Skip to content

Commit

Permalink
docs: added additional GCS authentication information (backport relea…
Browse files Browse the repository at this point in the history
…se-3.2.x) (#15125)

Co-authored-by: Sean P. <[email protected]>
  • Loading branch information
loki-gh-app[bot] and skpaz authored Nov 26, 2024
1 parent d468a41 commit b4a8273
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion docs/sources/configure/storage.md
Original file line number Diff line number Diff line change
Expand Up @@ -237,9 +237,14 @@ storage_config:
tsdb_shipper:
active_index_directory: /loki/index
cache_location: /loki/index_cache
cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space
cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space
gcs:
bucket_name: <bucket>
service_account: |
{
"type": "service_account",
...
}
schema_config:
configs:
Expand All @@ -252,6 +257,14 @@ schema_config:
period: 24h
```

`service_account` should contain JSON from either a GCP Console `client_credentials.json` file or a GCP service account key. If this value is blank, most services will fall back to GCP's Application Default Credentials (ADC) strategy. For more information about ADC, refer to [How Application Default Credentials works](https://cloud.google.com/docs/authentication/application-default-credentials).

The [pre-defined `storage.objectUser` role](https://cloud.google.com/storage/docs/access-control/iam-roles) (or a custom role modeled after it) contains sufficient permissions for Loki to operate.

{{< admonition type="note" >}}
GCP recommends [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation) instead of a service account key.
{{< /admonition >}}

### AWS deployment (S3 Single Store)

```yaml
Expand Down

0 comments on commit b4a8273

Please sign in to comment.