alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 1 Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
Gitea
2026-05-03 00:44:49 +00:00
parent 38dfd84ce4
commit 96e1ea13fc
24 changed files with 554 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clusters/cl01tl/manifests/loki/ClusterRole-loki-clusterrole.yaml
View File

@@ -2,10 +2,10 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
name: loki-clusterrole name: loki-clusterrole
rules: rules:
- apiGroups: [""] - apiGroups: [""]

4
clusters/cl01tl/manifests/loki/ClusterRoleBinding-loki-clusterrolebinding.yaml
View File

@@ -3,10 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: loki-clusterrolebinding name: loki-clusterrolebinding
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: loki name: loki

193
clusters/cl01tl/manifests/loki/ConfigMap-loki-gateway.yaml
View File

File diff suppressed because one or more lines are too long

4
clusters/cl01tl/manifests/loki/ConfigMap-loki-runtime.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: loki-runtime name: loki-runtime
namespace: loki namespace: loki
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
data: data:
runtime-config.yaml: | runtime-config.yaml: |
{} {}

27
clusters/cl01tl/manifests/loki/ConfigMap-loki.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: loki name: loki
namespace: loki namespace: loki
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
data: data:
config.yaml: |2 config.yaml: |2
@@ -57,6 +57,9 @@ data:
scheduler_address: "" scheduler_address: ""
index_gateway: index_gateway:
mode: simple mode: simple
ingester:
wal:
flush_on_shutdown: true
ingester_client: ingester_client:
pool_config: pool_config:
remote_timeout: 10s remote_timeout: 10s
@@ -74,8 +77,16 @@ data:
split_queries_by_interval: 15m split_queries_by_interval: 15m
volume_enabled: true volume_enabled: true
memberlist: memberlist:
abort_if_cluster_join_fails: true
advertise_addr: ${HASH_RING_INSTANCE_ADDR}
advertise_port: 7946
bind_port: 7946
join_members: join_members:
- loki-memberlist.loki.svc.cluster.local - loki-memberlist.loki.svc.cluster.local
max_join_backoff: 1m
max_join_retries: 10
min_join_backoff: 1s
rejoin_interval: 90s
pattern_ingester: pattern_ingester:
enabled: false enabled: false
query_range: query_range:
@@ -109,10 +120,18 @@ data:
schema: v13 schema: v13
store: boltdb-shipper store: boltdb-shipper
server: server:
graceful_shutdown_timeout: 5s
grpc_listen_port: 9095 grpc_listen_port: 9095
grpc_server_max_concurrent_streams: 1000
grpc_server_max_recv_msg_size: 104857600
grpc_server_max_send_msg_size: 104857600
grpc_server_min_time_between_pings: 10s
grpc_server_ping_without_stream_allowed: true
http_listen_port: 3100 http_listen_port: 3100
http_server_read_timeout: 600s http_server_idle_timeout: 30s
http_server_write_timeout: 600s http_server_read_timeout: 10m0s
http_server_write_timeout: 10m0s
log_level: info
storage_config: storage_config:
bloom_shipper: bloom_shipper:
working_directory: /var/loki/data/bloomshipper working_directory: /var/loki/data/bloomshipper

51
clusters/cl01tl/manifests/loki/DaemonSet-loki-canary.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: loki-canary name: loki-canary
namespace: loki namespace: loki
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: canary app.kubernetes.io/component: canary
spec: spec:
selector: selector:
@@ -21,34 +21,39 @@ spec:
type: RollingUpdate type: RollingUpdate
template: template:
metadata: metadata:
annotations:
kubectl.kubernetes.io/default-container: "canary"
labels: labels:
helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: canary app.kubernetes.io/component: canary
spec: spec:
serviceAccountName: loki-canary serviceAccountName: loki-canary
enableServiceLinks: true
automountServiceAccountToken: false
securityContext: securityContext:
fsGroup: 10001 fsGroup: 10001
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
runAsGroup: 10001 runAsGroup: 10001
runAsNonRoot: true runAsNonRoot: true
runAsUser: 10001 runAsUser: 10001
seccompProfile:
type: RuntimeDefault
terminationGracePeriodSeconds: 30
volumes:
- name: temp
emptyDir: {}
containers: containers:
- name: loki-canary - name: canary
image: docker.io/grafana/loki-canary:3.6.7 image: docker.io/grafana/loki-canary:3.7.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- -addr=loki-gateway.loki.svc.cluster.local.:80 - -addr=loki-gateway.loki.svc.cluster.local.:80
- -labelname=pod - -labelname=pod
- -labelvalue=$(POD_NAME) - -labelvalue=$(POD_NAME)
- -push=true - -push=true
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
ports: ports:
- name: http-metrics - name: http-metrics
containerPort: 3500 containerPort: 3500
@@ -58,10 +63,32 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.name fieldPath: metadata.name
- name: GOGC
value: "80"
- name: HASH_RING_INSTANCE_ADDR
valueFrom:
fieldRef:
fieldPath: status.podIP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
livenessProbe:
httpGet:
path: /metrics
port: http-metrics
initialDelaySeconds: 15
timeoutSeconds: 1
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /metrics path: /metrics
port: http-metrics port: http-metrics
initialDelaySeconds: 15 initialDelaySeconds: 15
timeoutSeconds: 1 timeoutSeconds: 1
volumes: volumeMounts:
- name: temp
mountPath: /tmp

67
clusters/cl01tl/manifests/loki/Deployment-loki-gateway.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: loki-gateway name: loki-gateway
namespace: loki namespace: loki
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: gateway app.kubernetes.io/component: gateway
spec: spec:
replicas: 1 replicas: 1
@@ -22,32 +22,35 @@ spec:
template: template:
metadata: metadata:
annotations: annotations:
checksum/config: d76bd0b627b1549dddc6ce5304d9322ebdeb13e5b813234d8067357925630015 checksum/config: 7f59b16a0121fadc14a504ba3bc07ec5d397a0093def094ae56ba0c10f467dbb
labels: labels:
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/component: gateway app.kubernetes.io/component: gateway
spec: spec:
serviceAccountName: loki serviceAccountName: loki-gateway
automountServiceAccountToken: false
enableServiceLinks: true enableServiceLinks: true
securityContext: securityContext:
fsGroup: 101 fsGroup: 101
runAsGroup: 101 runAsGroup: 101
runAsNonRoot: true runAsNonRoot: true
runAsUser: 101 runAsUser: 101
seccompProfile:
type: RuntimeDefault
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
containers: containers:
- name: nginx - name: nginx
image: docker.io/nginxinc/nginx-unprivileged:1.29-alpine image: docker.io/nginxinc/nginx-unprivileged:1.30-alpine
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http-metrics - name: http
containerPort: 8080 containerPort: 8080
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
httpGet: httpGet:
path: / path: /
port: http-metrics port: http
initialDelaySeconds: 15 initialDelaySeconds: 15
timeoutSeconds: 1 timeoutSeconds: 1
securityContext: securityContext:
@@ -56,6 +59,8 @@ spec:
drop: drop:
- ALL - ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
volumeMounts: volumeMounts:
- name: config - name: config
mountPath: /etc/nginx mountPath: /etc/nginx
@@ -67,6 +72,54 @@ spec:
requests: requests:
cpu: 10m cpu: 10m
memory: 20Mi memory: 20Mi
- name: exporter
image: ghcr.io/jkroepke/access-log-exporter:0.3.11
imagePullPolicy: IfNotPresent
ports:
- containerPort: 4040
name: http-metrics
- containerPort: 8514
name: syslog
args:
- --nginx.scrape-url
- http://127.0.0.1:8080/stub_status
- --preset
- loki
resources:
limits: {}
requests: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
readinessProbe:
failureThreshold: 3
httpGet:
path: /health
port: http-metrics
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
livenessProbe:
failureThreshold: 3
httpGet:
path: /health
port: http-metrics
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
volumeMounts:
- name: config
mountPath: /config.yaml
subPath: access-log-exporter.yaml
affinity: affinity:
podAntiAffinity: podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:

30
clusters/cl01tl/manifests/loki/HTTPRoute-loki-gateway.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: loki-gateway
namespace: loki
labels:
helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: gateway
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- loki.alexlebens.net
rules:
- backendRefs:
- group: ""
kind: Service
name: loki-gateway
port: 80
weight: 1
matches:
- path:
type: PathPrefix
value: /

27
clusters/cl01tl/manifests/loki/Pod-loki-helm-test.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "loki-helm-test"
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: helm-test
annotations:
"helm.sh/hook": test
spec:
containers:
- name: loki-helm-test
image: docker.io/grafana/loki-helm-test:latest
env:
- name: CANARY_SERVICE_ADDRESS
value: "http://loki-canary.loki.svc.cluster.local:3500/metrics"
- name: CANARY_PROMETHEUS_ADDRESS
value: ""
- name: CANARY_TEST_TIMEOUT
value: "1m"
args:
- -test.v
restartPolicy: Never

4
clusters/cl01tl/manifests/loki/Service-loki-canary.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: loki-canary name: loki-canary
namespace: loki namespace: loki
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: canary app.kubernetes.io/component: canary
annotations: annotations:
spec: spec:

4
clusters/cl01tl/manifests/loki/Service-loki-chunks-cache.yaml
View File

@@ -3,10 +3,10 @@ kind: Service
metadata: metadata:
name: loki-chunks-cache name: loki-chunks-cache
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: "memcached-chunks-cache" app.kubernetes.io/component: "memcached-chunks-cache"
annotations: {} annotations: {}
namespace: "loki" namespace: "loki"

23
clusters/cl01tl/manifests/loki/Service-loki-gateway-exporter.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
name: loki-gateway-exporter
namespace: loki
labels:
helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: gateway
annotations:
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 4040
targetPort: http-metrics
protocol: TCP
selector:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: gateway

8
clusters/cl01tl/manifests/loki/Service-loki-gateway.yaml
View File

@@ -4,19 +4,19 @@ metadata:
name: loki-gateway name: loki-gateway
namespace: loki namespace: loki
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: gateway app.kubernetes.io/component: gateway
prometheus.io/service-monitor: "false" prometheus.io/service-monitor: "false"
annotations: annotations:
spec: spec:
type: ClusterIP type: ClusterIP
ports: ports:
- name: http-metrics - name: http
port: 80 port: 80
targetPort: http-metrics targetPort: http
protocol: TCP protocol: TCP
selector: selector:
app.kubernetes.io/name: loki app.kubernetes.io/name: loki

20
clusters/cl01tl/manifests/loki/Service-loki-headless.yaml
View File

@@ -1,23 +1,35 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: loki-headless name: "loki-headless"
namespace: loki namespace: loki
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
variant: headless app.kubernetes.io/component: "single-binary"
prometheus.io/service-monitor: "false" prometheus.io/service-monitor: "false"
variant: headless
annotations: annotations:
spec: spec:
clusterIP: None clusterIP: None
type: ClusterIP
publishNotReadyAddresses: true
ports: ports:
- name: http-metrics - name: http-metrics
port: 3100 port: 3100
targetPort: http-metrics targetPort: http-metrics
protocol: TCP protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
- name: grpclb
port: 9096
targetPort: grpc
protocol: TCP
selector: selector:
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/component: "single-binary"

4
clusters/cl01tl/manifests/loki/Service-loki-memberlist.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: loki-memberlist name: loki-memberlist
namespace: loki namespace: loki
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
annotations: annotations:
spec: spec:
type: ClusterIP type: ClusterIP

4
clusters/cl01tl/manifests/loki/Service-loki-results-cache.yaml
View File

@@ -3,10 +3,10 @@ kind: Service
metadata: metadata:
name: loki-results-cache name: loki-results-cache
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: "memcached-results-cache" app.kubernetes.io/component: "memcached-results-cache"
annotations: {} annotations: {}
namespace: "loki" namespace: "loki"

16
clusters/cl01tl/manifests/loki/Service-loki.yaml
View File

@@ -1,16 +1,18 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: loki name: "loki"
namespace: loki namespace: "loki"
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: "single-binary"
annotations: annotations:
spec: spec:
type: ClusterIP type: ClusterIP
publishNotReadyAddresses: true
ports: ports:
- name: http-metrics - name: http-metrics
port: 3100 port: 3100
@@ -20,7 +22,11 @@ spec:
port: 9095 port: 9095
targetPort: grpc targetPort: grpc
protocol: TCP protocol: TCP
- name: grpclb
port: 9096
targetPort: grpc
protocol: TCP
selector: selector:
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/component: single-binary app.kubernetes.io/component: "single-binary"

6
clusters/cl01tl/manifests/loki/ServiceAccount-loki-canary.yaml
View File

@@ -4,9 +4,9 @@ metadata:
name: loki-canary name: loki-canary
namespace: loki namespace: loki
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: canary app.kubernetes.io/component: canary
automountServiceAccountToken: true automountServiceAccountToken: false

12
clusters/cl01tl/manifests/loki/ServiceAccount-loki-gateway.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: loki-gateway
namespace: loki
labels:
helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: gateway
automountServiceAccountToken: false

12
clusters/cl01tl/manifests/loki/ServiceAccount-loki-memcached.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: loki-memcached
namespace: loki
labels:
helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: memcached
automountServiceAccountToken: false

4
clusters/cl01tl/manifests/loki/ServiceAccount-loki.yaml
View File

@@ -4,8 +4,8 @@ metadata:
name: loki name: loki
namespace: loki namespace: loki
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
automountServiceAccountToken: true automountServiceAccountToken: true

18
clusters/cl01tl/manifests/loki/StatefulSet-loki-chunks-cache.yaml
View File

@@ -3,10 +3,10 @@ kind: StatefulSet
metadata: metadata:
name: loki-chunks-cache name: loki-chunks-cache
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: "memcached-chunks-cache" app.kubernetes.io/component: "memcached-chunks-cache"
name: "memcached-chunks-cache" name: "memcached-chunks-cache"
annotations: {} annotations: {}
@@ -32,12 +32,14 @@ spec:
name: "memcached-chunks-cache" name: "memcached-chunks-cache"
annotations: annotations:
spec: spec:
serviceAccountName: loki serviceAccountName: loki-memcached
securityContext: securityContext:
fsGroup: 11211 fsGroup: 11211
runAsGroup: 11211 runAsGroup: 11211
runAsNonRoot: true runAsNonRoot: true
runAsUser: 11211 runAsUser: 11211
seccompProfile:
type: RuntimeDefault
initContainers: [] initContainers: []
nodeSelector: {} nodeSelector: {}
affinity: {} affinity: {}
@@ -46,7 +48,7 @@ spec:
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
containers: containers:
- name: memcached - name: memcached
image: memcached:1.6.39-alpine image: memcached:1.6.41-alpine
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: resources:
limits: limits:
@@ -72,6 +74,9 @@ spec:
drop: drop:
- ALL - ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
readinessProbe: readinessProbe:
failureThreshold: 6 failureThreshold: 6
initialDelaySeconds: 5 initialDelaySeconds: 5
@@ -87,7 +92,7 @@ spec:
port: client port: client
timeoutSeconds: 5 timeoutSeconds: 5
- name: exporter - name: exporter
image: prom/memcached-exporter:v0.15.4 image: prom/memcached-exporter:v0.16.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 9150 - containerPort: 9150
@@ -104,6 +109,9 @@ spec:
drop: drop:
- ALL - ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
httpGet: httpGet:

18
clusters/cl01tl/manifests/loki/StatefulSet-loki-results-cache.yaml
View File

@@ -3,10 +3,10 @@ kind: StatefulSet
metadata: metadata:
name: loki-results-cache name: loki-results-cache
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: "memcached-results-cache" app.kubernetes.io/component: "memcached-results-cache"
name: "memcached-results-cache" name: "memcached-results-cache"
annotations: {} annotations: {}
@@ -32,12 +32,14 @@ spec:
name: "memcached-results-cache" name: "memcached-results-cache"
annotations: annotations:
spec: spec:
serviceAccountName: loki serviceAccountName: loki-memcached
securityContext: securityContext:
fsGroup: 11211 fsGroup: 11211
runAsGroup: 11211 runAsGroup: 11211
runAsNonRoot: true runAsNonRoot: true
runAsUser: 11211 runAsUser: 11211
seccompProfile:
type: RuntimeDefault
initContainers: [] initContainers: []
nodeSelector: {} nodeSelector: {}
affinity: {} affinity: {}
@@ -46,7 +48,7 @@ spec:
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
containers: containers:
- name: memcached - name: memcached
image: memcached:1.6.39-alpine image: memcached:1.6.41-alpine
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: resources:
limits: limits:
@@ -72,6 +74,9 @@ spec:
drop: drop:
- ALL - ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
readinessProbe: readinessProbe:
failureThreshold: 6 failureThreshold: 6
initialDelaySeconds: 5 initialDelaySeconds: 5
@@ -87,7 +92,7 @@ spec:
port: client port: client
timeoutSeconds: 5 timeoutSeconds: 5
- name: exporter - name: exporter
image: prom/memcached-exporter:v0.15.4 image: prom/memcached-exporter:v0.16.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 9150 - containerPort: 9150
@@ -104,6 +109,9 @@ spec:
drop: drop:
- ALL - ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
httpGet: httpGet:

128
clusters/cl01tl/manifests/loki/StatefulSet-loki.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: loki name: loki
namespace: loki namespace: loki
labels: labels:
helm.sh/chart: loki-6.55.0 helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7" app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: single-binary app.kubernetes.io/component: single-binary
app.kubernetes.io/part-of: memberlist app.kubernetes.io/part-of: memberlist
spec: spec:
@@ -29,31 +29,61 @@ spec:
template: template:
metadata: metadata:
annotations: annotations:
checksum/config: 9cded33d7ba292eb76711b451f5ecd9bade13c7fb5ffb5622229f5706f8f90dd checksum/config: 19e0049d8578b5fadd19fbcef19075cf8df1c30f6a3e6fc48aeeeaae41e30e27
storage/size: "150Gi" storage/size: 150Gi
kubectl.kubernetes.io/default-container: "loki" kubectl.kubernetes.io/default-container: "loki"
labels: labels:
helm.sh/chart: loki-13.5.0
app.kubernetes.io/name: loki app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.7.1"
app.kubernetes.io/component: single-binary app.kubernetes.io/component: single-binary
app.kubernetes.io/part-of: memberlist app.kubernetes.io/part-of: memberlist
spec: spec:
serviceAccountName: loki serviceAccountName: loki
automountServiceAccountToken: true
enableServiceLinks: true enableServiceLinks: true
automountServiceAccountToken: true
securityContext: securityContext:
fsGroup: 10001 fsGroup: 10001
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
runAsGroup: 10001 runAsGroup: 10001
runAsNonRoot: true runAsNonRoot: true
runAsUser: 10001 runAsUser: 10001
seccompProfile:
type: RuntimeDefault
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: single-binary
app.kubernetes.io/instance: 'loki'
app.kubernetes.io/name: 'loki'
topologyKey: kubernetes.io/hostname
volumes:
- name: temp
emptyDir: {}
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: sc-rules-volume
emptyDir: {}
- name: sc-rules-temp
emptyDir: {}
containers: containers:
- name: loki - name: loki
image: docker.io/grafana/loki:3.6.7 image: docker.io/grafana/loki:3.7.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- -config.file=/etc/loki/config/config.yaml - -config.file=/etc/loki/config/config.yaml
- -config.expand-env=true
- -target=all - -target=all
ports: ports:
- name: http-metrics - name: http-metrics
@@ -65,12 +95,29 @@ spec:
- name: http-memberlist - name: http-memberlist
containerPort: 7946 containerPort: 7946
protocol: TCP protocol: TCP
env:
- name: GOGC
value: "80"
- name: HASH_RING_INSTANCE_ADDR
valueFrom:
fieldRef:
fieldPath: status.podIP
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: drop:
- ALL - ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
livenessProbe:
failureThreshold: 10
httpGet:
path: /loki/api/v1/status/buildinfo
port: http-metrics
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 1
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
httpGet: httpGet:
@@ -81,14 +128,14 @@ spec:
successThreshold: 1 successThreshold: 1
timeoutSeconds: 1 timeoutSeconds: 1
volumeMounts: volumeMounts:
- name: tmp
mountPath: /tmp
- name: config - name: config
mountPath: /etc/loki/config mountPath: /etc/loki/config
- name: runtime-config - name: runtime-config
mountPath: /etc/loki/runtime-config mountPath: /etc/loki/runtime-config
- name: storage - name: storage
mountPath: /var/loki mountPath: /var/loki
- name: temp
mountPath: /tmp
- name: sc-rules-volume - name: sc-rules-volume
mountPath: "/rules" mountPath: "/rules"
resources: resources:
@@ -96,8 +143,38 @@ spec:
cpu: 100m cpu: 100m
memory: 800Mi memory: 800Mi
- name: loki-sc-rules - name: loki-sc-rules
image: docker.io/kiwigrid/k8s-sidecar:2.5.0 image: docker.io/kiwigrid/k8s-sidecar:2.7.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports:
- name: http-sidecar
containerPort: 8080
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: http-sidecar
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: http-sidecar
initialDelaySeconds: 3
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
env: env:
- name: METHOD - name: METHOD
value: WATCH value: WATCH
@@ -113,40 +190,13 @@ spec:
value: "60" value: "60"
- name: LOG_LEVEL - name: LOG_LEVEL
value: "INFO" value: "INFO"
securityContext: - name: HEALTH_PORT
allowPrivilegeEscalation: false value: "8080"
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts: volumeMounts:
- name: tmp - name: sc-rules-temp
mountPath: /tmp mountPath: /tmp
- name: sc-rules-volume - name: sc-rules-volume
mountPath: "/rules" mountPath: "/rules"
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: single-binary
app.kubernetes.io/instance: 'loki'
app.kubernetes.io/name: 'loki'
topologyKey: kubernetes.io/hostname
volumes:
- name: tmp
emptyDir: {}
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: sc-rules-volume
emptyDir: {}
volumeClaimTemplates: volumeClaimTemplates:
- apiVersion: v1 - apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim