apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: loki-alloy labels: helm.sh/chart: alloy-1.6.2 app.kubernetes.io/name: alloy app.kubernetes.io/instance: loki app.kubernetes.io/version: "v1.14.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: alloy app.kubernetes.io/component: rbac rules: - apiGroups: - "" - discovery.k8s.io - networking.k8s.io resources: - endpoints - endpointslices - ingresses - pods - services verbs: - get - list - watch - apiGroups: - "" resources: - pods - pods/log - namespaces verbs: - get - list - watch - apiGroups: - monitoring.grafana.com resources: - podlogs verbs: - get - list - watch - apiGroups: - monitoring.coreos.com resources: - prometheusrules verbs: - get - list - watch - apiGroups: - monitoring.coreos.com resources: - alertmanagerconfigs verbs: - get - list - watch - apiGroups: - monitoring.coreos.com resources: - podmonitors - servicemonitors - probes - scrapeconfigs verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - get - list - watch - apiGroups: - "" resources: - configmaps - secrets verbs: - get - list - watch - apiGroups: - apps - extensions resources: - replicasets verbs: - get - list - watch - apiGroups: - "" resources: - nodes verbs: - get - list - watch - apiGroups: - "" resources: - nodes/pods verbs: - get - list - watch - apiGroups: - "" resources: - nodes/metrics verbs: - get - list - watch - nonResourceURLs: - /metrics verbs: - get --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" name: loki-clusterrole rules: - apiGroups: [""] resources: ["configmaps", "secrets"] verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: loki-alloy labels: helm.sh/chart: alloy-1.6.2 app.kubernetes.io/name: alloy app.kubernetes.io/instance: loki app.kubernetes.io/version: "v1.14.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: alloy app.kubernetes.io/component: rbac roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: loki-alloy subjects: - kind: ServiceAccount name: loki-alloy namespace: loki --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: loki-clusterrolebinding labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" subjects: - kind: ServiceAccount name: loki namespace: loki roleRef: kind: ClusterRole name: loki-clusterrole apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ConfigMap metadata: name: loki-alloy namespace: loki labels: helm.sh/chart: alloy-1.6.2 app.kubernetes.io/name: alloy app.kubernetes.io/instance: loki app.kubernetes.io/version: "v1.14.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: alloy app.kubernetes.io/component: config data: config.alloy: |- logging { level = "debug" format = "logfmt" } discovery.kubernetes "pods" { role = "pod" } discovery.relabel "pods" { targets = discovery.kubernetes.pods.targets rule { source_labels = ["__meta_kubernetes_namespace"] target_label = "namespace" action = "replace" } rule { source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"] target_label = "app" action = "replace" } rule { source_labels = ["__meta_kubernetes_pod_container_name"] target_label = "container" action = "replace" } rule { source_labels = ["__meta_kubernetes_pod_name"] target_label = "pod" action = "replace" } } loki.source.kubernetes "pods" { targets = discovery.relabel.pods.output forward_to = [loki.process.process.receiver] } loki.process "process" { forward_to = [loki.write.loki.receiver] stage.drop { older_than = "1h" drop_counter_reason = "too old" } stage.match { selector = "{instance=~\".*\"}" stage.json { expressions = { level = "\"level\"", } } stage.labels { values = { level = "level", } } } stage.label_drop { values = [ "service_name" ] } } loki.write "loki" { endpoint { url = "http://loki-gateway.loki.svc.cluster.local:80/loki/api/v1/push" } } --- apiVersion: v1 kind: ConfigMap metadata: name: loki-gateway namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: gateway data: nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush on;\n resolver kube-dns.kube-system.svc.cluster.local.;\n\n # if the X-Query-Tags header is empty, set a noop= without a value as empty values are not logged\n map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise, preserve the original value\n }\n\n server {\n listen 8080;\n listen [::]:8080;\n\n location = / {\n \n return 200 'OK';\n auth_basic off;\n }\n\n ########################################################\n # Configure backend targets\n location ^~ /ui {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Distributor\n location = /api/prom/push {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/push {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /distributor/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /otlp/v1/logs {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Ingester\n location = /flush {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /ingester/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /ingester {\n \n internal; # to suppress 301\n }\n\n # Ring\n location = /ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # MemberListKV\n location = /memberlist {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Ruler\n location = /ruler/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /api/prom/rules {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /api/prom/rules/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/rules {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /loki/api/v1/rules/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /prometheus/api/v1/alerts {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /prometheus/api/v1/rules {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Compactor\n location = /compactor/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/delete {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/cache/generation_numbers {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # IndexGateway\n location = /indexgateway/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # QueryScheduler\n location = /scheduler/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Config\n location = /config {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n\n # QueryFrontend, Querier\n location = /api/prom/tail {\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/tail {\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /api/prom/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /api/prom {\n \n internal; # to suppress 301\n }\n location ^~ /loki/api/v1/ {\n # pass custom headers set by Grafana as X-Query-Tags which are logged as key/value pairs in metrics.go log messages\n proxy_set_header X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\";\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1 {\n \n internal; # to suppress 301\n }\n }\n}\n" --- apiVersion: v1 kind: ConfigMap metadata: name: loki-runtime namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" data: runtime-config.yaml: | {} --- apiVersion: v1 kind: ConfigMap metadata: name: loki namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" data: config.yaml: |2 auth_enabled: false bloom_build: builder: planner_address: "" enabled: false bloom_gateway: client: addresses: "" enabled: false chunk_store_config: chunk_cache_config: background: writeback_buffer: 500000 writeback_goroutines: 1 writeback_size_limit: 500MB default_validity: 0s memcached: batch_size: 4 parallelism: 5 memcached_client: addresses: dnssrvnoa+_memcached-client._tcp.loki-chunks-cache.loki.svc.cluster.local consistent_hash: true max_idle_conns: 72 timeout: 2000ms common: compactor_grpc_address: 'loki.loki.svc.cluster.local:9095' path_prefix: /var/loki replication_factor: 1 storage: filesystem: chunks_directory: /var/loki/chunks rules_directory: /var/loki/rules compactor: compaction_interval: 10m delete_request_store: filesystem retention_delete_delay: 2h retention_delete_worker_count: 150 retention_enabled: true working_directory: /var/loki/compactor frontend: scheduler_address: "" tail_proxy_url: "" frontend_worker: scheduler_address: "" index_gateway: mode: simple ingester_client: pool_config: remote_timeout: 10s remote_timeout: 10s limits_config: allow_structured_metadata: false ingestion_burst_size_mb: 1024 ingestion_rate_mb: 1024 max_cache_freshness_per_query: 10m max_streams_per_user: 100000 query_timeout: 300s reject_old_samples: true reject_old_samples_max_age: 168h retention_period: 7d split_queries_by_interval: 15m volume_enabled: true memberlist: join_members: - loki-memberlist.loki.svc.cluster.local pattern_ingester: enabled: false query_range: align_queries_with_step: true cache_results: true results_cache: cache: background: writeback_buffer: 500000 writeback_goroutines: 1 writeback_size_limit: 500MB default_validity: 12h memcached_client: addresses: dnssrvnoa+_memcached-client._tcp.loki-results-cache.loki.svc.cluster.local consistent_hash: true timeout: 500ms update_interval: 1m ruler: storage: type: local wal: dir: /var/loki/ruler-wal runtime_config: file: /etc/loki/runtime-config/runtime-config.yaml schema_config: configs: - from: "2024-01-11" index: period: 24h object_store: filesystem schema: v13 store: boltdb-shipper server: grpc_listen_port: 9095 http_listen_port: 3100 http_server_read_timeout: 600s http_server_write_timeout: 600s storage_config: bloom_shipper: working_directory: /var/loki/data/bloomshipper boltdb_shipper: index_gateway_client: server_address: "" hedging: at: 250ms max_per_second: 20 up_to: 3 tsdb_shipper: index_gateway_client: server_address: "" use_thanos_objstore: false tracing: enabled: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 name: podlogs.monitoring.grafana.com spec: group: monitoring.grafana.com names: categories: - grafana-alloy - alloy kind: PodLogs listKind: PodLogsList plural: podlogs singular: podlogs scope: Namespaced versions: - name: v1alpha2 schema: openAPIV3Schema: description: PodLogs defines how to collect logs for a Pod. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: PodLogsSpec defines how to collect logs for a Pod. properties: namespaceSelector: description: Selector to select which namespaces the Pod objects are discovered from. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic relabelings: description: RelabelConfigs to apply to logs before delivering. items: description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36. enum: - replace - Replace - keep - Keep - drop - Drop - hashmod - HashMod - labelmap - LabelMap - labeldrop - LabelDrop - labelkeep - LabelKeep - lowercase - Lowercase - uppercase - Uppercase type: string modulus: description: Modulus to take of the hash of the source label values. format: int64 type: integer regex: description: Regular expression against which the extracted value is matched. Default is '(.*)' type: string replacement: description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' type: string separator: description: Separator placed between concatenated source label values. default is ';'. type: string sourceLabels: description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. type: string type: object type: array selector: description: Selector to select Pod objects. Required. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic required: - selector type: object type: object served: true storage: true --- apiVersion: apps/v1 kind: DaemonSet metadata: name: loki-alloy namespace: loki labels: helm.sh/chart: alloy-1.6.2 app.kubernetes.io/name: alloy app.kubernetes.io/instance: loki app.kubernetes.io/version: "v1.14.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: alloy spec: minReadySeconds: 10 selector: matchLabels: app.kubernetes.io/name: alloy app.kubernetes.io/instance: loki template: metadata: annotations: kubectl.kubernetes.io/default-container: alloy labels: app.kubernetes.io/name: alloy app.kubernetes.io/instance: loki spec: serviceAccountName: loki-alloy containers: - name: alloy image: docker.io/grafana/alloy:v1.14.0 imagePullPolicy: IfNotPresent args: - run - /etc/alloy/config.alloy - --storage.path=/tmp/alloy - --server.http.listen-addr=0.0.0.0:12345 - --server.http.ui-path-prefix=/ - --stability.level=generally-available env: - name: ALLOY_DEPLOY_MODE value: "helm" - name: HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName ports: - containerPort: 12345 name: http-metrics readinessProbe: httpGet: path: /-/ready port: 12345 scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 1 volumeMounts: - name: config mountPath: /etc/alloy - name: config-reloader image: quay.io/prometheus-operator/prometheus-config-reloader:v0.81.0 args: - --watched-dir=/etc/alloy - --reload-url=http://localhost:12345/-/reload volumeMounts: - name: config mountPath: /etc/alloy resources: requests: cpu: 10m memory: 50Mi dnsPolicy: ClusterFirst volumes: - name: config configMap: name: loki-alloy --- apiVersion: apps/v1 kind: DaemonSet metadata: name: loki-canary namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: canary spec: selector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: canary updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: canary spec: serviceAccountName: loki-canary securityContext: fsGroup: 10001 fsGroupChangePolicy: OnRootMismatch runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 containers: - name: loki-canary image: docker.io/grafana/loki-canary:3.6.7 imagePullPolicy: IfNotPresent args: - -addr=loki-gateway.loki.svc.cluster.local.:80 - -labelname=pod - -labelvalue=$(POD_NAME) - -push=true securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: ports: - name: http-metrics containerPort: 3500 protocol: TCP env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name readinessProbe: httpGet: path: /metrics port: http-metrics initialDelaySeconds: 15 timeoutSeconds: 1 volumes: --- apiVersion: apps/v1 kind: Deployment metadata: name: loki-gateway namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: gateway spec: replicas: 1 strategy: type: RollingUpdate revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: gateway template: metadata: annotations: checksum/config: d76bd0b627b1549dddc6ce5304d9322ebdeb13e5b813234d8067357925630015 labels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: gateway spec: serviceAccountName: loki enableServiceLinks: true securityContext: fsGroup: 101 runAsGroup: 101 runAsNonRoot: true runAsUser: 101 terminationGracePeriodSeconds: 30 containers: - name: nginx image: docker.io/nginxinc/nginx-unprivileged:1.29-alpine imagePullPolicy: IfNotPresent ports: - name: http-metrics containerPort: 8080 protocol: TCP readinessProbe: httpGet: path: / port: http-metrics initialDelaySeconds: 15 timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - name: config mountPath: /etc/nginx - name: tmp mountPath: /tmp - name: docker-entrypoint-d-override mountPath: /docker-entrypoint.d resources: {} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: gateway app.kubernetes.io/instance: 'loki' app.kubernetes.io/name: 'loki' topologyKey: kubernetes.io/hostname volumes: - name: config configMap: name: loki-gateway - name: tmp emptyDir: {} - name: docker-entrypoint-d-override emptyDir: {} --- apiVersion: v1 kind: Namespace metadata: name: loki labels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/part-of: loki pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged --- apiVersion: v1 kind: Pod metadata: name: "loki-helm-test" namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: helm-test annotations: "helm.sh/hook": test spec: containers: - name: loki-helm-test image: docker.io/grafana/loki-helm-test:latest env: - name: CANARY_SERVICE_ADDRESS value: "http://loki-canary.loki.svc.cluster.local:3500/metrics" - name: CANARY_PROMETHEUS_ADDRESS value: "" - name: CANARY_TEST_TIMEOUT value: "1m" args: - -test.v restartPolicy: Never --- apiVersion: v1 kind: Service metadata: name: loki-alloy namespace: loki labels: helm.sh/chart: alloy-1.6.2 app.kubernetes.io/name: alloy app.kubernetes.io/instance: loki app.kubernetes.io/version: "v1.14.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: alloy app.kubernetes.io/component: networking spec: type: ClusterIP selector: app.kubernetes.io/name: alloy app.kubernetes.io/instance: loki internalTrafficPolicy: Cluster ports: - name: http-metrics port: 12345 targetPort: 12345 protocol: "TCP" --- apiVersion: v1 kind: Service metadata: name: loki-canary namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: canary annotations: spec: type: ClusterIP ports: - name: http-metrics port: 3500 targetPort: http-metrics protocol: TCP selector: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: canary --- apiVersion: v1 kind: Service metadata: name: loki-chunks-cache labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: "memcached-chunks-cache" annotations: {} namespace: "loki" spec: type: ClusterIP clusterIP: None ports: - name: memcached-client port: 11211 targetPort: client - name: http-metrics port: 9150 targetPort: http-metrics selector: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: "memcached-chunks-cache" --- apiVersion: v1 kind: Service metadata: name: loki-gateway namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: gateway prometheus.io/service-monitor: "false" annotations: spec: type: ClusterIP ports: - name: http-metrics port: 80 targetPort: http-metrics protocol: TCP selector: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: gateway --- apiVersion: v1 kind: Service metadata: name: loki-headless namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" variant: headless prometheus.io/service-monitor: "false" annotations: spec: clusterIP: None ports: - name: http-metrics port: 3100 targetPort: http-metrics protocol: TCP selector: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki --- apiVersion: v1 kind: Service metadata: name: loki-memberlist namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" annotations: spec: type: ClusterIP clusterIP: None ports: - name: tcp port: 7946 targetPort: http-memberlist protocol: TCP selector: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/part-of: memberlist --- apiVersion: v1 kind: Service metadata: name: loki-results-cache labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: "memcached-results-cache" annotations: {} namespace: "loki" spec: type: ClusterIP clusterIP: None ports: - name: memcached-client port: 11211 targetPort: client - name: http-metrics port: 9150 targetPort: http-metrics selector: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: "memcached-results-cache" --- apiVersion: v1 kind: Service metadata: name: loki namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" annotations: spec: type: ClusterIP ports: - name: http-metrics port: 3100 targetPort: http-metrics protocol: TCP - name: grpc port: 9095 targetPort: grpc protocol: TCP selector: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: single-binary --- apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: true metadata: name: loki-alloy namespace: loki labels: helm.sh/chart: alloy-1.6.2 app.kubernetes.io/name: alloy app.kubernetes.io/instance: loki app.kubernetes.io/version: "v1.14.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: alloy app.kubernetes.io/component: rbac --- apiVersion: v1 kind: ServiceAccount metadata: name: loki-canary namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: canary automountServiceAccountToken: true --- apiVersion: v1 kind: ServiceAccount metadata: name: loki namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" automountServiceAccountToken: true --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: loki-alloy namespace: loki labels: helm.sh/chart: alloy-1.6.2 app.kubernetes.io/name: alloy app.kubernetes.io/instance: loki app.kubernetes.io/version: "v1.14.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: alloy app.kubernetes.io/component: metrics spec: endpoints: - port: http-metrics scheme: http honorLabels: true selector: matchLabels: app.kubernetes.io/name: alloy app.kubernetes.io/instance: loki --- apiVersion: apps/v1 kind: StatefulSet metadata: name: loki-chunks-cache labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: "memcached-chunks-cache" name: "memcached-chunks-cache" annotations: {} namespace: "loki" spec: podManagementPolicy: Parallel replicas: 1 selector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: "memcached-chunks-cache" name: "memcached-chunks-cache" updateStrategy: type: RollingUpdate serviceName: loki-chunks-cache template: metadata: labels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: "memcached-chunks-cache" name: "memcached-chunks-cache" annotations: spec: serviceAccountName: loki securityContext: fsGroup: 11211 runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 initContainers: [] nodeSelector: {} affinity: {} topologySpreadConstraints: [] tolerations: [] terminationGracePeriodSeconds: 60 containers: - name: memcached image: memcached:1.6.39-alpine imagePullPolicy: IfNotPresent resources: limits: memory: 9830Mi requests: cpu: 500m memory: 9830Mi ports: - containerPort: 11211 name: client args: - -m 8192 - --extended=modern,track_sizes - -I 5m - -c 16384 - -v - -u 11211 env: envFrom: securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true readinessProbe: failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 5 tcpSocket: port: client timeoutSeconds: 3 livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: client timeoutSeconds: 5 - name: exporter image: prom/memcached-exporter:v0.15.4 imagePullPolicy: IfNotPresent ports: - containerPort: 9150 name: http-metrics args: - "--memcached.address=localhost:11211" - "--web.listen-address=0.0.0.0:9150" resources: limits: {} requests: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true readinessProbe: failureThreshold: 3 httpGet: path: /metrics port: http-metrics initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 3 livenessProbe: failureThreshold: 3 httpGet: path: /metrics port: http-metrics initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 --- apiVersion: apps/v1 kind: StatefulSet metadata: name: loki-results-cache labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: "memcached-results-cache" name: "memcached-results-cache" annotations: {} namespace: "loki" spec: podManagementPolicy: Parallel replicas: 1 selector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: "memcached-results-cache" name: "memcached-results-cache" updateStrategy: type: RollingUpdate serviceName: loki-results-cache template: metadata: labels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: "memcached-results-cache" name: "memcached-results-cache" annotations: spec: serviceAccountName: loki securityContext: fsGroup: 11211 runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 initContainers: [] nodeSelector: {} affinity: {} topologySpreadConstraints: [] tolerations: [] terminationGracePeriodSeconds: 60 containers: - name: memcached image: memcached:1.6.39-alpine imagePullPolicy: IfNotPresent resources: limits: memory: 1229Mi requests: cpu: 500m memory: 1229Mi ports: - containerPort: 11211 name: client args: - -m 1024 - --extended=modern,track_sizes - -I 5m - -c 16384 - -v - -u 11211 env: envFrom: securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true readinessProbe: failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 5 tcpSocket: port: client timeoutSeconds: 3 livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: client timeoutSeconds: 5 - name: exporter image: prom/memcached-exporter:v0.15.4 imagePullPolicy: IfNotPresent ports: - containerPort: 9150 name: http-metrics args: - "--memcached.address=localhost:11211" - "--web.listen-address=0.0.0.0:9150" resources: limits: {} requests: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true readinessProbe: failureThreshold: 3 httpGet: path: /metrics port: http-metrics initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 3 livenessProbe: failureThreshold: 3 httpGet: path: /metrics port: http-metrics initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 --- apiVersion: apps/v1 kind: StatefulSet metadata: name: loki namespace: loki labels: helm.sh/chart: loki-6.55.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/version: "3.6.7" app.kubernetes.io/component: single-binary app.kubernetes.io/part-of: memberlist spec: replicas: 1 podManagementPolicy: Parallel updateStrategy: rollingUpdate: partition: 0 serviceName: loki-headless revisionHistoryLimit: 10 persistentVolumeClaimRetentionPolicy: whenDeleted: Delete whenScaled: Delete selector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: single-binary template: metadata: annotations: checksum/config: 9cded33d7ba292eb76711b451f5ecd9bade13c7fb5ffb5622229f5706f8f90dd storage/size: "150Gi" kubectl.kubernetes.io/default-container: "loki" labels: app.kubernetes.io/name: loki app.kubernetes.io/instance: loki app.kubernetes.io/component: single-binary app.kubernetes.io/part-of: memberlist spec: serviceAccountName: loki automountServiceAccountToken: true enableServiceLinks: true securityContext: fsGroup: 10001 fsGroupChangePolicy: OnRootMismatch runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 terminationGracePeriodSeconds: 30 containers: - name: loki image: docker.io/grafana/loki:3.6.7 imagePullPolicy: IfNotPresent args: - -config.file=/etc/loki/config/config.yaml - -target=all ports: - name: http-metrics containerPort: 3100 protocol: TCP - name: grpc containerPort: 9095 protocol: TCP - name: http-memberlist containerPort: 7946 protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true readinessProbe: failureThreshold: 3 httpGet: path: /ready port: http-metrics initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 volumeMounts: - name: tmp mountPath: /tmp - name: config mountPath: /etc/loki/config - name: runtime-config mountPath: /etc/loki/runtime-config - name: storage mountPath: /var/loki - name: sc-rules-volume mountPath: "/rules" resources: {} - name: loki-sc-rules image: docker.io/kiwigrid/k8s-sidecar:2.5.0 imagePullPolicy: IfNotPresent env: - name: METHOD value: WATCH - name: LABEL value: "loki_rule" - name: FOLDER value: "/rules" - name: RESOURCE value: "both" - name: WATCH_SERVER_TIMEOUT value: "60" - name: WATCH_CLIENT_TIMEOUT value: "60" - name: LOG_LEVEL value: "INFO" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - name: tmp mountPath: /tmp - name: sc-rules-volume mountPath: "/rules" affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: single-binary app.kubernetes.io/instance: 'loki' app.kubernetes.io/name: 'loki' topologyKey: kubernetes.io/hostname volumes: - name: tmp emptyDir: {} - name: config configMap: name: loki items: - key: "config.yaml" path: "config.yaml" - name: runtime-config configMap: name: loki-runtime - name: sc-rules-volume emptyDir: {} volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: storage spec: accessModes: - ReadWriteOnce storageClassName: synology-iscsi-delete resources: requests: storage: "150Gi"