diff --git a/kubernetes/monitoring/alloy.nix b/kubernetes/monitoring/alloy.nix
new file mode 100644
index 0000000..21bcbd8
--- /dev/null
+++ b/kubernetes/monitoring/alloy.nix
@@ -0,0 +1,28 @@
+{ transpire, ... }:
+
+{
+  namespaces.alloy = {
+    helmReleases.alloy = {
+      chart = transpire.fetchFromHelm {
+        repo = "https://grafana.github.io/helm-charts";
+        name = "alloy";
+        version = "0.3.2";
+        sha256 = "/H288hrHvRSWQz/aHacsPtBs0jVOYlpIC9RC3+nm1Ow=";
+      };
+
+      values = {
+        controller = {
+          type = "statefulset";
+          replicas = 3;
+        };
+
+        alloy = {
+          clustering.enabled = true;
+          configMap.content = builtins.readFile ./alloy/config.alloy;
+        };
+      };
+
+      includeCRDs = true;
+    };
+  };
+}
diff --git a/kubernetes/monitoring/alloy/config.alloy b/kubernetes/monitoring/alloy/config.alloy
new file mode 100644
index 0000000..b90bc45
--- /dev/null
+++ b/kubernetes/monitoring/alloy/config.alloy
@@ -0,0 +1,105 @@
+discovery.kubernetes "pods" { role = "pod" }
+discovery.kubernetes "nodes" { role = "node" }
+
+discovery.relabel "nodes" {
+  targets = discovery.kubernetes.nodes.targets
+  rule {
+    source_labels = ["__meta_kubernetes_node_name"]
+    target_label = "node"
+  }
+}
+
+discovery.relabel "nodes_cadvisor" {
+  targets = discovery.relabel.nodes.output
+  rule {
+    replacement   = "/metrics/cadvisor"
+    target_label  = "__metrics_path__"
+  }
+}
+
+discovery.relabel "pods" {
+  targets = discovery.kubernetes.pods.targets
+  rule {
+    source_labels = ["__meta_kubernetes_namespace"]
+    target_label = "namespace"
+  }
+  rule {
+    source_labels = ["__meta_kubernetes_pod_name"]
+    target_label = "pod"
+  }
+  rule {
+    source_labels = ["__meta_kubernetes_pod_container_name"]
+    target_label = "container"
+  }
+  rule {
+    source_labels = ["__meta_kubernetes_pod_node_name"]
+    target_label = "node"
+  }
+  rule {
+    source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"]
+    target_label = "app"
+  }
+  rule {
+    source_labels = ["__meta_kubernetes_pod_label_app"]
+    target_label = "app"
+  }
+}
+
+//////////
+// Loki //
+//////////
+
+loki.source.kubernetes "pods" {
+  targets = discovery.relabel.pods.output
+  forward_to = [loki.write.default.receiver]
+  clustering { enabled = true }
+}
+
+loki.source.kubernetes_events "default" {
+  forward_to = [loki.write.default.receiver]
+}
+
+loki.write "default" {
+  endpoint { url = "http://loki-gateway.loki.svc.cluster.local/loki/api/v1/push" }
+}
+
+////////////////
+// Prometheus //
+////////////////
+
+prometheus.scrape "pods" {
+  targets = discovery.relabel.pods.output
+  forward_to = [prometheus.remote_write.default.receiver]
+  clustering { enabled = true }
+}
+
+prometheus.scrape "nodes_cadvisor" {
+	targets = discovery.relabel.nodes_cadvisor.output
+	forward_to = [prometheus.remote_write.default.receiver]
+  bearer_token_file = "/var/run/secrets/kubernetes.io/serviceaccount/token"
+  scheme = "https"
+	tls_config {
+		ca_file = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+		insecure_skip_verify = false
+	}
+  clustering { enabled = true }
+}
+
+prometheus.operator.servicemonitors "default" {
+  forward_to = [prometheus.remote_write.default.receiver]
+  clustering { enabled = true }
+}
+
+prometheus.operator.podmonitors "default" {
+  forward_to = [prometheus.remote_write.default.receiver]
+  clustering { enabled = true }
+}
+
+prometheus.operator.probes "default" {
+  forward_to = [prometheus.remote_write.default.receiver]
+  clustering { enabled = true }
+}
+
+prometheus.remote_write "default" {
+  endpoint { url = "http://mimir-gateway.mimir.svc.cluster.local/api/v1/push" }
+}