Compare commits
No commits in common. "825f3ae6836832b0b98e6b5eba746296b4d6751b" and "4e791e825b5305d73b210ebb2ee4f13e2304fc90" have entirely different histories.
825f3ae683
...
4e791e825b
6 changed files with 122 additions and 58 deletions
28
kubernetes/apps/observability/loki/app/externalsecret.yaml
Normal file
28
kubernetes/apps/observability/loki/app/externalsecret.yaml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: loki
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
name: onepassword-connect
|
||||||
|
target:
|
||||||
|
name: loki-secret
|
||||||
|
creationPolicy: Owner
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
S3_BUCKET_NAME: loki
|
||||||
|
S3_BUCKET_HOST: s3.hsn.dev
|
||||||
|
S3_BUCKET_REGION: us-east-1
|
||||||
|
S3_ACCESS_KEY: "loki"
|
||||||
|
S3_SECRET_KEY: "{{ .minio_loki_secret_key }}"
|
||||||
|
dataFrom:
|
||||||
|
- extract:
|
||||||
|
key: minio
|
||||||
|
rewrite:
|
||||||
|
- regexp:
|
||||||
|
source: "(.*)"
|
||||||
|
target: "minio_$1"
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: loki
|
chart: loki
|
||||||
version: 6.2.0
|
version: 6.1.0
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: grafana
|
name: grafana
|
||||||
|
@ -21,8 +21,9 @@ spec:
|
||||||
upgrade:
|
upgrade:
|
||||||
cleanupOnFail: true
|
cleanupOnFail: true
|
||||||
remediation:
|
remediation:
|
||||||
strategy: rollback
|
|
||||||
retries: 3
|
retries: 3
|
||||||
|
uninstall:
|
||||||
|
keepHistory: false
|
||||||
dependsOn:
|
dependsOn:
|
||||||
- name: openebs
|
- name: openebs
|
||||||
namespace: openebs-system
|
namespace: openebs-system
|
||||||
|
@ -32,40 +33,25 @@ spec:
|
||||||
namespace: observability
|
namespace: observability
|
||||||
- name: vector-aggregator
|
- name: vector-aggregator
|
||||||
namespace: observability
|
namespace: observability
|
||||||
valuesFrom:
|
|
||||||
- targetPath: loki.storage.bucketNames.chunks
|
|
||||||
kind: ConfigMap
|
|
||||||
name: &cephBucket loki-bucket
|
|
||||||
valuesKey: BUCKET_NAME
|
|
||||||
- targetPath: loki.storage.s3.endpoint
|
|
||||||
kind: ConfigMap
|
|
||||||
name: *cephBucket
|
|
||||||
valuesKey: BUCKET_HOST
|
|
||||||
- targetPath: loki.storage.s3.region
|
|
||||||
kind: ConfigMap
|
|
||||||
name: *cephBucket
|
|
||||||
valuesKey: BUCKET_REGION
|
|
||||||
- targetPath: loki.storage.s3.accessKeyId
|
|
||||||
kind: Secret
|
|
||||||
name: *cephBucket
|
|
||||||
valuesKey: AWS_ACCESS_KEY_ID
|
|
||||||
- targetPath: loki.storage.s3.secretAccessKey
|
|
||||||
kind: Secret
|
|
||||||
name: *cephBucket
|
|
||||||
valuesKey: AWS_SECRET_ACCESS_KEY
|
|
||||||
values:
|
values:
|
||||||
deploymentMode: SimpleScalable
|
deploymentMode: SimpleScalable
|
||||||
|
|
||||||
loki:
|
loki:
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
configmap.reloader.stakater.com/reload: *cephBucket
|
secret.reloader.stakater.com/reload: loki-secret
|
||||||
secret.reloader.stakater.com/reload: *cephBucket
|
|
||||||
ingester:
|
ingester:
|
||||||
chunk_encoding: snappy
|
chunk_encoding: snappy
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
type: s3
|
type: s3
|
||||||
|
bucketNames:
|
||||||
|
chunks: loki-chunks
|
||||||
|
ruler: loki-ruler
|
||||||
|
admin: loki-admin
|
||||||
s3:
|
s3:
|
||||||
s3ForcePathStyle: true
|
s3ForcePathStyle: true
|
||||||
insecure: true
|
|
||||||
schemaConfig:
|
schemaConfig:
|
||||||
configs:
|
configs:
|
||||||
- from: "2024-04-01"
|
- from: "2024-04-01"
|
||||||
|
@ -75,14 +61,17 @@ spec:
|
||||||
index:
|
index:
|
||||||
prefix: loki_index_
|
prefix: loki_index_
|
||||||
period: 24h
|
period: 24h
|
||||||
|
|
||||||
structuredConfig:
|
structuredConfig:
|
||||||
auth_enabled: false
|
auth_enabled: false
|
||||||
|
|
||||||
server:
|
server:
|
||||||
log_level: info
|
log_level: info
|
||||||
http_listen_port: 3100
|
http_listen_port: 3100
|
||||||
grpc_listen_port: 9095
|
grpc_listen_port: 9095
|
||||||
grpc_server_max_recv_msg_size: 8388608
|
grpc_server_max_recv_msg_size: 8388608
|
||||||
grpc_server_max_send_msg_size: 8388608
|
grpc_server_max_send_msg_size: 8388608
|
||||||
|
|
||||||
limits_config:
|
limits_config:
|
||||||
ingestion_burst_size_mb: 128
|
ingestion_burst_size_mb: 128
|
||||||
ingestion_rate_mb: 64
|
ingestion_rate_mb: 64
|
||||||
|
@ -95,10 +84,13 @@ spec:
|
||||||
shard_streams:
|
shard_streams:
|
||||||
enabled: true
|
enabled: true
|
||||||
split_queries_by_interval: 1h
|
split_queries_by_interval: 1h
|
||||||
|
|
||||||
query_scheduler:
|
query_scheduler:
|
||||||
max_outstanding_requests_per_tenant: 4096
|
max_outstanding_requests_per_tenant: 4096
|
||||||
|
|
||||||
frontend:
|
frontend:
|
||||||
max_outstanding_per_tenant: 4096
|
max_outstanding_per_tenant: 4096
|
||||||
|
|
||||||
ruler:
|
ruler:
|
||||||
enable_api: true
|
enable_api: true
|
||||||
enable_alertmanager_v2: true
|
enable_alertmanager_v2: true
|
||||||
|
@ -107,18 +99,31 @@ spec:
|
||||||
type: local
|
type: local
|
||||||
local:
|
local:
|
||||||
directory: /rules
|
directory: /rules
|
||||||
rule_path: /rules/fake
|
rule_path: /rules
|
||||||
|
|
||||||
analytics:
|
analytics:
|
||||||
reporting_enabled: false
|
reporting_enabled: false
|
||||||
backend:
|
|
||||||
replicas: 2
|
|
||||||
persistence:
|
|
||||||
size: 20Gi
|
|
||||||
storageClass: openebs-hostpath
|
|
||||||
gateway:
|
gateway:
|
||||||
replicas: 2
|
replicas: 3
|
||||||
|
enabled: true
|
||||||
image:
|
image:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
|
repository: nginxinc/nginx-unprivileged
|
||||||
|
tag: 1.25-alpine@sha256:5b49ce26ad8555b649a5a5ea8ccdfabc742a284ab58cb7b7d7a56f178c5dd351
|
||||||
|
deploymentStrategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
rollingUpdate:
|
||||||
|
maxUnavailable: 50%
|
||||||
|
maxSurge: 50%
|
||||||
|
topologySpreadConstraints:
|
||||||
|
- maxSkew: 2
|
||||||
|
topologyKey: kubernetes.io/hostname
|
||||||
|
whenUnsatisfiable: DoNotSchedule
|
||||||
|
labelSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: loki
|
||||||
|
app.kubernetes.io/component: gateway
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: internal-nginx
|
ingressClassName: internal-nginx
|
||||||
|
@ -128,21 +133,55 @@ spec:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
tls:
|
tls:
|
||||||
- hosts: [*host]
|
- hosts:
|
||||||
read:
|
- *host
|
||||||
replicas: 2
|
|
||||||
write:
|
write:
|
||||||
replicas: 2
|
replicas: 3
|
||||||
persistence:
|
persistence:
|
||||||
size: 20Gi
|
|
||||||
storageClass: openebs-hostpath
|
storageClass: openebs-hostpath
|
||||||
sidecar:
|
read:
|
||||||
image:
|
replicas: 3
|
||||||
repository: ghcr.io/kiwigrid/k8s-sidecar
|
|
||||||
|
backend:
|
||||||
|
replicas: 3
|
||||||
|
persistence:
|
||||||
|
storageClass: openebs-hostpath
|
||||||
|
monitoring:
|
||||||
|
dashboards:
|
||||||
|
annotations:
|
||||||
|
grafana_folder: Loki
|
||||||
rules:
|
rules:
|
||||||
searchNamespace: ALL
|
enabled: false
|
||||||
folder: /rules/fake
|
serviceMonitor:
|
||||||
|
enabled: false
|
||||||
|
metricsInstance:
|
||||||
|
enabled: false
|
||||||
|
selfMonitoring:
|
||||||
|
enabled: false
|
||||||
|
grafanaAgent:
|
||||||
|
installOperator: false
|
||||||
|
|
||||||
lokiCanary:
|
lokiCanary:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
test:
|
test:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
valuesFrom:
|
||||||
|
- kind: Secret
|
||||||
|
name: loki-secret
|
||||||
|
valuesKey: S3_BUCKET_HOST
|
||||||
|
targetPath: loki.storage.s3.endpoint
|
||||||
|
- kind: Secret
|
||||||
|
name: loki-secret
|
||||||
|
valuesKey: S3_BUCKET_REGION
|
||||||
|
targetPath: loki.storage.s3.region
|
||||||
|
- kind: Secret
|
||||||
|
name: loki-secret
|
||||||
|
valuesKey: S3_ACCESS_KEY
|
||||||
|
targetPath: loki.storage.s3.accessKeyId
|
||||||
|
- kind: Secret
|
||||||
|
name: loki-secret
|
||||||
|
valuesKey: S3_SECRET_KEY
|
||||||
|
targetPath: loki.storage.s3.secretAccessKey
|
|
@ -3,5 +3,11 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./objectbucketclaim.yaml
|
- ./externalsecret.yaml
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
|
configMapGenerator:
|
||||||
|
- name: loki-alerting-rules
|
||||||
|
files:
|
||||||
|
- loki-alerting-rules.yaml=./rules/loki-alerting-rules.yml
|
||||||
|
generatorOptions:
|
||||||
|
disableNameSuffixHash: true
|
|
@ -3,7 +3,7 @@
|
||||||
apiVersion: objectbucket.io/v1alpha1
|
apiVersion: objectbucket.io/v1alpha1
|
||||||
kind: ObjectBucketClaim
|
kind: ObjectBucketClaim
|
||||||
metadata:
|
metadata:
|
||||||
name: loki-bucket
|
name: loki-bucket-v2
|
||||||
spec:
|
spec:
|
||||||
bucketName: loki
|
bucketName: loki-v2
|
||||||
storageClassName: ceph-bucket
|
storageClassName: ceph-bucket
|
|
@ -5,12 +5,3 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
- ./prometheusrule.yaml
|
- ./prometheusrule.yaml
|
||||||
configMapGenerator:
|
|
||||||
- name: smartctl-exporter-loki-rules
|
|
||||||
files:
|
|
||||||
- smartctl-exporter.yaml=./resources/lokirule.yaml
|
|
||||||
options:
|
|
||||||
labels:
|
|
||||||
loki_rule: "true"
|
|
||||||
generatorOptions:
|
|
||||||
disableNameSuffixHash: true
|
|
Loading…
Reference in a new issue