The issue of integrating an S3 bucket using a serviceAccount (Loki version 3.1.x)

[박은화]

Hi,

I migrated Loki from version 2.9 to 3.1, but I have an issue with accessing S3.
Instead of using access/secret keys, I want to use a serviceAccount to access S3.
(https://github.com/grafana/loki/blob/main/production/helm/loki/values.yaml#L714)

Could anyone share an example?

I tried the configuration below, but it failed, and now all Loki-write pods are in an unhealthy state.


[ values.yaml ]

loki: schemaConfig: configs: - from: 2024-04-01 store: tsdb object_store: s3 schema: v13 index: prefix: loki_index_ period: 24h ingester: chunk_encoding: snappy tracing: enabled: true querier: max_concurrent: 4 storage: type: s3 bucketNames: chunks: xxx-loki ruler: xxx-loki admin: xxx-loki s3: region: ap-northeast-2 s3ForcePathStyle: false insecure: false http_config: {} serviceAccount: create: true name: "loki" annotations: "eks.amazonaws.com/role-arn": "arn:aws:iam::xxxx:role/xxx" automountServiceAccountToken: true chunksCache: resources: limits: cpu: 1 memory: 1000Mi requests: cpu: 0.5 memory: 1000Mi deploymentMode: SimpleScalable backend: replicas: 3 read: replicas: 3 write: replicas: 3 # Disable minio storage minio: enabled: false # Zero out replica counts of other deployment modes singleBinary: replicas: 0 ingester: replicas: 0 querier: replicas: 0 queryFrontend: replicas: 0 queryScheduler: replicas: 0 distributor: replicas: 0 compactor: replicas: 0 indexGateway: replicas: 0 bloomCompactor: replicas: 0 bloomGateway: replicas: 0


Thank you!