Compare commits
No commits in common. "825f3ae6836832b0b98e6b5eba746296b4d6751b" and "4e791e825b5305d73b210ebb2ee4f13e2304fc90" have entirely different histories.
825f3ae683
...
4e791e825b
6 changed files with 122 additions and 58 deletions
28
kubernetes/apps/observability/loki/app/externalsecret.yaml
Normal file
28
kubernetes/apps/observability/loki/app/externalsecret.yaml
Normal file
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: loki
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: loki-secret
|
||||
creationPolicy: Owner
|
||||
template:
|
||||
engineVersion: v2
|
||||
data:
|
||||
S3_BUCKET_NAME: loki
|
||||
S3_BUCKET_HOST: s3.hsn.dev
|
||||
S3_BUCKET_REGION: us-east-1
|
||||
S3_ACCESS_KEY: "loki"
|
||||
S3_SECRET_KEY: "{{ .minio_loki_secret_key }}"
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: minio
|
||||
rewrite:
|
||||
- regexp:
|
||||
source: "(.*)"
|
||||
target: "minio_$1"
|
|
@ -10,7 +10,7 @@ spec:
|
|||
chart:
|
||||
spec:
|
||||
chart: loki
|
||||
version: 6.2.0
|
||||
version: 6.1.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: grafana
|
||||
|
@ -21,8 +21,9 @@ spec:
|
|||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
strategy: rollback
|
||||
retries: 3
|
||||
uninstall:
|
||||
keepHistory: false
|
||||
dependsOn:
|
||||
- name: openebs
|
||||
namespace: openebs-system
|
||||
|
@ -32,40 +33,25 @@ spec:
|
|||
namespace: observability
|
||||
- name: vector-aggregator
|
||||
namespace: observability
|
||||
valuesFrom:
|
||||
- targetPath: loki.storage.bucketNames.chunks
|
||||
kind: ConfigMap
|
||||
name: &cephBucket loki-bucket
|
||||
valuesKey: BUCKET_NAME
|
||||
- targetPath: loki.storage.s3.endpoint
|
||||
kind: ConfigMap
|
||||
name: *cephBucket
|
||||
valuesKey: BUCKET_HOST
|
||||
- targetPath: loki.storage.s3.region
|
||||
kind: ConfigMap
|
||||
name: *cephBucket
|
||||
valuesKey: BUCKET_REGION
|
||||
- targetPath: loki.storage.s3.accessKeyId
|
||||
kind: Secret
|
||||
name: *cephBucket
|
||||
valuesKey: AWS_ACCESS_KEY_ID
|
||||
- targetPath: loki.storage.s3.secretAccessKey
|
||||
kind: Secret
|
||||
name: *cephBucket
|
||||
valuesKey: AWS_SECRET_ACCESS_KEY
|
||||
values:
|
||||
deploymentMode: SimpleScalable
|
||||
|
||||
loki:
|
||||
podAnnotations:
|
||||
configmap.reloader.stakater.com/reload: *cephBucket
|
||||
secret.reloader.stakater.com/reload: *cephBucket
|
||||
secret.reloader.stakater.com/reload: loki-secret
|
||||
|
||||
ingester:
|
||||
chunk_encoding: snappy
|
||||
|
||||
storage:
|
||||
type: s3
|
||||
bucketNames:
|
||||
chunks: loki-chunks
|
||||
ruler: loki-ruler
|
||||
admin: loki-admin
|
||||
s3:
|
||||
s3ForcePathStyle: true
|
||||
insecure: true
|
||||
|
||||
schemaConfig:
|
||||
configs:
|
||||
- from: "2024-04-01"
|
||||
|
@ -75,14 +61,17 @@ spec:
|
|||
index:
|
||||
prefix: loki_index_
|
||||
period: 24h
|
||||
|
||||
structuredConfig:
|
||||
auth_enabled: false
|
||||
|
||||
server:
|
||||
log_level: info
|
||||
http_listen_port: 3100
|
||||
grpc_listen_port: 9095
|
||||
grpc_server_max_recv_msg_size: 8388608
|
||||
grpc_server_max_send_msg_size: 8388608
|
||||
|
||||
limits_config:
|
||||
ingestion_burst_size_mb: 128
|
||||
ingestion_rate_mb: 64
|
||||
|
@ -95,10 +84,13 @@ spec:
|
|||
shard_streams:
|
||||
enabled: true
|
||||
split_queries_by_interval: 1h
|
||||
|
||||
query_scheduler:
|
||||
max_outstanding_requests_per_tenant: 4096
|
||||
|
||||
frontend:
|
||||
max_outstanding_per_tenant: 4096
|
||||
|
||||
ruler:
|
||||
enable_api: true
|
||||
enable_alertmanager_v2: true
|
||||
|
@ -107,18 +99,31 @@ spec:
|
|||
type: local
|
||||
local:
|
||||
directory: /rules
|
||||
rule_path: /rules/fake
|
||||
rule_path: /rules
|
||||
|
||||
analytics:
|
||||
reporting_enabled: false
|
||||
backend:
|
||||
replicas: 2
|
||||
persistence:
|
||||
size: 20Gi
|
||||
storageClass: openebs-hostpath
|
||||
|
||||
gateway:
|
||||
replicas: 2
|
||||
replicas: 3
|
||||
enabled: true
|
||||
image:
|
||||
registry: ghcr.io
|
||||
repository: nginxinc/nginx-unprivileged
|
||||
tag: 1.25-alpine@sha256:5b49ce26ad8555b649a5a5ea8ccdfabc742a284ab58cb7b7d7a56f178c5dd351
|
||||
deploymentStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 50%
|
||||
maxSurge: 50%
|
||||
topologySpreadConstraints:
|
||||
- maxSkew: 2
|
||||
topologyKey: kubernetes.io/hostname
|
||||
whenUnsatisfiable: DoNotSchedule
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: loki
|
||||
app.kubernetes.io/component: gateway
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: internal-nginx
|
||||
|
@ -128,21 +133,55 @@ spec:
|
|||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts: [*host]
|
||||
read:
|
||||
replicas: 2
|
||||
- hosts:
|
||||
- *host
|
||||
|
||||
write:
|
||||
replicas: 2
|
||||
replicas: 3
|
||||
persistence:
|
||||
size: 20Gi
|
||||
storageClass: openebs-hostpath
|
||||
sidecar:
|
||||
image:
|
||||
repository: ghcr.io/kiwigrid/k8s-sidecar
|
||||
read:
|
||||
replicas: 3
|
||||
|
||||
backend:
|
||||
replicas: 3
|
||||
persistence:
|
||||
storageClass: openebs-hostpath
|
||||
monitoring:
|
||||
dashboards:
|
||||
annotations:
|
||||
grafana_folder: Loki
|
||||
rules:
|
||||
searchNamespace: ALL
|
||||
folder: /rules/fake
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
metricsInstance:
|
||||
enabled: false
|
||||
selfMonitoring:
|
||||
enabled: false
|
||||
grafanaAgent:
|
||||
installOperator: false
|
||||
|
||||
lokiCanary:
|
||||
enabled: false
|
||||
|
||||
test:
|
||||
enabled: false
|
||||
|
||||
valuesFrom:
|
||||
- kind: Secret
|
||||
name: loki-secret
|
||||
valuesKey: S3_BUCKET_HOST
|
||||
targetPath: loki.storage.s3.endpoint
|
||||
- kind: Secret
|
||||
name: loki-secret
|
||||
valuesKey: S3_BUCKET_REGION
|
||||
targetPath: loki.storage.s3.region
|
||||
- kind: Secret
|
||||
name: loki-secret
|
||||
valuesKey: S3_ACCESS_KEY
|
||||
targetPath: loki.storage.s3.accessKeyId
|
||||
- kind: Secret
|
||||
name: loki-secret
|
||||
valuesKey: S3_SECRET_KEY
|
||||
targetPath: loki.storage.s3.secretAccessKey
|
|
@ -3,5 +3,11 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./objectbucketclaim.yaml
|
||||
- ./externalsecret.yaml
|
||||
- ./helmrelease.yaml
|
||||
configMapGenerator:
|
||||
- name: loki-alerting-rules
|
||||
files:
|
||||
- loki-alerting-rules.yaml=./rules/loki-alerting-rules.yml
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
|
@ -3,7 +3,7 @@
|
|||
apiVersion: objectbucket.io/v1alpha1
|
||||
kind: ObjectBucketClaim
|
||||
metadata:
|
||||
name: loki-bucket
|
||||
name: loki-bucket-v2
|
||||
spec:
|
||||
bucketName: loki
|
||||
bucketName: loki-v2
|
||||
storageClassName: ceph-bucket
|
|
@ -5,12 +5,3 @@ kind: Kustomization
|
|||
resources:
|
||||
- ./helmrelease.yaml
|
||||
- ./prometheusrule.yaml
|
||||
configMapGenerator:
|
||||
- name: smartctl-exporter-loki-rules
|
||||
files:
|
||||
- smartctl-exporter.yaml=./resources/lokirule.yaml
|
||||
options:
|
||||
labels:
|
||||
loki_rule: "true"
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
Loading…
Reference in a new issue