Compare commits

...

4 commits

5 changed files with 109 additions and 43 deletions

View file

@ -1,5 +1,5 @@
--- ---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json # yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:

View file

@ -0,0 +1,28 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: loki
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: loki-secret
creationPolicy: Owner
template:
engineVersion: v2
data:
S3_BUCKET_NAME: loki
S3_BUCKET_HOST: s3.hsn.dev
S3_BUCKET_REGION: us-east-1
S3_ACCESS_KEY: "loki"
S3_SECRET_KEY: "{{ .minio_loki_secret_key }}"
dataFrom:
- extract:
key: minio
rewrite:
- regexp:
source: "(.*)"
target: "minio_$1"

View file

@ -10,7 +10,7 @@ spec:
chart: chart:
spec: spec:
chart: loki chart: loki
version: 5.47.2 version: 6.1.0
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: grafana name: grafana
@ -33,27 +33,38 @@ spec:
namespace: observability namespace: observability
- name: vector-aggregator - name: vector-aggregator
namespace: observability namespace: observability
valuesFrom:
- targetPath: loki.structuredConfig.common.storage.s3.bucketnames
kind: ConfigMap
name: loki-bucket-v2
valuesKey: BUCKET_NAME
- targetPath: loki.structuredConfig.common.storage.s3.endpoint
kind: ConfigMap
name: loki-bucket-v2
valuesKey: BUCKET_HOST
- targetPath: loki.structuredConfig.common.storage.s3.access_key_id
kind: Secret
name: loki-bucket-v2
valuesKey: AWS_ACCESS_KEY_ID
- targetPath: loki.structuredConfig.common.storage.s3.secret_access_key
kind: Secret
name: loki-bucket-v2
valuesKey: AWS_SECRET_ACCESS_KEY
values: values:
deploymentMode: SimpleScalable
loki: loki:
podAnnotations:
secret.reloader.stakater.com/reload: loki-secret
ingester:
chunk_encoding: snappy
storage:
type: s3
bucketNames:
chunks: loki-chunks
ruler: loki-ruler
admin: loki-admin
s3:
s3ForcePathStyle: true
schema_config:
configs:
- from: "2022-01-11" # quote
store: boltdb-shipper
object_store: s3
schema: v12
index:
prefix: loki_index_
period: 24h
structuredConfig: structuredConfig:
auth_enabled: false auth_enabled: false
server: server:
log_level: info log_level: info
http_listen_port: 3100 http_listen_port: 3100
@ -78,15 +89,6 @@ spec:
max_outstanding_requests_per_tenant: 4096 max_outstanding_requests_per_tenant: 4096
frontend: frontend:
max_outstanding_per_tenant: 4096 max_outstanding_per_tenant: 4096
schema_config:
configs:
- from: "2022-01-11" # quote
store: boltdb-shipper
object_store: s3
schema: v12
index:
prefix: loki_index_
period: 24h
common: common:
path_prefix: /var/loki path_prefix: /var/loki
replication_factor: 2 replication_factor: 2
@ -130,9 +132,25 @@ spec:
analytics: analytics:
reporting_enabled: false reporting_enabled: false
gateway: gateway:
replicas: 2 replicas: 3
enabled: true
image: image:
registry: ghcr.io registry: ghcr.io
repository: nginxinc/nginx-unprivileged
tag: 1.25-alpine@sha256:5b49ce26ad8555b649a5a5ea8ccdfabc742a284ab58cb7b7d7a56f178c5dd351
deploymentStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 50%
maxSurge: 50%
topologySpreadConstraints:
- maxSkew: 2
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/component: gateway
ingress: ingress:
enabled: true enabled: true
ingressClassName: internal-nginx ingressClassName: internal-nginx
@ -144,8 +162,13 @@ spec:
tls: tls:
- hosts: - hosts:
- *host - *host
write:
replicas: 3
persistence:
storageClass: openebs-hostpath
read: read:
replicas: 2 replicas: 3
persistence: persistence:
storageClass: openebs-hostpath storageClass: openebs-hostpath
extraVolumeMounts: extraVolumeMounts:
@ -154,12 +177,8 @@ spec:
extraVolumes: extraVolumes:
- name: rules - name: rules
emptyDir: {} emptyDir: {}
write:
replicas: 2
persistence:
storageClass: openebs-hostpath
backend: backend:
replicas: 2 replicas: 3
persistence: persistence:
storageClass: openebs-hostpath storageClass: openebs-hostpath
extraVolumeMounts: extraVolumeMounts:
@ -177,6 +196,8 @@ spec:
dashboards: dashboards:
annotations: annotations:
grafana_folder: Loki grafana_folder: Loki
rules:
enabled: false
serviceMonitor: serviceMonitor:
enabled: false enabled: false
metricsInstance: metricsInstance:
@ -185,10 +206,27 @@ spec:
enabled: false enabled: false
grafanaAgent: grafanaAgent:
installOperator: false installOperator: false
lokiCanary:
enabled: false lokiCanary:
sidecar: enabled: false
image:
repository: ghcr.io/kiwigrid/k8s-sidecar
test: test:
enabled: false enabled: false
valuesFrom:
- kind: Secret
name: loki-secret
valuesKey: S3_BUCKET_HOST
targetPath: loki.storage.s3.endpoint
- kind: Secret
name: loki-secret
valuesKey: S3_BUCKET_REGION
targetPath: loki.storage.s3.region
- kind: Secret
name: loki-secret
valuesKey: S3_ACCESS_KEY
targetPath: loki.storage.s3.accessKeyId
- kind: Secret
name: loki-secret
valuesKey: S3_SECRET_KEY
targetPath: loki.storage.s3.secretAccessKey

View file

@ -3,11 +3,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./objectbucketclaim.yaml - ./externalsecret.yaml
- ./helmrelease.yaml - ./helmrelease.yaml
configMapGenerator: configMapGenerator:
- name: loki-alerting-rules - name: loki-alerting-rules
files: files:
- loki-alerting-rules.yaml=./rules/loki-alerting-rules.yaml - loki-alerting-rules.yaml=./rules/loki-alerting-rules.yml
generatorOptions: generatorOptions:
disableNameSuffixHash: true disableNameSuffixHash: true