alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity
Files
4eabb8e7ec18c2b94596f41beb41d1006a1c1d79
infrastructure/clusters/cl01tl/manifests/loki/ClusterRole-loki-alloy.yaml

1515 lines
48 KiB
YAML
Raw Blame History

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: loki-alloy
labels:
helm.sh/chart: alloy-1.6.2
app.kubernetes.io/name: alloy
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "v1.14.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: alloy
app.kubernetes.io/component: rbac
rules:
- apiGroups:
- ""
- discovery.k8s.io
- networking.k8s.io
resources:
- endpoints
- endpointslices
- ingresses
- pods
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
- pods/log
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.grafana.com
resources:
- podlogs
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- prometheusrules
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagerconfigs
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- podmonitors
- servicemonitors
- probes
- scrapeconfigs
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes/pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- list
- watch
- nonResourceURLs:
- /metrics
verbs:
- get
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
name: loki-clusterrole
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: loki-alloy
labels:
helm.sh/chart: alloy-1.6.2
app.kubernetes.io/name: alloy
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "v1.14.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: alloy
app.kubernetes.io/component: rbac
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: loki-alloy
subjects:
- kind: ServiceAccount
name: loki-alloy
namespace: loki
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: loki-clusterrolebinding
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
subjects:
- kind: ServiceAccount
name: loki
namespace: loki
roleRef:
kind: ClusterRole
name: loki-clusterrole
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ConfigMap
metadata:
name: loki-alloy
namespace: loki
labels:
helm.sh/chart: alloy-1.6.2
app.kubernetes.io/name: alloy
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "v1.14.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: alloy
app.kubernetes.io/component: config
data:
config.alloy: |-
logging {
level = "debug"
format = "logfmt"
}
discovery.kubernetes "pods" {
role = "pod"
}
discovery.relabel "pods" {
targets = discovery.kubernetes.pods.targets
rule {
source_labels = ["__meta_kubernetes_namespace"]
target_label = "namespace"
action = "replace"
}
rule {
source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"]
target_label = "app"
action = "replace"
}
rule {
source_labels = ["__meta_kubernetes_pod_container_name"]
target_label = "container"
action = "replace"
}
rule {
source_labels = ["__meta_kubernetes_pod_name"]
target_label = "pod"
action = "replace"
}
}
loki.source.kubernetes "pods" {
targets = discovery.relabel.pods.output
forward_to = [loki.process.process.receiver]
}
loki.process "process" {
forward_to = [loki.write.loki.receiver]
stage.drop {
older_than = "1h"
drop_counter_reason = "too old"
}
stage.match {
selector = "{instance=~\".*\"}"
stage.json {
expressions = {
level = "\"level\"",
}
}
stage.labels {
values = {
level = "level",
}
}
}
stage.label_drop {
values = [ "service_name" ]
}
}
loki.write "loki" {
endpoint {
url = "http://loki-gateway.loki.svc.cluster.local:80/loki/api/v1/push"
}
}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: loki-gateway
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: gateway
data:
nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush on;\n resolver kube-dns.kube-system.svc.cluster.local.;\n\n # if the X-Query-Tags header is empty, set a noop= without a value as empty values are not logged\n map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise, preserve the original value\n }\n\n server {\n listen 8080;\n listen [::]:8080;\n\n location = / {\n \n return 200 'OK';\n auth_basic off;\n }\n\n ########################################################\n # Configure backend targets\n location ^~ /ui {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Distributor\n location = /api/prom/push {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/push {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /distributor/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /otlp/v1/logs {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Ingester\n location = /flush {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /ingester/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /ingester {\n \n internal; # to suppress 301\n }\n\n # Ring\n location = /ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # MemberListKV\n location = /memberlist {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Ruler\n location = /ruler/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /api/prom/rules {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /api/prom/rules/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/rules {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /loki/api/v1/rules/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /prometheus/api/v1/alerts {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /prometheus/api/v1/rules {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Compactor\n location = /compactor/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/delete {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/cache/generation_numbers {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # IndexGateway\n location = /indexgateway/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # QueryScheduler\n location = /scheduler/ring {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n # Config\n location = /config {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n\n\n # QueryFrontend, Querier\n location = /api/prom/tail {\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1/tail {\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location ^~ /api/prom/ {\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /api/prom {\n \n internal; # to suppress 301\n }\n location ^~ /loki/api/v1/ {\n # pass custom headers set by Grafana as X-Query-Tags which are logged as key/value pairs in metrics.go log messages\n proxy_set_header X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\";\n \n proxy_pass http://loki.loki.svc.cluster.local:3100$request_uri;\n }\n location = /loki/api/v1 {\n \n internal; # to suppress 301\n }\n }\n}\n"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: loki-runtime
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
data:
runtime-config.yaml: |
{}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: loki
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
data:
config.yaml: |2
auth_enabled: false
bloom_build:
builder:
planner_address: ""
enabled: false
bloom_gateway:
client:
addresses: ""
enabled: false
chunk_store_config:
chunk_cache_config:
background:
writeback_buffer: 500000
writeback_goroutines: 1
writeback_size_limit: 500MB
default_validity: 0s
memcached:
batch_size: 4
parallelism: 5
memcached_client:
addresses: dnssrvnoa+_memcached-client._tcp.loki-chunks-cache.loki.svc.cluster.local
consistent_hash: true
max_idle_conns: 72
timeout: 2000ms
common:
compactor_grpc_address: 'loki.loki.svc.cluster.local:9095'
path_prefix: /var/loki
replication_factor: 1
storage:
filesystem:
chunks_directory: /var/loki/chunks
rules_directory: /var/loki/rules
compactor:
compaction_interval: 10m
delete_request_store: filesystem
retention_delete_delay: 2h
retention_delete_worker_count: 150
retention_enabled: true
working_directory: /var/loki/compactor
frontend:
scheduler_address: ""
tail_proxy_url: ""
frontend_worker:
scheduler_address: ""
index_gateway:
mode: simple
ingester_client:
pool_config:
remote_timeout: 10s
remote_timeout: 10s
limits_config:
allow_structured_metadata: false
ingestion_burst_size_mb: 1024
ingestion_rate_mb: 1024
max_cache_freshness_per_query: 10m
max_streams_per_user: 100000
query_timeout: 300s
reject_old_samples: true
reject_old_samples_max_age: 168h
retention_period: 7d
split_queries_by_interval: 15m
volume_enabled: true
memberlist:
join_members:
- loki-memberlist.loki.svc.cluster.local
pattern_ingester:
enabled: false
query_range:
align_queries_with_step: true
cache_results: true
results_cache:
cache:
background:
writeback_buffer: 500000
writeback_goroutines: 1
writeback_size_limit: 500MB
default_validity: 12h
memcached_client:
addresses: dnssrvnoa+_memcached-client._tcp.loki-results-cache.loki.svc.cluster.local
consistent_hash: true
timeout: 500ms
update_interval: 1m
ruler:
storage:
type: local
wal:
dir: /var/loki/ruler-wal
runtime_config:
file: /etc/loki/runtime-config/runtime-config.yaml
schema_config:
configs:
- from: "2024-01-11"
index:
period: 24h
object_store: filesystem
schema: v13
store: boltdb-shipper
server:
grpc_listen_port: 9095
http_listen_port: 3100
http_server_read_timeout: 600s
http_server_write_timeout: 600s
storage_config:
bloom_shipper:
working_directory: /var/loki/data/bloomshipper
boltdb_shipper:
index_gateway_client:
server_address: ""
hedging:
at: 250ms
max_per_second: 20
up_to: 3
tsdb_shipper:
index_gateway_client:
server_address: ""
use_thanos_objstore: false
tracing:
enabled: false
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
name: podlogs.monitoring.grafana.com
spec:
group: monitoring.grafana.com
names:
categories:
- grafana-alloy
- alloy
kind: PodLogs
listKind: PodLogsList
plural: podlogs
singular: podlogs
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: PodLogs defines how to collect logs for a Pod.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PodLogsSpec defines how to collect logs for a Pod.
properties:
namespaceSelector:
description: Selector to select which namespaces the Pod objects are discovered from.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
relabelings:
description: RelabelConfigs to apply to logs before delivering.
items:
description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
default: replace
description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.
enum:
- replace
- Replace
- keep
- Keep
- drop
- Drop
- hashmod
- HashMod
- labelmap
- LabelMap
- labeldrop
- LabelDrop
- labelkeep
- LabelKeep
- lowercase
- Lowercase
- uppercase
- Uppercase
type: string
modulus:
description: Modulus to take of the hash of the source label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
items:
description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.
pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
type: array
targetLabel:
description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
type: string
type: object
type: array
selector:
description: Selector to select Pod objects. Required.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
required:
- selector
type: object
type: object
served: true
storage: true
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: loki-alloy
namespace: loki
labels:
helm.sh/chart: alloy-1.6.2
app.kubernetes.io/name: alloy
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "v1.14.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: alloy
spec:
minReadySeconds: 10
selector:
matchLabels:
app.kubernetes.io/name: alloy
app.kubernetes.io/instance: loki
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: alloy
labels:
app.kubernetes.io/name: alloy
app.kubernetes.io/instance: loki
spec:
serviceAccountName: loki-alloy
containers:
- name: alloy
image: docker.io/grafana/alloy:v1.14.0
imagePullPolicy: IfNotPresent
args:
- run
- /etc/alloy/config.alloy
- --storage.path=/tmp/alloy
- --server.http.listen-addr=0.0.0.0:12345
- --server.http.ui-path-prefix=/
- --stability.level=generally-available
env:
- name: ALLOY_DEPLOY_MODE
value: "helm"
- name: HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
ports:
- containerPort: 12345
name: http-metrics
readinessProbe:
httpGet:
path: /-/ready
port: 12345
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/alloy
- name: config-reloader
image: quay.io/prometheus-operator/prometheus-config-reloader:v0.81.0
args:
- --watched-dir=/etc/alloy
- --reload-url=http://localhost:12345/-/reload
volumeMounts:
- name: config
mountPath: /etc/alloy
resources:
requests:
cpu: 10m
memory: 50Mi
dnsPolicy: ClusterFirst
volumes:
- name: config
configMap:
name: loki-alloy
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: loki-canary
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: canary
spec:
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: canary
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: canary
spec:
serviceAccountName: loki-canary
securityContext:
fsGroup: 10001
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
containers:
- name: loki-canary
image: docker.io/grafana/loki-canary:3.6.7
imagePullPolicy: IfNotPresent
args:
- -addr=loki-gateway.loki.svc.cluster.local.:80
- -labelname=pod
- -labelvalue=$(POD_NAME)
- -push=true
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
ports:
- name: http-metrics
containerPort: 3500
protocol: TCP
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
readinessProbe:
httpGet:
path: /metrics
port: http-metrics
initialDelaySeconds: 15
timeoutSeconds: 1
volumes:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: loki-gateway
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: gateway
spec:
replicas: 1
strategy:
type: RollingUpdate
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: gateway
template:
metadata:
annotations:
checksum/config: d76bd0b627b1549dddc6ce5304d9322ebdeb13e5b813234d8067357925630015
labels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: gateway
spec:
serviceAccountName: loki
enableServiceLinks: true
securityContext:
fsGroup: 101
runAsGroup: 101
runAsNonRoot: true
runAsUser: 101
terminationGracePeriodSeconds: 30
containers:
- name: nginx
image: docker.io/nginxinc/nginx-unprivileged:1.29-alpine
imagePullPolicy: IfNotPresent
ports:
- name: http-metrics
containerPort: 8080
protocol: TCP
readinessProbe:
httpGet:
path: /
port: http-metrics
initialDelaySeconds: 15
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- name: config
mountPath: /etc/nginx
- name: tmp
mountPath: /tmp
- name: docker-entrypoint-d-override
mountPath: /docker-entrypoint.d
resources: {}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: gateway
app.kubernetes.io/instance: 'loki'
app.kubernetes.io/name: 'loki'
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki-gateway
- name: tmp
emptyDir: {}
- name: docker-entrypoint-d-override
emptyDir: {}
---
apiVersion: v1
kind: Namespace
metadata:
name: loki
labels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/part-of: loki
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged
---
apiVersion: v1
kind: Pod
metadata:
name: "loki-helm-test"
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: helm-test
annotations:
"helm.sh/hook": test
spec:
containers:
- name: loki-helm-test
image: docker.io/grafana/loki-helm-test:latest
env:
- name: CANARY_SERVICE_ADDRESS
value: "http://loki-canary.loki.svc.cluster.local:3500/metrics"
- name: CANARY_PROMETHEUS_ADDRESS
value: ""
- name: CANARY_TEST_TIMEOUT
value: "1m"
args:
- -test.v
restartPolicy: Never
---
apiVersion: v1
kind: Service
metadata:
name: loki-alloy
namespace: loki
labels:
helm.sh/chart: alloy-1.6.2
app.kubernetes.io/name: alloy
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "v1.14.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: alloy
app.kubernetes.io/component: networking
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: alloy
app.kubernetes.io/instance: loki
internalTrafficPolicy: Cluster
ports:
- name: http-metrics
port: 12345
targetPort: 12345
protocol: "TCP"
---
apiVersion: v1
kind: Service
metadata:
name: loki-canary
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: canary
annotations:
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 3500
targetPort: http-metrics
protocol: TCP
selector:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: canary
---
apiVersion: v1
kind: Service
metadata:
name: loki-chunks-cache
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: "memcached-chunks-cache"
annotations: {}
namespace: "loki"
spec:
type: ClusterIP
clusterIP: None
ports:
- name: memcached-client
port: 11211
targetPort: client
- name: http-metrics
port: 9150
targetPort: http-metrics
selector:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: "memcached-chunks-cache"
---
apiVersion: v1
kind: Service
metadata:
name: loki-gateway
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: gateway
prometheus.io/service-monitor: "false"
annotations:
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 80
targetPort: http-metrics
protocol: TCP
selector:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: gateway
---
apiVersion: v1
kind: Service
metadata:
name: loki-headless
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
variant: headless
prometheus.io/service-monitor: "false"
annotations:
spec:
clusterIP: None
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
selector:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
---
apiVersion: v1
kind: Service
metadata:
name: loki-memberlist
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
annotations:
spec:
type: ClusterIP
clusterIP: None
ports:
- name: tcp
port: 7946
targetPort: http-memberlist
protocol: TCP
selector:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/part-of: memberlist
---
apiVersion: v1
kind: Service
metadata:
name: loki-results-cache
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: "memcached-results-cache"
annotations: {}
namespace: "loki"
spec:
type: ClusterIP
clusterIP: None
ports:
- name: memcached-client
port: 11211
targetPort: client
- name: http-metrics
port: 9150
targetPort: http-metrics
selector:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: "memcached-results-cache"
---
apiVersion: v1
kind: Service
metadata:
name: loki
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
annotations:
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
selector:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: single-binary
---
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
name: loki-alloy
namespace: loki
labels:
helm.sh/chart: alloy-1.6.2
app.kubernetes.io/name: alloy
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "v1.14.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: alloy
app.kubernetes.io/component: rbac
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: loki-canary
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: canary
automountServiceAccountToken: true
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: loki
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
automountServiceAccountToken: true
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: loki-alloy
namespace: loki
labels:
helm.sh/chart: alloy-1.6.2
app.kubernetes.io/name: alloy
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "v1.14.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: alloy
app.kubernetes.io/component: metrics
spec:
endpoints:
- port: http-metrics
scheme: http
honorLabels: true
selector:
matchLabels:
app.kubernetes.io/name: alloy
app.kubernetes.io/instance: loki
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-chunks-cache
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: "memcached-chunks-cache"
name: "memcached-chunks-cache"
annotations: {}
namespace: "loki"
spec:
podManagementPolicy: Parallel
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: "memcached-chunks-cache"
name: "memcached-chunks-cache"
updateStrategy:
type: RollingUpdate
serviceName: loki-chunks-cache
template:
metadata:
labels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: "memcached-chunks-cache"
name: "memcached-chunks-cache"
annotations:
spec:
serviceAccountName: loki
securityContext:
fsGroup: 11211
runAsGroup: 11211
runAsNonRoot: true
runAsUser: 11211
initContainers: []
nodeSelector: {}
affinity: {}
topologySpreadConstraints: []
tolerations: []
terminationGracePeriodSeconds: 60
containers:
- name: memcached
image: memcached:1.6.39-alpine
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 9830Mi
requests:
cpu: 500m
memory: 9830Mi
ports:
- containerPort: 11211
name: client
args:
- -m 8192
- --extended=modern,track_sizes
- -I 5m
- -c 16384
- -v
- -u 11211
env:
envFrom:
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 5
periodSeconds: 5
tcpSocket:
port: client
timeoutSeconds: 3
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: client
timeoutSeconds: 5
- name: exporter
image: prom/memcached-exporter:v0.15.4
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9150
name: http-metrics
args:
- "--memcached.address=localhost:11211"
- "--web.listen-address=0.0.0.0:9150"
resources:
limits: {}
requests: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: http-metrics
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
livenessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: http-metrics
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-results-cache
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: "memcached-results-cache"
name: "memcached-results-cache"
annotations: {}
namespace: "loki"
spec:
podManagementPolicy: Parallel
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: "memcached-results-cache"
name: "memcached-results-cache"
updateStrategy:
type: RollingUpdate
serviceName: loki-results-cache
template:
metadata:
labels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: "memcached-results-cache"
name: "memcached-results-cache"
annotations:
spec:
serviceAccountName: loki
securityContext:
fsGroup: 11211
runAsGroup: 11211
runAsNonRoot: true
runAsUser: 11211
initContainers: []
nodeSelector: {}
affinity: {}
topologySpreadConstraints: []
tolerations: []
terminationGracePeriodSeconds: 60
containers:
- name: memcached
image: memcached:1.6.39-alpine
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 1229Mi
requests:
cpu: 500m
memory: 1229Mi
ports:
- containerPort: 11211
name: client
args:
- -m 1024
- --extended=modern,track_sizes
- -I 5m
- -c 16384
- -v
- -u 11211
env:
envFrom:
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 5
periodSeconds: 5
tcpSocket:
port: client
timeoutSeconds: 3
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: client
timeoutSeconds: 5
- name: exporter
image: prom/memcached-exporter:v0.15.4
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9150
name: http-metrics
args:
- "--memcached.address=localhost:11211"
- "--web.listen-address=0.0.0.0:9150"
resources:
limits: {}
requests: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: http-metrics
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
livenessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: http-metrics
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki
namespace: loki
labels:
helm.sh/chart: loki-6.55.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "3.6.7"
app.kubernetes.io/component: single-binary
app.kubernetes.io/part-of: memberlist
spec:
replicas: 1
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: loki-headless
revisionHistoryLimit: 10
persistentVolumeClaimRetentionPolicy:
whenDeleted: Delete
whenScaled: Delete
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: single-binary
template:
metadata:
annotations:
checksum/config: 9cded33d7ba292eb76711b451f5ecd9bade13c7fb5ffb5622229f5706f8f90dd
storage/size: "150Gi"
kubectl.kubernetes.io/default-container: "loki"
labels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: single-binary
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
automountServiceAccountToken: true
enableServiceLinks: true
securityContext:
fsGroup: 10001
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 30
containers:
- name: loki
image: docker.io/grafana/loki:3.6.7
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=all
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
volumeMounts:
- name: tmp
mountPath: /tmp
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: storage
mountPath: /var/loki
- name: sc-rules-volume
mountPath: "/rules"
resources: {}
- name: loki-sc-rules
image: docker.io/kiwigrid/k8s-sidecar:2.5.0
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "loki_rule"
- name: FOLDER
value: "/rules"
- name: RESOURCE
value: "both"
- name: WATCH_SERVER_TIMEOUT
value: "60"
- name: WATCH_CLIENT_TIMEOUT
value: "60"
- name: LOG_LEVEL
value: "INFO"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- name: tmp
mountPath: /tmp
- name: sc-rules-volume
mountPath: "/rules"
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: single-binary
app.kubernetes.io/instance: 'loki'
app.kubernetes.io/name: 'loki'
topologyKey: kubernetes.io/hostname
volumes:
- name: tmp
emptyDir: {}
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: sc-rules-volume
emptyDir: {}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: storage
spec:
accessModes:
- ReadWriteOnce
storageClassName: synology-iscsi-delete
resources:
requests:
storage: "150Gi"
Reference in New Issue View Git Blame Copy Permalink