Compare commits
4 commits
273b3fb65d
...
224e533cf9
Author | SHA1 | Date | |
---|---|---|---|
224e533cf9 | |||
afb9ca3fef | |||
5032406bbc | |||
7c17e02e6b |
5 changed files with 109 additions and 43 deletions
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
|
|
28
kubernetes/apps/observability/loki/app/externalsecret.yaml
Normal file
28
kubernetes/apps/observability/loki/app/externalsecret.yaml
Normal file
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: loki
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: loki-secret
|
||||
creationPolicy: Owner
|
||||
template:
|
||||
engineVersion: v2
|
||||
data:
|
||||
S3_BUCKET_NAME: loki
|
||||
S3_BUCKET_HOST: s3.hsn.dev
|
||||
S3_BUCKET_REGION: us-east-1
|
||||
S3_ACCESS_KEY: "loki"
|
||||
S3_SECRET_KEY: "{{ .minio_loki_secret_key }}"
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: minio
|
||||
rewrite:
|
||||
- regexp:
|
||||
source: "(.*)"
|
||||
target: "minio_$1"
|
|
@ -10,7 +10,7 @@ spec:
|
|||
chart:
|
||||
spec:
|
||||
chart: loki
|
||||
version: 5.47.2
|
||||
version: 6.1.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: grafana
|
||||
|
@ -33,27 +33,38 @@ spec:
|
|||
namespace: observability
|
||||
- name: vector-aggregator
|
||||
namespace: observability
|
||||
valuesFrom:
|
||||
- targetPath: loki.structuredConfig.common.storage.s3.bucketnames
|
||||
kind: ConfigMap
|
||||
name: loki-bucket-v2
|
||||
valuesKey: BUCKET_NAME
|
||||
- targetPath: loki.structuredConfig.common.storage.s3.endpoint
|
||||
kind: ConfigMap
|
||||
name: loki-bucket-v2
|
||||
valuesKey: BUCKET_HOST
|
||||
- targetPath: loki.structuredConfig.common.storage.s3.access_key_id
|
||||
kind: Secret
|
||||
name: loki-bucket-v2
|
||||
valuesKey: AWS_ACCESS_KEY_ID
|
||||
- targetPath: loki.structuredConfig.common.storage.s3.secret_access_key
|
||||
kind: Secret
|
||||
name: loki-bucket-v2
|
||||
valuesKey: AWS_SECRET_ACCESS_KEY
|
||||
values:
|
||||
deploymentMode: SimpleScalable
|
||||
|
||||
loki:
|
||||
podAnnotations:
|
||||
secret.reloader.stakater.com/reload: loki-secret
|
||||
|
||||
ingester:
|
||||
chunk_encoding: snappy
|
||||
|
||||
storage:
|
||||
type: s3
|
||||
bucketNames:
|
||||
chunks: loki-chunks
|
||||
ruler: loki-ruler
|
||||
admin: loki-admin
|
||||
s3:
|
||||
s3ForcePathStyle: true
|
||||
|
||||
schema_config:
|
||||
configs:
|
||||
- from: "2022-01-11" # quote
|
||||
store: boltdb-shipper
|
||||
object_store: s3
|
||||
schema: v12
|
||||
index:
|
||||
prefix: loki_index_
|
||||
period: 24h
|
||||
|
||||
structuredConfig:
|
||||
auth_enabled: false
|
||||
|
||||
server:
|
||||
log_level: info
|
||||
http_listen_port: 3100
|
||||
|
@ -78,15 +89,6 @@ spec:
|
|||
max_outstanding_requests_per_tenant: 4096
|
||||
frontend:
|
||||
max_outstanding_per_tenant: 4096
|
||||
schema_config:
|
||||
configs:
|
||||
- from: "2022-01-11" # quote
|
||||
store: boltdb-shipper
|
||||
object_store: s3
|
||||
schema: v12
|
||||
index:
|
||||
prefix: loki_index_
|
||||
period: 24h
|
||||
common:
|
||||
path_prefix: /var/loki
|
||||
replication_factor: 2
|
||||
|
@ -130,9 +132,25 @@ spec:
|
|||
analytics:
|
||||
reporting_enabled: false
|
||||
gateway:
|
||||
replicas: 2
|
||||
replicas: 3
|
||||
enabled: true
|
||||
image:
|
||||
registry: ghcr.io
|
||||
repository: nginxinc/nginx-unprivileged
|
||||
tag: 1.25-alpine@sha256:5b49ce26ad8555b649a5a5ea8ccdfabc742a284ab58cb7b7d7a56f178c5dd351
|
||||
deploymentStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 50%
|
||||
maxSurge: 50%
|
||||
topologySpreadConstraints:
|
||||
- maxSkew: 2
|
||||
topologyKey: kubernetes.io/hostname
|
||||
whenUnsatisfiable: DoNotSchedule
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: loki
|
||||
app.kubernetes.io/component: gateway
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: internal-nginx
|
||||
|
@ -144,8 +162,13 @@ spec:
|
|||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
|
||||
write:
|
||||
replicas: 3
|
||||
persistence:
|
||||
storageClass: openebs-hostpath
|
||||
read:
|
||||
replicas: 2
|
||||
replicas: 3
|
||||
persistence:
|
||||
storageClass: openebs-hostpath
|
||||
extraVolumeMounts:
|
||||
|
@ -154,12 +177,8 @@ spec:
|
|||
extraVolumes:
|
||||
- name: rules
|
||||
emptyDir: {}
|
||||
write:
|
||||
replicas: 2
|
||||
persistence:
|
||||
storageClass: openebs-hostpath
|
||||
backend:
|
||||
replicas: 2
|
||||
replicas: 3
|
||||
persistence:
|
||||
storageClass: openebs-hostpath
|
||||
extraVolumeMounts:
|
||||
|
@ -177,6 +196,8 @@ spec:
|
|||
dashboards:
|
||||
annotations:
|
||||
grafana_folder: Loki
|
||||
rules:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
metricsInstance:
|
||||
|
@ -185,10 +206,27 @@ spec:
|
|||
enabled: false
|
||||
grafanaAgent:
|
||||
installOperator: false
|
||||
lokiCanary:
|
||||
enabled: false
|
||||
sidecar:
|
||||
image:
|
||||
repository: ghcr.io/kiwigrid/k8s-sidecar
|
||||
|
||||
lokiCanary:
|
||||
enabled: false
|
||||
|
||||
test:
|
||||
enabled: false
|
||||
|
||||
valuesFrom:
|
||||
- kind: Secret
|
||||
name: loki-secret
|
||||
valuesKey: S3_BUCKET_HOST
|
||||
targetPath: loki.storage.s3.endpoint
|
||||
- kind: Secret
|
||||
name: loki-secret
|
||||
valuesKey: S3_BUCKET_REGION
|
||||
targetPath: loki.storage.s3.region
|
||||
- kind: Secret
|
||||
name: loki-secret
|
||||
valuesKey: S3_ACCESS_KEY
|
||||
targetPath: loki.storage.s3.accessKeyId
|
||||
- kind: Secret
|
||||
name: loki-secret
|
||||
valuesKey: S3_SECRET_KEY
|
||||
targetPath: loki.storage.s3.secretAccessKey
|
|
@ -3,11 +3,11 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./objectbucketclaim.yaml
|
||||
- ./externalsecret.yaml
|
||||
- ./helmrelease.yaml
|
||||
configMapGenerator:
|
||||
- name: loki-alerting-rules
|
||||
files:
|
||||
- loki-alerting-rules.yaml=./rules/loki-alerting-rules.yaml
|
||||
- loki-alerting-rules.yaml=./rules/loki-alerting-rules.yml
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
Loading…
Reference in a new issue