--- # Source: promtail/templates/podsecuritypolicy.yaml apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: promtail namespace: loki labels: app: promtail chart: promtail-0.23.0 heritage: Helm release: promtail spec: privileged: false allowPrivilegeEscalation: false volumes: - 'secret' - 'configMap' - 'hostPath' hostNetwork: false hostIPC: false hostPID: false runAsUser: rule: 'RunAsAny' seLinux: rule: 'RunAsAny' supplementalGroups: rule: 'RunAsAny' fsGroup: rule: 'RunAsAny' readOnlyRootFilesystem: true requiredDropCapabilities: - ALL --- # Source: promtail/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: app: promtail chart: promtail-0.23.0 heritage: Helm release: promtail name: promtail namespace: loki --- # Source: promtail/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: promtail namespace: loki labels: app: promtail chart: promtail-0.23.0 release: promtail heritage: Helm data: promtail.yaml: | client: backoff_config: max_period: 5s max_retries: 20 min_period: 100ms batchsize: 102400 batchwait: 1s external_labels: {} timeout: 10s positions: filename: /run/promtail/positions.yaml server: http_listen_port: 3101 target_config: sync_period: 10s scrape_configs: - job_name: kubernetes-pods-name pipeline_stages: - docker: {} kubernetes_sd_configs: - role: pod relabel_configs: - source_labels: - __meta_kubernetes_pod_label_name target_label: __service__ - source_labels: - __meta_kubernetes_pod_node_name target_label: __host__ - action: drop regex: '' source_labels: - __service__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - action: replace replacement: $1 separator: / source_labels: - __meta_kubernetes_namespace - __service__ target_label: job - action: replace source_labels: - __meta_kubernetes_namespace target_label: namespace - action: replace source_labels: - __meta_kubernetes_pod_name target_label: instance - action: replace source_labels: - __meta_kubernetes_pod_container_name target_label: container_name - replacement: /var/log/pods/*$1/*.log separator: / source_labels: - __meta_kubernetes_pod_uid - __meta_kubernetes_pod_container_name target_label: __path__ - job_name: kubernetes-pods-app pipeline_stages: - docker: {} kubernetes_sd_configs: - role: pod relabel_configs: - action: drop regex: .+ source_labels: - __meta_kubernetes_pod_label_name - source_labels: - __meta_kubernetes_pod_label_app target_label: __service__ - source_labels: - __meta_kubernetes_pod_node_name target_label: __host__ - action: drop regex: '' source_labels: - __service__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - action: replace replacement: $1 separator: / source_labels: - __meta_kubernetes_namespace - __service__ target_label: job - action: replace source_labels: - __meta_kubernetes_namespace target_label: namespace - action: replace source_labels: - __meta_kubernetes_pod_name target_label: instance - action: replace source_labels: - __meta_kubernetes_pod_container_name target_label: container_name - replacement: /var/log/pods/*$1/*.log separator: / source_labels: - __meta_kubernetes_pod_uid - __meta_kubernetes_pod_container_name target_label: __path__ - job_name: kubernetes-pods-direct-controllers pipeline_stages: - docker: {} kubernetes_sd_configs: - role: pod relabel_configs: - action: drop regex: .+ separator: '' source_labels: - __meta_kubernetes_pod_label_name - __meta_kubernetes_pod_label_app - action: drop regex: '[0-9a-z-.]+-[0-9a-f]{8,10}' source_labels: - __meta_kubernetes_pod_controller_name - source_labels: - __meta_kubernetes_pod_controller_name target_label: __service__ - source_labels: - __meta_kubernetes_pod_node_name target_label: __host__ - action: drop regex: '' source_labels: - __service__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - action: replace replacement: $1 separator: / source_labels: - __meta_kubernetes_namespace - __service__ target_label: job - action: replace source_labels: - __meta_kubernetes_namespace target_label: namespace - action: replace source_labels: - __meta_kubernetes_pod_name target_label: instance - action: replace source_labels: - __meta_kubernetes_pod_container_name target_label: container_name - replacement: /var/log/pods/*$1/*.log separator: / source_labels: - __meta_kubernetes_pod_uid - __meta_kubernetes_pod_container_name target_label: __path__ - job_name: kubernetes-pods-indirect-controller pipeline_stages: - docker: {} kubernetes_sd_configs: - role: pod relabel_configs: - action: drop regex: .+ separator: '' source_labels: - __meta_kubernetes_pod_label_name - __meta_kubernetes_pod_label_app - action: keep regex: '[0-9a-z-.]+-[0-9a-f]{8,10}' source_labels: - __meta_kubernetes_pod_controller_name - action: replace regex: '([0-9a-z-.]+)-[0-9a-f]{8,10}' source_labels: - __meta_kubernetes_pod_controller_name target_label: __service__ - source_labels: - __meta_kubernetes_pod_node_name target_label: __host__ - action: drop regex: '' source_labels: - __service__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - action: replace replacement: $1 separator: / source_labels: - __meta_kubernetes_namespace - __service__ target_label: job - action: replace source_labels: - __meta_kubernetes_namespace target_label: namespace - action: replace source_labels: - __meta_kubernetes_pod_name target_label: instance - action: replace source_labels: - __meta_kubernetes_pod_container_name target_label: container_name - replacement: /var/log/pods/*$1/*.log separator: / source_labels: - __meta_kubernetes_pod_uid - __meta_kubernetes_pod_container_name target_label: __path__ - job_name: kubernetes-pods-static pipeline_stages: - docker: {} kubernetes_sd_configs: - role: pod relabel_configs: - action: drop regex: '' source_labels: - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror - action: replace source_labels: - __meta_kubernetes_pod_label_component target_label: __service__ - source_labels: - __meta_kubernetes_pod_node_name target_label: __host__ - action: drop regex: '' source_labels: - __service__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - action: replace replacement: $1 separator: / source_labels: - __meta_kubernetes_namespace - __service__ target_label: job - action: replace source_labels: - __meta_kubernetes_namespace target_label: namespace - action: replace source_labels: - __meta_kubernetes_pod_name target_label: instance - action: replace source_labels: - __meta_kubernetes_pod_container_name target_label: container_name - replacement: /var/log/pods/*$1/*.log separator: / source_labels: - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror - __meta_kubernetes_pod_container_name target_label: __path__ --- # Source: promtail/templates/clusterrole.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: app: promtail chart: promtail-0.23.0 release: promtail heritage: Helm name: promtail-clusterrole namespace: loki rules: - apiGroups: [""] # "" indicates the core API group resources: - nodes - nodes/proxy - services - endpoints - pods verbs: ["get", "watch", "list"] --- # Source: promtail/templates/clusterrolebinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: promtail-clusterrolebinding labels: app: promtail chart: promtail-0.23.0 release: promtail heritage: Helm subjects: - kind: ServiceAccount name: promtail namespace: loki roleRef: kind: ClusterRole name: promtail-clusterrole apiGroup: rbac.authorization.k8s.io --- # Source: promtail/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: promtail namespace: loki labels: app: promtail chart: promtail-0.23.0 heritage: Helm release: promtail rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: [promtail] --- # Source: promtail/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: promtail namespace: loki labels: app: promtail chart: promtail-0.23.0 heritage: Helm release: promtail roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: promtail subjects: - kind: ServiceAccount name: promtail --- # Source: promtail/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: promtail namespace: loki labels: app: promtail chart: promtail-0.23.0 release: promtail heritage: Helm annotations: {} spec: selector: matchLabels: app: promtail release: promtail updateStrategy: {} template: metadata: labels: app: promtail release: promtail annotations: checksum/config: 8a9fbc323693fa76aac4364594327b31d6e56b5ba9fc8a775d06f18d3d12d9a0 prometheus.io/port: http-metrics prometheus.io/scrape: "true" spec: serviceAccountName: promtail containers: - name: promtail image: "grafana/promtail:1.5.0" imagePullPolicy: IfNotPresent args: - "-config.file=/etc/promtail/promtail.yaml" - "-client.url=http://loki:3100/loki/api/v1/push" volumeMounts: - name: config mountPath: /etc/promtail - name: run mountPath: /run/promtail - mountPath: /var/lib/docker/containers name: docker readOnly: true - mountPath: /var/log/pods name: pods readOnly: true env: - name: HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName ports: - containerPort: 3101 name: http-metrics securityContext: readOnlyRootFilesystem: true runAsGroup: 0 runAsUser: 0 readinessProbe: failureThreshold: 5 httpGet: path: /ready port: http-metrics initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} nodeSelector: {} affinity: {} tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists volumes: - name: config configMap: name: promtail - name: run hostPath: path: /run/promtail - hostPath: path: /var/lib/docker/containers name: docker - hostPath: path: /var/log/pods name: pods