diff --git a/_apps/loki.yaml b/_apps/loki.yaml deleted file mode 100644 index 262c942..0000000 --- a/_apps/loki.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: loki - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - namespace: loki - server: https://kubernetes.default.svc - project: system - source: - path: loki - repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git - targetRevision: HEAD ---- -apiVersion: v1 -kind: Namespace -metadata: - name: loki diff --git a/loki/Makefile b/loki/Makefile deleted file mode 100644 index 9f845ed..0000000 --- a/loki/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -build: - helm template loki --namespace=loki loki/loki \ - -f loki-values.yaml \ - > loki.yaml - helm template promtail --namespace=loki loki/promtail \ - --set loki.serviceName=loki \ - > promtail.yaml -.PHONY: build - -update: - helm repo update - helm search repo loki-stack -.PHONY: update diff --git a/loki/loki-values.yaml b/loki/loki-values.yaml deleted file mode 100644 index 24c3419..0000000 --- a/loki/loki-values.yaml +++ /dev/null @@ -1,40 +0,0 @@ -config: - auth_enabled: false - ingester: - chunk_idle_period: 3m - chunk_block_size: 262144 - chunk_retain_period: 1m - max_transfer_retries: 0 - lifecycler: - ring: - kvstore: - store: inmemory - replication_factor: 1 - limits_config: - enforce_metric_name: false - reject_old_samples: true - reject_old_samples_max_age: 168h - schema_config: - configs: - - from: 2020-05-25 - store: boltdb - object_store: filesystem - schema: v11 - index: - prefix: index_ - period: 48h - server: - http_listen_port: 3100 - storage_config: - boltdb: - directory: /data/loki/index - filesystem: - directory: /data/loki/chunks - chunk_store_config: - max_look_back_period: 0s - table_manager: - retention_deletes_enabled: true - retention_period: 96h - -persistence: - enabled: true diff --git a/loki/loki.yaml b/loki/loki.yaml deleted file mode 100644 index 0ac7c06..0000000 --- a/loki/loki.yaml +++ /dev/null @@ -1,248 +0,0 @@ ---- -# Source: loki/templates/podsecuritypolicy.yaml -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: loki - namespace: loki - labels: - app: loki - chart: loki-0.29.0 - heritage: Helm - release: loki -spec: - privileged: false - allowPrivilegeEscalation: false - volumes: - - 'configMap' - - 'emptyDir' - - 'persistentVolumeClaim' - - 'secret' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL ---- -# Source: loki/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: loki - chart: loki-0.29.0 - heritage: Helm - release: loki - annotations: - {} - name: loki - namespace: loki ---- -# Source: loki/templates/secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: loki - namespace: loki - labels: - app: loki - chart: loki-0.29.0 - release: loki - heritage: Helm -data: - loki.yaml: YXV0aF9lbmFibGVkOiBmYWxzZQpjaHVua19zdG9yZV9jb25maWc6CiAgbWF4X2xvb2tfYmFja19wZXJpb2Q6IDBzCmluZ2VzdGVyOgogIGNodW5rX2Jsb2NrX3NpemU6IDI2MjE0NAogIGNodW5rX2lkbGVfcGVyaW9kOiAzbQogIGNodW5rX3JldGFpbl9wZXJpb2Q6IDFtCiAgbGlmZWN5Y2xlcjoKICAgIHJpbmc6CiAgICAgIGt2c3RvcmU6CiAgICAgICAgc3RvcmU6IGlubWVtb3J5CiAgICAgIHJlcGxpY2F0aW9uX2ZhY3RvcjogMQogIG1heF90cmFuc2Zlcl9yZXRyaWVzOiAwCmxpbWl0c19jb25maWc6CiAgZW5mb3JjZV9tZXRyaWNfbmFtZTogZmFsc2UKICByZWplY3Rfb2xkX3NhbXBsZXM6IHRydWUKICByZWplY3Rfb2xkX3NhbXBsZXNfbWF4X2FnZTogMTY4aApzY2hlbWFfY29uZmlnOgogIGNvbmZpZ3M6CiAgLSBmcm9tOiAiMjAyMC0wNS0yNSIKICAgIGluZGV4OgogICAgICBwZXJpb2Q6IDQ4aAogICAgICBwcmVmaXg6IGluZGV4XwogICAgb2JqZWN0X3N0b3JlOiBmaWxlc3lzdGVtCiAgICBzY2hlbWE6IHYxMQogICAgc3RvcmU6IGJvbHRkYgpzZXJ2ZXI6CiAgaHR0cF9saXN0ZW5fcG9ydDogMzEwMApzdG9yYWdlX2NvbmZpZzoKICBib2x0ZGI6CiAgICBkaXJlY3Rvcnk6IC9kYXRhL2xva2kvaW5kZXgKICBmaWxlc3lzdGVtOgogICAgZGlyZWN0b3J5OiAvZGF0YS9sb2tpL2NodW5rcwp0YWJsZV9tYW5hZ2VyOgogIHJldGVudGlvbl9kZWxldGVzX2VuYWJsZWQ6IHRydWUKICByZXRlbnRpb25fcGVyaW9kOiA5Nmg= ---- -# Source: loki/templates/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: loki - namespace: loki - labels: - app: loki - chart: loki-0.29.0 - heritage: Helm - release: loki -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [loki] ---- -# Source: loki/templates/rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: loki - namespace: loki - labels: - app: loki - chart: loki-0.29.0 - heritage: Helm - release: loki -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: loki -subjects: -- kind: ServiceAccount - name: loki ---- -# Source: loki/templates/service-headless.yaml -apiVersion: v1 -kind: Service -metadata: - name: loki-headless - namespace: loki - labels: - app: loki - chart: loki-0.29.0 - release: loki - heritage: Helm - variant: headless -spec: - clusterIP: None - ports: - - port: 3100 - protocol: TCP - name: http-metrics - targetPort: http-metrics - selector: - app: loki - release: loki ---- -# Source: loki/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: loki - namespace: loki - labels: - app: loki - chart: loki-0.29.0 - release: loki - heritage: Helm - annotations: - {} -spec: - type: ClusterIP - ports: - - port: 3100 - protocol: TCP - name: http-metrics - targetPort: http-metrics - selector: - app: loki - release: loki ---- -# Source: loki/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: loki - namespace: loki - labels: - app: loki - chart: loki-0.29.0 - release: loki - heritage: Helm - annotations: - {} -spec: - podManagementPolicy: OrderedReady - replicas: 0 - selector: - matchLabels: - app: loki - release: loki - serviceName: loki-headless - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app: loki - name: loki - release: loki - annotations: - checksum/config: 85ef38171f5fcd4859080c0b5d239ffe1472019d6636a4af16b308c951463b08 - prometheus.io/port: http-metrics - prometheus.io/scrape: "true" - spec: - serviceAccountName: loki - securityContext: - fsGroup: 10001 - runAsGroup: 10001 - runAsNonRoot: true - runAsUser: 10001 - initContainers: - [] - containers: - - name: loki - image: "grafana/loki:1.6.0" - imagePullPolicy: IfNotPresent - args: - - "-config.file=/etc/loki/loki.yaml" - volumeMounts: - - name: config - mountPath: /etc/loki - - name: storage - mountPath: "/data" - subPath: - ports: - - name: http-metrics - containerPort: 3100 - protocol: TCP - livenessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 45 - readinessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 45 - resources: - {} - securityContext: - readOnlyRootFilesystem: true - env: - nodeSelector: - {} - affinity: - {} - tolerations: - [] - terminationGracePeriodSeconds: 4800 - volumes: - - name: config - secret: - secretName: loki - volumeClaimTemplates: - - metadata: - name: storage - annotations: - {} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: "10Gi" - storageClassName: diff --git a/loki/promtail.yaml.disabled b/loki/promtail.yaml.disabled deleted file mode 100644 index d897192..0000000 --- a/loki/promtail.yaml.disabled +++ /dev/null @@ -1,491 +0,0 @@ ---- -# Source: promtail/templates/podsecuritypolicy.yaml -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: promtail - namespace: loki - labels: - app: promtail - chart: promtail-0.23.0 - heritage: Helm - release: promtail -spec: - privileged: false - allowPrivilegeEscalation: false - volumes: - - 'secret' - - 'configMap' - - 'hostPath' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL ---- -# Source: promtail/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: promtail - chart: promtail-0.23.0 - heritage: Helm - release: promtail - name: promtail - namespace: loki ---- -# Source: promtail/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: promtail - namespace: loki - labels: - app: promtail - chart: promtail-0.23.0 - release: promtail - heritage: Helm -data: - promtail.yaml: | - client: - backoff_config: - max_period: 5s - max_retries: 20 - min_period: 100ms - batchsize: 102400 - batchwait: 1s - external_labels: {} - timeout: 10s - positions: - filename: /run/promtail/positions.yaml - server: - http_listen_port: 3101 - target_config: - sync_period: 10s - scrape_configs: - - job_name: kubernetes-pods-name - pipeline_stages: - - docker: {} - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: - - __meta_kubernetes_pod_label_name - target_label: __service__ - - source_labels: - - __meta_kubernetes_pod_node_name - target_label: __host__ - - action: drop - regex: '' - source_labels: - - __service__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - action: replace - replacement: $1 - separator: / - source_labels: - - __meta_kubernetes_namespace - - __service__ - target_label: job - - action: replace - source_labels: - - __meta_kubernetes_namespace - target_label: namespace - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: instance - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - - job_name: kubernetes-pods-app - pipeline_stages: - - docker: {} - kubernetes_sd_configs: - - role: pod - relabel_configs: - - action: drop - regex: .+ - source_labels: - - __meta_kubernetes_pod_label_name - - source_labels: - - __meta_kubernetes_pod_label_app - target_label: __service__ - - source_labels: - - __meta_kubernetes_pod_node_name - target_label: __host__ - - action: drop - regex: '' - source_labels: - - __service__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - action: replace - replacement: $1 - separator: / - source_labels: - - __meta_kubernetes_namespace - - __service__ - target_label: job - - action: replace - source_labels: - - __meta_kubernetes_namespace - target_label: namespace - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: instance - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - - job_name: kubernetes-pods-direct-controllers - pipeline_stages: - - docker: {} - kubernetes_sd_configs: - - role: pod - relabel_configs: - - action: drop - regex: .+ - separator: '' - source_labels: - - __meta_kubernetes_pod_label_name - - __meta_kubernetes_pod_label_app - - action: drop - regex: '[0-9a-z-.]+-[0-9a-f]{8,10}' - source_labels: - - __meta_kubernetes_pod_controller_name - - source_labels: - - __meta_kubernetes_pod_controller_name - target_label: __service__ - - source_labels: - - __meta_kubernetes_pod_node_name - target_label: __host__ - - action: drop - regex: '' - source_labels: - - __service__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - action: replace - replacement: $1 - separator: / - source_labels: - - __meta_kubernetes_namespace - - __service__ - target_label: job - - action: replace - source_labels: - - __meta_kubernetes_namespace - target_label: namespace - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: instance - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - - job_name: kubernetes-pods-indirect-controller - pipeline_stages: - - docker: {} - kubernetes_sd_configs: - - role: pod - relabel_configs: - - action: drop - regex: .+ - separator: '' - source_labels: - - __meta_kubernetes_pod_label_name - - __meta_kubernetes_pod_label_app - - action: keep - regex: '[0-9a-z-.]+-[0-9a-f]{8,10}' - source_labels: - - __meta_kubernetes_pod_controller_name - - action: replace - regex: '([0-9a-z-.]+)-[0-9a-f]{8,10}' - source_labels: - - __meta_kubernetes_pod_controller_name - target_label: __service__ - - source_labels: - - __meta_kubernetes_pod_node_name - target_label: __host__ - - action: drop - regex: '' - source_labels: - - __service__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - action: replace - replacement: $1 - separator: / - source_labels: - - __meta_kubernetes_namespace - - __service__ - target_label: job - - action: replace - source_labels: - - __meta_kubernetes_namespace - target_label: namespace - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: instance - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - - job_name: kubernetes-pods-static - pipeline_stages: - - docker: {} - kubernetes_sd_configs: - - role: pod - relabel_configs: - - action: drop - regex: '' - source_labels: - - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror - - action: replace - source_labels: - - __meta_kubernetes_pod_label_component - target_label: __service__ - - source_labels: - - __meta_kubernetes_pod_node_name - target_label: __host__ - - action: drop - regex: '' - source_labels: - - __service__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - action: replace - replacement: $1 - separator: / - source_labels: - - __meta_kubernetes_namespace - - __service__ - target_label: job - - action: replace - source_labels: - - __meta_kubernetes_namespace - target_label: namespace - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: instance - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container_name - - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror - - __meta_kubernetes_pod_container_name - target_label: __path__ ---- -# Source: promtail/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - app: promtail - chart: promtail-0.23.0 - release: promtail - heritage: Helm - name: promtail-clusterrole - namespace: loki -rules: -- apiGroups: [""] # "" indicates the core API group - resources: - - nodes - - nodes/proxy - - services - - endpoints - - pods - verbs: ["get", "watch", "list"] ---- -# Source: promtail/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: promtail-clusterrolebinding - labels: - app: promtail - chart: promtail-0.23.0 - release: promtail - heritage: Helm -subjects: - - kind: ServiceAccount - name: promtail - namespace: loki -roleRef: - kind: ClusterRole - name: promtail-clusterrole - apiGroup: rbac.authorization.k8s.io ---- -# Source: promtail/templates/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: promtail - namespace: loki - labels: - app: promtail - chart: promtail-0.23.0 - heritage: Helm - release: promtail -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [promtail] ---- -# Source: promtail/templates/rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: promtail - namespace: loki - labels: - app: promtail - chart: promtail-0.23.0 - heritage: Helm - release: promtail -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: promtail -subjects: -- kind: ServiceAccount - name: promtail ---- -# Source: promtail/templates/daemonset.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: promtail - namespace: loki - labels: - app: promtail - chart: promtail-0.23.0 - release: promtail - heritage: Helm - annotations: - {} -spec: - selector: - matchLabels: - app: promtail - release: promtail - updateStrategy: - {} - template: - metadata: - labels: - app: promtail - release: promtail - annotations: - checksum/config: 8a9fbc323693fa76aac4364594327b31d6e56b5ba9fc8a775d06f18d3d12d9a0 - prometheus.io/port: http-metrics - prometheus.io/scrape: "true" - spec: - serviceAccountName: promtail - containers: - - name: promtail - image: "grafana/promtail:1.5.0" - imagePullPolicy: IfNotPresent - args: - - "-config.file=/etc/promtail/promtail.yaml" - - "-client.url=http://loki:3100/loki/api/v1/push" - volumeMounts: - - name: config - mountPath: /etc/promtail - - name: run - mountPath: /run/promtail - - mountPath: /var/lib/docker/containers - name: docker - readOnly: true - - mountPath: /var/log/pods - name: pods - readOnly: true - env: - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - ports: - - containerPort: 3101 - name: http-metrics - securityContext: - readOnlyRootFilesystem: true - runAsGroup: 0 - runAsUser: 0 - readinessProbe: - failureThreshold: 5 - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - {} - nodeSelector: - {} - affinity: - {} - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - volumes: - - name: config - configMap: - name: promtail - - name: run - hostPath: - path: /run/promtail - - hostPath: - path: /var/lib/docker/containers - name: docker - - hostPath: - path: /var/log/pods - name: pods