cli-flag": "ruler.enabled-tenants" + }, + "evaluation_interval": { + "default": "1m0s", + "description": "How frequently to evaluate rules", + "type": "string", + "x-cli-flag": "ruler.evaluation-interval", + "x-format": "duration" + }, + "external_labels": { + "additionalProperties": true, + "default": [], + "description": "Labels to add to all alerts.", + "type": "object" + }, + "external_url": { + "description": "URL of alerts return path.", + "format": "uri", + "type": "string", + "x-cli-flag": "ruler.external.url" + }, + "flush_period": { + "default": "1m0s", + "description": "Period with which to attempt to flush rule groups.", + "type": "string", + "x-cli-flag": "ruler.flush-period", + "x-format": "duration" + }, + "for_grace_period": { + "default": "10m0s", + "description": "Minimum duration between alert and restored \"for\" state. This is maintained only for alerts with configured \"for\" time greater than grace period.", + "type": "string", + "x-cli-flag": "ruler.for-grace-period", + "x-format": "duration" + }, + "for_outage_tolerance": { + "default": "1h0m0s", + "description": "Max time to tolerate outage for restoring \"for\" state of alert.", + "type": "string", + "x-cli-flag": "ruler.for-outage-tolerance", + "x-format": "duration" + }, + "frontend_address": { + "description": "[Experimental] GRPC listen address of the Query Frontend, in host:port format. If set, Ruler queries to Query Frontends via gRPC. If not set, ruler queries to Ingesters directly.", + "type": "string", + "x-cli-flag": "ruler.frontend-address" + }, + "frontend_client": { + "properties": { + "backoff_config": { + "properties": { + "max_period": { + "default": "10s", + "description": "Maximum delay when backing off.", + "type": "string", + "x-cli-flag": "ruler.frontendClient.backoff-max-period", + "x-format": "duration" + }, + "max_retries": { + "default": 10, + "description": "Number of times to backoff and retry before failing.", + "type": "number", + "x-cli-flag": "ruler.frontendClient.backoff-retries" + }, + "min_period": { + "default": "100ms", + "description": "Minimum delay when backing off.", + "type": "string", + "x-cli-flag": "ruler.frontendClient.backoff-min-period", + "x-format": "duration" + } + }, + "type": "object" + }, + "backoff_on_ratelimits": { + "default": false, + "description": "Enable backoff and retry when we hit ratelimits.", + "type": "boolean", + "x-cli-flag": "ruler.frontendClient.backoff-on-ratelimits" + }, + "connect_timeout": { + "default": "5s", + "description": "The maximum amount of time to establish a connection. A value of 0 means using default gRPC client connect timeout 20s.", + "type": "string", + "x-cli-flag": "ruler.frontendClient.connect-timeout", + "x-format": "duration" + }, + "grpc_compression": { + "description": "Use compression when sending messages. Supported values are: 'gzip', 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)", + "type": "string", + "x-cli-flag": "ruler.frontendClient.grpc-compression" + }, + "max_recv_msg_size": { + "default": 104857600, + "description": "gRPC client max receive message size (bytes).", + "type": "number", + "x-cli-flag": "ruler.frontendClient.grpc-max-recv-msg-size" + }, + "max_send_msg_size": { + "default": 16777216, + "description": "gRPC client max send message size (bytes).", + "type": "number", + "x-cli-flag": "ruler.frontendClient.grpc-max-send-msg-size" + }, + "rate_limit": { + "default": 0, + "description": "Rate limit for gRPC client; 0 means disabled.", + "type": "number", + "x-cli-flag": "ruler.frontendClient.grpc-client-rate-limit" + }, + "rate_limit_burst": { + "default": 0, + "description": "Rate limit burst for gRPC client.", + "type": "number", + "x-cli-flag": "ruler.frontendClient.grpc-client-rate-limit-burst" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "ruler.frontendClient.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "ruler.frontendClient.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS in the GRPC client. This flag needs to be enabled when any other TLS flag is set. If set to false, insecure connection to gRPC server will be used.", + "type": "boolean", + "x-cli-flag": "ruler.frontendClient.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "ruler.frontendClient.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "ruler.frontendClient.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "ruler.frontendClient.tls-server-name" + } + }, + "type": "object" + }, + "liveness_check_timeout": { + "default": "1s", + "description": "Timeout duration for non-primary rulers during liveness checks. If the check times out, the non-primary ruler will evaluate the rule group. Applicable when ruler.enable-ha-evaluation is true.", + "type": "string", + "x-cli-flag": "ruler.liveness-check-timeout", + "x-format": "duration" + }, + "max_concurrent_evals": { + "default": 1, + "description": "Max concurrency for a single rule group to evaluate independent rules.", + "type": "number", + "x-cli-flag": "ruler.max-concurrent-evals" + }, + "notification_queue_capacity": { + "default": 10000, + "description": "Capacity of the queue for notifications to be sent to the Alertmanager.", + "type": "number", + "x-cli-flag": "ruler.notification-queue-capacity" + }, + "notification_timeout": { + "default": "10s", + "description": "HTTP timeout duration when sending notifications to the Alertmanager.", + "type": "string", + "x-cli-flag": "ruler.notification-timeout", + "x-format": "duration" + }, + "poll_interval": { + "default": "1m0s", + "description": "How frequently to poll for rule changes", + "type": "string", + "x-cli-flag": "ruler.poll-interval", + "x-format": "duration" + }, + "query_response_format": { + "default": "protobuf", + "description": "[Experimental] Query response format to get query results from Query Frontend when the rule evaluation. It will only take effect when `-ruler.frontend-address` is configured. Supported values: json,protobuf", + "type": "string", + "x-cli-flag": "ruler.query-response-format" + }, + "query_stats_enabled": { + "default": false, + "description": "Report query statistics for ruler queries to complete as a per user metric and as an info level log message.", + "type": "boolean", + "x-cli-flag": "ruler.query-stats-enabled" + }, + "resend_delay": { + "default": "1m0s", + "description": "Minimum amount of time to wait before resending an alert to Alertmanager.", + "type": "string", + "x-cli-flag": "ruler.resend-delay", + "x-format": "duration" + }, + "ring": { + "properties": { + "detailed_metrics_enabled": { + "default": true, + "description": "Set to true to enable ring detailed metrics. These metrics provide detailed information, such as token count and ownership per tenant. Disabling them can significantly decrease the number of metrics emitted.", + "type": "boolean", + "x-cli-flag": "ruler.ring.detailed-metrics-enabled" + }, + "final_sleep": { + "default": "0s", + "description": "The sleep seconds when ruler is shutting down. Need to be close to or larger than KV Store information propagation delay", + "type": "string", + "x-cli-flag": "ruler.ring.final-sleep", + "x-format": "duration" + }, + "heartbeat_period": { + "default": "5s", + "description": "Period at which to heartbeat to the ring. 0 = disabled.", + "type": "string", + "x-cli-flag": "ruler.ring.heartbeat-period", + "x-format": "duration" + }, + "heartbeat_timeout": { + "default": "1m0s", + "description": "The heartbeat timeout after which rulers are considered unhealthy within the ring. 0 = never (timeout disabled).", + "type": "string", + "x-cli-flag": "ruler.ring.heartbeat-timeout", + "x-format": "duration" + }, + "instance_interface_names": { + "default": "[eth0 en0]", + "description": "Name of network interface to read address from.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "ruler.ring.instance-interface-names" + }, + "keep_instance_in_the_ring_on_shutdown": { + "default": false, + "description": "Keep instance in the ring on shut down.", + "type": "boolean", + "x-cli-flag": "ruler.ring.keep-instance-in-the-ring-on-shutdown" + }, + "kvstore": { + "properties": { + "consul": { + "$ref": "#/definitions/consul_config" + }, + "dynamodb": { + "properties": { + "max_cas_retries": { + "default": 10, + "description": "Maximum number of retries for DDB KV CAS.", + "type": "number", + "x-cli-flag": "ruler.ring.dynamodb.max-cas-retries" + }, + "puller_sync_time": { + "default": "1m0s", + "description": "Time to refresh local ring with information on dynamodb.", + "type": "string", + "x-cli-flag": "ruler.ring.dynamodb.puller-sync-time", + "x-format": "duration" + }, + "region": { + "description": "Region to access dynamodb.", + "type": "string", + "x-cli-flag": "ruler.ring.dynamodb.region" + }, + "table_name": { + "description": "Table name to use on dynamodb.", + "type": "string", + "x-cli-flag": "ruler.ring.dynamodb.table-name" + }, + "timeout": { + "default": "2m0s", + "description": "Timeout of dynamoDbClient requests. Default is 2m.", + "type": "string", + "x-cli-flag": "ruler.ring.dynamodb.timeout", + "x-format": "duration" + }, + "ttl": { + "default": "0s", + "description": "Time to expire items on dynamodb.", + "type": "string", + "x-cli-flag": "ruler.ring.dynamodb.ttl-time", + "x-format": "duration" + } + }, + "type": "object" + }, + "etcd": { + "$ref": "#/definitions/etcd_config" + }, + "multi": { + "properties": { + "mirror_enabled": { + "default": false, + "description": "Mirror writes to secondary store.", + "type": "boolean", + "x-cli-flag": "ruler.ring.multi.mirror-enabled" + }, + "mirror_timeout": { + "default": "2s", + "description": "Timeout for storing value to secondary store.", + "type": "string", + "x-cli-flag": "ruler.ring.multi.mirror-timeout", + "x-format": "duration" + }, + "primary": { + "description": "Primary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "ruler.ring.multi.primary" + }, + "secondary": { + "description": "Secondary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "ruler.ring.multi.secondary" + } + }, + "type": "object" + }, + "prefix": { + "default": "rulers/", + "description": "The prefix for the keys in the store. Should end with a /.", + "type": "string", + "x-cli-flag": "ruler.ring.prefix" + }, + "store": { + "default": "consul", + "description": "Backend storage to use for the ring. Supported values are: consul, etcd, inmemory, memberlist, multi.", + "type": "string", + "x-cli-flag": "ruler.ring.store" + } + }, + "type": "object" + }, + "num_tokens": { + "default": 128, + "description": "Number of tokens for each ruler.", + "type": "number", + "x-cli-flag": "ruler.ring.num-tokens" + }, + "replication_factor": { + "default": 1, + "description": "EXPERIMENTAL: The replication factor to use when loading rule groups for API HA.", + "type": "number", + "x-cli-flag": "ruler.ring.replication-factor" + }, + "tokens_file_path": { + "description": "EXPERIMENTAL: File path where tokens are stored. If empty, tokens are not stored at shutdown and restored at startup.", + "type": "string", + "x-cli-flag": "ruler.ring.tokens-file-path" + }, + "zone_awareness_enabled": { + "default": false, + "description": "EXPERIMENTAL: True to enable zone-awareness and load rule groups across different availability zones for API HA.", + "type": "boolean", + "x-cli-flag": "ruler.ring.zone-awareness-enabled" + } + }, + "type": "object" + }, + "rule_path": { + "default": "/rules", + "description": "file path to store temporary rule files for the prometheus rule managers", + "type": "string", + "x-cli-flag": "ruler.rule-path" + }, + "ruler_client": { + "properties": { + "backoff_config": { + "properties": { + "max_period": { + "default": "10s", + "description": "Maximum delay when backing off.", + "type": "string", + "x-cli-flag": "ruler.client.backoff-max-period", + "x-format": "duration" + }, + "max_retries": { + "default": 10, + "description": "Number of times to backoff and retry before failing.", + "type": "number", + "x-cli-flag": "ruler.client.backoff-retries" + }, + "min_period": { + "default": "100ms", + "description": "Minimum delay when backing off.", + "type": "string", + "x-cli-flag": "ruler.client.backoff-min-period", + "x-format": "duration" + } + }, + "type": "object" + }, + "backoff_on_ratelimits": { + "default": false, + "description": "Enable backoff and retry when we hit ratelimits.", + "type": "boolean", + "x-cli-flag": "ruler.client.backoff-on-ratelimits" + }, + "connect_timeout": { + "default": "5s", + "description": "The maximum amount of time to establish a connection. A value of 0 means using default gRPC client connect timeout 20s.", + "type": "string", + "x-cli-flag": "ruler.client.connect-timeout", + "x-format": "duration" + }, + "grpc_compression": { + "description": "Use compression when sending messages. Supported values are: 'gzip', 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)", + "type": "string", + "x-cli-flag": "ruler.client.grpc-compression" + }, + "max_recv_msg_size": { + "default": 104857600, + "description": "gRPC client max receive message size (bytes).", + "type": "number", + "x-cli-flag": "ruler.client.grpc-max-recv-msg-size" + }, + "max_send_msg_size": { + "default": 16777216, + "description": "gRPC client max send message size (bytes).", + "type": "number", + "x-cli-flag": "ruler.client.grpc-max-send-msg-size" + }, + "rate_limit": { + "default": 0, + "description": "Rate limit for gRPC client; 0 means disabled.", + "type": "number", + "x-cli-flag": "ruler.client.grpc-client-rate-limit" + }, + "rate_limit_burst": { + "default": 0, + "description": "Rate limit burst for gRPC client.", + "type": "number", + "x-cli-flag": "ruler.client.grpc-client-rate-limit-burst" + }, + "remote_timeout": { + "default": "2m0s", + "description": "Timeout for downstream rulers.", + "type": "string", + "x-cli-flag": "ruler.client.remote-timeout", + "x-format": "duration" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "ruler.client.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "ruler.client.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS in the GRPC client. This flag needs to be enabled when any other TLS flag is set. If set to false, insecure connection to gRPC server will be used.", + "type": "boolean", + "x-cli-flag": "ruler.client.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "ruler.client.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "ruler.client.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "ruler.client.tls-server-name" + } + }, + "type": "object" + }, + "search_pending_for": { + "default": "5m0s", + "description": "Time to spend searching for a pending ruler when shutting down.", + "type": "string", + "x-cli-flag": "ruler.search-pending-for", + "x-format": "duration" + }, + "sharding_strategy": { + "default": "default", + "description": "The sharding strategy to use. Supported values are: default, shuffle-sharding.", + "type": "string", + "x-cli-flag": "ruler.sharding-strategy" + }, + "thanos_engine": { + "properties": { + "enable_x_functions": { + "default": false, + "description": "Enable xincrease, xdelta, xrate etc from Thanos engine.", + "type": "boolean", + "x-cli-flag": "ruler.enable-x-functions" + }, + "enabled": { + "default": false, + "description": "Experimental. Use Thanos promql engine https://github.com/thanos-io/promql-engine rather than the Prometheus promql engine.", + "type": "boolean", + "x-cli-flag": "ruler.thanos-engine" + }, + "optimizers": { + "default": "default", + "description": "Logical plan optimizers. Multiple optimizers can be provided as a comma-separated list. Supported values: default, all, propagate-matchers, sort-matchers, merge-selects, detect-histogram-stats", + "type": "string", + "x-cli-flag": "ruler.optimizers" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "ruler_storage_config": { + "description": "The ruler_storage_config configures the Cortex ruler storage backend.", + "properties": { + "azure": { + "properties": { + "account_key": { + "description": "Azure storage account key", + "type": "string", + "x-cli-flag": "ruler-storage.azure.account-key" + }, + "account_name": { + "description": "Azure storage account name", + "type": "string", + "x-cli-flag": "ruler-storage.azure.account-name" + }, + "connection_string": { + "description": "The values of `account-name` and `endpoint-suffix` values will not be ignored if `connection-string` is set. Use this method over `account-key` if you need to authenticate via a SAS token or if you use the Azurite emulator.", + "type": "string", + "x-cli-flag": "ruler-storage.azure.connection-string" + }, + "container_name": { + "description": "Azure storage container name", + "type": "string", + "x-cli-flag": "ruler-storage.azure.container-name" + }, + "endpoint_suffix": { + "description": "Azure storage endpoint suffix without schema. The account name will be prefixed to this value to create the FQDN", + "type": "string", + "x-cli-flag": "ruler-storage.azure.endpoint-suffix" + }, + "http": { + "properties": { + "expect_continue_timeout": { + "default": "1s", + "description": "The time to wait for a server's first response headers after fully writing the request headers if the request has an Expect header. 0 to send the request body immediately.", + "type": "string", + "x-cli-flag": "ruler-storage.azure.expect-continue-timeout", + "x-format": "duration" + }, + "idle_conn_timeout": { + "default": "1m30s", + "description": "The time an idle connection will remain idle before closing.", + "type": "string", + "x-cli-flag": "ruler-storage.azure.http.idle-conn-timeout", + "x-format": "duration" + }, + "insecure_skip_verify": { + "default": false, + "description": "If the client connects via HTTPS and this option is enabled, the client will accept any certificate and hostname.", + "type": "boolean", + "x-cli-flag": "ruler-storage.azure.http.insecure-skip-verify" + }, + "max_connections_per_host": { + "default": 0, + "description": "Maximum number of connections per host. 0 means no limit.", + "type": "number", + "x-cli-flag": "ruler-storage.azure.max-connections-per-host" + }, + "max_idle_connections": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections across all hosts. 0 means no limit.", + "type": "number", + "x-cli-flag": "ruler-storage.azure.max-idle-connections" + }, + "max_idle_connections_per_host": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections to keep per-host. If 0, a built-in default value is used.", + "type": "number", + "x-cli-flag": "ruler-storage.azure.max-idle-connections-per-host" + }, + "response_header_timeout": { + "default": "2m0s", + "description": "The amount of time the client will wait for a servers response headers.", + "type": "string", + "x-cli-flag": "ruler-storage.azure.http.response-header-timeout", + "x-format": "duration" + }, + "tls_handshake_timeout": { + "default": "10s", + "description": "Maximum time to wait for a TLS handshake. 0 means no limit.", + "type": "string", + "x-cli-flag": "ruler-storage.azure.tls-handshake-timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "max_retries": { + "default": 20, + "description": "Number of retries for recoverable errors", + "type": "number", + "x-cli-flag": "ruler-storage.azure.max-retries" + }, + "msi_resource": { + "description": "Deprecated: Azure storage MSI resource. It will be set automatically by Azure SDK.", + "type": "string", + "x-cli-flag": "ruler-storage.azure.msi-resource" + }, + "user_assigned_id": { + "description": "Azure storage MSI resource managed identity client Id. If not supplied default Azure credential will be used. Set it to empty if you need to authenticate via Azure Workload Identity.", + "type": "string", + "x-cli-flag": "ruler-storage.azure.user-assigned-id" + } + }, + "type": "object" + }, + "backend": { + "default": "s3", + "description": "Backend storage to use. Supported backends are: s3, gcs, azure, swift, filesystem, configdb, local.", + "type": "string", + "x-cli-flag": "ruler-storage.backend" + }, + "configdb": { + "$ref": "#/definitions/configstore_config" + }, + "filesystem": { + "properties": { + "dir": { + "description": "Local filesystem storage directory.", + "type": "string", + "x-cli-flag": "ruler-storage.filesystem.dir" + } + }, + "type": "object" + }, + "gcs": { + "properties": { + "bucket_name": { + "description": "GCS bucket name", + "type": "string", + "x-cli-flag": "ruler-storage.gcs.bucket-name" + }, + "service_account": { + "description": "JSON representing either a Google Developers Console client_credentials.json file or a Google Developers service account key file. If empty, fallback to Google default logic.", + "type": "string", + "x-cli-flag": "ruler-storage.gcs.service-account" + } + }, + "type": "object" + }, + "local": { + "properties": { + "directory": { + "description": "Directory to scan for rules", + "type": "string", + "x-cli-flag": "ruler-storage.local.directory" + } + }, + "type": "object" + }, + "s3": { + "properties": { + "access_key_id": { + "description": "S3 access key ID", + "type": "string", + "x-cli-flag": "ruler-storage.s3.access-key-id" + }, + "bucket_lookup_type": { + "default": "auto", + "description": "The s3 bucket lookup style. Supported values are: auto, virtual-hosted, path.", + "type": "string", + "x-cli-flag": "ruler-storage.s3.bucket-lookup-type" + }, + "bucket_name": { + "description": "S3 bucket name", + "type": "string", + "x-cli-flag": "ruler-storage.s3.bucket-name" + }, + "disable_dualstack": { + "default": false, + "description": "If enabled, S3 endpoint will use the non-dualstack variant.", + "type": "boolean", + "x-cli-flag": "ruler-storage.s3.disable-dualstack" + }, + "endpoint": { + "description": "The S3 bucket endpoint. It could be an AWS S3 endpoint listed at https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an S3-compatible service in hostname:port format.", + "type": "string", + "x-cli-flag": "ruler-storage.s3.endpoint" + }, + "http": { + "properties": { + "expect_continue_timeout": { + "default": "1s", + "description": "The time to wait for a server's first response headers after fully writing the request headers if the request has an Expect header. 0 to send the request body immediately.", + "type": "string", + "x-cli-flag": "ruler-storage.s3.expect-continue-timeout", + "x-format": "duration" + }, + "idle_conn_timeout": { + "default": "1m30s", + "description": "The time an idle connection will remain idle before closing.", + "type": "string", + "x-cli-flag": "ruler-storage.s3.http.idle-conn-timeout", + "x-format": "duration" + }, + "insecure_skip_verify": { + "default": false, + "description": "If the client connects via HTTPS and this option is enabled, the client will accept any certificate and hostname.", + "type": "boolean", + "x-cli-flag": "ruler-storage.s3.http.insecure-skip-verify" + }, + "max_connections_per_host": { + "default": 0, + "description": "Maximum number of connections per host. 0 means no limit.", + "type": "number", + "x-cli-flag": "ruler-storage.s3.max-connections-per-host" + }, + "max_idle_connections": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections across all hosts. 0 means no limit.", + "type": "number", + "x-cli-flag": "ruler-storage.s3.max-idle-connections" + }, + "max_idle_connections_per_host": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections to keep per-host. If 0, a built-in default value is used.", + "type": "number", + "x-cli-flag": "ruler-storage.s3.max-idle-connections-per-host" + }, + "response_header_timeout": { + "default": "2m0s", + "description": "The amount of time the client will wait for a servers response headers.", + "type": "string", + "x-cli-flag": "ruler-storage.s3.http.response-header-timeout", + "x-format": "duration" + }, + "tls_handshake_timeout": { + "default": "10s", + "description": "Maximum time to wait for a TLS handshake. 0 means no limit.", + "type": "string", + "x-cli-flag": "ruler-storage.s3.tls-handshake-timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "insecure": { + "default": false, + "description": "If enabled, use http:// for the S3 endpoint instead of https://. This could be useful in local dev/test environments while using an S3-compatible backend storage, like Minio.", + "type": "boolean", + "x-cli-flag": "ruler-storage.s3.insecure" + }, + "list_objects_version": { + "description": "The list api version. Supported values are: v1, v2, and ''.", + "type": "string", + "x-cli-flag": "ruler-storage.s3.list-objects-version" + }, + "region": { + "description": "S3 region. If unset, the client will issue a S3 GetBucketLocation API call to autodetect it.", + "type": "string", + "x-cli-flag": "ruler-storage.s3.region" + }, + "secret_access_key": { + "description": "S3 secret access key", + "type": "string", + "x-cli-flag": "ruler-storage.s3.secret-access-key" + }, + "send_content_md5": { + "default": true, + "description": "If true, attach MD5 checksum when upload objects and S3 uses MD5 checksum algorithm to verify the provided digest. If false, use CRC32C algorithm instead.", + "type": "boolean", + "x-cli-flag": "ruler-storage.s3.send-content-md5" + }, + "signature_version": { + "default": "v4", + "description": "The signature version to use for authenticating against S3. Supported values are: v4, v2.", + "type": "string", + "x-cli-flag": "ruler-storage.s3.signature-version" + }, + "sse": { + "$ref": "#/definitions/s3_sse_config" + } + }, + "type": "object" + }, + "swift": { + "properties": { + "application_credential_id": { + "description": "OpenStack Swift application credential ID.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.application-credential-id" + }, + "application_credential_name": { + "description": "OpenStack Swift application credential name.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.application-credential-name" + }, + "application_credential_secret": { + "description": "OpenStack Swift application credential secret.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.application-credential-secret" + }, + "auth_url": { + "description": "OpenStack Swift authentication URL", + "type": "string", + "x-cli-flag": "ruler-storage.swift.auth-url" + }, + "auth_version": { + "default": 0, + "description": "OpenStack Swift authentication API version. 0 to autodetect.", + "type": "number", + "x-cli-flag": "ruler-storage.swift.auth-version" + }, + "connect_timeout": { + "default": "10s", + "description": "Time after which a connection attempt is aborted.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.connect-timeout", + "x-format": "duration" + }, + "container_name": { + "description": "Name of the OpenStack Swift container to put chunks in.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.container-name" + }, + "domain_id": { + "description": "OpenStack Swift user's domain ID.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.domain-id" + }, + "domain_name": { + "description": "OpenStack Swift user's domain name.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.domain-name" + }, + "max_retries": { + "default": 3, + "description": "Max retries on requests error.", + "type": "number", + "x-cli-flag": "ruler-storage.swift.max-retries" + }, + "password": { + "description": "OpenStack Swift API key.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.password" + }, + "project_domain_id": { + "description": "ID of the OpenStack Swift project's domain (v3 auth only), only needed if it differs the from user domain.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.project-domain-id" + }, + "project_domain_name": { + "description": "Name of the OpenStack Swift project's domain (v3 auth only), only needed if it differs from the user domain.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.project-domain-name" + }, + "project_id": { + "description": "OpenStack Swift project ID (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "ruler-storage.swift.project-id" + }, + "project_name": { + "description": "OpenStack Swift project name (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "ruler-storage.swift.project-name" + }, + "region_name": { + "description": "OpenStack Swift Region to use (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "ruler-storage.swift.region-name" + }, + "request_timeout": { + "default": "5s", + "description": "Time after which an idle request is aborted. The timeout watchdog is reset each time some data is received, so the timeout triggers after X time no data is received on a request.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.request-timeout", + "x-format": "duration" + }, + "user_domain_id": { + "description": "OpenStack Swift user's domain ID.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.user-domain-id" + }, + "user_domain_name": { + "description": "OpenStack Swift user's domain name.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.user-domain-name" + }, + "user_id": { + "description": "OpenStack Swift user ID.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.user-id" + }, + "username": { + "description": "OpenStack Swift username.", + "type": "string", + "x-cli-flag": "ruler-storage.swift.username" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "runtime_configuration_storage_config": { + "description": "The runtime_configuration_storage_config configures the storage backend for the runtime configuration file.", + "properties": { + "azure": { + "properties": { + "account_key": { + "description": "Azure storage account key", + "type": "string", + "x-cli-flag": "runtime-config.azure.account-key" + }, + "account_name": { + "description": "Azure storage account name", + "type": "string", + "x-cli-flag": "runtime-config.azure.account-name" + }, + "connection_string": { + "description": "The values of `account-name` and `endpoint-suffix` values will not be ignored if `connection-string` is set. Use this method over `account-key` if you need to authenticate via a SAS token or if you use the Azurite emulator.", + "type": "string", + "x-cli-flag": "runtime-config.azure.connection-string" + }, + "container_name": { + "description": "Azure storage container name", + "type": "string", + "x-cli-flag": "runtime-config.azure.container-name" + }, + "endpoint_suffix": { + "description": "Azure storage endpoint suffix without schema. The account name will be prefixed to this value to create the FQDN", + "type": "string", + "x-cli-flag": "runtime-config.azure.endpoint-suffix" + }, + "http": { + "properties": { + "expect_continue_timeout": { + "default": "1s", + "description": "The time to wait for a server's first response headers after fully writing the request headers if the request has an Expect header. 0 to send the request body immediately.", + "type": "string", + "x-cli-flag": "runtime-config.azure.expect-continue-timeout", + "x-format": "duration" + }, + "idle_conn_timeout": { + "default": "1m30s", + "description": "The time an idle connection will remain idle before closing.", + "type": "string", + "x-cli-flag": "runtime-config.azure.http.idle-conn-timeout", + "x-format": "duration" + }, + "insecure_skip_verify": { + "default": false, + "description": "If the client connects via HTTPS and this option is enabled, the client will accept any certificate and hostname.", + "type": "boolean", + "x-cli-flag": "runtime-config.azure.http.insecure-skip-verify" + }, + "max_connections_per_host": { + "default": 0, + "description": "Maximum number of connections per host. 0 means no limit.", + "type": "number", + "x-cli-flag": "runtime-config.azure.max-connections-per-host" + }, + "max_idle_connections": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections across all hosts. 0 means no limit.", + "type": "number", + "x-cli-flag": "runtime-config.azure.max-idle-connections" + }, + "max_idle_connections_per_host": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections to keep per-host. If 0, a built-in default value is used.", + "type": "number", + "x-cli-flag": "runtime-config.azure.max-idle-connections-per-host" + }, + "response_header_timeout": { + "default": "2m0s", + "description": "The amount of time the client will wait for a servers response headers.", + "type": "string", + "x-cli-flag": "runtime-config.azure.http.response-header-timeout", + "x-format": "duration" + }, + "tls_handshake_timeout": { + "default": "10s", + "description": "Maximum time to wait for a TLS handshake. 0 means no limit.", + "type": "string", + "x-cli-flag": "runtime-config.azure.tls-handshake-timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "max_retries": { + "default": 20, + "description": "Number of retries for recoverable errors", + "type": "number", + "x-cli-flag": "runtime-config.azure.max-retries" + }, + "msi_resource": { + "description": "Deprecated: Azure storage MSI resource. It will be set automatically by Azure SDK.", + "type": "string", + "x-cli-flag": "runtime-config.azure.msi-resource" + }, + "user_assigned_id": { + "description": "Azure storage MSI resource managed identity client Id. If not supplied default Azure credential will be used. Set it to empty if you need to authenticate via Azure Workload Identity.", + "type": "string", + "x-cli-flag": "runtime-config.azure.user-assigned-id" + } + }, + "type": "object" + }, + "backend": { + "default": "filesystem", + "description": "Backend storage to use. Supported backends are: s3, gcs, azure, swift, filesystem.", + "type": "string", + "x-cli-flag": "runtime-config.backend" + }, + "file": { + "description": "File with the configuration that can be updated in runtime.", + "type": "string", + "x-cli-flag": "runtime-config.file" + }, + "filesystem": { + "properties": { + "dir": { + "description": "Local filesystem storage directory.", + "type": "string", + "x-cli-flag": "runtime-config.filesystem.dir" + } + }, + "type": "object" + }, + "gcs": { + "properties": { + "bucket_name": { + "description": "GCS bucket name", + "type": "string", + "x-cli-flag": "runtime-config.gcs.bucket-name" + }, + "service_account": { + "description": "JSON representing either a Google Developers Console client_credentials.json file or a Google Developers service account key file. If empty, fallback to Google default logic.", + "type": "string", + "x-cli-flag": "runtime-config.gcs.service-account" + } + }, + "type": "object" + }, + "period": { + "default": "10s", + "description": "How often to check runtime config file.", + "type": "string", + "x-cli-flag": "runtime-config.reload-period", + "x-format": "duration" + }, + "s3": { + "properties": { + "access_key_id": { + "description": "S3 access key ID", + "type": "string", + "x-cli-flag": "runtime-config.s3.access-key-id" + }, + "bucket_lookup_type": { + "default": "auto", + "description": "The s3 bucket lookup style. Supported values are: auto, virtual-hosted, path.", + "type": "string", + "x-cli-flag": "runtime-config.s3.bucket-lookup-type" + }, + "bucket_name": { + "description": "S3 bucket name", + "type": "string", + "x-cli-flag": "runtime-config.s3.bucket-name" + }, + "disable_dualstack": { + "default": false, + "description": "If enabled, S3 endpoint will use the non-dualstack variant.", + "type": "boolean", + "x-cli-flag": "runtime-config.s3.disable-dualstack" + }, + "endpoint": { + "description": "The S3 bucket endpoint. It could be an AWS S3 endpoint listed at https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an S3-compatible service in hostname:port format.", + "type": "string", + "x-cli-flag": "runtime-config.s3.endpoint" + }, + "http": { + "properties": { + "expect_continue_timeout": { + "default": "1s", + "description": "The time to wait for a server's first response headers after fully writing the request headers if the request has an Expect header. 0 to send the request body immediately.", + "type": "string", + "x-cli-flag": "runtime-config.s3.expect-continue-timeout", + "x-format": "duration" + }, + "idle_conn_timeout": { + "default": "1m30s", + "description": "The time an idle connection will remain idle before closing.", + "type": "string", + "x-cli-flag": "runtime-config.s3.http.idle-conn-timeout", + "x-format": "duration" + }, + "insecure_skip_verify": { + "default": false, + "description": "If the client connects via HTTPS and this option is enabled, the client will accept any certificate and hostname.", + "type": "boolean", + "x-cli-flag": "runtime-config.s3.http.insecure-skip-verify" + }, + "max_connections_per_host": { + "default": 0, + "description": "Maximum number of connections per host. 0 means no limit.", + "type": "number", + "x-cli-flag": "runtime-config.s3.max-connections-per-host" + }, + "max_idle_connections": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections across all hosts. 0 means no limit.", + "type": "number", + "x-cli-flag": "runtime-config.s3.max-idle-connections" + }, + "max_idle_connections_per_host": { + "default": 100, + "description": "Maximum number of idle (keep-alive) connections to keep per-host. If 0, a built-in default value is used.", + "type": "number", + "x-cli-flag": "runtime-config.s3.max-idle-connections-per-host" + }, + "response_header_timeout": { + "default": "2m0s", + "description": "The amount of time the client will wait for a servers response headers.", + "type": "string", + "x-cli-flag": "runtime-config.s3.http.response-header-timeout", + "x-format": "duration" + }, + "tls_handshake_timeout": { + "default": "10s", + "description": "Maximum time to wait for a TLS handshake. 0 means no limit.", + "type": "string", + "x-cli-flag": "runtime-config.s3.tls-handshake-timeout", + "x-format": "duration" + } + }, + "type": "object" + }, + "insecure": { + "default": false, + "description": "If enabled, use http:// for the S3 endpoint instead of https://. This could be useful in local dev/test environments while using an S3-compatible backend storage, like Minio.", + "type": "boolean", + "x-cli-flag": "runtime-config.s3.insecure" + }, + "list_objects_version": { + "description": "The list api version. Supported values are: v1, v2, and ''.", + "type": "string", + "x-cli-flag": "runtime-config.s3.list-objects-version" + }, + "region": { + "description": "S3 region. If unset, the client will issue a S3 GetBucketLocation API call to autodetect it.", + "type": "string", + "x-cli-flag": "runtime-config.s3.region" + }, + "secret_access_key": { + "description": "S3 secret access key", + "type": "string", + "x-cli-flag": "runtime-config.s3.secret-access-key" + }, + "send_content_md5": { + "default": true, + "description": "If true, attach MD5 checksum when upload objects and S3 uses MD5 checksum algorithm to verify the provided digest. If false, use CRC32C algorithm instead.", + "type": "boolean", + "x-cli-flag": "runtime-config.s3.send-content-md5" + }, + "signature_version": { + "default": "v4", + "description": "The signature version to use for authenticating against S3. Supported values are: v4, v2.", + "type": "string", + "x-cli-flag": "runtime-config.s3.signature-version" + }, + "sse": { + "$ref": "#/definitions/s3_sse_config" + } + }, + "type": "object" + }, + "swift": { + "properties": { + "application_credential_id": { + "description": "OpenStack Swift application credential ID.", + "type": "string", + "x-cli-flag": "runtime-config.swift.application-credential-id" + }, + "application_credential_name": { + "description": "OpenStack Swift application credential name.", + "type": "string", + "x-cli-flag": "runtime-config.swift.application-credential-name" + }, + "application_credential_secret": { + "description": "OpenStack Swift application credential secret.", + "type": "string", + "x-cli-flag": "runtime-config.swift.application-credential-secret" + }, + "auth_url": { + "description": "OpenStack Swift authentication URL", + "type": "string", + "x-cli-flag": "runtime-config.swift.auth-url" + }, + "auth_version": { + "default": 0, + "description": "OpenStack Swift authentication API version. 0 to autodetect.", + "type": "number", + "x-cli-flag": "runtime-config.swift.auth-version" + }, + "connect_timeout": { + "default": "10s", + "description": "Time after which a connection attempt is aborted.", + "type": "string", + "x-cli-flag": "runtime-config.swift.connect-timeout", + "x-format": "duration" + }, + "container_name": { + "description": "Name of the OpenStack Swift container to put chunks in.", + "type": "string", + "x-cli-flag": "runtime-config.swift.container-name" + }, + "domain_id": { + "description": "OpenStack Swift user's domain ID.", + "type": "string", + "x-cli-flag": "runtime-config.swift.domain-id" + }, + "domain_name": { + "description": "OpenStack Swift user's domain name.", + "type": "string", + "x-cli-flag": "runtime-config.swift.domain-name" + }, + "max_retries": { + "default": 3, + "description": "Max retries on requests error.", + "type": "number", + "x-cli-flag": "runtime-config.swift.max-retries" + }, + "password": { + "description": "OpenStack Swift API key.", + "type": "string", + "x-cli-flag": "runtime-config.swift.password" + }, + "project_domain_id": { + "description": "ID of the OpenStack Swift project's domain (v3 auth only), only needed if it differs the from user domain.", + "type": "string", + "x-cli-flag": "runtime-config.swift.project-domain-id" + }, + "project_domain_name": { + "description": "Name of the OpenStack Swift project's domain (v3 auth only), only needed if it differs from the user domain.", + "type": "string", + "x-cli-flag": "runtime-config.swift.project-domain-name" + }, + "project_id": { + "description": "OpenStack Swift project ID (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "runtime-config.swift.project-id" + }, + "project_name": { + "description": "OpenStack Swift project name (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "runtime-config.swift.project-name" + }, + "region_name": { + "description": "OpenStack Swift Region to use (v2,v3 auth only).", + "type": "string", + "x-cli-flag": "runtime-config.swift.region-name" + }, + "request_timeout": { + "default": "5s", + "description": "Time after which an idle request is aborted. The timeout watchdog is reset each time some data is received, so the timeout triggers after X time no data is received on a request.", + "type": "string", + "x-cli-flag": "runtime-config.swift.request-timeout", + "x-format": "duration" + }, + "user_domain_id": { + "description": "OpenStack Swift user's domain ID.", + "type": "string", + "x-cli-flag": "runtime-config.swift.user-domain-id" + }, + "user_domain_name": { + "description": "OpenStack Swift user's domain name.", + "type": "string", + "x-cli-flag": "runtime-config.swift.user-domain-name" + }, + "user_id": { + "description": "OpenStack Swift user ID.", + "type": "string", + "x-cli-flag": "runtime-config.swift.user-id" + }, + "username": { + "description": "OpenStack Swift username.", + "type": "string", + "x-cli-flag": "runtime-config.swift.username" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "s3_sse_config": { + "description": "The s3_sse_config configures the S3 server-side encryption.", + "properties": { + "kms_encryption_context": { + "description": "KMS Encryption Context used for object encryption. It expects JSON formatted string.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.s3.sse.kms-encryption-context" + }, + "kms_key_id": { + "description": "KMS Key ID used to encrypt objects in S3", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.s3.sse.kms-key-id" + }, + "type": { + "description": "Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.", + "type": "string", + "x-cli-flag": "\u003cprefix\u003e.s3.sse.type" + } + }, + "type": "object" + }, + "server_config": { + "description": "The server_config configures the HTTP and gRPC server of the launched service(s).", + "properties": { + "graceful_shutdown_timeout": { + "default": "30s", + "description": "Timeout for graceful shutdowns", + "type": "string", + "x-cli-flag": "server.graceful-shutdown-timeout", + "x-format": "duration" + }, + "grpc_listen_address": { + "description": "gRPC server listen address.", + "type": "string", + "x-cli-flag": "server.grpc-listen-address" + }, + "grpc_listen_conn_limit": { + "default": 0, + "description": "Maximum number of simultaneous grpc connections, \u003c=0 to disable", + "type": "number", + "x-cli-flag": "server.grpc-conn-limit" + }, + "grpc_listen_network": { + "default": "tcp", + "description": "gRPC server listen network", + "type": "string", + "x-cli-flag": "server.grpc-listen-network" + }, + "grpc_listen_port": { + "default": 9095, + "description": "gRPC server listen port.", + "type": "number", + "x-cli-flag": "server.grpc-listen-port" + }, + "grpc_server_keepalive_time": { + "default": "2h0m0s", + "description": "Duration after which a keepalive probe is sent in case of no activity over the connection., Default: 2h", + "type": "string", + "x-cli-flag": "server.grpc.keepalive.time", + "x-format": "duration" + }, + "grpc_server_keepalive_timeout": { + "default": "20s", + "description": "After having pinged for keepalive check, the duration after which an idle connection should be closed, Default: 20s", + "type": "string", + "x-cli-flag": "server.grpc.keepalive.timeout", + "x-format": "duration" + }, + "grpc_server_max_concurrent_streams": { + "default": 100, + "description": "Limit on the number of concurrent streams for gRPC calls (0 = unlimited)", + "type": "number", + "x-cli-flag": "server.grpc-max-concurrent-streams" + }, + "grpc_server_max_connection_age": { + "default": "2562047h47m16.854775807s", + "description": "The duration for the maximum amount of time a connection may exist before it will be closed. Default: infinity", + "type": "string", + "x-cli-flag": "server.grpc.keepalive.max-connection-age", + "x-format": "duration" + }, + "grpc_server_max_connection_age_grace": { + "default": "2562047h47m16.854775807s", + "description": "An additive period after max-connection-age after which the connection will be forcibly closed. Default: infinity", + "type": "string", + "x-cli-flag": "server.grpc.keepalive.max-connection-age-grace", + "x-format": "duration" + }, + "grpc_server_max_connection_idle": { + "default": "2562047h47m16.854775807s", + "description": "The duration after which an idle connection should be closed. Default: infinity", + "type": "string", + "x-cli-flag": "server.grpc.keepalive.max-connection-idle", + "x-format": "duration" + }, + "grpc_server_max_recv_msg_size": { + "default": 4194304, + "description": "Limit on the size of a gRPC message this server can receive (bytes).", + "type": "number", + "x-cli-flag": "server.grpc-max-recv-msg-size-bytes" + }, + "grpc_server_max_send_msg_size": { + "default": 4194304, + "description": "Limit on the size of a gRPC message this server can send (bytes).", + "type": "number", + "x-cli-flag": "server.grpc-max-send-msg-size-bytes" + }, + "grpc_server_min_time_between_pings": { + "default": "10s", + "description": "Minimum amount of time a client should wait before sending a keepalive ping. If client sends keepalive ping more often, server will send GOAWAY and close the connection.", + "type": "string", + "x-cli-flag": "server.grpc.keepalive.min-time-between-pings", + "x-format": "duration" + }, + "grpc_server_num_stream_workers": { + "default": 0, + "description": "Number of worker goroutines that should be used to process incoming streams.Setting this 0 (default) will disable workers and spawn a new goroutine for each stream.", + "type": "number", + "x-cli-flag": "server.grpc_server-num-stream-workers" + }, + "grpc_server_ping_without_stream_allowed": { + "default": true, + "description": "If true, server allows keepalive pings even when there are no active streams(RPCs). If false, and client sends ping when there are no active streams, server will send GOAWAY and close the connection.", + "type": "boolean", + "x-cli-flag": "server.grpc.keepalive.ping-without-stream-allowed" + }, + "grpc_tls_config": { + "properties": { + "cert_file": { + "description": "GRPC TLS server cert path.", + "type": "string", + "x-cli-flag": "server.grpc-tls-cert-path" + }, + "client_auth_type": { + "description": "GRPC TLS Client Auth type.", + "type": "string", + "x-cli-flag": "server.grpc-tls-client-auth" + }, + "client_ca_file": { + "description": "GRPC TLS Client CA path.", + "type": "string", + "x-cli-flag": "server.grpc-tls-ca-path" + }, + "key_file": { + "description": "GRPC TLS server key path.", + "type": "string", + "x-cli-flag": "server.grpc-tls-key-path" + } + }, + "type": "object" + }, + "http_listen_address": { + "description": "HTTP server listen address.", + "type": "string", + "x-cli-flag": "server.http-listen-address" + }, + "http_listen_conn_limit": { + "default": 0, + "description": "Maximum number of simultaneous http connections, \u003c=0 to disable", + "type": "number", + "x-cli-flag": "server.http-conn-limit" + }, + "http_listen_network": { + "default": "tcp", + "description": "HTTP server listen network, default tcp", + "type": "string", + "x-cli-flag": "server.http-listen-network" + }, + "http_listen_port": { + "default": 80, + "description": "HTTP server listen port.", + "type": "number", + "x-cli-flag": "server.http-listen-port" + }, + "http_path_prefix": { + "description": "Base path to serve all API routes from (e.g. /v1/)", + "type": "string", + "x-cli-flag": "server.path-prefix" + }, + "http_server_idle_timeout": { + "default": "2m0s", + "description": "Idle timeout for HTTP server", + "type": "string", + "x-cli-flag": "server.http-idle-timeout", + "x-format": "duration" + }, + "http_server_read_timeout": { + "default": "30s", + "description": "Read timeout for HTTP server", + "type": "string", + "x-cli-flag": "server.http-read-timeout", + "x-format": "duration" + }, + "http_server_write_timeout": { + "default": "30s", + "description": "Write timeout for HTTP server", + "type": "string", + "x-cli-flag": "server.http-write-timeout", + "x-format": "duration" + }, + "http_tls_config": { + "properties": { + "cert_file": { + "description": "HTTP server cert path.", + "type": "string", + "x-cli-flag": "server.http-tls-cert-path" + }, + "client_auth_type": { + "description": "HTTP TLS Client Auth type.", + "type": "string", + "x-cli-flag": "server.http-tls-client-auth" + }, + "client_ca_file": { + "description": "HTTP TLS Client CA path.", + "type": "string", + "x-cli-flag": "server.http-tls-ca-path" + }, + "key_file": { + "description": "HTTP server key path.", + "type": "string", + "x-cli-flag": "server.http-tls-key-path" + } + }, + "type": "object" + }, + "log_format": { + "default": "logfmt", + "description": "Output log messages in the given format. Valid formats: [logfmt, json]", + "type": "string", + "x-cli-flag": "log.format" + }, + "log_level": { + "default": "info", + "description": "Only log messages with the given severity or above. Valid levels: [debug, info, warn, error]", + "type": "string", + "x-cli-flag": "log.level" + }, + "log_request_at_info_level_enabled": { + "default": false, + "description": "Optionally log requests at info level instead of debug level. Applies to request headers as well if server.log-request-headers is enabled.", + "type": "boolean", + "x-cli-flag": "server.log-request-at-info-level-enabled" + }, + "log_request_exclude_headers_list": { + "description": "Comma separated list of headers to exclude from loggin. Only used if server.log-request-headers is true.", + "type": "string", + "x-cli-flag": "server.log-request-headers-exclude-list" + }, + "log_request_headers": { + "default": false, + "description": "Optionally log request headers.", + "type": "boolean", + "x-cli-flag": "server.log-request-headers" + }, + "log_source_ips_enabled": { + "default": false, + "description": "Optionally log the source IPs.", + "type": "boolean", + "x-cli-flag": "server.log-source-ips-enabled" + }, + "log_source_ips_header": { + "description": "Header field storing the source IPs. Only used if server.log-source-ips-enabled is true. If not set the default Forwarded, X-Real-IP and X-Forwarded-For headers are used", + "type": "string", + "x-cli-flag": "server.log-source-ips-header" + }, + "log_source_ips_regex": { + "description": "Regex for matching the source IPs. Only used if server.log-source-ips-enabled is true. If not set the default Forwarded, X-Real-IP and X-Forwarded-For headers are used", + "type": "string", + "x-cli-flag": "server.log-source-ips-regex" + }, + "register_instrumentation": { + "default": true, + "description": "Register the intrumentation handlers (/metrics etc).", + "type": "boolean", + "x-cli-flag": "server.register-instrumentation" + }, + "tls_cipher_suites": { + "description": "Comma-separated list of cipher suites to use. If blank, the default Go cipher suites is used.", + "type": "string", + "x-cli-flag": "server.tls-cipher-suites" + }, + "tls_min_version": { + "description": "Minimum TLS version to use. Allowed values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. If blank, the Go TLS minimum version is used.", + "type": "string", + "x-cli-flag": "server.tls-min-version" + } + }, + "type": "object" + }, + "storage_config": { + "description": "The storage_config configures the storage type Cortex uses.", + "properties": { + "engine": { + "default": "blocks", + "description": "The storage engine to use: blocks is the only supported option today.", + "type": "string", + "x-cli-flag": "store.engine" + } + }, + "type": "object" + }, + "store_gateway_config": { + "description": "The store_gateway_config configures the store-gateway service used by the blocks storage.", + "properties": { + "disabled_tenants": { + "description": "Comma separated list of tenants whose store metrics this storegateway cannot process. If specified, a storegateway that would normally pick the specified tenant(s) for processing will ignore them instead.", + "type": "string", + "x-cli-flag": "store-gateway.disabled-tenants" + }, + "enabled_tenants": { + "description": "Comma separated list of tenants whose store metrics this storegateway can process. If specified, only these tenants will be handled by storegateway, otherwise this storegateway will be enabled for all the tenants in the store-gateway cluster.", + "type": "string", + "x-cli-flag": "store-gateway.enabled-tenants" + }, + "hedged_request": { + "properties": { + "enabled": { + "default": false, + "description": "If true, hedged requests are applied to object store calls. It can help with reducing tail latency.", + "type": "boolean", + "x-cli-flag": "store-gateway.hedged-request.enabled" + }, + "max_requests": { + "default": 3, + "description": "Maximum number of hedged requests allowed for each initial request. A high number can reduce latency but increase internal calls.", + "type": "number", + "x-cli-flag": "store-gateway.hedged-request.max-requests" + }, + "quantile": { + "default": 0.9, + "description": "It is used to calculate a latency threshold to trigger hedged requests. For example, additional requests are triggered when the initial request response time exceeds the 90th percentile.", + "type": "number", + "x-cli-flag": "store-gateway.hedged-request.quantile" + } + }, + "type": "object" + }, + "query_protection": { + "properties": { + "rejection": { + "properties": { + "enabled": { + "default": false, + "description": "EXPERIMENTAL: Enable query rejection feature, where the component return 503 to all incoming query requests when the configured thresholds are breached.", + "type": "boolean", + "x-cli-flag": "store-gateway.query-protection.rejection.enabled" + }, + "threshold": { + "properties": { + "cpu_utilization": { + "default": 0, + "description": "EXPERIMENTAL: Max CPU utilization that this ingester can reach before rejecting new query request (across all tenants) in percentage, between 0 and 1. monitored_resources config must include the resource type. 0 to disable.", + "type": "number", + "x-cli-flag": "store-gateway.query-protection.rejection.threshold.cpu-utilization" + }, + "heap_utilization": { + "default": 0, + "description": "EXPERIMENTAL: Max heap utilization that this ingester can reach before rejecting new query request (across all tenants) in percentage, between 0 and 1. monitored_resources config must include the resource type. 0 to disable.", + "type": "number", + "x-cli-flag": "store-gateway.query-protection.rejection.threshold.heap-utilization" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sharding_enabled": { + "default": false, + "description": "Shard blocks across multiple store gateway instances. This option needs be set both on the store-gateway and querier when running in microservices mode.", + "type": "boolean", + "x-cli-flag": "store-gateway.sharding-enabled" + }, + "sharding_ring": { + "description": "The hash ring configuration. This option is required only if blocks sharding is enabled.", + "properties": { + "detailed_metrics_enabled": { + "default": true, + "description": "Set to true to enable ring detailed metrics. These metrics provide detailed information, such as token count and ownership per tenant. Disabling them can significantly decrease the number of metrics emitted.", + "type": "boolean", + "x-cli-flag": "store-gateway.sharding-ring.detailed-metrics-enabled" + }, + "final_sleep": { + "default": "0s", + "description": "The sleep seconds when store-gateway is shutting down. Need to be close to or larger than KV Store information propagation delay", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.final-sleep", + "x-format": "duration" + }, + "heartbeat_period": { + "default": "15s", + "description": "Period at which to heartbeat to the ring. 0 = disabled.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.heartbeat-period", + "x-format": "duration" + }, + "heartbeat_timeout": { + "default": "1m0s", + "description": "The heartbeat timeout after which store gateways are considered unhealthy within the ring. 0 = never (timeout disabled). This option needs be set both on the store-gateway and querier when running in microservices mode.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.heartbeat-timeout", + "x-format": "duration" + }, + "instance_availability_zone": { + "description": "The availability zone where this instance is running. Required if zone-awareness is enabled.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.instance-availability-zone" + }, + "instance_interface_names": { + "default": "[eth0 en0]", + "description": "Name of network interface to read address from.", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "store-gateway.sharding-ring.instance-interface-names" + }, + "keep_instance_in_the_ring_on_shutdown": { + "default": false, + "description": "True to keep the store gateway instance in the ring when it shuts down. The instance will then be auto-forgotten from the ring after 10*heartbeat_timeout.", + "type": "boolean", + "x-cli-flag": "store-gateway.sharding-ring.keep-instance-in-the-ring-on-shutdown" + }, + "kvstore": { + "description": "The key-value store used to share the hash ring across multiple instances. This option needs be set both on the store-gateway and querier when running in microservices mode.", + "properties": { + "consul": { + "$ref": "#/definitions/consul_config" + }, + "dynamodb": { + "properties": { + "max_cas_retries": { + "default": 10, + "description": "Maximum number of retries for DDB KV CAS.", + "type": "number", + "x-cli-flag": "store-gateway.sharding-ring.dynamodb.max-cas-retries" + }, + "puller_sync_time": { + "default": "1m0s", + "description": "Time to refresh local ring with information on dynamodb.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.dynamodb.puller-sync-time", + "x-format": "duration" + }, + "region": { + "description": "Region to access dynamodb.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.dynamodb.region" + }, + "table_name": { + "description": "Table name to use on dynamodb.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.dynamodb.table-name" + }, + "timeout": { + "default": "2m0s", + "description": "Timeout of dynamoDbClient requests. Default is 2m.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.dynamodb.timeout", + "x-format": "duration" + }, + "ttl": { + "default": "0s", + "description": "Time to expire items on dynamodb.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.dynamodb.ttl-time", + "x-format": "duration" + } + }, + "type": "object" + }, + "etcd": { + "$ref": "#/definitions/etcd_config" + }, + "multi": { + "properties": { + "mirror_enabled": { + "default": false, + "description": "Mirror writes to secondary store.", + "type": "boolean", + "x-cli-flag": "store-gateway.sharding-ring.multi.mirror-enabled" + }, + "mirror_timeout": { + "default": "2s", + "description": "Timeout for storing value to secondary store.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.multi.mirror-timeout", + "x-format": "duration" + }, + "primary": { + "description": "Primary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.multi.primary" + }, + "secondary": { + "description": "Secondary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.multi.secondary" + } + }, + "type": "object" + }, + "prefix": { + "default": "collectors/", + "description": "The prefix for the keys in the store. Should end with a /.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.prefix" + }, + "store": { + "default": "consul", + "description": "Backend storage to use for the ring. Supported values are: consul, etcd, inmemory, memberlist, multi.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.store" + } + }, + "type": "object" + }, + "replication_factor": { + "default": 3, + "description": "The replication factor to use when sharding blocks. This option needs be set both on the store-gateway and querier when running in microservices mode.", + "type": "number", + "x-cli-flag": "store-gateway.sharding-ring.replication-factor" + }, + "tokens_file_path": { + "description": "File path where tokens are stored. If empty, tokens are not stored at shutdown and restored at startup.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.tokens-file-path" + }, + "wait_instance_state_timeout": { + "default": "10m0s", + "description": "Timeout for waiting on store-gateway to become desired state in the ring.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.wait-instance-state-timeout", + "x-format": "duration" + }, + "wait_stability_max_duration": { + "default": "5m0s", + "description": "Maximum time to wait for ring stability at startup. If the store-gateway ring keeps changing after this period of time, the store-gateway will start anyway.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.wait-stability-max-duration", + "x-format": "duration" + }, + "wait_stability_min_duration": { + "default": "1m0s", + "description": "Minimum time to wait for ring stability at startup. 0 to disable.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-ring.wait-stability-min-duration", + "x-format": "duration" + }, + "zone_awareness_enabled": { + "default": false, + "description": "True to enable zone-awareness and replicate blocks across different availability zones.", + "type": "boolean", + "x-cli-flag": "store-gateway.sharding-ring.zone-awareness-enabled" + } + }, + "type": "object" + }, + "sharding_strategy": { + "default": "default", + "description": "The sharding strategy to use. Supported values are: default, shuffle-sharding.", + "type": "string", + "x-cli-flag": "store-gateway.sharding-strategy" + } + }, + "type": "object" + }, + "tracing_config": { + "description": "The tracing_config configures backends cortex uses.", + "properties": { + "otel": { + "properties": { + "exporter_type": { + "description": "enhance/modify traces/propagators for specific exporter. If empty, OTEL defaults will apply. Supported values are: `awsxray.`", + "type": "string", + "x-cli-flag": "tracing.otel.exporter-type" + }, + "otlp_endpoint": { + "description": "otl collector endpoint that the driver will use to send spans.", + "type": "string", + "x-cli-flag": "tracing.otel.otlp-endpoint" + }, + "round_robin": { + "default": false, + "description": "If enabled, use round_robin gRPC load balancing policy. By default, use pick_first policy. For more details, please refer to https://github.com/grpc/grpc/blob/master/doc/load-balancing.md#load-balancing-policies.", + "type": "boolean", + "x-cli-flag": "tracing.otel.round-robin" + }, + "sample_ratio": { + "default": 0.001, + "description": "Fraction of traces to be sampled. Fractions \u003e= 1 means sampling if off and everything is traced.", + "type": "number", + "x-cli-flag": "tracing.otel.sample-ratio" + }, + "tls": { + "properties": { + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "tracing.otel.tls.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "tracing.otel.tls.tls-cert-path" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "tracing.otel.tls.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "tracing.otel.tls.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "tracing.otel.tls.tls-server-name" + } + }, + "type": "object" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS in the GRPC client. This flag needs to be enabled when any other TLS flag is set. If set to false, insecure connection to gRPC server will be used.", + "type": "boolean", + "x-cli-flag": "tracing.otel.tls-enabled" + } + }, + "type": "object" + }, + "type": { + "default": "jaeger", + "description": "Tracing type. OTEL and JAEGER are currently supported. For jaeger `JAEGER_AGENT_HOST` environment variable should also be set. See: https://cortexmetrics.io/docs/guides/tracing .", + "type": "string", + "x-cli-flag": "tracing.type" + } + }, + "type": "object" + } + }, + "description": "JSON Schema for Cortex configuration file", + "properties": { + "alertmanager": { + "$ref": "#/definitions/alertmanager_config" + }, + "alertmanager_storage": { + "$ref": "#/definitions/alertmanager_storage_config" + }, + "api": { + "properties": { + "alertmanager_http_prefix": { + "default": "/alertmanager", + "description": "HTTP URL path under which the Alertmanager ui and api will be served.", + "type": "string", + "x-cli-flag": "http.alertmanager-http-prefix" + }, + "build_info_enabled": { + "default": false, + "description": "If enabled, build Info API will be served by query frontend or querier.", + "type": "boolean", + "x-cli-flag": "api.build-info-enabled" + }, + "cors_origin": { + "default": ".*", + "description": "Regex for CORS origin. It is fully anchored. Example: 'https?://(domain1|domain2)\\.com'", + "type": "string", + "x-cli-flag": "server.cors-origin" + }, + "http_request_headers_to_log": { + "default": [], + "description": "Which HTTP Request headers to add to logs", + "items": { + "type": "string" + }, + "type": "array", + "x-cli-flag": "api.http-request-headers-to-log" + }, + "prometheus_http_prefix": { + "default": "/prometheus", + "description": "HTTP URL path under which the Prometheus api will be served.", + "type": "string", + "x-cli-flag": "http.prometheus-http-prefix" + }, + "querier_default_codec": { + "default": "json", + "description": "Choose default codec for querier response serialization. Supports 'json' and 'protobuf'.", + "type": "string", + "x-cli-flag": "api.querier-default-codec" + }, + "request_id_header": { + "description": "HTTP header that can be used as request id", + "type": "string", + "x-cli-flag": "api.request-id-header" + }, + "response_compression_enabled": { + "default": false, + "description": "Use GZIP compression for API responses. Some endpoints serve large YAML or JSON blobs which can benefit from compression.", + "type": "boolean", + "x-cli-flag": "api.response-compression-enabled" + } + }, + "type": "object" + }, + "auth_enabled": { + "default": true, + "description": "Set to false to disable auth.", + "type": "boolean", + "x-cli-flag": "auth.enabled" + }, + "blocks_storage": { + "$ref": "#/definitions/blocks_storage_config" + }, + "compactor": { + "$ref": "#/definitions/compactor_config" + }, + "configs": { + "$ref": "#/definitions/configs_config" + }, + "distributor": { + "$ref": "#/definitions/distributor_config" + }, + "flusher": { + "$ref": "#/definitions/flusher_config" + }, + "frontend": { + "$ref": "#/definitions/query_frontend_config" + }, + "frontend_worker": { + "$ref": "#/definitions/frontend_worker_config" + }, + "http_prefix": { + "default": "/api/prom", + "description": "HTTP path prefix for Cortex API.", + "type": "string", + "x-cli-flag": "http.prefix" + }, + "ingester": { + "$ref": "#/definitions/ingester_config" + }, + "ingester_client": { + "$ref": "#/definitions/ingester_client_config" + }, + "limits": { + "$ref": "#/definitions/limits_config" + }, + "memberlist": { + "$ref": "#/definitions/memberlist_config" + }, + "parquet_converter": { + "properties": { + "conversion_interval": { + "default": "1m0s", + "description": "How often to check for new TSDB blocks to convert to parquet format.", + "type": "string", + "x-cli-flag": "parquet-converter.conversion-interval", + "x-format": "duration" + }, + "data_dir": { + "default": "./data", + "description": "Local directory path for caching TSDB blocks during parquet conversion.", + "type": "string", + "x-cli-flag": "parquet-converter.data-dir" + }, + "file_buffer_enabled": { + "default": true, + "description": "Enable disk-based write buffering to reduce memory consumption during parquet file generation.", + "type": "boolean", + "x-cli-flag": "parquet-converter.file-buffer-enabled" + }, + "max_rows_per_row_group": { + "default": 1000000, + "description": "Maximum number of time series per parquet row group. Larger values improve compression but may reduce performance during reads.", + "type": "number", + "x-cli-flag": "parquet-converter.max-rows-per-row-group" + }, + "meta_sync_concurrency": { + "default": 20, + "description": "Maximum concurrent goroutines for downloading block metadata from object storage.", + "type": "number", + "x-cli-flag": "parquet-converter.meta-sync-concurrency" + }, + "ring": { + "properties": { + "auto_forget_delay": { + "default": "2m0s", + "description": "Time since last heartbeat before parquet-converter will be removed from ring. 0 to disable", + "type": "string", + "x-cli-flag": "parquet-converter.auto-forget-delay", + "x-format": "duration" + }, + "heartbeat_period": { + "default": "5s", + "description": "Period at which to heartbeat to the ring. 0 = disabled.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.heartbeat-period", + "x-format": "duration" + }, + "heartbeat_timeout": { + "default": "1m0s", + "description": "The heartbeat timeout after which parquet-converter are considered unhealthy within the ring. 0 = never (timeout disabled).", + "type": "string", + "x-cli-flag": "parquet-converter.ring.heartbeat-timeout", + "x-format": "duration" + }, + "kvstore": { + "properties": { + "consul": { + "$ref": "#/definitions/consul_config" + }, + "dynamodb": { + "properties": { + "max_cas_retries": { + "default": 10, + "description": "Maximum number of retries for DDB KV CAS.", + "type": "number", + "x-cli-flag": "parquet-converter.ring.dynamodb.max-cas-retries" + }, + "puller_sync_time": { + "default": "1m0s", + "description": "Time to refresh local ring with information on dynamodb.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.dynamodb.puller-sync-time", + "x-format": "duration" + }, + "region": { + "description": "Region to access dynamodb.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.dynamodb.region" + }, + "table_name": { + "description": "Table name to use on dynamodb.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.dynamodb.table-name" + }, + "timeout": { + "default": "2m0s", + "description": "Timeout of dynamoDbClient requests. Default is 2m.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.dynamodb.timeout", + "x-format": "duration" + }, + "ttl": { + "default": "0s", + "description": "Time to expire items on dynamodb.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.dynamodb.ttl-time", + "x-format": "duration" + } + }, + "type": "object" + }, + "etcd": { + "$ref": "#/definitions/etcd_config" + }, + "multi": { + "properties": { + "mirror_enabled": { + "default": false, + "description": "Mirror writes to secondary store.", + "type": "boolean", + "x-cli-flag": "parquet-converter.ring.multi.mirror-enabled" + }, + "mirror_timeout": { + "default": "2s", + "description": "Timeout for storing value to secondary store.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.multi.mirror-timeout", + "x-format": "duration" + }, + "primary": { + "description": "Primary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.multi.primary" + }, + "secondary": { + "description": "Secondary backend storage used by multi-client.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.multi.secondary" + } + }, + "type": "object" + }, + "prefix": { + "default": "collectors/", + "description": "The prefix for the keys in the store. Should end with a /.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.prefix" + }, + "store": { + "default": "consul", + "description": "Backend storage to use for the ring. Supported values are: consul, etcd, inmemory, memberlist, multi.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.store" + } + }, + "type": "object" + }, + "tokens_file_path": { + "description": "File path where tokens are stored. If empty, tokens are not stored at shutdown and restored at startup.", + "type": "string", + "x-cli-flag": "parquet-converter.ring.tokens-file-path" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "querier": { + "$ref": "#/definitions/querier_config" + }, + "query_range": { + "$ref": "#/definitions/query_range_config" + }, + "query_scheduler": { + "properties": { + "grpc_client_config": { + "description": "This configures the gRPC client used to report errors back to the query-frontend.", + "properties": { + "backoff_config": { + "properties": { + "max_period": { + "default": "10s", + "description": "Maximum delay when backing off.", + "type": "string", + "x-cli-flag": "query-scheduler.grpc-client-config.backoff-max-period", + "x-format": "duration" + }, + "max_retries": { + "default": 10, + "description": "Number of times to backoff and retry before failing.", + "type": "number", + "x-cli-flag": "query-scheduler.grpc-client-config.backoff-retries" + }, + "min_period": { + "default": "100ms", + "description": "Minimum delay when backing off.", + "type": "string", + "x-cli-flag": "query-scheduler.grpc-client-config.backoff-min-period", + "x-format": "duration" + } + }, + "type": "object" + }, + "backoff_on_ratelimits": { + "default": false, + "description": "Enable backoff and retry when we hit ratelimits.", + "type": "boolean", + "x-cli-flag": "query-scheduler.grpc-client-config.backoff-on-ratelimits" + }, + "connect_timeout": { + "default": "5s", + "description": "The maximum amount of time to establish a connection. A value of 0 means using default gRPC client connect timeout 20s.", + "type": "string", + "x-cli-flag": "query-scheduler.grpc-client-config.connect-timeout", + "x-format": "duration" + }, + "grpc_compression": { + "description": "Use compression when sending messages. Supported values are: 'gzip', 'snappy', 'snappy-block' ,'zstd' and '' (disable compression)", + "type": "string", + "x-cli-flag": "query-scheduler.grpc-client-config.grpc-compression" + }, + "max_recv_msg_size": { + "default": 104857600, + "description": "gRPC client max receive message size (bytes).", + "type": "number", + "x-cli-flag": "query-scheduler.grpc-client-config.grpc-max-recv-msg-size" + }, + "max_send_msg_size": { + "default": 16777216, + "description": "gRPC client max send message size (bytes).", + "type": "number", + "x-cli-flag": "query-scheduler.grpc-client-config.grpc-max-send-msg-size" + }, + "rate_limit": { + "default": 0, + "description": "Rate limit for gRPC client; 0 means disabled.", + "type": "number", + "x-cli-flag": "query-scheduler.grpc-client-config.grpc-client-rate-limit" + }, + "rate_limit_burst": { + "default": 0, + "description": "Rate limit burst for gRPC client.", + "type": "number", + "x-cli-flag": "query-scheduler.grpc-client-config.grpc-client-rate-limit-burst" + }, + "tls_ca_path": { + "description": "Path to the CA certificates file to validate server certificate against. If not set, the host's root CA certificates are used.", + "type": "string", + "x-cli-flag": "query-scheduler.grpc-client-config.tls-ca-path" + }, + "tls_cert_path": { + "description": "Path to the client certificate file, which will be used for authenticating with the server. Also requires the key path to be configured.", + "type": "string", + "x-cli-flag": "query-scheduler.grpc-client-config.tls-cert-path" + }, + "tls_enabled": { + "default": false, + "description": "Enable TLS in the GRPC client. This flag needs to be enabled when any other TLS flag is set. If set to false, insecure connection to gRPC server will be used.", + "type": "boolean", + "x-cli-flag": "query-scheduler.grpc-client-config.tls-enabled" + }, + "tls_insecure_skip_verify": { + "default": false, + "description": "Skip validating server certificate.", + "type": "boolean", + "x-cli-flag": "query-scheduler.grpc-client-config.tls-insecure-skip-verify" + }, + "tls_key_path": { + "description": "Path to the key file for the client certificate. Also requires the client certificate to be configured.", + "type": "string", + "x-cli-flag": "query-scheduler.grpc-client-config.tls-key-path" + }, + "tls_server_name": { + "description": "Override the expected name on the server certificate.", + "type": "string", + "x-cli-flag": "query-scheduler.grpc-client-config.tls-server-name" + } + }, + "type": "object" + }, + "querier_forget_delay": { + "default": "0s", + "description": "If a querier disconnects without sending notification about graceful shutdown, the query-scheduler will keep the querier in the tenant's shard until the forget delay has passed. This feature is useful to reduce the blast radius when shuffle-sharding is enabled.", + "type": "string", + "x-cli-flag": "query-scheduler.querier-forget-delay", + "x-format": "duration" + } + }, + "type": "object" + }, + "resource_monitor": { + "properties": { + "cpu_rate_interval": { + "default": "1m0s", + "description": "Interval to calculate average CPU rate. Must be greater than resource monitor interval.", + "type": "string", + "x-cli-flag": "resource-monitor.cpu-rate-interval", + "x-format": "duration" + }, + "interval": { + "default": "100ms", + "description": "Update interval of resource monitor. Must be greater than 0.", + "type": "string", + "x-cli-flag": "resource-monitor.interval", + "x-format": "duration" + }, + "resources": { + "description": "Comma-separated list of resources to monitor. Supported values are cpu and heap, which tracks metrics from github.com/prometheus/procfs and runtime/metrics that are close estimates. Empty string to disable.", + "type": "string", + "x-cli-flag": "resource-monitor.resources" + } + }, + "type": "object" + }, + "ruler": { + "$ref": "#/definitions/ruler_config" + }, + "ruler_storage": { + "$ref": "#/definitions/ruler_storage_config" + }, + "runtime_config": { + "$ref": "#/definitions/runtime_configuration_storage_config" + }, + "server": { + "$ref": "#/definitions/server_config" + }, + "storage": { + "$ref": "#/definitions/storage_config" + }, + "store_gateway": { + "$ref": "#/definitions/store_gateway_config" + }, + "target": { + "default": "all", + "description": "Comma-separated list of Cortex modules to load. The alias 'all' can be used in the list to load a number of core modules and will enable single-binary mode. Use '-modules' command line flag to get a list of available modules, and to see which modules are included in 'all'.", + "type": "string", + "x-cli-flag": "target" + }, + "tenant_federation": { + "properties": { + "enabled": { + "default": false, + "description": "If enabled on all Cortex services, queries can be federated across multiple tenants. The tenant IDs involved need to be specified separated by a `|` character in the `X-Scope-OrgID` header (experimental).", + "type": "boolean", + "x-cli-flag": "tenant-federation.enabled" + }, + "max_concurrent": { + "default": 16, + "description": "The number of workers used to process each federated query.", + "type": "number", + "x-cli-flag": "tenant-federation.max-concurrent" + }, + "max_tenant": { + "default": 0, + "description": "A maximum number of tenants to query at once. 0 means no limit.", + "type": "number", + "x-cli-flag": "tenant-federation.max-tenant" + }, + "regex_matcher_enabled": { + "default": false, + "description": "[Experimental] If enabled, the `X-Scope-OrgID` header value can accept a regex and the matched tenantIDs are automatically involved. The regex matching rule follows the Prometheus, see the detail: https://prometheus.io/docs/prometheus/latest/querying/basics/#regular-expressions. The user discovery is based on scanning block storage, so new users can get queries after uploading a block (generally 2h).", + "type": "boolean", + "x-cli-flag": "tenant-federation.regex-matcher-enabled" + }, + "user_sync_interval": { + "default": "5m0s", + "description": "[Experimental] If the regex matcher is enabled, it specifies how frequently to scan users. The scanned users are used to calculate matched tenantIDs. The scanning strategy depends on the `-blocks-storage.users-scanner.strategy`.", + "type": "string", + "x-cli-flag": "tenant-federation.user-sync-interval", + "x-format": "duration" + } + }, + "type": "object" + }, + "tracing": { + "$ref": "#/definitions/tracing_config" + } + }, + "title": "Cortex Configuration Schema", + "type": "object" +} diff --git a/tools/doc-generator/json_schema_writer.go b/tools/doc-generator/json_schema_writer.go new file mode 100644 index 00000000000..2ff96a13fb3 --- /dev/null +++ b/tools/doc-generator/json_schema_writer.go @@ -0,0 +1,238 @@ +package main + +import ( + "encoding/json" + "fmt" + "io" + "strings" +) + +type JSONSchemaWriter struct { + out io.Writer +} + +func NewJSONSchemaWriter(out io.Writer) *JSONSchemaWriter { + return &JSONSchemaWriter{out: out} +} + +func (w *JSONSchemaWriter) WriteSchema(blocks []*configBlock) error { + schema := w.generateJSONSchema(blocks) + + encoder := json.NewEncoder(w.out) + encoder.SetIndent("", " ") + return encoder.Encode(schema) +} + +func (w *JSONSchemaWriter) generateJSONSchema(blocks []*configBlock) map[string]interface{} { + schema := map[string]interface{}{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://raw.githubusercontent.com/cortexproject/cortex/master/schemas/cortex-config-schema.json", + "title": "Cortex Configuration Schema", + "description": "JSON Schema for Cortex configuration file", + "type": "object", + "properties": map[string]interface{}{}, + "definitions": map[string]interface{}{}, + } + + properties := schema["properties"].(map[string]interface{}) + definitions := schema["definitions"].(map[string]interface{}) + + // Process each config block + for _, block := range blocks { + if block.name == "" { + // This is the root block, process its entries as top-level properties + w.processBlockEntries(block, properties, definitions) + } else { + // This is a named block, add it to definitions + definitions[block.name] = w.generateBlockSchema(block) + } + } + + return schema +} + +func (w *JSONSchemaWriter) processBlockEntries(block *configBlock, properties map[string]interface{}, definitions map[string]interface{}) { + for _, entry := range block.entries { + switch entry.kind { + case "field": + properties[entry.name] = w.generateFieldSchema(entry) + case "block": + if entry.root { + // Root blocks are referenced via $ref + properties[entry.name] = map[string]interface{}{ + "$ref": fmt.Sprintf("#/definitions/%s", entry.block.name), + } + // Add the block to definitions if not already there + if _, exists := definitions[entry.block.name]; !exists { + definitions[entry.block.name] = w.generateBlockSchema(entry.block) + } + } else { + // Inline blocks are embedded directly + properties[entry.name] = w.generateBlockSchema(entry.block) + } + } + } +} + +func (w *JSONSchemaWriter) generateBlockSchema(block *configBlock) map[string]interface{} { + obj := map[string]interface{}{ + "type": "object", + "properties": map[string]interface{}{}, + } + + if block.desc != "" { + obj["description"] = block.desc + } + + properties := obj["properties"].(map[string]interface{}) + + for _, entry := range block.entries { + switch entry.kind { + case "field": + properties[entry.name] = w.generateFieldSchema(entry) + case "block": + if entry.root { + // Reference to another root block + properties[entry.name] = map[string]interface{}{ + "$ref": fmt.Sprintf("#/definitions/%s", entry.block.name), + } + } else { + // Inline nested block + properties[entry.name] = w.generateBlockSchema(entry.block) + } + } + } + + return obj +} + +func (w *JSONSchemaWriter) generateFieldSchema(entry *configEntry) map[string]interface{} { + prop := map[string]interface{}{ + "type": w.getJSONType(entry.fieldType), + } + + // Add description + if entry.fieldDesc != "" { + prop["description"] = entry.fieldDesc + } + + // Add default value + if entry.fieldDefault != "" { + prop["default"] = w.parseDefaultValue(entry.fieldDefault, entry.fieldType) + } + + // Add CLI flag information + if entry.fieldFlag != "" { + prop["x-cli-flag"] = entry.fieldFlag + } + + // Add format hints based on type + switch entry.fieldType { + case "duration": + prop["x-format"] = "duration" + prop["type"] = "string" + case "url": + prop["format"] = "uri" + prop["type"] = "string" + case "time": + prop["format"] = "date-time" + prop["type"] = "string" + } + + // Handle list types + if strings.HasPrefix(entry.fieldType, "list of ") { + prop["type"] = "array" + itemType := strings.TrimPrefix(entry.fieldType, "list of ") + prop["items"] = map[string]interface{}{ + "type": w.getJSONType(itemType), + } + } + + // Handle map types + if strings.HasPrefix(entry.fieldType, "map of ") { + prop["type"] = "object" + prop["additionalProperties"] = true + } + + // Mark required fields + if entry.required { + prop["x-required"] = true + } + + return prop +} + +func (w *JSONSchemaWriter) getJSONType(goType string) string { + switch goType { + case "string": + return "string" + case "int", "float": + return "number" + case "boolean": + return "boolean" + case "duration", "url", "time": + return "string" + default: + // Handle complex types + if strings.HasPrefix(goType, "list of ") { + return "array" + } + if strings.HasPrefix(goType, "map of ") { + return "object" + } + // Default to string for unknown types + return "string" + } +} + +func (w *JSONSchemaWriter) parseDefaultValue(defaultStr, goType string) interface{} { + if defaultStr == "" { + return nil + } + + switch goType { + case "boolean": + return defaultStr == "true" + case "int": + if val, err := parseInt(defaultStr); err == nil { + return val + } + return defaultStr + case "float": + if val, err := parseFloat(defaultStr); err == nil { + return val + } + return defaultStr + default: + // Handle special cases + if defaultStr == "[]" { + return []interface{}{} + } + if strings.HasPrefix(defaultStr, "[") && strings.HasSuffix(defaultStr, "]") { + // Try to parse as JSON array + var arr []interface{} + if err := json.Unmarshal([]byte(defaultStr), &arr); err == nil { + return arr + } + } + return defaultStr + } +} + +// Helper functions for parsing +func parseInt(s string) (int64, error) { + var result int64 + var err error + if strings.Contains(s, "e+") || strings.Contains(s, "E+") { + return 0, fmt.Errorf("scientific notation not supported") + } + _, err = fmt.Sscanf(s, "%d", &result) + return result, err +} + +func parseFloat(s string) (float64, error) { + var result float64 + var err error + _, err = fmt.Sscanf(s, "%f", &result) + return result, err +} diff --git a/tools/doc-generator/main.go b/tools/doc-generator/main.go index 58a1787ee27..2e13d3c906e 100644 --- a/tools/doc-generator/main.go +++ b/tools/doc-generator/main.go @@ -3,6 +3,7 @@ package main import ( "flag" "fmt" + "io" "os" "path/filepath" "reflect" @@ -313,11 +314,63 @@ func generateBlockMarkdown(blocks []*configBlock, blockName, fieldName string) s return "" } +func generateJSONSchemaMain(outputFile string) { + // Create a Cortex config instance + cfg := &cortex.Config{} + + // Parse CLI flags to map them with config fields + flags := parseFlags(cfg) + + // Parse the config structure + blocks, err := parseConfig(nil, cfg, flags, map[string]struct{}{}) + if err != nil { + fmt.Fprintf(os.Stderr, "Error parsing config: %s\n", err.Error()) + os.Exit(1) + } + + // Annotate the flags prefix for each root block + annotateFlagPrefix(blocks) + + // Generate JSON schema + var output io.Writer + if outputFile != "" { + file, err := os.Create(outputFile) + if err != nil { + fmt.Fprintf(os.Stderr, "Error creating file: %s\n", err.Error()) + os.Exit(1) + } + defer file.Close() + output = file + } else { + output = os.Stdout + } + + writer := NewJSONSchemaWriter(output) + err = writer.WriteSchema(blocks) + if err != nil { + fmt.Fprintf(os.Stderr, "Error writing JSON schema: %s\n", err.Error()) + os.Exit(1) + } + + if outputFile != "" { + fmt.Printf("JSON schema written to %s\n", outputFile) + } +} + func main() { // Parse the generator flags. + jsonSchema := flag.Bool("json-schema", false, "Generate JSON schema instead of markdown documentation") + outputFile := flag.String("output", "", "Output file for schema (default: stdout)") flag.Parse() + + // If JSON schema generation is requested + if *jsonSchema { + generateJSONSchemaMain(*outputFile) + return + } + if flag.NArg() != 1 { - fmt.Fprintf(os.Stderr, "Usage: doc-generator template-file") + fmt.Fprintf(os.Stderr, "Usage: doc-generator [-json-schema] [-output file] template-file") os.Exit(1) }