Compare commits
4 commits
273b3fb65d
...
224e533cf9
Author | SHA1 | Date | |
---|---|---|---|
224e533cf9 | |||
afb9ca3fef | |||
5032406bbc | |||
7c17e02e6b |
5 changed files with 109 additions and 43 deletions
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||||
apiVersion: external-secrets.io/v1beta1
|
apiVersion: external-secrets.io/v1beta1
|
||||||
kind: ExternalSecret
|
kind: ExternalSecret
|
||||||
metadata:
|
metadata:
|
||||||
|
|
28
kubernetes/apps/observability/loki/app/externalsecret.yaml
Normal file
28
kubernetes/apps/observability/loki/app/externalsecret.yaml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: loki
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
name: onepassword-connect
|
||||||
|
target:
|
||||||
|
name: loki-secret
|
||||||
|
creationPolicy: Owner
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
S3_BUCKET_NAME: loki
|
||||||
|
S3_BUCKET_HOST: s3.hsn.dev
|
||||||
|
S3_BUCKET_REGION: us-east-1
|
||||||
|
S3_ACCESS_KEY: "loki"
|
||||||
|
S3_SECRET_KEY: "{{ .minio_loki_secret_key }}"
|
||||||
|
dataFrom:
|
||||||
|
- extract:
|
||||||
|
key: minio
|
||||||
|
rewrite:
|
||||||
|
- regexp:
|
||||||
|
source: "(.*)"
|
||||||
|
target: "minio_$1"
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: loki
|
chart: loki
|
||||||
version: 5.47.2
|
version: 6.1.0
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: grafana
|
name: grafana
|
||||||
|
@ -33,27 +33,38 @@ spec:
|
||||||
namespace: observability
|
namespace: observability
|
||||||
- name: vector-aggregator
|
- name: vector-aggregator
|
||||||
namespace: observability
|
namespace: observability
|
||||||
valuesFrom:
|
|
||||||
- targetPath: loki.structuredConfig.common.storage.s3.bucketnames
|
|
||||||
kind: ConfigMap
|
|
||||||
name: loki-bucket-v2
|
|
||||||
valuesKey: BUCKET_NAME
|
|
||||||
- targetPath: loki.structuredConfig.common.storage.s3.endpoint
|
|
||||||
kind: ConfigMap
|
|
||||||
name: loki-bucket-v2
|
|
||||||
valuesKey: BUCKET_HOST
|
|
||||||
- targetPath: loki.structuredConfig.common.storage.s3.access_key_id
|
|
||||||
kind: Secret
|
|
||||||
name: loki-bucket-v2
|
|
||||||
valuesKey: AWS_ACCESS_KEY_ID
|
|
||||||
- targetPath: loki.structuredConfig.common.storage.s3.secret_access_key
|
|
||||||
kind: Secret
|
|
||||||
name: loki-bucket-v2
|
|
||||||
valuesKey: AWS_SECRET_ACCESS_KEY
|
|
||||||
values:
|
values:
|
||||||
|
deploymentMode: SimpleScalable
|
||||||
|
|
||||||
loki:
|
loki:
|
||||||
|
podAnnotations:
|
||||||
|
secret.reloader.stakater.com/reload: loki-secret
|
||||||
|
|
||||||
|
ingester:
|
||||||
|
chunk_encoding: snappy
|
||||||
|
|
||||||
|
storage:
|
||||||
|
type: s3
|
||||||
|
bucketNames:
|
||||||
|
chunks: loki-chunks
|
||||||
|
ruler: loki-ruler
|
||||||
|
admin: loki-admin
|
||||||
|
s3:
|
||||||
|
s3ForcePathStyle: true
|
||||||
|
|
||||||
|
schema_config:
|
||||||
|
configs:
|
||||||
|
- from: "2022-01-11" # quote
|
||||||
|
store: boltdb-shipper
|
||||||
|
object_store: s3
|
||||||
|
schema: v12
|
||||||
|
index:
|
||||||
|
prefix: loki_index_
|
||||||
|
period: 24h
|
||||||
|
|
||||||
structuredConfig:
|
structuredConfig:
|
||||||
auth_enabled: false
|
auth_enabled: false
|
||||||
|
|
||||||
server:
|
server:
|
||||||
log_level: info
|
log_level: info
|
||||||
http_listen_port: 3100
|
http_listen_port: 3100
|
||||||
|
@ -78,15 +89,6 @@ spec:
|
||||||
max_outstanding_requests_per_tenant: 4096
|
max_outstanding_requests_per_tenant: 4096
|
||||||
frontend:
|
frontend:
|
||||||
max_outstanding_per_tenant: 4096
|
max_outstanding_per_tenant: 4096
|
||||||
schema_config:
|
|
||||||
configs:
|
|
||||||
- from: "2022-01-11" # quote
|
|
||||||
store: boltdb-shipper
|
|
||||||
object_store: s3
|
|
||||||
schema: v12
|
|
||||||
index:
|
|
||||||
prefix: loki_index_
|
|
||||||
period: 24h
|
|
||||||
common:
|
common:
|
||||||
path_prefix: /var/loki
|
path_prefix: /var/loki
|
||||||
replication_factor: 2
|
replication_factor: 2
|
||||||
|
@ -130,9 +132,25 @@ spec:
|
||||||
analytics:
|
analytics:
|
||||||
reporting_enabled: false
|
reporting_enabled: false
|
||||||
gateway:
|
gateway:
|
||||||
replicas: 2
|
replicas: 3
|
||||||
|
enabled: true
|
||||||
image:
|
image:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
|
repository: nginxinc/nginx-unprivileged
|
||||||
|
tag: 1.25-alpine@sha256:5b49ce26ad8555b649a5a5ea8ccdfabc742a284ab58cb7b7d7a56f178c5dd351
|
||||||
|
deploymentStrategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
rollingUpdate:
|
||||||
|
maxUnavailable: 50%
|
||||||
|
maxSurge: 50%
|
||||||
|
topologySpreadConstraints:
|
||||||
|
- maxSkew: 2
|
||||||
|
topologyKey: kubernetes.io/hostname
|
||||||
|
whenUnsatisfiable: DoNotSchedule
|
||||||
|
labelSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: loki
|
||||||
|
app.kubernetes.io/component: gateway
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: internal-nginx
|
ingressClassName: internal-nginx
|
||||||
|
@ -144,8 +162,13 @@ spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
|
||||||
|
write:
|
||||||
|
replicas: 3
|
||||||
|
persistence:
|
||||||
|
storageClass: openebs-hostpath
|
||||||
read:
|
read:
|
||||||
replicas: 2
|
replicas: 3
|
||||||
persistence:
|
persistence:
|
||||||
storageClass: openebs-hostpath
|
storageClass: openebs-hostpath
|
||||||
extraVolumeMounts:
|
extraVolumeMounts:
|
||||||
|
@ -154,12 +177,8 @@ spec:
|
||||||
extraVolumes:
|
extraVolumes:
|
||||||
- name: rules
|
- name: rules
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
write:
|
|
||||||
replicas: 2
|
|
||||||
persistence:
|
|
||||||
storageClass: openebs-hostpath
|
|
||||||
backend:
|
backend:
|
||||||
replicas: 2
|
replicas: 3
|
||||||
persistence:
|
persistence:
|
||||||
storageClass: openebs-hostpath
|
storageClass: openebs-hostpath
|
||||||
extraVolumeMounts:
|
extraVolumeMounts:
|
||||||
|
@ -177,6 +196,8 @@ spec:
|
||||||
dashboards:
|
dashboards:
|
||||||
annotations:
|
annotations:
|
||||||
grafana_folder: Loki
|
grafana_folder: Loki
|
||||||
|
rules:
|
||||||
|
enabled: false
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: false
|
enabled: false
|
||||||
metricsInstance:
|
metricsInstance:
|
||||||
|
@ -185,10 +206,27 @@ spec:
|
||||||
enabled: false
|
enabled: false
|
||||||
grafanaAgent:
|
grafanaAgent:
|
||||||
installOperator: false
|
installOperator: false
|
||||||
|
|
||||||
lokiCanary:
|
lokiCanary:
|
||||||
enabled: false
|
enabled: false
|
||||||
sidecar:
|
|
||||||
image:
|
|
||||||
repository: ghcr.io/kiwigrid/k8s-sidecar
|
|
||||||
test:
|
test:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
valuesFrom:
|
||||||
|
- kind: Secret
|
||||||
|
name: loki-secret
|
||||||
|
valuesKey: S3_BUCKET_HOST
|
||||||
|
targetPath: loki.storage.s3.endpoint
|
||||||
|
- kind: Secret
|
||||||
|
name: loki-secret
|
||||||
|
valuesKey: S3_BUCKET_REGION
|
||||||
|
targetPath: loki.storage.s3.region
|
||||||
|
- kind: Secret
|
||||||
|
name: loki-secret
|
||||||
|
valuesKey: S3_ACCESS_KEY
|
||||||
|
targetPath: loki.storage.s3.accessKeyId
|
||||||
|
- kind: Secret
|
||||||
|
name: loki-secret
|
||||||
|
valuesKey: S3_SECRET_KEY
|
||||||
|
targetPath: loki.storage.s3.secretAccessKey
|
|
@ -3,11 +3,11 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./objectbucketclaim.yaml
|
- ./externalsecret.yaml
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
configMapGenerator:
|
configMapGenerator:
|
||||||
- name: loki-alerting-rules
|
- name: loki-alerting-rules
|
||||||
files:
|
files:
|
||||||
- loki-alerting-rules.yaml=./rules/loki-alerting-rules.yaml
|
- loki-alerting-rules.yaml=./rules/loki-alerting-rules.yml
|
||||||
generatorOptions:
|
generatorOptions:
|
||||||
disableNameSuffixHash: true
|
disableNameSuffixHash: true
|
Loading…
Reference in a new issue