249 lines
5.8 KiB
YAML
249 lines
5.8 KiB
YAML
---
|
|
# Source: loki/templates/podsecuritypolicy.yaml
|
|
apiVersion: policy/v1beta1
|
|
kind: PodSecurityPolicy
|
|
metadata:
|
|
name: loki
|
|
namespace: loki
|
|
labels:
|
|
app: loki
|
|
chart: loki-0.29.0
|
|
heritage: Helm
|
|
release: loki
|
|
spec:
|
|
privileged: false
|
|
allowPrivilegeEscalation: false
|
|
volumes:
|
|
- 'configMap'
|
|
- 'emptyDir'
|
|
- 'persistentVolumeClaim'
|
|
- 'secret'
|
|
hostNetwork: false
|
|
hostIPC: false
|
|
hostPID: false
|
|
runAsUser:
|
|
rule: 'MustRunAsNonRoot'
|
|
seLinux:
|
|
rule: 'RunAsAny'
|
|
supplementalGroups:
|
|
rule: 'MustRunAs'
|
|
ranges:
|
|
- min: 1
|
|
max: 65535
|
|
fsGroup:
|
|
rule: 'MustRunAs'
|
|
ranges:
|
|
- min: 1
|
|
max: 65535
|
|
readOnlyRootFilesystem: true
|
|
requiredDropCapabilities:
|
|
- ALL
|
|
---
|
|
# Source: loki/templates/serviceaccount.yaml
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
app: loki
|
|
chart: loki-0.29.0
|
|
heritage: Helm
|
|
release: loki
|
|
annotations:
|
|
{}
|
|
name: loki
|
|
namespace: loki
|
|
---
|
|
# Source: loki/templates/secret.yaml
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: loki
|
|
namespace: loki
|
|
labels:
|
|
app: loki
|
|
chart: loki-0.29.0
|
|
release: loki
|
|
heritage: Helm
|
|
data:
|
|
loki.yaml: YXV0aF9lbmFibGVkOiBmYWxzZQpjaHVua19zdG9yZV9jb25maWc6CiAgbWF4X2xvb2tfYmFja19wZXJpb2Q6IDBzCmluZ2VzdGVyOgogIGNodW5rX2Jsb2NrX3NpemU6IDI2MjE0NAogIGNodW5rX2lkbGVfcGVyaW9kOiAzbQogIGNodW5rX3JldGFpbl9wZXJpb2Q6IDFtCiAgbGlmZWN5Y2xlcjoKICAgIHJpbmc6CiAgICAgIGt2c3RvcmU6CiAgICAgICAgc3RvcmU6IGlubWVtb3J5CiAgICAgIHJlcGxpY2F0aW9uX2ZhY3RvcjogMQogIG1heF90cmFuc2Zlcl9yZXRyaWVzOiAwCmxpbWl0c19jb25maWc6CiAgZW5mb3JjZV9tZXRyaWNfbmFtZTogZmFsc2UKICByZWplY3Rfb2xkX3NhbXBsZXM6IHRydWUKICByZWplY3Rfb2xkX3NhbXBsZXNfbWF4X2FnZTogMTY4aApzY2hlbWFfY29uZmlnOgogIGNvbmZpZ3M6CiAgLSBmcm9tOiAiMjAyMC0wNS0yNSIKICAgIGluZGV4OgogICAgICBwZXJpb2Q6IDQ4aAogICAgICBwcmVmaXg6IGluZGV4XwogICAgb2JqZWN0X3N0b3JlOiBmaWxlc3lzdGVtCiAgICBzY2hlbWE6IHYxMQogICAgc3RvcmU6IGJvbHRkYgpzZXJ2ZXI6CiAgaHR0cF9saXN0ZW5fcG9ydDogMzEwMApzdG9yYWdlX2NvbmZpZzoKICBib2x0ZGI6CiAgICBkaXJlY3Rvcnk6IC9kYXRhL2xva2kvaW5kZXgKICBmaWxlc3lzdGVtOgogICAgZGlyZWN0b3J5OiAvZGF0YS9sb2tpL2NodW5rcwp0YWJsZV9tYW5hZ2VyOgogIHJldGVudGlvbl9kZWxldGVzX2VuYWJsZWQ6IHRydWUKICByZXRlbnRpb25fcGVyaW9kOiA5Nmg=
|
|
---
|
|
# Source: loki/templates/role.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: loki
|
|
namespace: loki
|
|
labels:
|
|
app: loki
|
|
chart: loki-0.29.0
|
|
heritage: Helm
|
|
release: loki
|
|
rules:
|
|
- apiGroups: ['extensions']
|
|
resources: ['podsecuritypolicies']
|
|
verbs: ['use']
|
|
resourceNames: [loki]
|
|
---
|
|
# Source: loki/templates/rolebinding.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: loki
|
|
namespace: loki
|
|
labels:
|
|
app: loki
|
|
chart: loki-0.29.0
|
|
heritage: Helm
|
|
release: loki
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: loki
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: loki
|
|
---
|
|
# Source: loki/templates/service-headless.yaml
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: loki-headless
|
|
namespace: loki
|
|
labels:
|
|
app: loki
|
|
chart: loki-0.29.0
|
|
release: loki
|
|
heritage: Helm
|
|
variant: headless
|
|
spec:
|
|
clusterIP: None
|
|
ports:
|
|
- port: 3100
|
|
protocol: TCP
|
|
name: http-metrics
|
|
targetPort: http-metrics
|
|
selector:
|
|
app: loki
|
|
release: loki
|
|
---
|
|
# Source: loki/templates/service.yaml
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: loki
|
|
namespace: loki
|
|
labels:
|
|
app: loki
|
|
chart: loki-0.29.0
|
|
release: loki
|
|
heritage: Helm
|
|
annotations:
|
|
{}
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 3100
|
|
protocol: TCP
|
|
name: http-metrics
|
|
targetPort: http-metrics
|
|
selector:
|
|
app: loki
|
|
release: loki
|
|
---
|
|
# Source: loki/templates/statefulset.yaml
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: loki
|
|
namespace: loki
|
|
labels:
|
|
app: loki
|
|
chart: loki-0.29.0
|
|
release: loki
|
|
heritage: Helm
|
|
annotations:
|
|
{}
|
|
spec:
|
|
podManagementPolicy: OrderedReady
|
|
replicas: 0
|
|
selector:
|
|
matchLabels:
|
|
app: loki
|
|
release: loki
|
|
serviceName: loki-headless
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: loki
|
|
name: loki
|
|
release: loki
|
|
annotations:
|
|
checksum/config: 85ef38171f5fcd4859080c0b5d239ffe1472019d6636a4af16b308c951463b08
|
|
prometheus.io/port: http-metrics
|
|
prometheus.io/scrape: "true"
|
|
spec:
|
|
serviceAccountName: loki
|
|
securityContext:
|
|
fsGroup: 10001
|
|
runAsGroup: 10001
|
|
runAsNonRoot: true
|
|
runAsUser: 10001
|
|
initContainers:
|
|
[]
|
|
containers:
|
|
- name: loki
|
|
image: "grafana/loki:1.6.0"
|
|
imagePullPolicy: IfNotPresent
|
|
args:
|
|
- "-config.file=/etc/loki/loki.yaml"
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/loki
|
|
- name: storage
|
|
mountPath: "/data"
|
|
subPath:
|
|
ports:
|
|
- name: http-metrics
|
|
containerPort: 3100
|
|
protocol: TCP
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: http-metrics
|
|
initialDelaySeconds: 45
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: http-metrics
|
|
initialDelaySeconds: 45
|
|
resources:
|
|
{}
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
env:
|
|
nodeSelector:
|
|
{}
|
|
affinity:
|
|
{}
|
|
tolerations:
|
|
[]
|
|
terminationGracePeriodSeconds: 4800
|
|
volumes:
|
|
- name: config
|
|
secret:
|
|
secretName: loki
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: storage
|
|
annotations:
|
|
{}
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: "10Gi"
|
|
storageClassName:
|