Connect Amazon Managed Grafana to Loki in EKS cluster

Question

I have Loki running in my EKS cluster. I want to add a Loki datasource in Amazon Managed Grafana. How can I connect AMG to Loki instance inside the EKS cluster?

Answer 1

To connect from AMG to Loki deployed in EKS, you can set up Ingress for Loki. It's worth noting that this is not the best method, as such a setup makes Loki accessible from the public internet, which is unnecessary in the case of using AMG. It would be better to avoid exposing Loki to the public internet by setting up a VPC for AMG and linking this VPC with the EKS cluster.

Anyway, to set up Ingress, you can configure a gateway in Loki values as follows:

gateway:
  ingress:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: "cert-manager-issuer"
    ingressClassName: nginx
    hosts:
      - host: <domain>
        paths:
          - path: /
            pathType: Prefix
    tls:
      - hosts:
          - <domain>
        secretName: loki-cert
  basicAuth:
    enabled: true
    username: <username>
    password: <password>

Also, remember to configure the log collection agent to use Basic auth, an example for Promtail:

config:
  clients:
    - url: http://loki-gateway.<namespace>.svc.cluster.local/loki/api/v1/push
      tenant_id: 1
      basic_auth:
        username: <username>
        password: <password>

In this configs:

• <domain> - host for using TLS, should be configured before enabling Ingress. The cert-manager should be configured
• <username>, <password> - for Basic auth, will also be used for configuring datasource in Grafana
• <namespace> - namespace in EKS where Promtail is deployed

After this, Loki will be available for connection in AMG.

Answer 2

In the end, I have created a private hosted zone, added a DNS entry pointing to Loki instance and used this name in the datasource URL. You also have to configure the connection to the VPC hosting Loki in your AMG workspace.