Closed martinohmann closed 1 month ago
helmrelease
changes in kubernetes/main
--- HelmRelease: monitoring/grafana ConfigMap: monitoring/grafana
+++ HelmRelease: monitoring/grafana ConfigMap: monitoring/grafana
@@ -58,20 +58,29 @@
name: Prometheus
type: prometheus
uid: prometheus
url: http://thanos-query-frontend.monitoring.svc.cluster.local:10902
- access: proxy
jsonData:
+ maxLines: 250
+ name: Loki
+ type: loki
+ uid: loki
+ url: http://loki-headless.monitoring.svc.cluster.local:3100
+ - access: proxy
+ jsonData:
implementation: prometheus
name: Alertmanager
type: alertmanager
uid: alertmanager
url: http://alertmanager-operated.monitoring.svc.cluster.local:9093
deleteDatasources:
- name: Prometheus
orgId: 1
+ - name: Loki
+ orgId: 1
- name: Alertmanager
orgId: 1
dashboardproviders.yaml: |
apiVersion: 1
providers:
- disableDeletion: false
--- HelmRelease: monitoring/promtail ServiceAccount: monitoring/promtail
+++ HelmRelease: monitoring/promtail ServiceAccount: monitoring/promtail
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: promtail
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: monitoring/promtail ClusterRole: monitoring/promtail
+++ HelmRelease: monitoring/promtail ClusterRole: monitoring/promtail
@@ -0,0 +1,23 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: promtail
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+ - ''
+ resources:
+ - nodes
+ - nodes/proxy
+ - services
+ - endpoints
+ - pods
+ verbs:
+ - get
+ - watch
+ - list
+
--- HelmRelease: monitoring/promtail ClusterRoleBinding: monitoring/promtail
+++ HelmRelease: monitoring/promtail ClusterRoleBinding: monitoring/promtail
@@ -0,0 +1,18 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: promtail
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+subjects:
+- kind: ServiceAccount
+ name: promtail
+ namespace: monitoring
+roleRef:
+ kind: ClusterRole
+ name: promtail
+ apiGroup: rbac.authorization.k8s.io
+
--- HelmRelease: monitoring/promtail Service: monitoring/promtail-metrics
+++ HelmRelease: monitoring/promtail Service: monitoring/promtail-metrics
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: promtail-metrics
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ port: 3101
+ targetPort: http-metrics
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+
--- HelmRelease: monitoring/promtail DaemonSet: monitoring/promtail
+++ HelmRelease: monitoring/promtail DaemonSet: monitoring/promtail
@@ -0,0 +1,89 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: promtail
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ updateStrategy: {}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ spec:
+ serviceAccountName: promtail
+ enableServiceLinks: true
+ securityContext:
+ runAsGroup: 0
+ runAsUser: 0
+ containers:
+ - name: promtail
+ image: docker.io/grafana/promtail:3.0.0
+ imagePullPolicy: IfNotPresent
+ args:
+ - -config.file=/etc/promtail/promtail.yaml
+ volumeMounts:
+ - name: config
+ mountPath: /etc/promtail
+ - mountPath: /run/promtail
+ name: run
+ - mountPath: /var/lib/docker/containers
+ name: containers
+ readOnly: true
+ - mountPath: /var/log/pods
+ name: pods
+ readOnly: true
+ env:
+ - name: HOSTNAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ ports:
+ - name: http-metrics
+ containerPort: 3101
+ protocol: TCP
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ readinessProbe:
+ failureThreshold: 5
+ httpGet:
+ path: /ready
+ port: http-metrics
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ operator: Exists
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ volumes:
+ - name: config
+ secret:
+ secretName: promtail
+ - hostPath:
+ path: /run/promtail
+ name: run
+ - hostPath:
+ path: /var/lib/docker/containers
+ name: containers
+ - hostPath:
+ path: /var/log/pods
+ name: pods
+
--- HelmRelease: monitoring/promtail ServiceMonitor: monitoring/promtail
+++ HelmRelease: monitoring/promtail ServiceMonitor: monitoring/promtail
@@ -0,0 +1,18 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: promtail
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ endpoints:
+ - port: http-metrics
+ scheme: http
+
--- HelmRelease: monitoring/loki ServiceAccount: monitoring/loki
+++ HelmRelease: monitoring/loki ServiceAccount: monitoring/loki
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: loki
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/managed-by: Helm
+automountServiceAccountToken: true
+
--- HelmRelease: monitoring/loki ConfigMap: monitoring/loki
+++ HelmRelease: monitoring/loki ConfigMap: monitoring/loki
@@ -0,0 +1,82 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: loki
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/managed-by: Helm
+data:
+ config.yaml: |2
+
+ analytics:
+ reporting_enabled: false
+ auth_enabled: false
+ common:
+ compactor_address: 'http://loki:3100'
+ path_prefix: /var/loki
+ replication_factor: 1
+ storage:
+ filesystem:
+ chunks_directory: /var/loki/chunks
+ rules_directory: /var/loki/rules
+ frontend:
+ scheduler_address: ""
+ tail_proxy_url: ""
+ frontend_worker:
+ scheduler_address: ""
+ index_gateway:
+ mode: simple
+ ingester:
+ chunk_encoding: snappy
+ limits_config:
+ max_cache_freshness_per_query: 10m
+ query_timeout: 300s
+ reject_old_samples: true
+ reject_old_samples_max_age: 168h
+ retention_period: 14d
+ split_queries_by_interval: 15m
+ volume_enabled: true
+ memberlist:
+ join_members:
+ - loki-memberlist
+ pattern_ingester:
+ enabled: false
+ query_range:
+ align_queries_with_step: true
+ ruler:
+ storage:
+ type: local
+ runtime_config:
+ file: /etc/loki/runtime-config/runtime-config.yaml
+ schema_config:
+ configs:
+ - from: "2024-04-01"
+ index:
+ period: 24h
+ prefix: loki_index_
+ object_store: filesystem
+ schema: v13
+ store: tsdb
+ server:
+ grpc_listen_port: 9095
+ http_listen_port: 3100
+ http_server_read_timeout: 600s
+ http_server_write_timeout: 600s
+ log_level: info
+ storage_config:
+ boltdb_shipper:
+ index_gateway_client:
+ server_address: ""
+ hedging:
+ at: 250ms
+ max_per_second: 20
+ up_to: 3
+ tsdb_shipper:
+ index_gateway_client:
+ server_address: ""
+ tracing:
+ enabled: false
+
--- HelmRelease: monitoring/loki ConfigMap: monitoring/loki-gateway
+++ HelmRelease: monitoring/loki ConfigMap: monitoring/loki-gateway
@@ -0,0 +1,65 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: loki-gateway
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: gateway
+data:
+ nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid \
+ \ /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections\
+ \ 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n\
+ \ proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n\
+ \ uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\
+ \n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n\
+ \ proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version\
+ \ 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr\
+ \ - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent\
+ \ \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"\
+ ';\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush on;\n\
+ \ resolver kube-dns.kube-system.svc.cluster.local.;\n \n\n server {\n listen\
+ \ 8080;\n listen [::]:8080;\n\n location = / {\n\
+ \ return 200 'OK';\n auth_basic off;\n }\n\n ########################################################\n\
+ \ # Configure backend targets# Distributor\n location = /api/prom/push {\n\
+ \ proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location = /loki/api/v1/push {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location = /distributor/ring {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location = /otlp/v1/logs {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n\n # Ingester\n location = /flush {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location ^~ /ingester/ {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location = /ingester {\n internal; # to suppress 301\n\
+ \ }\n\n # Ring\n location = /ring {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n\n # MemberListKV\n location = /memberlist {\n proxy_pass \
+ \ http://loki.monitoring.svc.cluster.local:3100$request_uri;\n }\n\n \
+ \ # Ruler\n location = /ruler/ring {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location = /api/prom/rules {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location ^~ /api/prom/rules/ {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location = /loki/api/v1/rules {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location ^~ /loki/api/v1/rules/ {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location = /prometheus/api/v1/alerts {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location = /prometheus/api/v1/rules {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n\n # Compactor\n location = /compactor/ring {\n proxy_pass\
+ \ http://loki.monitoring.svc.cluster.local:3100$request_uri;\n }\n \
+ \ location = /loki/api/v1/delete {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location = /loki/api/v1/cache/generation_numbers {\n proxy_pass\
+ \ http://loki.monitoring.svc.cluster.local:3100$request_uri;\n }\n\n\
+ \ # IndexGateway\n location = /indexgateway/ring {\n proxy_pass \
+ \ http://loki.monitoring.svc.cluster.local:3100$request_uri;\n }\n\n \
+ \ # QueryScheduler\n location = /scheduler/ring {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n\n # Config\n location = /config {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n\n\n # QueryFrontend, Querier\n location = /api/prom/tail {\n \
+ \ proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection\
+ \ \"upgrade\";\n }\n location = /loki/api/v1/tail {\n proxy_pass \
+ \ http://loki.monitoring.svc.cluster.local:3100$request_uri;\n proxy_set_header\
+ \ Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \
+ \ }\n location ^~ /api/prom/ {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location = /api/prom {\n internal; # to suppress 301\n\
+ \ }\n location ^~ /loki/api/v1/ {\n proxy_pass http://loki.monitoring.svc.cluster.local:3100$request_uri;\n\
+ \ }\n location = /loki/api/v1 {\n internal; # to suppress 301\n\
+ \ }\n }\n}\n"
+
--- HelmRelease: monitoring/loki ConfigMap: monitoring/loki-runtime
+++ HelmRelease: monitoring/loki ConfigMap: monitoring/loki-runtime
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: loki-runtime
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/managed-by: Helm
+data:
+ runtime-config.yaml: |
+ {}
+
--- HelmRelease: monitoring/loki Service: monitoring/loki-gateway
+++ HelmRelease: monitoring/loki Service: monitoring/loki-gateway
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: loki-gateway
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: gateway
+spec:
+ type: ClusterIP
+ ports:
+ - name: http-metrics
+ port: 80
+ targetPort: http-metrics
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/component: gateway
+
--- HelmRelease: monitoring/loki Service: monitoring/loki-memberlist
+++ HelmRelease: monitoring/loki Service: monitoring/loki-memberlist
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: loki-memberlist
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/managed-by: Helm
+spec:
+ type: ClusterIP
+ clusterIP: None
+ ports:
+ - name: tcp
+ port: 7946
+ targetPort: http-memberlist
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/part-of: memberlist
+
--- HelmRelease: monitoring/loki Service: monitoring/loki-headless
+++ HelmRelease: monitoring/loki Service: monitoring/loki-headless
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: loki-headless
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/managed-by: Helm
+ variant: headless
+ prometheus.io/service-monitor: 'false'
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ port: 3100
+ targetPort: http-metrics
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+
--- HelmRelease: monitoring/loki Service: monitoring/loki
+++ HelmRelease: monitoring/loki Service: monitoring/loki
@@ -0,0 +1,26 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: loki
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/managed-by: Helm
+spec:
+ type: ClusterIP
+ ports:
+ - name: http-metrics
+ port: 3100
+ targetPort: http-metrics
+ protocol: TCP
+ - name: grpc
+ port: 9095
+ targetPort: grpc
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/component: single-binary
+
--- HelmRelease: monitoring/loki Deployment: monitoring/loki-gateway
+++ HelmRelease: monitoring/loki Deployment: monitoring/loki-gateway
@@ -0,0 +1,80 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: loki-gateway
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: gateway
+spec:
+ replicas: 1
+ strategy:
+ type: RollingUpdate
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/component: gateway
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/component: gateway
+ spec:
+ serviceAccountName: loki
+ enableServiceLinks: true
+ securityContext:
+ fsGroup: 101
+ runAsGroup: 101
+ runAsNonRoot: true
+ runAsUser: 101
+ terminationGracePeriodSeconds: 30
+ containers:
+ - name: nginx
+ image: docker.io/nginxinc/nginx-unprivileged:1.24-alpine
+ imagePullPolicy: IfNotPresent
+ ports:
+ - name: http-metrics
+ containerPort: 8080
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http-metrics
+ initialDelaySeconds: 15
+ timeoutSeconds: 1
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - name: config
+ mountPath: /etc/nginx
+ - name: tmp
+ mountPath: /tmp
+ - name: docker-entrypoint-d-override
+ mountPath: /docker-entrypoint.d
+ resources: {}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ app.kubernetes.io/component: gateway
+ topologyKey: kubernetes.io/hostname
+ volumes:
+ - name: config
+ configMap:
+ name: loki-gateway
+ - name: tmp
+ emptyDir: {}
+ - name: docker-entrypoint-d-override
+ emptyDir: {}
+
--- HelmRelease: monitoring/loki StatefulSet: monitoring/loki
+++ HelmRelease: monitoring/loki StatefulSet: monitoring/loki
@@ -0,0 +1,116 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: loki
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: single-binary
+ app.kubernetes.io/part-of: memberlist
+spec:
+ replicas: 1
+ podManagementPolicy: Parallel
+ updateStrategy:
+ rollingUpdate:
+ partition: 0
+ serviceName: loki-headless
+ revisionHistoryLimit: 10
+ persistentVolumeClaimRetentionPolicy:
+ whenDeleted: Delete
+ whenScaled: Delete
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/component: single-binary
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/component: single-binary
+ app.kubernetes.io/part-of: memberlist
+ spec:
+ serviceAccountName: loki
+ automountServiceAccountToken: true
+ enableServiceLinks: true
+ securityContext:
+ fsGroup: 10001
+ runAsGroup: 10001
+ runAsNonRoot: true
+ runAsUser: 10001
+ terminationGracePeriodSeconds: 30
+ containers:
+ - name: loki
+ image: docker.io/grafana/loki:3.0.0
+ imagePullPolicy: IfNotPresent
+ args:
+ - -config.file=/etc/loki/config/config.yaml
+ - -target=all
+ ports:
+ - name: http-metrics
+ containerPort: 3100
+ protocol: TCP
+ - name: grpc
+ containerPort: 9095
+ protocol: TCP
+ - name: http-memberlist
+ containerPort: 7946
+ protocol: TCP
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ readinessProbe:
+ httpGet:
+ path: /ready
+ port: http-metrics
+ initialDelaySeconds: 30
+ timeoutSeconds: 1
+ volumeMounts:
+ - name: tmp
+ mountPath: /tmp
+ - name: config
+ mountPath: /etc/loki/config
+ - name: runtime-config
+ mountPath: /etc/loki/runtime-config
+ - name: storage
+ mountPath: /var/loki
+ resources: {}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ app.kubernetes.io/component: single-binary
+ topologyKey: kubernetes.io/hostname
+ volumes:
+ - name: tmp
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: loki
+ items:
+ - key: config.yaml
+ path: config.yaml
+ - name: runtime-config
+ configMap:
+ name: loki-runtime
+ volumeClaimTemplates:
+ - apiVersion: v1
+ kind: PersistentVolumeClaim
+ metadata:
+ name: storage
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: openebs-hostpath
+ resources:
+ requests:
+ storage: 50Gi
+
--- HelmRelease: monitoring/loki Ingress: monitoring/loki-gateway
+++ HelmRelease: monitoring/loki Ingress: monitoring/loki-gateway
@@ -0,0 +1,28 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: loki-gateway
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: loki
+ app.kubernetes.io/instance: loki
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/component: gateway
+spec:
+ ingressClassName: internal
+ tls:
+ - hosts:
+ - loki-gateway.18b.haus
+ rules:
+ - host: loki-gateway.18b.haus
+ http:
+ paths:
+ - path: /
+ pathType: null
+ backend:
+ service:
+ name: loki-gateway
+ port:
+ number: 80
+
kustomization
changes in kubernetes/storage
--- kubernetes/storage/flux Kustomization: flux-system/cluster HelmRepository: flux-system/grafana
+++ kubernetes/storage/flux Kustomization: flux-system/cluster HelmRepository: flux-system/grafana
@@ -0,0 +1,13 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: grafana
+ namespace: flux-system
+spec:
+ interval: 1h
+ url: https://grafana.github.io/helm-charts
+
--- kubernetes/storage/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/promtail
+++ kubernetes/storage/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/promtail
@@ -0,0 +1,32 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: promtail
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: promtail
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ interval: 2h
+ path: ./kubernetes/storage/apps/monitoring/promtail/app
+ postBuild:
+ substituteFrom:
+ - kind: Secret
+ name: cluster-secrets
+ prune: true
+ retryInterval: 1m
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: monitoring
+ timeout: 5m
+ wait: false
+
--- kubernetes/storage/apps/monitoring/promtail/app Kustomization: flux-system/promtail HelmRelease: monitoring/promtail
+++ kubernetes/storage/apps/monitoring/promtail/app Kustomization: flux-system/promtail HelmRelease: monitoring/promtail
@@ -0,0 +1,37 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: promtail
+ kustomize.toolkit.fluxcd.io/name: promtail
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: promtail
+ namespace: monitoring
+spec:
+ chart:
+ spec:
+ chart: promtail
+ sourceRef:
+ kind: HelmRepository
+ name: grafana
+ namespace: flux-system
+ version: 6.16.3
+ install:
+ remediation:
+ retries: 3
+ interval: 2h
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ values:
+ config:
+ clients:
+ - external_labels:
+ cluster: storage
+ url: https://loki-gateway.18b.haus/loki/api/v1/push
+ fullnameOverride: promtail
+ serviceMonitor:
+ enabled: true
+
helmrelease
changes in kubernetes/storage
--- HelmRelease: monitoring/promtail ServiceAccount: monitoring/promtail
+++ HelmRelease: monitoring/promtail ServiceAccount: monitoring/promtail
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: promtail
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: monitoring/promtail ClusterRole: monitoring/promtail
+++ HelmRelease: monitoring/promtail ClusterRole: monitoring/promtail
@@ -0,0 +1,23 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: promtail
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+ - ''
+ resources:
+ - nodes
+ - nodes/proxy
+ - services
+ - endpoints
+ - pods
+ verbs:
+ - get
+ - watch
+ - list
+
--- HelmRelease: monitoring/promtail ClusterRoleBinding: monitoring/promtail
+++ HelmRelease: monitoring/promtail ClusterRoleBinding: monitoring/promtail
@@ -0,0 +1,18 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: promtail
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+subjects:
+- kind: ServiceAccount
+ name: promtail
+ namespace: monitoring
+roleRef:
+ kind: ClusterRole
+ name: promtail
+ apiGroup: rbac.authorization.k8s.io
+
--- HelmRelease: monitoring/promtail Service: monitoring/promtail-metrics
+++ HelmRelease: monitoring/promtail Service: monitoring/promtail-metrics
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: promtail-metrics
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ port: 3101
+ targetPort: http-metrics
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+
--- HelmRelease: monitoring/promtail DaemonSet: monitoring/promtail
+++ HelmRelease: monitoring/promtail DaemonSet: monitoring/promtail
@@ -0,0 +1,89 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: promtail
+ namespace: monitoring
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ updateStrategy: {}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ spec:
+ serviceAccountName: promtail
+ enableServiceLinks: true
+ securityContext:
+ runAsGroup: 0
+ runAsUser: 0
+ containers:
+ - name: promtail
+ image: docker.io/grafana/promtail:3.0.0
+ imagePullPolicy: IfNotPresent
+ args:
+ - -config.file=/etc/promtail/promtail.yaml
+ volumeMounts:
+ - name: config
+ mountPath: /etc/promtail
+ - mountPath: /run/promtail
+ name: run
+ - mountPath: /var/lib/docker/containers
+ name: containers
+ readOnly: true
+ - mountPath: /var/log/pods
+ name: pods
+ readOnly: true
+ env:
+ - name: HOSTNAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ ports:
+ - name: http-metrics
+ containerPort: 3101
+ protocol: TCP
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ readinessProbe:
+ failureThreshold: 5
+ httpGet:
+ path: /ready
+ port: http-metrics
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ operator: Exists
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ volumes:
+ - name: config
+ secret:
+ secretName: promtail
+ - hostPath:
+ path: /run/promtail
+ name: run
+ - hostPath:
+ path: /var/lib/docker/containers
+ name: containers
+ - hostPath:
+ path: /var/log/pods
+ name: pods
+
--- HelmRelease: monitoring/promtail ServiceMonitor: monitoring/promtail
+++ HelmRelease: monitoring/promtail ServiceMonitor: monitoring/promtail
@@ -0,0 +1,18 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: promtail
+ labels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: promtail
+ app.kubernetes.io/instance: promtail
+ endpoints:
+ - port: http-metrics
+ scheme: http
+
kustomization
changes inkubernetes/main