apitech
/
loki
mirror of https://github.com/grafana/loki
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Like Prometheus, but for logs.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8156 Commits
839 Branches
309 Tags
649 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 4fa045d380
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4fa045d380'
${ noResults }
loki/operator/hack/addons_ocp.yaml

508 lines
15 KiB
Raw Blame History

# This file is used to create additional objects to help development of the operator
# within a cluster. logcli pod helps write queries, promtail writes logs, etc
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: lokistack-dev-addons-logcli
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: lokistack-dev-addons-promtail
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: lokistack-dev-addons-logcli
spec:
selector:
matchLabels:
app.kubernetes.io/name: logcli
app.kubernetes.io/instance: developer-addons
template:
metadata:
name: lokistack-dev-addons-logcli
labels:
app.kubernetes.io/name: logcli
app.kubernetes.io/instance: developer-addons
spec:
containers:
- name: logcli
image: docker.io/grafana/logcli:3.3.2-amd64
imagePullPolicy: IfNotPresent
command:
- /bin/sh
env:
- name: LOKI_ORG_ID
value: application
- name: LOKI_ADDR
value: https://lokistack-dev-gateway-http.openshift-logging.svc:8080/api/logs/v1/application
- name: LOKI_BEARER_TOKEN_FILE
value: /var/run/secrets/kubernetes.io/serviceaccount/token
args:
- -c
- while true; do logcli --ca-cert="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt" query '{namespace="openshift-logging"}'; sleep 30; done
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
serviceAccountName: lokistack-dev-addons-logcli
securityContext:
runAsNonRoot: true
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: lokistack-dev-addons-promtail
spec:
selector:
matchLabels:
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: developer-addons
template:
metadata:
name: lokistack-dev-addons-promtail
labels:
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: developer-addons
spec:
containers:
- name: promtail
image: docker.io/grafana/promtail:3.3.2
args:
- -config.file=/etc/promtail/promtail.yaml
- -log.level=info
env:
- name: 'HOSTNAME'
valueFrom:
fieldRef:
fieldPath: 'spec.nodeName'
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/promtail
name: config
- mountPath: /tmp/promtail
name: run
- mountPath: /var/lib/docker/containers
name: docker
readOnly: true
- mountPath: /var/log/pods
name: pods
readOnly: true
- mountPath: /var/log/journal
name: journal
readOnly: true
securityContext:
privileged: true
runAsNonRoot: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
serviceAccountName: lokistack-dev-addons-promtail
securityContext:
runAsNonRoot: true
volumes:
- name: config
configMap:
defaultMode: 420
name: lokistack-dev-addons-promtail
- name: run
emptyDir:
medium: ""
sizeLimit: 5Gi
- name: docker
hostPath:
path: /var/lib/docker/containers
type: ""
- name: pods
hostPath:
path: /var/log/pods
type: ""
- name: journal
hostPath:
path: /var/log/journal
type: ""
---
apiVersion: v1
kind: ConfigMap
metadata:
name: lokistack-dev-addons-promtail
data:
promtail.yaml: |
clients:
- url: https://lokistack-dev-gateway-http.openshift-logging.svc:8080/api/logs/v1/application/loki/api/v1/push
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
tenant_id: application
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
backoff_config:
max_period: 5m
max_retries: 20
min_period: 1s
batchsize: 100
batchwait: 10s
timeout: 10s
positions:
filename: /tmp/promtail/positions.yaml
server:
http_listen_port: 3100
grpc_listen_port: 9095
target_config:
sync_period: 10s
scrape_configs:
- job_name: journal
journal:
max_age: 12h
path: /var/log/journal
labels:
job: systemd-journal
relabel_configs:
- source_labels:
- __journal__systemd_unit
target_label: unit
- source_labels:
- __journal__hostname
target_label: hostname
- job_name: kubernetes-pods-name
pipeline_stages:
- docker: {}
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels:
- __meta_kubernetes_pod_label_name
target_label: __service__
- source_labels:
- __meta_kubernetes_pod_node_name
target_label: __host__
- action: drop
regex: ^$
source_labels:
- __service__
- action: replace
replacement: $1
separator: /
source_labels:
- __meta_kubernetes_namespace
- __service__
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: instance
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container_name
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- job_name: kubernetes-pods-app
pipeline_stages:
- docker: {}
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: drop
regex: .+
source_labels:
- __meta_kubernetes_pod_label_name
- source_labels:
- __meta_kubernetes_pod_label_app
target_label: __service__
- source_labels:
- __meta_kubernetes_pod_node_name
target_label: __host__
- action: drop
regex: ^$
source_labels:
- __service__
- action: replace
replacement: $1
separator: /
source_labels:
- __meta_kubernetes_namespace
- __service__
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: instance
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container_name
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- job_name: kubernetes-pods-direct-controllers
pipeline_stages:
- docker: {}
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: drop
regex: .+
separator: ''
source_labels:
- __meta_kubernetes_pod_label_name
- __meta_kubernetes_pod_label_app
- action: drop
regex: ^([0-9a-z-.]+)(-[0-9a-f]{8,10})$
source_labels:
- __meta_kubernetes_pod_controller_name
- source_labels:
- __meta_kubernetes_pod_controller_name
target_label: __service__
- source_labels:
- __meta_kubernetes_pod_node_name
target_label: __host__
- action: drop
regex: ^$
source_labels:
- __service__
- action: replace
replacement: $1
separator: /
source_labels:
- __meta_kubernetes_namespace
- __service__
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: instance
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label:
container_name
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- job_name: kubernetes-pods-indirect-controller
pipeline_stages:
- docker: {}
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: drop
regex: .+
separator: ''
source_labels:
- __meta_kubernetes_pod_label_name
- __meta_kubernetes_pod_label_app
- action: keep
regex: ^([0-9a-z-.]+)(-[0-9a-f]{8,10})$
source_labels:
- __meta_kubernetes_pod_controller_name
- action: replace
regex: ^([0-9a-z-.]+)(-[0-9a-f]{8,10})$
source_labels:
- __meta_kubernetes_pod_controller_name
target_label: __service__
- source_labels:
- __meta_kubernetes_pod_node_name
target_label: __host__
- action: drop
regex: ^$
source_labels:
- __service__
- action: replace
replacement: $1
separator: /
source_labels:
- __meta_kubernetes_namespace
- __service__
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: instance
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container_name
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- job_name: kubernetes-pods-static
pipeline_stages:
- docker: {}
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: drop
regex: ^$
source_labels:
- __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror
- action: replace
source_labels:
- __meta_kubernetes_pod_label_component
target_label: __service__
- source_labels:
- __meta_kubernetes_pod_node_name
target_label: __host__
- action: drop
regex: ^$
source_labels:
- __service__
- action: replace
replacement: $1
separator: /
source_labels:
- __meta_kubernetes_namespace
- __service__
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: instance
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container_name
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror
- __meta_kubernetes_pod_container_name
target_label: __path__
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: lokistack-dev-addons-writer
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: lokistack-dev-addons-writer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: lokistack-dev-addons-writer
subjects:
- kind: ServiceAccount
name: lokistack-dev-addons-promtail
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: lokistack-dev-addons-reader
rules:
- apiGroups:
- loki.grafana.com
resources:
- application
resourceNames:
- logs
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: lokistack-dev-addons-writer
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs:
- get
- watch
- list
- apiGroups:
- loki.grafana.com
resources:
- application
resourceNames:
- logs
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: lokistack-dev-addons-reader-clusterrolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: lokistack-dev-addons-reader
subjects:
- kind: ServiceAccount
name: lokistack-dev-addons-logcli
namespace: openshift-logging
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: lokistack-dev-addons-writer-clusterrolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: lokistack-dev-addons-writer
subjects:
- kind: ServiceAccount
name: lokistack-dev-addons-promtail
namespace: openshift-logging