diff --git a/kubernetes/apps/observability/loki/app/externalsecret.yaml b/kubernetes/apps/observability/loki/app/externalsecret.yaml new file mode 100644 index 00000000..864d4673 --- /dev/null +++ b/kubernetes/apps/observability/loki/app/externalsecret.yaml @@ -0,0 +1,28 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: loki +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: loki-secret + creationPolicy: Owner + template: + engineVersion: v2 + data: + S3_BUCKET_NAME: loki + S3_BUCKET_HOST: s3.hsn.dev + S3_BUCKET_REGION: us-east-1 + S3_ACCESS_KEY: "loki" + S3_SECRET_KEY: "{{ .minio_loki_secret_key }}" + dataFrom: + - extract: + key: minio + rewrite: + - regexp: + source: "(.*)" + target: "minio_$1" \ No newline at end of file diff --git a/kubernetes/apps/observability/loki/app/helmrelease.yaml b/kubernetes/apps/observability/loki/app/helmrelease.yaml index 50572194..2c765a69 100644 --- a/kubernetes/apps/observability/loki/app/helmrelease.yaml +++ b/kubernetes/apps/observability/loki/app/helmrelease.yaml @@ -10,7 +10,7 @@ spec: chart: spec: chart: loki - version: 6.0.0 + version: 6.1.0 sourceRef: kind: HelmRepository name: grafana @@ -33,27 +33,38 @@ spec: namespace: observability - name: vector-aggregator namespace: observability - valuesFrom: - - targetPath: loki.structuredConfig.common.storage.s3.bucketnames - kind: ConfigMap - name: loki-bucket-v2 - valuesKey: BUCKET_NAME - - targetPath: loki.structuredConfig.common.storage.s3.endpoint - kind: ConfigMap - name: loki-bucket-v2 - valuesKey: BUCKET_HOST - - targetPath: loki.structuredConfig.common.storage.s3.access_key_id - kind: Secret - name: loki-bucket-v2 - valuesKey: AWS_ACCESS_KEY_ID - - targetPath: loki.structuredConfig.common.storage.s3.secret_access_key - kind: Secret - name: loki-bucket-v2 - valuesKey: AWS_SECRET_ACCESS_KEY values: + deploymentMode: SimpleScalable + loki: + podAnnotations: + secret.reloader.stakater.com/reload: loki-secret + + ingester: + chunk_encoding: snappy + + storage: + type: s3 + bucketNames: + chunks: loki-chunks + ruler: loki-ruler + admin: loki-admin + s3: + s3ForcePathStyle: true + + schema_config: + configs: + - from: "2022-01-11" # quote + store: boltdb-shipper + object_store: s3 + schema: v12 + index: + prefix: loki_index_ + period: 24h + structuredConfig: auth_enabled: false + server: log_level: info http_listen_port: 3100 @@ -78,15 +89,6 @@ spec: max_outstanding_requests_per_tenant: 4096 frontend: max_outstanding_per_tenant: 4096 - schema_config: - configs: - - from: "2022-01-11" # quote - store: boltdb-shipper - object_store: s3 - schema: v12 - index: - prefix: loki_index_ - period: 24h common: path_prefix: /var/loki replication_factor: 2 @@ -130,9 +132,25 @@ spec: analytics: reporting_enabled: false gateway: - replicas: 2 + replicas: 3 + enabled: true image: registry: ghcr.io + repository: nginxinc/nginx-unprivileged + tag: 1.25-alpine@sha256:5b49ce26ad8555b649a5a5ea8ccdfabc742a284ab58cb7b7d7a56f178c5dd351 + deploymentStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 50% + maxSurge: 50% + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: loki + app.kubernetes.io/component: gateway ingress: enabled: true ingressClassName: internal-nginx @@ -144,8 +162,13 @@ spec: tls: - hosts: - *host + + write: + replicas: 3 + persistence: + storageClass: openebs-hostpath read: - replicas: 2 + replicas: 3 persistence: storageClass: openebs-hostpath extraVolumeMounts: @@ -154,12 +177,8 @@ spec: extraVolumes: - name: rules emptyDir: {} - write: - replicas: 2 - persistence: - storageClass: openebs-hostpath backend: - replicas: 2 + replicas: 3 persistence: storageClass: openebs-hostpath extraVolumeMounts: @@ -177,6 +196,8 @@ spec: dashboards: annotations: grafana_folder: Loki + rules: + enabled: false serviceMonitor: enabled: false metricsInstance: @@ -185,10 +206,27 @@ spec: enabled: false grafanaAgent: installOperator: false - lokiCanary: - enabled: false - sidecar: - image: - repository: ghcr.io/kiwigrid/k8s-sidecar + + lokiCanary: + enabled: false + test: - enabled: false \ No newline at end of file + enabled: false + + valuesFrom: + - kind: Secret + name: loki-secret + valuesKey: S3_BUCKET_HOST + targetPath: loki.storage.s3.endpoint + - kind: Secret + name: loki-secret + valuesKey: S3_BUCKET_REGION + targetPath: loki.storage.s3.region + - kind: Secret + name: loki-secret + valuesKey: S3_ACCESS_KEY + targetPath: loki.storage.s3.accessKeyId + - kind: Secret + name: loki-secret + valuesKey: S3_SECRET_KEY + targetPath: loki.storage.s3.secretAccessKey \ No newline at end of file diff --git a/kubernetes/apps/observability/loki/app/kustomization.yaml b/kubernetes/apps/observability/loki/app/kustomization.yaml index 24e74104..c1413436 100644 --- a/kubernetes/apps/observability/loki/app/kustomization.yaml +++ b/kubernetes/apps/observability/loki/app/kustomization.yaml @@ -3,11 +3,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./objectbucketclaim.yaml + - ./externalsecret.yaml - ./helmrelease.yaml configMapGenerator: - name: loki-alerting-rules files: - - loki-alerting-rules.yaml=./rules/loki-alerting-rules.yaml + - loki-alerting-rules.yaml=./rules/loki-alerting-rules.yml generatorOptions: disableNameSuffixHash: true \ No newline at end of file diff --git a/kubernetes/apps/observability/loki/app/rules/loki-alerting-rules.yaml b/kubernetes/apps/observability/loki/app/rules/loki-alerting-rules.yml similarity index 100% rename from kubernetes/apps/observability/loki/app/rules/loki-alerting-rules.yaml rename to kubernetes/apps/observability/loki/app/rules/loki-alerting-rules.yml