diff --git a/clusters/cl01tl/manifests/loki/ClusterRole-loki-clusterrole.yaml b/clusters/cl01tl/manifests/loki/ClusterRole-loki-clusterrole.yaml index 3555cc833..52316c621 100644 --- a/clusters/cl01tl/manifests/loki/ClusterRole-loki-clusterrole.yaml +++ b/clusters/cl01tl/manifests/loki/ClusterRole-loki-clusterrole.yaml @@ -2,10 +2,10 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" name: loki-clusterrole rules: - apiGroups: [""] diff --git a/clusters/cl01tl/manifests/loki/ClusterRoleBinding-loki-clusterrolebinding.yaml b/clusters/cl01tl/manifests/loki/ClusterRoleBinding-loki-clusterrolebinding.yaml index 915ce6ad7..27b30648e 100644 --- a/clusters/cl01tl/manifests/loki/ClusterRoleBinding-loki-clusterrolebinding.yaml +++ b/clusters/cl01tl/manifests/loki/ClusterRoleBinding-loki-clusterrolebinding.yaml @@ -3,10 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: loki-clusterrolebinding labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" subjects: - kind: ServiceAccount name: loki diff --git a/clusters/cl01tl/manifests/loki/ConfigMap-loki-gateway.yaml b/clusters/cl01tl/manifests/loki/ConfigMap-loki-gateway.yaml index 5c9fd27ee..34097ed3f 100644 --- a/clusters/cl01tl/manifests/loki/ConfigMap-loki-gateway.yaml +++ b/clusters/cl01tl/manifests/loki/ConfigMap-loki-gateway.yaml @@ -4,10 +4,197 @@ metadata: name: loki-gateway namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: gateway data: - nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush on;\n resolver kube-dns.kube-system.svc.cluster.local.;\n\n # if the X-Query-Tags header is empty, set a noop= without a value as empty values are not logged\n map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise, preserve the original value\n }\n\n server {\n listen 8080;\n listen [::]:8080;\n\n location = / {\n \n return 200 'OK';\n auth_basic off;\n }\n\n ########################################################\n # Configure backend targets\n location ^~ /ui {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Distributor\n location = /api/prom/push {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/push {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /distributor/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /otlp/v1/logs {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Ingester\n location = /flush {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /ingester/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /ingester {\n \n internal; # to suppress 301\n }\n\n # Ring\n location = /ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # MemberListKV\n location = /memberlist {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Ruler\n location = /ruler/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /api/prom/rules {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /api/prom/rules/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/rules {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /loki/api/v1/rules/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /prometheus/api/v1/alerts {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /prometheus/api/v1/rules {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Compactor\n location = /compactor/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/delete {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/cache/generation_numbers {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # IndexGateway\n location = /indexgateway/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # QueryScheduler\n location = /scheduler/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Config\n location = /config {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n\n # QueryFrontend, Querier\n location = /api/prom/tail {\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/tail {\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /api/prom/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /api/prom {\n \n internal; # to suppress 301\n }\n location ^~ /loki/api/v1/ {\n # pass custom headers set by Grafana as X-Query-Tags which are logged as key/value pairs in metrics.go log messages\n proxy_set_header X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\";\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1 {\n \n internal; # to suppress 301\n }\n }\n}\n" + nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n # Exclude specific requests from logging\n map $request_uri $track {\n default 1;\n ~^/$ 0;\n ~^/health 0;\n ~^/metrics 0;\n }\n\n # simple_upstream preset\n log_format access_log_exporter '$http_host\\t$request_method\\t$status\\t$request_completion\\t$request_time\\t$request_length\\t$bytes_sent\\t$upstream_addr\\t$upstream_connect_time\\t$upstream_header_time\\t$upstream_response_time\\t$request_uri';\n access_log syslog:server=127.0.0.1:8514,nohostname access_log_exporter if=$track;\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush on;\n resolver kube-dns.kube-system.svc.cluster.local.;\n\n # if the X-Query-Tags header is empty, set a noop= without a value as empty values are not logged\n map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise, preserve the original value\n }\n\n server {\n listen 8080;\n listen [::]:8080;\n\n location = / {\n \n return 200 'OK';\n auth_basic off;\n }\n\n location = /stub_status {\n stub_status on;\n satisfy any;\n access_log off;\n allow 127.0.0.1;\n deny all;\n server_tokens on; # expose nginx version\n }\n\n ########################################################\n # Configure backend targets\n location ^~ /ui {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n\n # Distributor\n location = /api/prom/push {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/push {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /distributor/ring {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /otlp/v1/logs {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n\n # Ingester\n location = /flush {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location ^~ /ingester/ {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /ingester {\n \n internal; # to suppress 301\n }\n\n # Ring\n location = /ring {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n\n # MemberListKV\n location = /memberlist {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n\n # Ruler\n location = /ruler/ring {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /api/prom/rules {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location ^~ /api/prom/rules/ {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/rules {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location ^~ /loki/api/v1/rules/ {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /prometheus/api/v1/alerts {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /prometheus/api/v1/rules {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n\n # Compactor\n location = /compactor/ring {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/delete {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/cache/generation_numbers {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n\n # IndexGateway\n location = /indexgateway/ring {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n\n # QueryScheduler\n location = /scheduler/ring {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n\n # Config\n location = /config {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n\n # QueryFrontend, Querier\n location = /api/prom/tail {\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/tail {\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location ^~ /api/prom/ {\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /api/prom {\n \n internal; # to suppress 301\n }\n location ^~ /loki/api/v1/ {\n # pass custom headers set by Grafana as X-Query-Tags which are logged as key/value pairs in metrics.go log messages\n proxy_set_header X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\";\n \n set $backend \"http://loki.loki.svc.cluster.local:3100\";\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1 {\n \n internal; # to suppress 301\n }\n }\n}\n" + access-log-exporter.yaml: | + presets: + loki: + metrics: + - name: "http_requests_total" + type: "counter" + help: "The total number of client requests." + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_requests_completed_total" + type: "counter" + help: "The total number of completed requests." + valueIndex: 3 + replacements: + - string: "OK" + replacement: "1" + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_request_size_bytes" + type: "histogram" + buckets: [ 10,1000,100000,1000000,5000000,50000000,200000000 ] + help: "The request length (including request line, header, and request body)" + valueIndex: 5 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_response_size_bytes" + type: "histogram" + buckets: [ 10,1000,100000,1000000,5000000,50000000,200000000 ] + help: "The response length (including request line, header, and request body)" + valueIndex: 6 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_request_duration_seconds" + type: "histogram" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + help: "The time spent on receiving and response the response to the client" + valueIndex: 4 + math: + enabled: true + div: 1000 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_connect_duration_seconds" + type: "histogram" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + help: "The time spent on establishing a connection with the upstream server" + valueIndex: 8 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_header_duration_seconds" + type: "histogram" + help: "The time spent on receiving the response header from the upstream server" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + valueIndex: 9 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_request_duration_seconds" + type: "histogram" + help: "The time spent on receiving the response from the upstream server" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + valueIndex: 10 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" diff --git a/clusters/cl01tl/manifests/loki/ConfigMap-loki-runtime.yaml b/clusters/cl01tl/manifests/loki/ConfigMap-loki-runtime.yaml index 01b22c4f6..1d691831e 100644 --- a/clusters/cl01tl/manifests/loki/ConfigMap-loki-runtime.yaml +++ b/clusters/cl01tl/manifests/loki/ConfigMap-loki-runtime.yaml @@ -4,10 +4,10 @@ metadata: name: loki-runtime namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" data: runtime-config.yaml: | {} diff --git a/clusters/cl01tl/manifests/loki/ConfigMap-loki.yaml b/clusters/cl01tl/manifests/loki/ConfigMap-loki.yaml index e12f58d9a..b79bc2d8f 100644 --- a/clusters/cl01tl/manifests/loki/ConfigMap-loki.yaml +++ b/clusters/cl01tl/manifests/loki/ConfigMap-loki.yaml @@ -4,10 +4,10 @@ metadata: name: loki namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" data: config.yaml: |2 @@ -57,6 +57,9 @@ data: scheduler_address: "" index_gateway: mode: simple + ingester: + wal: + flush_on_shutdown: true ingester_client: pool_config: remote_timeout: 10s @@ -74,8 +77,16 @@ data: split_queries_by_interval: 15m volume_enabled: true memberlist: + abort_if_cluster_join_fails: true + advertise_addr: ${HASH_RING_INSTANCE_ADDR} + advertise_port: 7946 + bind_port: 7946 join_members: - loki-memberlist.loki.svc.cluster.local + max_join_backoff: 1m + max_join_retries: 10 + min_join_backoff: 1s + rejoin_interval: 90s pattern_ingester: enabled: false query_range: @@ -109,10 +120,18 @@ data: schema: v13 store: boltdb-shipper server: + graceful_shutdown_timeout: 5s grpc_listen_port: 9095 + grpc_server_max_concurrent_streams: 1000 + grpc_server_max_recv_msg_size: 104857600 + grpc_server_max_send_msg_size: 104857600 + grpc_server_min_time_between_pings: 10s + grpc_server_ping_without_stream_allowed: true http_listen_port: 3100 - http_server_read_timeout: 600s - http_server_write_timeout: 600s + http_server_idle_timeout: 30s + http_server_read_timeout: 10m0s + http_server_write_timeout: 10m0s + log_level: info storage_config: bloom_shipper: working_directory: /var/loki/data/bloomshipper diff --git a/clusters/cl01tl/manifests/loki/DaemonSet-loki-canary.yaml b/clusters/cl01tl/manifests/loki/DaemonSet-loki-canary.yaml index 605c7aef8..4b7013ddf 100644 --- a/clusters/cl01tl/manifests/loki/DaemonSet-loki-canary.yaml +++ b/clusters/cl01tl/manifests/loki/DaemonSet-loki-canary.yaml @@ -4,10 +4,10 @@ metadata: name: loki-canary namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: canary spec: selector: @@ -21,34 +21,39 @@ spec: type: RollingUpdate template: metadata: + annotations: + kubectl.kubernetes.io/default-container: "canary" labels: + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: canary spec: serviceAccountName: loki-canary + enableServiceLinks: true + automountServiceAccountToken: false securityContext: fsGroup: 10001 fsGroupChangePolicy: OnRootMismatch runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + volumes: + - name: temp + emptyDir: {} containers: - - name: loki-canary - image: docker.io/grafana/loki-canary:3.6.7 + - name: canary + image: docker.io/grafana/loki-canary:3.7.1 imagePullPolicy: IfNotPresent args: - -addr=loki-gateway.loki.svc.cluster.local.:80 - -labelname=pod - -labelvalue=$(POD_NAME) - -push=true - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - volumeMounts: ports: - name: http-metrics containerPort: 3500 @@ -58,10 +63,32 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: GOGC + value: "80" + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /metrics + port: http-metrics + initialDelaySeconds: 15 + timeoutSeconds: 1 readinessProbe: httpGet: path: /metrics port: http-metrics initialDelaySeconds: 15 timeoutSeconds: 1 - volumes: + volumeMounts: + - name: temp + mountPath: /tmp diff --git a/clusters/cl01tl/manifests/loki/Deployment-loki-gateway.yaml b/clusters/cl01tl/manifests/loki/Deployment-loki-gateway.yaml index 775a4d82e..071bfb1c2 100644 --- a/clusters/cl01tl/manifests/loki/Deployment-loki-gateway.yaml +++ b/clusters/cl01tl/manifests/loki/Deployment-loki-gateway.yaml @@ -4,10 +4,10 @@ metadata: name: loki-gateway namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: gateway spec: replicas: 1 @@ -22,32 +22,35 @@ spec: template: metadata: annotations: - checksum/config: d76bd0b627b1549dddc6ce5304d9322ebdeb13e5b813234d8067357925630015 + checksum/config: 7f59b16a0121fadc14a504ba3bc07ec5d397a0093def094ae56ba0c10f467dbb labels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: gateway spec: - serviceAccountName: loki + serviceAccountName: loki-gateway + automountServiceAccountToken: false enableServiceLinks: true securityContext: fsGroup: 101 runAsGroup: 101 runAsNonRoot: true runAsUser: 101 + seccompProfile: + type: RuntimeDefault terminationGracePeriodSeconds: 30 containers: - name: nginx - image: docker.io/nginxinc/nginx-unprivileged:1.29-alpine + image: docker.io/nginxinc/nginx-unprivileged:1.30-alpine imagePullPolicy: IfNotPresent ports: - - name: http-metrics + - name: http containerPort: 8080 protocol: TCP readinessProbe: httpGet: path: / - port: http-metrics + port: http initialDelaySeconds: 15 timeoutSeconds: 1 securityContext: @@ -56,6 +59,8 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - name: config mountPath: /etc/nginx @@ -67,6 +72,54 @@ spec: requests: cpu: 10m memory: 20Mi + - name: exporter + image: ghcr.io/jkroepke/access-log-exporter:0.3.11 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 4040 + name: http-metrics + - containerPort: 8514 + name: syslog + args: + - --nginx.scrape-url + - http://127.0.0.1:8080/stub_status + - --preset + - loki + resources: + limits: {} + requests: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http-metrics + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http-metrics + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + volumeMounts: + - name: config + mountPath: /config.yaml + subPath: access-log-exporter.yaml affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: diff --git a/clusters/cl01tl/manifests/loki/HTTPRoute-loki-gateway.yaml b/clusters/cl01tl/manifests/loki/HTTPRoute-loki-gateway.yaml new file mode 100644 index 000000000..fa125f263 --- /dev/null +++ b/clusters/cl01tl/manifests/loki/HTTPRoute-loki-gateway.yaml @@ -0,0 +1,30 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: loki-gateway + namespace: loki + labels: + helm.sh/chart: loki-13.5.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "3.7.1" + app.kubernetes.io/component: gateway +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - loki.alexlebens.net + rules: + - backendRefs: + - group: "" + kind: Service + name: loki-gateway + port: 80 + weight: 1 + matches: + - path: + type: PathPrefix + value: / diff --git a/clusters/cl01tl/manifests/loki/Pod-loki-helm-test.yaml b/clusters/cl01tl/manifests/loki/Pod-loki-helm-test.yaml deleted file mode 100644 index fb905727d..000000000 --- a/clusters/cl01tl/manifests/loki/Pod-loki-helm-test.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "loki-helm-test" - namespace: loki - labels: - helm.sh/chart: loki-6.55.0 - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" - app.kubernetes.io/component: helm-test - annotations: - "helm.sh/hook": test -spec: - containers: - - name: loki-helm-test - image: docker.io/grafana/loki-helm-test:latest - env: - - name: CANARY_SERVICE_ADDRESS - value: "http://loki-canary.loki.svc.cluster.local:3500/metrics" - - name: CANARY_PROMETHEUS_ADDRESS - value: "" - - name: CANARY_TEST_TIMEOUT - value: "1m" - args: - - -test.v - restartPolicy: Never diff --git a/clusters/cl01tl/manifests/loki/Service-loki-canary.yaml b/clusters/cl01tl/manifests/loki/Service-loki-canary.yaml index 05c108e0e..1e08c3500 100644 --- a/clusters/cl01tl/manifests/loki/Service-loki-canary.yaml +++ b/clusters/cl01tl/manifests/loki/Service-loki-canary.yaml @@ -4,10 +4,10 @@ metadata: name: loki-canary namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: canary annotations: spec: diff --git a/clusters/cl01tl/manifests/loki/Service-loki-chunks-cache.yaml b/clusters/cl01tl/manifests/loki/Service-loki-chunks-cache.yaml index e11e77cde..0462edd46 100644 --- a/clusters/cl01tl/manifests/loki/Service-loki-chunks-cache.yaml +++ b/clusters/cl01tl/manifests/loki/Service-loki-chunks-cache.yaml @@ -3,10 +3,10 @@ kind: Service metadata: name: loki-chunks-cache labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: "memcached-chunks-cache" annotations: {} namespace: "loki" diff --git a/clusters/cl01tl/manifests/loki/Service-loki-gateway-exporter.yaml b/clusters/cl01tl/manifests/loki/Service-loki-gateway-exporter.yaml new file mode 100644 index 000000000..cd464e123 --- /dev/null +++ b/clusters/cl01tl/manifests/loki/Service-loki-gateway-exporter.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: loki-gateway-exporter + namespace: loki + labels: + helm.sh/chart: loki-13.5.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "3.7.1" + app.kubernetes.io/component: gateway + annotations: +spec: + type: ClusterIP + ports: + - name: http-metrics + port: 4040 + targetPort: http-metrics + protocol: TCP + selector: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/component: gateway diff --git a/clusters/cl01tl/manifests/loki/Service-loki-gateway.yaml b/clusters/cl01tl/manifests/loki/Service-loki-gateway.yaml index e76a1c56a..9f573e3d4 100644 --- a/clusters/cl01tl/manifests/loki/Service-loki-gateway.yaml +++ b/clusters/cl01tl/manifests/loki/Service-loki-gateway.yaml @@ -4,19 +4,19 @@ metadata: name: loki-gateway namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: gateway prometheus.io/service-monitor: "false" annotations: spec: type: ClusterIP ports: - - name: http-metrics + - name: http port: 80 - targetPort: http-metrics + targetPort: http protocol: TCP selector: app.kubernetes.io/name: loki diff --git a/clusters/cl01tl/manifests/loki/Service-loki-headless.yaml b/clusters/cl01tl/manifests/loki/Service-loki-headless.yaml index ff58b51dd..77783285e 100644 --- a/clusters/cl01tl/manifests/loki/Service-loki-headless.yaml +++ b/clusters/cl01tl/manifests/loki/Service-loki-headless.yaml @@ -1,23 +1,35 @@ apiVersion: v1 kind: Service metadata: - name: loki-headless + name: "loki-headless" namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" - variant: headless + app.kubernetes.io/version: "3.7.1" + app.kubernetes.io/component: "single-binary" prometheus.io/service-monitor: "false" + variant: headless annotations: spec: clusterIP: None + type: ClusterIP + publishNotReadyAddresses: true ports: - name: http-metrics port: 3100 targetPort: http-metrics protocol: TCP + - name: grpc + port: 9095 + targetPort: grpc + protocol: TCP + - name: grpclb + port: 9096 + targetPort: grpc + protocol: TCP selector: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki + app.kubernetes.io/component: "single-binary" diff --git a/clusters/cl01tl/manifests/loki/Service-loki-memberlist.yaml b/clusters/cl01tl/manifests/loki/Service-loki-memberlist.yaml index 7dfa8e78d..8e4c6e399 100644 --- a/clusters/cl01tl/manifests/loki/Service-loki-memberlist.yaml +++ b/clusters/cl01tl/manifests/loki/Service-loki-memberlist.yaml @@ -4,10 +4,10 @@ metadata: name: loki-memberlist namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" annotations: spec: type: ClusterIP diff --git a/clusters/cl01tl/manifests/loki/Service-loki-results-cache.yaml b/clusters/cl01tl/manifests/loki/Service-loki-results-cache.yaml index 1e09f93bd..2f82cbf4f 100644 --- a/clusters/cl01tl/manifests/loki/Service-loki-results-cache.yaml +++ b/clusters/cl01tl/manifests/loki/Service-loki-results-cache.yaml @@ -3,10 +3,10 @@ kind: Service metadata: name: loki-results-cache labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: "memcached-results-cache" annotations: {} namespace: "loki" diff --git a/clusters/cl01tl/manifests/loki/Service-loki.yaml b/clusters/cl01tl/manifests/loki/Service-loki.yaml index 7932bd841..4e51725c9 100644 --- a/clusters/cl01tl/manifests/loki/Service-loki.yaml +++ b/clusters/cl01tl/manifests/loki/Service-loki.yaml @@ -1,16 +1,18 @@ apiVersion: v1 kind: Service metadata: - name: loki - namespace: loki + name: "loki" + namespace: "loki" labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" + app.kubernetes.io/component: "single-binary" annotations: spec: type: ClusterIP + publishNotReadyAddresses: true ports: - name: http-metrics port: 3100 @@ -20,7 +22,11 @@ spec: port: 9095 targetPort: grpc protocol: TCP + - name: grpclb + port: 9096 + targetPort: grpc + protocol: TCP selector: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/component: single-binary + app.kubernetes.io/component: "single-binary" diff --git a/clusters/cl01tl/manifests/loki/ServiceAccount-loki-canary.yaml b/clusters/cl01tl/manifests/loki/ServiceAccount-loki-canary.yaml index 8ac5ed1d1..588a3e514 100644 --- a/clusters/cl01tl/manifests/loki/ServiceAccount-loki-canary.yaml +++ b/clusters/cl01tl/manifests/loki/ServiceAccount-loki-canary.yaml @@ -4,9 +4,9 @@ metadata: name: loki-canary namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: canary -automountServiceAccountToken: true +automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/loki/ServiceAccount-loki-gateway.yaml b/clusters/cl01tl/manifests/loki/ServiceAccount-loki-gateway.yaml new file mode 100644 index 000000000..a830fd931 --- /dev/null +++ b/clusters/cl01tl/manifests/loki/ServiceAccount-loki-gateway.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: loki-gateway + namespace: loki + labels: + helm.sh/chart: loki-13.5.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "3.7.1" + app.kubernetes.io/component: gateway +automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/loki/ServiceAccount-loki-memcached.yaml b/clusters/cl01tl/manifests/loki/ServiceAccount-loki-memcached.yaml new file mode 100644 index 000000000..b5d50e69e --- /dev/null +++ b/clusters/cl01tl/manifests/loki/ServiceAccount-loki-memcached.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: loki-memcached + namespace: loki + labels: + helm.sh/chart: loki-13.5.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "3.7.1" + app.kubernetes.io/component: memcached +automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/loki/ServiceAccount-loki.yaml b/clusters/cl01tl/manifests/loki/ServiceAccount-loki.yaml index e1a8c4fa2..56cb7176d 100644 --- a/clusters/cl01tl/manifests/loki/ServiceAccount-loki.yaml +++ b/clusters/cl01tl/manifests/loki/ServiceAccount-loki.yaml @@ -4,8 +4,8 @@ metadata: name: loki namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" automountServiceAccountToken: true diff --git a/clusters/cl01tl/manifests/loki/StatefulSet-loki-chunks-cache.yaml b/clusters/cl01tl/manifests/loki/StatefulSet-loki-chunks-cache.yaml index a2b35d6b9..a8909cf29 100644 --- a/clusters/cl01tl/manifests/loki/StatefulSet-loki-chunks-cache.yaml +++ b/clusters/cl01tl/manifests/loki/StatefulSet-loki-chunks-cache.yaml @@ -3,10 +3,10 @@ kind: StatefulSet metadata: name: loki-chunks-cache labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: "memcached-chunks-cache" name: "memcached-chunks-cache" annotations: {} @@ -32,12 +32,14 @@ spec: name: "memcached-chunks-cache" annotations: spec: - serviceAccountName: loki + serviceAccountName: loki-memcached securityContext: fsGroup: 11211 runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 + seccompProfile: + type: RuntimeDefault initContainers: [] nodeSelector: {} affinity: {} @@ -46,7 +48,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: memcached - image: memcached:1.6.39-alpine + image: memcached:1.6.41-alpine imagePullPolicy: IfNotPresent resources: limits: @@ -72,6 +74,9 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault readinessProbe: failureThreshold: 6 initialDelaySeconds: 5 @@ -87,7 +92,7 @@ spec: port: client timeoutSeconds: 5 - name: exporter - image: prom/memcached-exporter:v0.15.4 + image: prom/memcached-exporter:v0.16.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9150 @@ -104,6 +109,9 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault readinessProbe: failureThreshold: 3 httpGet: diff --git a/clusters/cl01tl/manifests/loki/StatefulSet-loki-results-cache.yaml b/clusters/cl01tl/manifests/loki/StatefulSet-loki-results-cache.yaml index 2d8c9a8e7..83b2484ec 100644 --- a/clusters/cl01tl/manifests/loki/StatefulSet-loki-results-cache.yaml +++ b/clusters/cl01tl/manifests/loki/StatefulSet-loki-results-cache.yaml @@ -3,10 +3,10 @@ kind: StatefulSet metadata: name: loki-results-cache labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: "memcached-results-cache" name: "memcached-results-cache" annotations: {} @@ -32,12 +32,14 @@ spec: name: "memcached-results-cache" annotations: spec: - serviceAccountName: loki + serviceAccountName: loki-memcached securityContext: fsGroup: 11211 runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 + seccompProfile: + type: RuntimeDefault initContainers: [] nodeSelector: {} affinity: {} @@ -46,7 +48,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: memcached - image: memcached:1.6.39-alpine + image: memcached:1.6.41-alpine imagePullPolicy: IfNotPresent resources: limits: @@ -72,6 +74,9 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault readinessProbe: failureThreshold: 6 initialDelaySeconds: 5 @@ -87,7 +92,7 @@ spec: port: client timeoutSeconds: 5 - name: exporter - image: prom/memcached-exporter:v0.15.4 + image: prom/memcached-exporter:v0.16.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9150 @@ -104,6 +109,9 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault readinessProbe: failureThreshold: 3 httpGet: diff --git a/clusters/cl01tl/manifests/loki/StatefulSet-loki.yaml b/clusters/cl01tl/manifests/loki/StatefulSet-loki.yaml index 24a2878bd..e9ffbd0a4 100644 --- a/clusters/cl01tl/manifests/loki/StatefulSet-loki.yaml +++ b/clusters/cl01tl/manifests/loki/StatefulSet-loki.yaml @@ -4,10 +4,10 @@ metadata: name: loki namespace: loki labels: - helm.sh/chart: loki-6.55.0 + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki - app.kubernetes.io/version: "3.6.7" + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: single-binary app.kubernetes.io/part-of: memberlist spec: @@ -29,31 +29,61 @@ spec: template: metadata: annotations: - checksum/config: 9cded33d7ba292eb76711b451f5ecd9bade13c7fb5ffb5622229f5706f8f90dd - storage/size: "150Gi" + checksum/config: 19e0049d8578b5fadd19fbcef19075cf8df1c30f6a3e6fc48aeeeaae41e30e27 + storage/size: 150Gi kubectl.kubernetes.io/default-container: "loki" labels: + helm.sh/chart: loki-13.5.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki + app.kubernetes.io/version: "3.7.1" app.kubernetes.io/component: single-binary app.kubernetes.io/part-of: memberlist spec: serviceAccountName: loki - automountServiceAccountToken: true enableServiceLinks: true + automountServiceAccountToken: true securityContext: fsGroup: 10001 fsGroupChangePolicy: OnRootMismatch runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 + seccompProfile: + type: RuntimeDefault terminationGracePeriodSeconds: 30 + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: single-binary + app.kubernetes.io/instance: 'loki' + app.kubernetes.io/name: 'loki' + topologyKey: kubernetes.io/hostname + volumes: + - name: temp + emptyDir: {} + - name: config + configMap: + name: loki + items: + - key: "config.yaml" + path: "config.yaml" + - name: runtime-config + configMap: + name: loki-runtime + - name: sc-rules-volume + emptyDir: {} + - name: sc-rules-temp + emptyDir: {} containers: - name: loki - image: docker.io/grafana/loki:3.6.7 + image: docker.io/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent args: - -config.file=/etc/loki/config/config.yaml + - -config.expand-env=true - -target=all ports: - name: http-metrics @@ -65,12 +95,29 @@ spec: - name: http-memberlist containerPort: 7946 protocol: TCP + env: + - name: GOGC + value: "80" + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: @@ -81,14 +128,14 @@ spec: successThreshold: 1 timeoutSeconds: 1 volumeMounts: - - name: tmp - mountPath: /tmp - name: config mountPath: /etc/loki/config - name: runtime-config mountPath: /etc/loki/runtime-config - name: storage mountPath: /var/loki + - name: temp + mountPath: /tmp - name: sc-rules-volume mountPath: "/rules" resources: @@ -96,8 +143,38 @@ spec: cpu: 100m memory: 800Mi - name: loki-sc-rules - image: docker.io/kiwigrid/k8s-sidecar:2.5.0 + image: docker.io/kiwigrid/k8s-sidecar:2.7.1 imagePullPolicy: IfNotPresent + ports: + - name: http-sidecar + containerPort: 8080 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http-sidecar + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http-sidecar + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 env: - name: METHOD value: WATCH @@ -113,40 +190,13 @@ spec: value: "60" - name: LOG_LEVEL value: "INFO" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true + - name: HEALTH_PORT + value: "8080" volumeMounts: - - name: tmp + - name: sc-rules-temp mountPath: /tmp - name: sc-rules-volume mountPath: "/rules" - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/component: single-binary - app.kubernetes.io/instance: 'loki' - app.kubernetes.io/name: 'loki' - topologyKey: kubernetes.io/hostname - volumes: - - name: tmp - emptyDir: {} - - name: config - configMap: - name: loki - items: - - key: "config.yaml" - path: "config.yaml" - - name: runtime-config - configMap: - name: loki-runtime - - name: sc-rules-volume - emptyDir: {} volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim