github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/applications/loki-stack/fluentbit-loki-stack/fluentbit-loki-stack.yaml (about) 1 apiVersion: v1 2 kind: Namespace 3 metadata: 4 name: fluentbit-loki-stack-system 5 --- 6 # Source: loki-stack/charts/fluent-bit/templates/podsecuritypolicy.yaml 7 apiVersion: policy/v1beta1 8 kind: PodSecurityPolicy 9 metadata: 10 name: loki-fluent-bit-loki 11 labels: 12 app: fluent-bit-loki 13 chart: fluent-bit-2.2.0 14 heritage: Helm 15 release: loki 16 spec: 17 privileged: false 18 allowPrivilegeEscalation: false 19 volumes: 20 - 'secret' 21 - 'configMap' 22 - 'hostPath' 23 - 'projected' 24 - 'downwardAPI' 25 hostNetwork: false 26 hostIPC: false 27 hostPID: false 28 runAsUser: 29 rule: 'RunAsAny' 30 seLinux: 31 rule: 'RunAsAny' 32 supplementalGroups: 33 rule: 'RunAsAny' 34 fsGroup: 35 rule: 'RunAsAny' 36 readOnlyRootFilesystem: true 37 requiredDropCapabilities: 38 - ALL 39 --- 40 # Source: loki-stack/charts/grafana/templates/podsecuritypolicy.yaml 41 apiVersion: policy/v1beta1 42 kind: PodSecurityPolicy 43 metadata: 44 name: loki-grafana 45 namespace: fluentbit-loki-stack-system 46 labels: 47 app.kubernetes.io/name: grafana 48 app.kubernetes.io/instance: loki 49 app.kubernetes.io/version: "7.5.0" 50 app.kubernetes.io/managed-by: Helm 51 annotations: 52 seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' 53 seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' 54 apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' 55 apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' 56 spec: 57 privileged: false 58 allowPrivilegeEscalation: false 59 requiredDropCapabilities: 60 # Default set from Docker, without DAC_OVERRIDE or CHOWN 61 - FOWNER 62 - FSETID 63 - KILL 64 - SETGID 65 - SETUID 66 - SETPCAP 67 - NET_BIND_SERVICE 68 - NET_RAW 69 - SYS_CHROOT 70 - MKNOD 71 - AUDIT_WRITE 72 - SETFCAP 73 volumes: 74 - 'configMap' 75 - 'emptyDir' 76 - 'projected' 77 - 'secret' 78 - 'downwardAPI' 79 - 'persistentVolumeClaim' 80 hostNetwork: false 81 hostIPC: false 82 hostPID: false 83 runAsUser: 84 rule: 'RunAsAny' 85 seLinux: 86 rule: 'RunAsAny' 87 supplementalGroups: 88 rule: 'RunAsAny' 89 fsGroup: 90 rule: 'RunAsAny' 91 readOnlyRootFilesystem: false 92 --- 93 # Source: loki-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml 94 apiVersion: policy/v1beta1 95 kind: PodSecurityPolicy 96 metadata: 97 name: loki-grafana-test 98 namespace: fluentbit-loki-stack-system 99 labels: 100 app.kubernetes.io/name: grafana 101 app.kubernetes.io/instance: loki 102 app.kubernetes.io/version: "7.5.0" 103 app.kubernetes.io/managed-by: Helm 104 spec: 105 allowPrivilegeEscalation: true 106 privileged: false 107 hostNetwork: false 108 hostIPC: false 109 hostPID: false 110 fsGroup: 111 rule: RunAsAny 112 seLinux: 113 rule: RunAsAny 114 supplementalGroups: 115 rule: RunAsAny 116 runAsUser: 117 rule: RunAsAny 118 volumes: 119 - configMap 120 - downwardAPI 121 - emptyDir 122 - projected 123 - secret 124 --- 125 # Source: loki-stack/charts/loki/templates/podsecuritypolicy.yaml 126 apiVersion: policy/v1beta1 127 kind: PodSecurityPolicy 128 metadata: 129 name: loki 130 labels: 131 app: loki 132 133 heritage: Helm 134 release: loki 135 spec: 136 privileged: false 137 allowPrivilegeEscalation: false 138 volumes: 139 - 'configMap' 140 - 'emptyDir' 141 - 'persistentVolumeClaim' 142 - 'secret' 143 - 'projected' 144 - 'downwardAPI' 145 hostNetwork: false 146 hostIPC: false 147 hostPID: false 148 runAsUser: 149 rule: 'MustRunAsNonRoot' 150 seLinux: 151 rule: 'RunAsAny' 152 supplementalGroups: 153 rule: 'MustRunAs' 154 ranges: 155 - min: 1 156 max: 65535 157 fsGroup: 158 rule: 'MustRunAs' 159 ranges: 160 - min: 1 161 max: 65535 162 readOnlyRootFilesystem: true 163 requiredDropCapabilities: 164 - ALL 165 --- 166 # Source: loki-stack/charts/fluent-bit/templates/serviceaccount.yaml 167 apiVersion: v1 168 kind: ServiceAccount 169 metadata: 170 labels: 171 app: fluent-bit-loki 172 chart: fluent-bit-2.2.0 173 heritage: Helm 174 release: loki 175 name: loki-fluent-bit-loki 176 namespace: fluentbit-loki-stack-system 177 --- 178 # Source: loki-stack/charts/grafana/templates/serviceaccount.yaml 179 apiVersion: v1 180 kind: ServiceAccount 181 metadata: 182 labels: 183 app.kubernetes.io/name: grafana 184 app.kubernetes.io/instance: loki 185 app.kubernetes.io/version: "7.5.0" 186 app.kubernetes.io/managed-by: Helm 187 name: loki-grafana 188 namespace: fluentbit-loki-stack-system 189 --- 190 # Source: loki-stack/charts/grafana/templates/tests/test-serviceaccount.yaml 191 apiVersion: v1 192 kind: ServiceAccount 193 metadata: 194 labels: 195 app.kubernetes.io/name: grafana 196 app.kubernetes.io/instance: loki 197 app.kubernetes.io/version: "7.5.0" 198 app.kubernetes.io/managed-by: Helm 199 name: loki-grafana-test 200 namespace: fluentbit-loki-stack-system 201 --- 202 # Source: loki-stack/charts/loki/templates/serviceaccount.yaml 203 apiVersion: v1 204 kind: ServiceAccount 205 metadata: 206 labels: 207 app: loki 208 heritage: Helm 209 release: loki 210 annotations: 211 { } 212 name: loki 213 namespace: fluentbit-loki-stack-system 214 --- 215 # Source: loki-stack/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml 216 apiVersion: v1 217 kind: ServiceAccount 218 metadata: 219 labels: 220 app.kubernetes.io/name: kube-state-metrics 221 helm.sh/chart: kube-state-metrics-2.8.14 222 app.kubernetes.io/managed-by: Helm 223 app.kubernetes.io/instance: loki 224 name: loki-kube-state-metrics 225 namespace: fluentbit-loki-stack-system 226 imagePullSecrets: 227 [ ] 228 --- 229 # Source: loki-stack/charts/prometheus/templates/alertmanager/serviceaccount.yaml 230 apiVersion: v1 231 kind: ServiceAccount 232 metadata: 233 labels: 234 component: "alertmanager" 235 app: prometheus 236 release: loki 237 chart: prometheus-11.16.9 238 heritage: Helm 239 name: loki-prometheus-alertmanager 240 namespace: fluentbit-loki-stack-system 241 annotations: 242 { } 243 --- 244 # Source: loki-stack/charts/prometheus/templates/node-exporter/serviceaccount.yaml 245 apiVersion: v1 246 kind: ServiceAccount 247 metadata: 248 labels: 249 component: "node-exporter" 250 app: prometheus 251 release: loki 252 chart: prometheus-11.16.9 253 heritage: Helm 254 name: loki-prometheus-node-exporter 255 namespace: fluentbit-loki-stack-system 256 annotations: 257 { } 258 --- 259 # Source: loki-stack/charts/prometheus/templates/pushgateway/serviceaccount.yaml 260 apiVersion: v1 261 kind: ServiceAccount 262 metadata: 263 labels: 264 component: "pushgateway" 265 app: prometheus 266 release: loki 267 chart: prometheus-11.16.9 268 heritage: Helm 269 name: loki-prometheus-pushgateway 270 namespace: fluentbit-loki-stack-system 271 annotations: 272 { } 273 --- 274 # Source: loki-stack/charts/prometheus/templates/server/serviceaccount.yaml 275 apiVersion: v1 276 kind: ServiceAccount 277 metadata: 278 labels: 279 component: "server" 280 app: prometheus 281 release: loki 282 chart: prometheus-11.16.9 283 heritage: Helm 284 name: loki-prometheus-server 285 namespace: fluentbit-loki-stack-system 286 annotations: 287 { } 288 --- 289 # Source: loki-stack/charts/grafana/templates/secret.yaml 290 apiVersion: v1 291 kind: Secret 292 metadata: 293 name: loki-grafana 294 namespace: fluentbit-loki-stack-system 295 labels: 296 app.kubernetes.io/name: grafana 297 app.kubernetes.io/instance: loki 298 app.kubernetes.io/version: "7.5.0" 299 app.kubernetes.io/managed-by: Helm 300 type: Opaque 301 data: 302 admin-user: "YWRtaW4=" 303 admin-password: "d1k1enNxMENCTmwxbG04S0poUzA0NDJaQUs1cDY3NVJzUmhta1ZvUw==" 304 ldap-toml: "" 305 --- 306 # Source: loki-stack/charts/loki/templates/secret.yaml 307 apiVersion: v1 308 kind: Secret 309 metadata: 310 name: loki 311 namespace: fluentbit-loki-stack-system 312 labels: 313 app: loki 314 release: loki 315 heritage: Helm 316 data: 317 loki.yaml: YXV0aF9lbmFibGVkOiBmYWxzZQpjaHVua19zdG9yZV9jb25maWc6CiAgbWF4X2xvb2tfYmFja19wZXJpb2Q6IDBzCmNvbXBhY3RvcjoKICBzaGFyZWRfc3RvcmU6IGZpbGVzeXN0ZW0KICB3b3JraW5nX2RpcmVjdG9yeTogL2RhdGEvbG9raS9ib2x0ZGItc2hpcHBlci1jb21wYWN0b3IKaW5nZXN0ZXI6CiAgY2h1bmtfYmxvY2tfc2l6ZTogMjYyMTQ0CiAgY2h1bmtfaWRsZV9wZXJpb2Q6IDNtCiAgY2h1bmtfcmV0YWluX3BlcmlvZDogMW0KICBsaWZlY3ljbGVyOgogICAgcmluZzoKICAgICAga3ZzdG9yZToKICAgICAgICBzdG9yZTogaW5tZW1vcnkKICAgICAgcmVwbGljYXRpb25fZmFjdG9yOiAxCiAgbWF4X3RyYW5zZmVyX3JldHJpZXM6IDAKbGltaXRzX2NvbmZpZzoKICBlbmZvcmNlX21ldHJpY19uYW1lOiBmYWxzZQogIHJlamVjdF9vbGRfc2FtcGxlczogdHJ1ZQogIHJlamVjdF9vbGRfc2FtcGxlc19tYXhfYWdlOiAxNjhoCnNjaGVtYV9jb25maWc6CiAgY29uZmlnczoKICAtIGZyb206ICIyMDIwLTEwLTI0IgogICAgaW5kZXg6CiAgICAgIHBlcmlvZDogMjRoCiAgICAgIHByZWZpeDogaW5kZXhfCiAgICBvYmplY3Rfc3RvcmU6IGZpbGVzeXN0ZW0KICAgIHNjaGVtYTogdjExCiAgICBzdG9yZTogYm9sdGRiLXNoaXBwZXIKc2VydmVyOgogIGh0dHBfbGlzdGVuX3BvcnQ6IDMxMDAKc3RvcmFnZV9jb25maWc6CiAgYm9sdGRiX3NoaXBwZXI6CiAgICBhY3RpdmVfaW5kZXhfZGlyZWN0b3J5OiAvZGF0YS9sb2tpL2JvbHRkYi1zaGlwcGVyLWFjdGl2ZQogICAgY2FjaGVfbG9jYXRpb246IC9kYXRhL2xva2kvYm9sdGRiLXNoaXBwZXItY2FjaGUKICAgIGNhY2hlX3R0bDogMjRoCiAgICBzaGFyZWRfc3RvcmU6IGZpbGVzeXN0ZW0KICBmaWxlc3lzdGVtOgogICAgZGlyZWN0b3J5OiAvZGF0YS9sb2tpL2NodW5rcwp0YWJsZV9tYW5hZ2VyOgogIHJldGVudGlvbl9kZWxldGVzX2VuYWJsZWQ6IGZhbHNlCiAgcmV0ZW50aW9uX3BlcmlvZDogMHM= 318 --- 319 # Source: loki-stack/charts/fluent-bit/templates/configmap.yaml 320 apiVersion: v1 321 kind: ConfigMap 322 metadata: 323 name: loki-fluent-bit-loki 324 namespace: fluentbit-loki-stack-system 325 labels: 326 app: fluent-bit-loki 327 chart: fluent-bit-2.2.0 328 release: loki 329 heritage: Helm 330 data: 331 fluent-bit.conf: |- 332 [SERVICE] 333 HTTP_Server On 334 HTTP_Listen 0.0.0.0 335 HTTP_PORT 2020 336 Flush 1 337 Daemon Off 338 Log_Level warn 339 Parsers_File parsers.conf 340 [INPUT] 341 Name tail 342 Tag kube.* 343 Path /var/log/containers/*.log 344 Parser docker 345 DB /run/fluent-bit/flb_kube.db 346 Mem_Buf_Limit 5MB 347 [FILTER] 348 Name kubernetes 349 Match kube.* 350 Kube_URL https://kubernetes.default.svc:443 351 Merge_Log On 352 K8S-Logging.Exclude Off 353 K8S-Logging.Parser Off 354 [Output] 355 Name grafana-loki 356 Match * 357 Url http://loki:3100/api/prom/push 358 TenantID "" 359 BatchWait 1 360 BatchSize 1048576 361 Labels {job="fluent-bit"} 362 RemoveKeys kubernetes,stream 363 AutoKubernetesLabels false 364 LabelMapPath /fluent-bit/etc/labelmap.json 365 LineFormat json 366 LogLevel warn 367 parsers.conf: |- 368 [PARSER] 369 Name docker 370 Format json 371 Time_Key time 372 Time_Format %Y-%m-%dT%H:%M:%S.%L 373 374 labelmap.json: |- 375 { 376 "kubernetes": { 377 "container_name": "container", 378 "host": "node", 379 "labels": { 380 "app": "app", 381 "release": "release" 382 }, 383 "namespace_name": "namespace", 384 "pod_name": "instance" 385 }, 386 "stream": "stream" 387 } 388 --- 389 # Source: loki-stack/charts/grafana/templates/configmap.yaml 390 apiVersion: v1 391 kind: ConfigMap 392 metadata: 393 name: loki-grafana 394 namespace: fluentbit-loki-stack-system 395 labels: 396 397 app.kubernetes.io/name: grafana 398 app.kubernetes.io/instance: loki 399 app.kubernetes.io/version: "7.5.0" 400 app.kubernetes.io/managed-by: Helm 401 data: 402 grafana.ini: | 403 [analytics] 404 check_for_updates = true 405 [grafana_net] 406 url = https://grafana.net 407 [log] 408 mode = console 409 [paths] 410 data = /var/lib/grafana/data 411 logs = /var/log/grafana 412 plugins = /var/lib/grafana/plugins 413 provisioning = /etc/grafana/provisioning 414 --- 415 # Source: loki-stack/charts/grafana/templates/tests/test-configmap.yaml 416 apiVersion: v1 417 kind: ConfigMap 418 metadata: 419 name: loki-grafana-test 420 namespace: fluentbit-loki-stack-system 421 labels: 422 423 app.kubernetes.io/name: grafana 424 app.kubernetes.io/instance: loki 425 app.kubernetes.io/version: "7.5.0" 426 app.kubernetes.io/managed-by: Helm 427 data: 428 run.sh: |- 429 @test "Test Health" { 430 url="http://loki-grafana/api/health" 431 432 code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') 433 [ "$code" == "200" ] 434 } 435 --- 436 # Source: loki-stack/charts/prometheus/templates/alertmanager/cm.yaml 437 apiVersion: v1 438 kind: ConfigMap 439 metadata: 440 labels: 441 component: "alertmanager" 442 app: prometheus 443 release: loki 444 chart: prometheus-11.16.9 445 heritage: Helm 446 name: loki-prometheus-alertmanager 447 namespace: fluentbit-loki-stack-system 448 data: 449 alertmanager.yml: | 450 global: {} 451 receivers: 452 - name: default-receiver 453 route: 454 group_interval: 5m 455 group_wait: 10s 456 receiver: default-receiver 457 repeat_interval: 3h 458 --- 459 # Source: loki-stack/charts/prometheus/templates/server/cm.yaml 460 apiVersion: v1 461 kind: ConfigMap 462 metadata: 463 labels: 464 component: "server" 465 app: prometheus 466 release: loki 467 chart: prometheus-11.16.9 468 heritage: Helm 469 name: loki-prometheus-server 470 namespace: fluentbit-loki-stack-system 471 data: 472 alerting_rules.yml: | 473 {} 474 alerts: | 475 {} 476 prometheus.yml: | 477 global: 478 evaluation_interval: 1m 479 scrape_interval: 1m 480 scrape_timeout: 10s 481 rule_files: 482 - /etc/config/recording_rules.yml 483 - /etc/config/alerting_rules.yml 484 - /etc/config/rules 485 - /etc/config/alerts 486 scrape_configs: 487 - job_name: prometheus 488 static_configs: 489 - targets: 490 - localhost:9090 491 - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 492 job_name: kubernetes-apiservers 493 kubernetes_sd_configs: 494 - role: endpoints 495 relabel_configs: 496 - action: keep 497 regex: default;kubernetes;https 498 source_labels: 499 - __meta_kubernetes_namespace 500 - __meta_kubernetes_service_name 501 - __meta_kubernetes_endpoint_port_name 502 scheme: https 503 tls_config: 504 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 505 insecure_skip_verify: true 506 - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 507 job_name: kubernetes-nodes 508 kubernetes_sd_configs: 509 - role: node 510 relabel_configs: 511 - action: labelmap 512 regex: __meta_kubernetes_node_label_(.+) 513 - replacement: kubernetes.default.svc:443 514 target_label: __address__ 515 - regex: (.+) 516 replacement: /api/v1/nodes/$1/proxy/metrics 517 source_labels: 518 - __meta_kubernetes_node_name 519 target_label: __metrics_path__ 520 scheme: https 521 tls_config: 522 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 523 insecure_skip_verify: true 524 - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 525 job_name: kubernetes-nodes-cadvisor 526 kubernetes_sd_configs: 527 - role: node 528 relabel_configs: 529 - action: labelmap 530 regex: __meta_kubernetes_node_label_(.+) 531 - replacement: kubernetes.default.svc:443 532 target_label: __address__ 533 - regex: (.+) 534 replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor 535 source_labels: 536 - __meta_kubernetes_node_name 537 target_label: __metrics_path__ 538 scheme: https 539 tls_config: 540 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 541 insecure_skip_verify: true 542 - job_name: kubernetes-service-endpoints 543 kubernetes_sd_configs: 544 - role: endpoints 545 relabel_configs: 546 - action: keep 547 regex: true 548 source_labels: 549 - __meta_kubernetes_service_annotation_prometheus_io_scrape 550 - action: replace 551 regex: (https?) 552 source_labels: 553 - __meta_kubernetes_service_annotation_prometheus_io_scheme 554 target_label: __scheme__ 555 - action: replace 556 regex: (.+) 557 source_labels: 558 - __meta_kubernetes_service_annotation_prometheus_io_path 559 target_label: __metrics_path__ 560 - action: replace 561 regex: ([^:]+)(?::\d+)?;(\d+) 562 replacement: $1:$2 563 source_labels: 564 - __address__ 565 - __meta_kubernetes_service_annotation_prometheus_io_port 566 target_label: __address__ 567 - action: labelmap 568 regex: __meta_kubernetes_service_label_(.+) 569 - action: replace 570 source_labels: 571 - __meta_kubernetes_namespace 572 target_label: kubernetes_namespace 573 - action: replace 574 source_labels: 575 - __meta_kubernetes_service_name 576 target_label: kubernetes_name 577 - action: replace 578 source_labels: 579 - __meta_kubernetes_pod_node_name 580 target_label: kubernetes_node 581 - job_name: kubernetes-service-endpoints-slow 582 kubernetes_sd_configs: 583 - role: endpoints 584 relabel_configs: 585 - action: keep 586 regex: true 587 source_labels: 588 - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow 589 - action: replace 590 regex: (https?) 591 source_labels: 592 - __meta_kubernetes_service_annotation_prometheus_io_scheme 593 target_label: __scheme__ 594 - action: replace 595 regex: (.+) 596 source_labels: 597 - __meta_kubernetes_service_annotation_prometheus_io_path 598 target_label: __metrics_path__ 599 - action: replace 600 regex: ([^:]+)(?::\d+)?;(\d+) 601 replacement: $1:$2 602 source_labels: 603 - __address__ 604 - __meta_kubernetes_service_annotation_prometheus_io_port 605 target_label: __address__ 606 - action: labelmap 607 regex: __meta_kubernetes_service_label_(.+) 608 - action: replace 609 source_labels: 610 - __meta_kubernetes_namespace 611 target_label: kubernetes_namespace 612 - action: replace 613 source_labels: 614 - __meta_kubernetes_service_name 615 target_label: kubernetes_name 616 - action: replace 617 source_labels: 618 - __meta_kubernetes_pod_node_name 619 target_label: kubernetes_node 620 scrape_interval: 5m 621 scrape_timeout: 30s 622 - honor_labels: true 623 job_name: prometheus-pushgateway 624 kubernetes_sd_configs: 625 - role: service 626 relabel_configs: 627 - action: keep 628 regex: pushgateway 629 source_labels: 630 - __meta_kubernetes_service_annotation_prometheus_io_probe 631 - job_name: kubernetes-services 632 kubernetes_sd_configs: 633 - role: service 634 metrics_path: /probe 635 params: 636 module: 637 - http_2xx 638 relabel_configs: 639 - action: keep 640 regex: true 641 source_labels: 642 - __meta_kubernetes_service_annotation_prometheus_io_probe 643 - source_labels: 644 - __address__ 645 target_label: __param_target 646 - replacement: blackbox 647 target_label: __address__ 648 - source_labels: 649 - __param_target 650 target_label: instance 651 - action: labelmap 652 regex: __meta_kubernetes_service_label_(.+) 653 - source_labels: 654 - __meta_kubernetes_namespace 655 target_label: kubernetes_namespace 656 - source_labels: 657 - __meta_kubernetes_service_name 658 target_label: kubernetes_name 659 - job_name: kubernetes-pods 660 kubernetes_sd_configs: 661 - role: pod 662 relabel_configs: 663 - action: keep 664 regex: true 665 source_labels: 666 - __meta_kubernetes_pod_annotation_prometheus_io_scrape 667 - action: replace 668 regex: (.+) 669 source_labels: 670 - __meta_kubernetes_pod_annotation_prometheus_io_path 671 target_label: __metrics_path__ 672 - action: replace 673 regex: ([^:]+)(?::\d+)?;(\d+) 674 replacement: $1:$2 675 source_labels: 676 - __address__ 677 - __meta_kubernetes_pod_annotation_prometheus_io_port 678 target_label: __address__ 679 - action: labelmap 680 regex: __meta_kubernetes_pod_label_(.+) 681 - action: replace 682 source_labels: 683 - __meta_kubernetes_namespace 684 target_label: kubernetes_namespace 685 - action: replace 686 source_labels: 687 - __meta_kubernetes_pod_name 688 target_label: kubernetes_pod_name 689 - action: drop 690 regex: Pending|Succeeded|Failed 691 source_labels: 692 - __meta_kubernetes_pod_phase 693 - job_name: kubernetes-pods-slow 694 kubernetes_sd_configs: 695 - role: pod 696 relabel_configs: 697 - action: keep 698 regex: true 699 source_labels: 700 - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow 701 - action: replace 702 regex: (.+) 703 source_labels: 704 - __meta_kubernetes_pod_annotation_prometheus_io_path 705 target_label: __metrics_path__ 706 - action: replace 707 regex: ([^:]+)(?::\d+)?;(\d+) 708 replacement: $1:$2 709 source_labels: 710 - __address__ 711 - __meta_kubernetes_pod_annotation_prometheus_io_port 712 target_label: __address__ 713 - action: labelmap 714 regex: __meta_kubernetes_pod_label_(.+) 715 - action: replace 716 source_labels: 717 - __meta_kubernetes_namespace 718 target_label: kubernetes_namespace 719 - action: replace 720 source_labels: 721 - __meta_kubernetes_pod_name 722 target_label: kubernetes_pod_name 723 - action: drop 724 regex: Pending|Succeeded|Failed 725 source_labels: 726 - __meta_kubernetes_pod_phase 727 scrape_interval: 5m 728 scrape_timeout: 30s 729 alerting: 730 alertmanagers: 731 - kubernetes_sd_configs: 732 - role: pod 733 tls_config: 734 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 735 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 736 relabel_configs: 737 - source_labels: [__meta_kubernetes_namespace] 738 regex: fluentbit-loki-stack-system 739 action: keep 740 - source_labels: [__meta_kubernetes_pod_label_app] 741 regex: prometheus 742 action: keep 743 - source_labels: [__meta_kubernetes_pod_label_component] 744 regex: alertmanager 745 action: keep 746 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe] 747 regex: .* 748 action: keep 749 - source_labels: [__meta_kubernetes_pod_container_port_number] 750 regex: "9093" 751 action: keep 752 recording_rules.yml: | 753 {} 754 rules: | 755 {} 756 --- 757 # Source: loki-stack/templates/datasources.yaml 758 apiVersion: v1 759 kind: ConfigMap 760 metadata: 761 name: loki-loki-stack 762 namespace: fluentbit-loki-stack-system 763 labels: 764 app: loki-stack 765 chart: loki-stack-2.4.1 766 release: loki 767 heritage: Helm 768 grafana_datasource: "1" 769 data: 770 loki-stack-datasource.yaml: |- 771 apiVersion: 1 772 datasources: 773 - name: Loki 774 type: loki 775 access: proxy 776 url: http://loki:3100 777 version: 1 778 - name: Prometheus 779 type: prometheus 780 access: proxy 781 url: http://loki-prometheus-server:80 782 version: 1 783 --- 784 # Source: loki-stack/templates/tests/loki-test-configmap.yaml 785 apiVersion: v1 786 kind: ConfigMap 787 metadata: 788 name: loki-loki-stack-test 789 labels: 790 app: loki-stack 791 chart: loki-stack-2.4.1 792 release: loki 793 heritage: Helm 794 data: 795 test.sh: | 796 #!/usr/bin/env bash 797 798 LOKI_URI="http://${LOKI_SERVICE}:${LOKI_PORT}" 799 800 function setup() { 801 apk add -u curl jq 802 until (curl -s ${LOKI_URI}/api/prom/label/app/values | jq -e '.values[] | select(. == "loki")'); do 803 sleep 1 804 done 805 } 806 807 @test "Has labels" { 808 curl -s ${LOKI_URI}/api/prom/label | \ 809 jq -e '.values[] | select(. == "app")' 810 } 811 812 @test "Query log entry" { 813 curl -sG ${LOKI_URI}/api/prom/query?limit=10 --data-urlencode 'query={app="loki"}' | \ 814 jq -e '.streams[].entries | length >= 1' 815 } 816 817 @test "Push log entry legacy" { 818 local timestamp=$(date -Iseconds -u | sed 's/UTC/.000000000+00:00/') 819 local data=$(jq -n --arg timestamp "${timestamp}" '{"streams": [{"labels": "{app=\"loki-test\"}", "entries": [{"ts": $timestamp, "line": "foobar"}]}]}') 820 821 curl -s -X POST -H "Content-Type: application/json" ${LOKI_URI}/api/prom/push -d "${data}" 822 823 curl -sG ${LOKI_URI}/api/prom/query?limit=1 --data-urlencode 'query={app="loki-test"}' | \ 824 jq -e '.streams[].entries[].line == "foobar"' 825 } 826 827 @test "Push log entry" { 828 local timestamp=$(date +%s000000000) 829 local data=$(jq -n --arg timestamp "${timestamp}" '{"streams": [{"stream": {"app": "loki-test"}, "values": [[$timestamp, "foobar"]]}]}') 830 831 curl -s -X POST -H "Content-Type: application/json" ${LOKI_URI}/loki/api/v1/push -d "${data}" 832 833 curl -sG ${LOKI_URI}/api/prom/query?limit=1 --data-urlencode 'query={app="loki-test"}' | \ 834 jq -e '.streams[].entries[].line == "foobar"' 835 } 836 --- 837 # Source: loki-stack/charts/fluent-bit/templates/clusterrole.yaml 838 kind: ClusterRole 839 apiVersion: rbac.authorization.k8s.io/v1 840 metadata: 841 labels: 842 app: fluent-bit-loki 843 chart: fluent-bit-2.2.0 844 release: loki 845 heritage: Helm 846 name: loki-fluent-bit-loki-clusterrole 847 rules: 848 - apiGroups: [ "" ] # "" indicates the core API group 849 resources: 850 - namespaces 851 - pods 852 verbs: [ "get", "watch", "list" ] 853 --- 854 # Source: loki-stack/charts/grafana/templates/clusterrole.yaml 855 kind: ClusterRole 856 apiVersion: rbac.authorization.k8s.io/v1 857 metadata: 858 labels: 859 860 app.kubernetes.io/name: grafana 861 app.kubernetes.io/instance: loki 862 app.kubernetes.io/version: "7.5.0" 863 app.kubernetes.io/managed-by: Helm 864 name: loki-grafana-clusterrole 865 rules: 866 - apiGroups: [ "" ] # "" indicates the core API group 867 resources: [ "configmaps", "secrets" ] 868 verbs: [ "get", "watch", "list" ] 869 --- 870 # Source: loki-stack/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml 871 apiVersion: rbac.authorization.k8s.io/v1 872 kind: ClusterRole 873 metadata: 874 labels: 875 app.kubernetes.io/name: kube-state-metrics 876 helm.sh/chart: kube-state-metrics-2.8.14 877 app.kubernetes.io/managed-by: Helm 878 app.kubernetes.io/instance: loki 879 name: loki-kube-state-metrics 880 rules: 881 882 - apiGroups: [ "certificates.k8s.io" ] 883 resources: 884 - certificatesigningrequests 885 verbs: [ "list", "watch" ] 886 887 - apiGroups: [ "" ] 888 resources: 889 - configmaps 890 verbs: [ "list", "watch" ] 891 892 - apiGroups: [ "batch" ] 893 resources: 894 - cronjobs 895 verbs: [ "list", "watch" ] 896 897 - apiGroups: [ "extensions", "apps" ] 898 resources: 899 - daemonsets 900 verbs: [ "list", "watch" ] 901 902 - apiGroups: [ "extensions", "apps" ] 903 resources: 904 - deployments 905 verbs: [ "list", "watch" ] 906 907 - apiGroups: [ "" ] 908 resources: 909 - endpoints 910 verbs: [ "list", "watch" ] 911 912 - apiGroups: [ "autoscaling" ] 913 resources: 914 - horizontalpodautoscalers 915 verbs: [ "list", "watch" ] 916 917 - apiGroups: [ "extensions", "networking.k8s.io" ] 918 resources: 919 - ingresses 920 verbs: [ "list", "watch" ] 921 922 - apiGroups: [ "batch" ] 923 resources: 924 - jobs 925 verbs: [ "list", "watch" ] 926 927 - apiGroups: [ "" ] 928 resources: 929 - limitranges 930 verbs: [ "list", "watch" ] 931 932 - apiGroups: [ "admissionregistration.k8s.io" ] 933 resources: 934 - mutatingwebhookconfigurations 935 verbs: [ "list", "watch" ] 936 937 - apiGroups: [ "" ] 938 resources: 939 - namespaces 940 verbs: [ "list", "watch" ] 941 942 - apiGroups: [ "networking.k8s.io" ] 943 resources: 944 - networkpolicies 945 verbs: [ "list", "watch" ] 946 947 - apiGroups: [ "" ] 948 resources: 949 - nodes 950 verbs: [ "list", "watch" ] 951 952 - apiGroups: [ "" ] 953 resources: 954 - persistentvolumeclaims 955 verbs: [ "list", "watch" ] 956 957 - apiGroups: [ "" ] 958 resources: 959 - persistentvolumes 960 verbs: [ "list", "watch" ] 961 962 - apiGroups: [ "policy" ] 963 resources: 964 - poddisruptionbudgets 965 verbs: [ "list", "watch" ] 966 967 - apiGroups: [ "" ] 968 resources: 969 - pods 970 verbs: [ "list", "watch" ] 971 972 - apiGroups: [ "extensions", "apps" ] 973 resources: 974 - replicasets 975 verbs: [ "list", "watch" ] 976 977 - apiGroups: [ "" ] 978 resources: 979 - replicationcontrollers 980 verbs: [ "list", "watch" ] 981 982 - apiGroups: [ "" ] 983 resources: 984 - resourcequotas 985 verbs: [ "list", "watch" ] 986 987 - apiGroups: [ "" ] 988 resources: 989 - secrets 990 verbs: [ "list", "watch" ] 991 992 - apiGroups: [ "" ] 993 resources: 994 - services 995 verbs: [ "list", "watch" ] 996 997 - apiGroups: [ "apps" ] 998 resources: 999 - statefulsets 1000 verbs: [ "list", "watch" ] 1001 1002 - apiGroups: [ "storage.k8s.io" ] 1003 resources: 1004 - storageclasses 1005 verbs: [ "list", "watch" ] 1006 1007 - apiGroups: [ "admissionregistration.k8s.io" ] 1008 resources: 1009 - validatingwebhookconfigurations 1010 verbs: [ "list", "watch" ] 1011 1012 - apiGroups: [ "storage.k8s.io" ] 1013 resources: 1014 - volumeattachments 1015 verbs: [ "list", "watch" ] 1016 --- 1017 # Source: loki-stack/charts/prometheus/templates/alertmanager/clusterrole.yaml 1018 apiVersion: rbac.authorization.k8s.io/v1 1019 kind: ClusterRole 1020 metadata: 1021 labels: 1022 component: "alertmanager" 1023 app: prometheus 1024 release: loki 1025 chart: prometheus-11.16.9 1026 heritage: Helm 1027 name: loki-prometheus-alertmanager 1028 rules: 1029 [ ] 1030 --- 1031 # Source: loki-stack/charts/prometheus/templates/pushgateway/clusterrole.yaml 1032 apiVersion: rbac.authorization.k8s.io/v1 1033 kind: ClusterRole 1034 metadata: 1035 labels: 1036 component: "pushgateway" 1037 app: prometheus 1038 release: loki 1039 chart: prometheus-11.16.9 1040 heritage: Helm 1041 name: loki-prometheus-pushgateway 1042 rules: 1043 [ ] 1044 --- 1045 # Source: loki-stack/charts/prometheus/templates/server/clusterrole.yaml 1046 apiVersion: rbac.authorization.k8s.io/v1 1047 kind: ClusterRole 1048 metadata: 1049 labels: 1050 component: "server" 1051 app: prometheus 1052 release: loki 1053 chart: prometheus-11.16.9 1054 heritage: Helm 1055 name: loki-prometheus-server 1056 rules: 1057 - apiGroups: 1058 - "" 1059 resources: 1060 - nodes 1061 - nodes/proxy 1062 - nodes/metrics 1063 - services 1064 - endpoints 1065 - pods 1066 - ingresses 1067 - configmaps 1068 verbs: 1069 - get 1070 - list 1071 - watch 1072 - apiGroups: 1073 - "extensions" 1074 - "networking.k8s.io" 1075 resources: 1076 - ingresses/status 1077 - ingresses 1078 verbs: 1079 - get 1080 - list 1081 - watch 1082 - nonResourceURLs: 1083 - "/metrics" 1084 verbs: 1085 - get 1086 --- 1087 # Source: loki-stack/charts/fluent-bit/templates/clusterrolebinding.yaml 1088 kind: ClusterRoleBinding 1089 apiVersion: rbac.authorization.k8s.io/v1 1090 metadata: 1091 name: loki-fluent-bit-loki-clusterrolebinding 1092 labels: 1093 app: fluent-bit-loki 1094 chart: fluent-bit-2.2.0 1095 release: loki 1096 heritage: Helm 1097 subjects: 1098 - kind: ServiceAccount 1099 name: loki-fluent-bit-loki 1100 namespace: fluentbit-loki-stack-system 1101 roleRef: 1102 kind: ClusterRole 1103 name: loki-fluent-bit-loki-clusterrole 1104 apiGroup: rbac.authorization.k8s.io 1105 --- 1106 # Source: loki-stack/charts/grafana/templates/clusterrolebinding.yaml 1107 kind: ClusterRoleBinding 1108 apiVersion: rbac.authorization.k8s.io/v1 1109 metadata: 1110 name: loki-grafana-clusterrolebinding 1111 labels: 1112 1113 app.kubernetes.io/name: grafana 1114 app.kubernetes.io/instance: loki 1115 app.kubernetes.io/version: "7.5.0" 1116 app.kubernetes.io/managed-by: Helm 1117 subjects: 1118 - kind: ServiceAccount 1119 name: loki-grafana 1120 namespace: fluentbit-loki-stack-system 1121 roleRef: 1122 kind: ClusterRole 1123 name: loki-grafana-clusterrole 1124 apiGroup: rbac.authorization.k8s.io 1125 --- 1126 # Source: loki-stack/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml 1127 apiVersion: rbac.authorization.k8s.io/v1 1128 kind: ClusterRoleBinding 1129 metadata: 1130 labels: 1131 app.kubernetes.io/name: kube-state-metrics 1132 helm.sh/chart: kube-state-metrics-2.8.14 1133 app.kubernetes.io/managed-by: Helm 1134 app.kubernetes.io/instance: loki 1135 name: loki-kube-state-metrics 1136 roleRef: 1137 apiGroup: rbac.authorization.k8s.io 1138 kind: ClusterRole 1139 name: loki-kube-state-metrics 1140 subjects: 1141 - kind: ServiceAccount 1142 name: loki-kube-state-metrics 1143 namespace: fluentbit-loki-stack-system 1144 --- 1145 # Source: loki-stack/charts/prometheus/templates/alertmanager/clusterrolebinding.yaml 1146 apiVersion: rbac.authorization.k8s.io/v1 1147 kind: ClusterRoleBinding 1148 metadata: 1149 labels: 1150 component: "alertmanager" 1151 app: prometheus 1152 release: loki 1153 chart: prometheus-11.16.9 1154 heritage: Helm 1155 name: loki-prometheus-alertmanager 1156 subjects: 1157 - kind: ServiceAccount 1158 name: loki-prometheus-alertmanager 1159 namespace: fluentbit-loki-stack-system 1160 roleRef: 1161 apiGroup: rbac.authorization.k8s.io 1162 kind: ClusterRole 1163 name: loki-prometheus-alertmanager 1164 --- 1165 # Source: loki-stack/charts/prometheus/templates/pushgateway/clusterrolebinding.yaml 1166 apiVersion: rbac.authorization.k8s.io/v1 1167 kind: ClusterRoleBinding 1168 metadata: 1169 labels: 1170 component: "pushgateway" 1171 app: prometheus 1172 release: loki 1173 chart: prometheus-11.16.9 1174 heritage: Helm 1175 name: loki-prometheus-pushgateway 1176 subjects: 1177 - kind: ServiceAccount 1178 name: loki-prometheus-pushgateway 1179 namespace: fluentbit-loki-stack-system 1180 roleRef: 1181 apiGroup: rbac.authorization.k8s.io 1182 kind: ClusterRole 1183 name: loki-prometheus-pushgateway 1184 --- 1185 # Source: loki-stack/charts/prometheus/templates/server/clusterrolebinding.yaml 1186 apiVersion: rbac.authorization.k8s.io/v1 1187 kind: ClusterRoleBinding 1188 metadata: 1189 labels: 1190 component: "server" 1191 app: prometheus 1192 release: loki 1193 chart: prometheus-11.16.9 1194 heritage: Helm 1195 name: loki-prometheus-server 1196 subjects: 1197 - kind: ServiceAccount 1198 name: loki-prometheus-server 1199 namespace: fluentbit-loki-stack-system 1200 roleRef: 1201 apiGroup: rbac.authorization.k8s.io 1202 kind: ClusterRole 1203 name: loki-prometheus-server 1204 --- 1205 # Source: loki-stack/charts/fluent-bit/templates/role.yaml 1206 apiVersion: rbac.authorization.k8s.io/v1 1207 kind: Role 1208 metadata: 1209 name: loki-fluent-bit-loki 1210 namespace: fluentbit-loki-stack-system 1211 labels: 1212 app: fluent-bit-loki 1213 chart: fluent-bit-2.2.0 1214 heritage: Helm 1215 release: loki 1216 rules: 1217 - apiGroups: [ 'extensions' ] 1218 resources: [ 'podsecuritypolicies' ] 1219 verbs: [ 'use' ] 1220 resourceNames: [ loki-fluent-bit-loki ] 1221 --- 1222 # Source: loki-stack/charts/grafana/templates/role.yaml 1223 apiVersion: rbac.authorization.k8s.io/v1 1224 kind: Role 1225 metadata: 1226 name: loki-grafana 1227 namespace: fluentbit-loki-stack-system 1228 labels: 1229 1230 app.kubernetes.io/name: grafana 1231 app.kubernetes.io/instance: loki 1232 app.kubernetes.io/version: "7.5.0" 1233 app.kubernetes.io/managed-by: Helm 1234 rules: 1235 - apiGroups: [ 'extensions' ] 1236 resources: [ 'podsecuritypolicies' ] 1237 verbs: [ 'use' ] 1238 resourceNames: [ loki-grafana ] 1239 --- 1240 # Source: loki-stack/charts/grafana/templates/tests/test-role.yaml 1241 apiVersion: rbac.authorization.k8s.io/v1 1242 kind: Role 1243 metadata: 1244 name: loki-grafana-test 1245 namespace: fluentbit-loki-stack-system 1246 labels: 1247 1248 app.kubernetes.io/name: grafana 1249 app.kubernetes.io/instance: loki 1250 app.kubernetes.io/version: "7.5.0" 1251 app.kubernetes.io/managed-by: Helm 1252 rules: 1253 - apiGroups: [ 'policy' ] 1254 resources: [ 'podsecuritypolicies' ] 1255 verbs: [ 'use' ] 1256 resourceNames: [ loki-grafana-test ] 1257 --- 1258 # Source: loki-stack/charts/loki/templates/role.yaml 1259 apiVersion: rbac.authorization.k8s.io/v1 1260 kind: Role 1261 metadata: 1262 name: loki 1263 namespace: fluentbit-loki-stack-system 1264 labels: 1265 app: loki 1266 1267 heritage: Helm 1268 release: loki 1269 rules: 1270 - apiGroups: [ 'extensions' ] 1271 resources: [ 'podsecuritypolicies' ] 1272 verbs: [ 'use' ] 1273 resourceNames: [ loki ] 1274 --- 1275 # Source: loki-stack/charts/fluent-bit/templates/rolebinding.yaml 1276 apiVersion: rbac.authorization.k8s.io/v1 1277 kind: RoleBinding 1278 metadata: 1279 name: loki-fluent-bit-loki 1280 namespace: fluentbit-loki-stack-system 1281 labels: 1282 app: fluent-bit-loki 1283 chart: fluent-bit-2.2.0 1284 heritage: Helm 1285 release: loki 1286 roleRef: 1287 apiGroup: rbac.authorization.k8s.io 1288 kind: Role 1289 name: loki-fluent-bit-loki 1290 subjects: 1291 - kind: ServiceAccount 1292 name: loki-fluent-bit-loki 1293 --- 1294 # Source: loki-stack/charts/grafana/templates/rolebinding.yaml 1295 apiVersion: rbac.authorization.k8s.io/v1 1296 kind: RoleBinding 1297 metadata: 1298 name: loki-grafana 1299 namespace: fluentbit-loki-stack-system 1300 labels: 1301 1302 app.kubernetes.io/name: grafana 1303 app.kubernetes.io/instance: loki 1304 app.kubernetes.io/version: "7.5.0" 1305 app.kubernetes.io/managed-by: Helm 1306 roleRef: 1307 apiGroup: rbac.authorization.k8s.io 1308 kind: Role 1309 name: loki-grafana 1310 subjects: 1311 - kind: ServiceAccount 1312 name: loki-grafana 1313 namespace: fluentbit-loki-stack-system 1314 --- 1315 # Source: loki-stack/charts/grafana/templates/tests/test-rolebinding.yaml 1316 apiVersion: rbac.authorization.k8s.io/v1 1317 kind: RoleBinding 1318 metadata: 1319 name: loki-grafana-test 1320 namespace: fluentbit-loki-stack-system 1321 labels: 1322 1323 app.kubernetes.io/name: grafana 1324 app.kubernetes.io/instance: loki 1325 app.kubernetes.io/version: "7.5.0" 1326 app.kubernetes.io/managed-by: Helm 1327 roleRef: 1328 apiGroup: rbac.authorization.k8s.io 1329 kind: Role 1330 name: loki-grafana-test 1331 subjects: 1332 - kind: ServiceAccount 1333 name: loki-grafana-test 1334 namespace: fluentbit-loki-stack-system 1335 --- 1336 # Source: loki-stack/charts/loki/templates/rolebinding.yaml 1337 apiVersion: rbac.authorization.k8s.io/v1 1338 kind: RoleBinding 1339 metadata: 1340 name: loki 1341 namespace: fluentbit-loki-stack-system 1342 labels: 1343 app: loki 1344 heritage: Helm 1345 release: loki 1346 roleRef: 1347 apiGroup: rbac.authorization.k8s.io 1348 kind: Role 1349 name: loki 1350 subjects: 1351 - kind: ServiceAccount 1352 name: loki 1353 --- 1354 # Source: loki-stack/charts/grafana/templates/service.yaml 1355 apiVersion: v1 1356 kind: Service 1357 metadata: 1358 name: loki-grafana 1359 namespace: fluentbit-loki-stack-system 1360 labels: 1361 app.kubernetes.io/name: grafana 1362 app.kubernetes.io/instance: loki 1363 app.kubernetes.io/version: "7.5.0" 1364 app.kubernetes.io/managed-by: Helm 1365 spec: 1366 type: ClusterIP 1367 ports: 1368 - name: service 1369 port: 80 1370 protocol: TCP 1371 targetPort: 3000 1372 1373 selector: 1374 app.kubernetes.io/name: grafana 1375 app.kubernetes.io/instance: loki 1376 --- 1377 # Source: loki-stack/charts/loki/templates/service-headless.yaml 1378 apiVersion: v1 1379 kind: Service 1380 metadata: 1381 name: loki-headless 1382 namespace: fluentbit-loki-stack-system 1383 labels: 1384 app: loki 1385 1386 release: loki 1387 heritage: Helm 1388 variant: headless 1389 spec: 1390 clusterIP: None 1391 ports: 1392 - port: 3100 1393 protocol: TCP 1394 name: http-metrics 1395 targetPort: http-metrics 1396 selector: 1397 app: loki 1398 release: loki 1399 --- 1400 # Source: loki-stack/charts/loki/templates/service.yaml 1401 apiVersion: v1 1402 kind: Service 1403 metadata: 1404 name: loki 1405 namespace: fluentbit-loki-stack-system 1406 labels: 1407 app: loki 1408 1409 release: loki 1410 heritage: Helm 1411 annotations: 1412 { } 1413 spec: 1414 type: ClusterIP 1415 ports: 1416 - port: 3100 1417 protocol: TCP 1418 name: http-metrics 1419 targetPort: http-metrics 1420 selector: 1421 app: loki 1422 release: loki 1423 --- 1424 # Source: loki-stack/charts/prometheus/charts/kube-state-metrics/templates/service.yaml 1425 apiVersion: v1 1426 kind: Service 1427 metadata: 1428 name: loki-kube-state-metrics 1429 namespace: fluentbit-loki-stack-system 1430 labels: 1431 app.kubernetes.io/name: kube-state-metrics 1432 helm.sh/chart: "kube-state-metrics-2.8.14" 1433 app.kubernetes.io/instance: "loki" 1434 app.kubernetes.io/managed-by: "Helm" 1435 annotations: 1436 prometheus.io/scrape: 'true' 1437 spec: 1438 type: "ClusterIP" 1439 ports: 1440 - name: "http" 1441 protocol: TCP 1442 port: 8080 1443 targetPort: 8080 1444 selector: 1445 app.kubernetes.io/name: kube-state-metrics 1446 app.kubernetes.io/instance: loki 1447 --- 1448 # Source: loki-stack/charts/prometheus/templates/alertmanager/service.yaml 1449 apiVersion: v1 1450 kind: Service 1451 metadata: 1452 labels: 1453 component: "alertmanager" 1454 app: prometheus 1455 release: loki 1456 chart: prometheus-11.16.9 1457 heritage: Helm 1458 name: loki-prometheus-alertmanager 1459 namespace: fluentbit-loki-stack-system 1460 spec: 1461 ports: 1462 - name: http 1463 port: 80 1464 protocol: TCP 1465 targetPort: 9093 1466 selector: 1467 component: "alertmanager" 1468 app: prometheus 1469 release: loki 1470 sessionAffinity: None 1471 type: "ClusterIP" 1472 --- 1473 # Source: loki-stack/charts/prometheus/templates/node-exporter/svc.yaml 1474 apiVersion: v1 1475 kind: Service 1476 metadata: 1477 annotations: 1478 prometheus.io/scrape: "true" 1479 labels: 1480 component: "node-exporter" 1481 app: prometheus 1482 release: loki 1483 chart: prometheus-11.16.9 1484 heritage: Helm 1485 name: loki-prometheus-node-exporter 1486 namespace: fluentbit-loki-stack-system 1487 spec: 1488 clusterIP: None 1489 ports: 1490 - name: metrics 1491 port: 9100 1492 protocol: TCP 1493 targetPort: 9100 1494 selector: 1495 component: "node-exporter" 1496 app: prometheus 1497 release: loki 1498 type: "ClusterIP" 1499 --- 1500 # Source: loki-stack/charts/prometheus/templates/pushgateway/service.yaml 1501 apiVersion: v1 1502 kind: Service 1503 metadata: 1504 annotations: 1505 prometheus.io/probe: pushgateway 1506 labels: 1507 component: "pushgateway" 1508 app: prometheus 1509 release: loki 1510 chart: prometheus-11.16.9 1511 heritage: Helm 1512 name: loki-prometheus-pushgateway 1513 namespace: fluentbit-loki-stack-system 1514 spec: 1515 ports: 1516 - name: http 1517 port: 9091 1518 protocol: TCP 1519 targetPort: 9091 1520 selector: 1521 component: "pushgateway" 1522 app: prometheus 1523 release: loki 1524 type: "ClusterIP" 1525 --- 1526 # Source: loki-stack/charts/prometheus/templates/server/service.yaml 1527 apiVersion: v1 1528 kind: Service 1529 metadata: 1530 labels: 1531 component: "server" 1532 app: prometheus 1533 release: loki 1534 chart: prometheus-11.16.9 1535 heritage: Helm 1536 name: loki-prometheus-server 1537 namespace: fluentbit-loki-stack-system 1538 spec: 1539 ports: 1540 - name: http 1541 port: 80 1542 protocol: TCP 1543 targetPort: 9090 1544 selector: 1545 component: "server" 1546 app: prometheus 1547 release: loki 1548 sessionAffinity: None 1549 type: "ClusterIP" 1550 --- 1551 # Source: loki-stack/charts/fluent-bit/templates/daemonset.yaml 1552 apiVersion: apps/v1 1553 kind: DaemonSet 1554 metadata: 1555 name: loki-fluent-bit-loki 1556 namespace: fluentbit-loki-stack-system 1557 labels: 1558 app: fluent-bit-loki 1559 chart: fluent-bit-2.2.0 1560 release: loki 1561 heritage: Helm 1562 annotations: 1563 { } 1564 spec: 1565 selector: 1566 matchLabels: 1567 app: fluent-bit-loki 1568 release: loki 1569 updateStrategy: 1570 type: RollingUpdate 1571 template: 1572 metadata: 1573 labels: 1574 app: fluent-bit-loki 1575 release: loki 1576 annotations: 1577 checksum/config: a093aebdfef733d0a910a88d45218439224cc9ae67e1342cbfd841f649d3d75d 1578 prometheus.io/path: /api/v1/metrics/prometheus 1579 prometheus.io/port: "2020" 1580 prometheus.io/scrape: "true" 1581 spec: 1582 serviceAccountName: loki-fluent-bit-loki 1583 containers: 1584 - name: fluent-bit-loki 1585 image: "grafana/fluent-bit-plugin-loki:2.1.0-amd64" 1586 imagePullPolicy: IfNotPresent 1587 volumeMounts: 1588 - name: config 1589 mountPath: /fluent-bit/etc 1590 - name: run 1591 mountPath: /run/fluent-bit 1592 - mountPath: /var/log 1593 name: varlog 1594 - mountPath: /var/lib/docker/containers 1595 name: varlibdockercontainers 1596 readOnly: true 1597 ports: 1598 - containerPort: 2020 1599 name: http-metrics 1600 resources: 1601 limits: 1602 memory: 100Mi 1603 requests: 1604 cpu: 100m 1605 memory: 100Mi 1606 nodeSelector: 1607 { } 1608 affinity: 1609 { } 1610 tolerations: 1611 - effect: NoSchedule 1612 key: node-role.kubernetes.io/master 1613 terminationGracePeriodSeconds: 10 1614 volumes: 1615 - name: config 1616 configMap: 1617 name: loki-fluent-bit-loki 1618 - name: run 1619 hostPath: 1620 path: /run/fluent-bit 1621 - hostPath: 1622 path: /var/log 1623 name: varlog 1624 - hostPath: 1625 path: /var/lib/docker/containers 1626 name: varlibdockercontainers 1627 --- 1628 # Source: loki-stack/charts/prometheus/templates/node-exporter/daemonset.yaml 1629 apiVersion: apps/v1 1630 kind: DaemonSet 1631 metadata: 1632 labels: 1633 component: "node-exporter" 1634 app: prometheus 1635 release: loki 1636 chart: prometheus-11.16.9 1637 heritage: Helm 1638 name: loki-prometheus-node-exporter 1639 namespace: fluentbit-loki-stack-system 1640 spec: 1641 selector: 1642 matchLabels: 1643 component: "node-exporter" 1644 app: prometheus 1645 release: loki 1646 updateStrategy: 1647 type: RollingUpdate 1648 template: 1649 metadata: 1650 labels: 1651 component: "node-exporter" 1652 app: prometheus 1653 release: loki 1654 chart: prometheus-11.16.9 1655 heritage: Helm 1656 spec: 1657 serviceAccountName: loki-prometheus-node-exporter 1658 containers: 1659 - name: prometheus-node-exporter 1660 image: "prom/node-exporter:v1.0.1" 1661 imagePullPolicy: "IfNotPresent" 1662 args: 1663 - --path.procfs=/host/proc 1664 - --path.sysfs=/host/sys 1665 - --web.listen-address=:9100 1666 ports: 1667 - name: metrics 1668 containerPort: 9100 1669 hostPort: 9100 1670 resources: 1671 { } 1672 volumeMounts: 1673 - name: proc 1674 mountPath: /host/proc 1675 readOnly: true 1676 - name: sys 1677 mountPath: /host/sys 1678 readOnly: true 1679 hostNetwork: true 1680 hostPID: true 1681 volumes: 1682 - name: proc 1683 hostPath: 1684 path: /proc 1685 - name: sys 1686 hostPath: 1687 path: /sys 1688 --- 1689 # Source: loki-stack/charts/grafana/templates/deployment.yaml 1690 apiVersion: apps/v1 1691 kind: Deployment 1692 metadata: 1693 name: loki-grafana 1694 namespace: fluentbit-loki-stack-system 1695 labels: 1696 app.kubernetes.io/name: grafana 1697 app.kubernetes.io/instance: loki 1698 app.kubernetes.io/version: "7.5.0" 1699 app.kubernetes.io/managed-by: Helm 1700 spec: 1701 replicas: 1 1702 revisionHistoryLimit: 10 1703 selector: 1704 matchLabels: 1705 app.kubernetes.io/name: grafana 1706 app.kubernetes.io/instance: loki 1707 strategy: 1708 type: RollingUpdate 1709 template: 1710 metadata: 1711 labels: 1712 app.kubernetes.io/name: grafana 1713 app.kubernetes.io/instance: loki 1714 annotations: 1715 checksum/config: e6ea11ae30cd73677bf702d4591d20ad13ce69df4e543a70716f93194d0950da 1716 checksum/dashboards-json-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b 1717 checksum/sc-dashboard-provider-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b 1718 checksum/secret: f4e954a0708ce82ee02f8849ede5485e900863a40daa99225ba63cd39ef01ca7 1719 spec: 1720 serviceAccountName: loki-grafana 1721 securityContext: 1722 fsGroup: 472 1723 runAsGroup: 472 1724 runAsUser: 472 1725 initContainers: 1726 - name: grafana-sc-datasources 1727 image: "kiwigrid/k8s-sidecar:0.1.209" 1728 imagePullPolicy: IfNotPresent 1729 env: 1730 - name: METHOD 1731 value: LIST 1732 - name: LABEL 1733 value: "grafana_datasource" 1734 - name: FOLDER 1735 value: "/etc/grafana/provisioning/datasources" 1736 - name: RESOURCE 1737 value: "both" 1738 resources: 1739 { } 1740 volumeMounts: 1741 - name: sc-datasources-volume 1742 mountPath: "/etc/grafana/provisioning/datasources" 1743 containers: 1744 - name: grafana 1745 image: "grafana/grafana:7.5.0" 1746 imagePullPolicy: IfNotPresent 1747 volumeMounts: 1748 - name: config 1749 mountPath: "/etc/grafana/grafana.ini" 1750 subPath: grafana.ini 1751 - name: storage 1752 mountPath: "/var/lib/grafana" 1753 - name: sc-datasources-volume 1754 mountPath: "/etc/grafana/provisioning/datasources" 1755 ports: 1756 - name: service 1757 containerPort: 80 1758 protocol: TCP 1759 - name: grafana 1760 containerPort: 3000 1761 protocol: TCP 1762 env: 1763 - name: GF_SECURITY_ADMIN_USER 1764 valueFrom: 1765 secretKeyRef: 1766 name: loki-grafana 1767 key: admin-user 1768 - name: GF_SECURITY_ADMIN_PASSWORD 1769 valueFrom: 1770 secretKeyRef: 1771 name: loki-grafana 1772 key: admin-password 1773 1774 livenessProbe: 1775 failureThreshold: 10 1776 httpGet: 1777 path: /api/health 1778 port: 3000 1779 initialDelaySeconds: 60 1780 timeoutSeconds: 30 1781 readinessProbe: 1782 httpGet: 1783 path: /api/health 1784 port: 3000 1785 resources: 1786 { } 1787 volumes: 1788 - name: config 1789 configMap: 1790 name: loki-grafana 1791 - name: storage 1792 emptyDir: { } 1793 - name: sc-datasources-volume 1794 emptyDir: { } 1795 --- 1796 # Source: loki-stack/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml 1797 apiVersion: apps/v1 1798 kind: Deployment 1799 metadata: 1800 name: loki-kube-state-metrics 1801 namespace: fluentbit-loki-stack-system 1802 labels: 1803 app.kubernetes.io/name: kube-state-metrics 1804 helm.sh/chart: "kube-state-metrics-2.8.14" 1805 app.kubernetes.io/instance: "loki" 1806 app.kubernetes.io/managed-by: "Helm" 1807 spec: 1808 selector: 1809 matchLabels: 1810 app.kubernetes.io/name: kube-state-metrics 1811 replicas: 1 1812 template: 1813 metadata: 1814 labels: 1815 app.kubernetes.io/name: kube-state-metrics 1816 app.kubernetes.io/instance: "loki" 1817 spec: 1818 hostNetwork: false 1819 serviceAccountName: loki-kube-state-metrics 1820 securityContext: 1821 fsGroup: 65534 1822 runAsGroup: 65534 1823 runAsUser: 65534 1824 containers: 1825 - name: kube-state-metrics 1826 args: 1827 - --collectors=certificatesigningrequests 1828 - --collectors=configmaps 1829 - --collectors=cronjobs 1830 - --collectors=daemonsets 1831 - --collectors=deployments 1832 - --collectors=endpoints 1833 - --collectors=horizontalpodautoscalers 1834 - --collectors=ingresses 1835 - --collectors=jobs 1836 - --collectors=limitranges 1837 - --collectors=mutatingwebhookconfigurations 1838 - --collectors=namespaces 1839 - --collectors=networkpolicies 1840 - --collectors=nodes 1841 - --collectors=persistentvolumeclaims 1842 - --collectors=persistentvolumes 1843 - --collectors=poddisruptionbudgets 1844 - --collectors=pods 1845 - --collectors=replicasets 1846 - --collectors=replicationcontrollers 1847 - --collectors=resourcequotas 1848 - --collectors=secrets 1849 - --collectors=services 1850 - --collectors=statefulsets 1851 - --collectors=storageclasses 1852 - --collectors=validatingwebhookconfigurations 1853 - --collectors=volumeattachments 1854 imagePullPolicy: IfNotPresent 1855 image: "quay.io/coreos/kube-state-metrics:v1.9.7" 1856 ports: 1857 - containerPort: 8080 1858 livenessProbe: 1859 httpGet: 1860 path: /healthz 1861 port: 8080 1862 initialDelaySeconds: 5 1863 timeoutSeconds: 5 1864 readinessProbe: 1865 httpGet: 1866 path: / 1867 port: 8080 1868 initialDelaySeconds: 5 1869 timeoutSeconds: 5 1870 --- 1871 # Source: loki-stack/charts/prometheus/templates/alertmanager/deploy.yaml 1872 apiVersion: apps/v1 1873 kind: Deployment 1874 metadata: 1875 labels: 1876 component: "alertmanager" 1877 app: prometheus 1878 release: loki 1879 chart: prometheus-11.16.9 1880 heritage: Helm 1881 name: loki-prometheus-alertmanager 1882 namespace: fluentbit-loki-stack-system 1883 spec: 1884 selector: 1885 matchLabels: 1886 component: "alertmanager" 1887 app: prometheus 1888 release: loki 1889 replicas: 1 1890 template: 1891 metadata: 1892 labels: 1893 component: "alertmanager" 1894 app: prometheus 1895 release: loki 1896 chart: prometheus-11.16.9 1897 heritage: Helm 1898 spec: 1899 serviceAccountName: loki-prometheus-alertmanager 1900 containers: 1901 - name: prometheus-alertmanager 1902 image: "prom/alertmanager:v0.21.0" 1903 imagePullPolicy: "IfNotPresent" 1904 env: 1905 - name: POD_IP 1906 valueFrom: 1907 fieldRef: 1908 apiVersion: v1 1909 fieldPath: status.podIP 1910 args: 1911 - --config.file=/etc/config/alertmanager.yml 1912 - --storage.path=/data 1913 - --cluster.advertise-address=$(POD_IP):6783 1914 - --web.external-url=http://localhost:9093 1915 1916 ports: 1917 - containerPort: 9093 1918 readinessProbe: 1919 httpGet: 1920 path: /-/ready 1921 port: 9093 1922 initialDelaySeconds: 30 1923 timeoutSeconds: 30 1924 resources: 1925 { } 1926 volumeMounts: 1927 - name: config-volume 1928 mountPath: /etc/config 1929 - name: storage-volume 1930 mountPath: "/data" 1931 subPath: "" 1932 - name: prometheus-alertmanager-configmap-reload 1933 image: "jimmidyson/configmap-reload:v0.4.0" 1934 imagePullPolicy: "IfNotPresent" 1935 args: 1936 - --volume-dir=/etc/config 1937 - --webhook-url=http://127.0.0.1:9093/-/reload 1938 resources: 1939 { } 1940 volumeMounts: 1941 - name: config-volume 1942 mountPath: /etc/config 1943 readOnly: true 1944 securityContext: 1945 fsGroup: 65534 1946 runAsGroup: 65534 1947 runAsNonRoot: true 1948 runAsUser: 65534 1949 volumes: 1950 - name: config-volume 1951 configMap: 1952 name: loki-prometheus-alertmanager 1953 - name: storage-volume 1954 emptyDir: 1955 { } 1956 --- 1957 # Source: loki-stack/charts/prometheus/templates/pushgateway/deploy.yaml 1958 apiVersion: apps/v1 1959 kind: Deployment 1960 metadata: 1961 labels: 1962 component: "pushgateway" 1963 app: prometheus 1964 release: loki 1965 chart: prometheus-11.16.9 1966 heritage: Helm 1967 name: loki-prometheus-pushgateway 1968 namespace: fluentbit-loki-stack-system 1969 spec: 1970 selector: 1971 matchLabels: 1972 component: "pushgateway" 1973 app: prometheus 1974 release: loki 1975 replicas: 1 1976 template: 1977 metadata: 1978 labels: 1979 component: "pushgateway" 1980 app: prometheus 1981 release: loki 1982 chart: prometheus-11.16.9 1983 heritage: Helm 1984 spec: 1985 serviceAccountName: loki-prometheus-pushgateway 1986 containers: 1987 - name: prometheus-pushgateway 1988 image: "prom/pushgateway:v1.2.0" 1989 imagePullPolicy: "IfNotPresent" 1990 ports: 1991 - containerPort: 9091 1992 livenessProbe: 1993 httpGet: 1994 path: /-/healthy 1995 port: 9091 1996 initialDelaySeconds: 10 1997 timeoutSeconds: 10 1998 readinessProbe: 1999 httpGet: 2000 path: /-/ready 2001 port: 9091 2002 initialDelaySeconds: 10 2003 timeoutSeconds: 10 2004 resources: 2005 { } 2006 securityContext: 2007 runAsNonRoot: true 2008 runAsUser: 65534 2009 --- 2010 # Source: loki-stack/charts/prometheus/templates/server/deploy.yaml 2011 apiVersion: apps/v1 2012 kind: Deployment 2013 metadata: 2014 labels: 2015 component: "server" 2016 app: prometheus 2017 release: loki 2018 chart: prometheus-11.16.9 2019 heritage: Helm 2020 name: loki-prometheus-server 2021 namespace: fluentbit-loki-stack-system 2022 spec: 2023 selector: 2024 matchLabels: 2025 component: "server" 2026 app: prometheus 2027 release: loki 2028 replicas: 1 2029 template: 2030 metadata: 2031 labels: 2032 component: "server" 2033 app: prometheus 2034 release: loki 2035 chart: prometheus-11.16.9 2036 heritage: Helm 2037 spec: 2038 serviceAccountName: loki-prometheus-server 2039 containers: 2040 - name: prometheus-server-configmap-reload 2041 image: "jimmidyson/configmap-reload:v0.4.0" 2042 imagePullPolicy: "IfNotPresent" 2043 args: 2044 - --volume-dir=/etc/config 2045 - --webhook-url=http://127.0.0.1:9090/-/reload 2046 resources: 2047 { } 2048 volumeMounts: 2049 - name: config-volume 2050 mountPath: /etc/config 2051 readOnly: true 2052 2053 - name: prometheus-server 2054 image: "prom/prometheus:v2.21.0" 2055 imagePullPolicy: "IfNotPresent" 2056 args: 2057 - --storage.tsdb.retention.time=15d 2058 - --config.file=/etc/config/prometheus.yml 2059 - --storage.tsdb.path=/data 2060 - --web.console.libraries=/etc/prometheus/console_libraries 2061 - --web.console.templates=/etc/prometheus/consoles 2062 - --web.enable-lifecycle 2063 ports: 2064 - containerPort: 9090 2065 readinessProbe: 2066 httpGet: 2067 path: /-/ready 2068 port: 9090 2069 initialDelaySeconds: 30 2070 periodSeconds: 5 2071 timeoutSeconds: 30 2072 failureThreshold: 3 2073 successThreshold: 1 2074 livenessProbe: 2075 httpGet: 2076 path: /-/healthy 2077 port: 9090 2078 initialDelaySeconds: 30 2079 periodSeconds: 15 2080 timeoutSeconds: 30 2081 failureThreshold: 3 2082 successThreshold: 1 2083 resources: 2084 { } 2085 volumeMounts: 2086 - name: config-volume 2087 mountPath: /etc/config 2088 - name: storage-volume 2089 mountPath: /data 2090 subPath: "" 2091 securityContext: 2092 fsGroup: 65534 2093 runAsGroup: 65534 2094 runAsNonRoot: true 2095 runAsUser: 65534 2096 terminationGracePeriodSeconds: 300 2097 volumes: 2098 - name: config-volume 2099 configMap: 2100 name: loki-prometheus-server 2101 - name: storage-volume 2102 emptyDir: 2103 { } 2104 --- 2105 # Source: loki-stack/charts/loki/templates/statefulset.yaml 2106 apiVersion: apps/v1 2107 kind: StatefulSet 2108 metadata: 2109 name: loki 2110 namespace: fluentbit-loki-stack-system 2111 labels: 2112 app: loki 2113 2114 release: loki 2115 heritage: Helm 2116 annotations: 2117 { } 2118 spec: 2119 podManagementPolicy: OrderedReady 2120 replicas: 1 2121 selector: 2122 matchLabels: 2123 app: loki 2124 release: loki 2125 serviceName: loki-headless 2126 updateStrategy: 2127 type: RollingUpdate 2128 template: 2129 metadata: 2130 labels: 2131 app: loki 2132 name: loki 2133 release: loki 2134 annotations: 2135 checksum/config: 114ca8276a342da2e4af245e724892524c20666c64a56ef9f1136b0b7e52567c 2136 prometheus.io/port: http-metrics 2137 prometheus.io/scrape: "true" 2138 spec: 2139 serviceAccountName: loki 2140 securityContext: 2141 fsGroup: 10001 2142 runAsGroup: 10001 2143 runAsNonRoot: true 2144 runAsUser: 10001 2145 initContainers: 2146 [ ] 2147 containers: 2148 - name: loki 2149 image: "grafana/loki:2.2.0" 2150 imagePullPolicy: IfNotPresent 2151 args: 2152 - "-config.file=/etc/loki/loki.yaml" 2153 volumeMounts: 2154 - name: config 2155 mountPath: /etc/loki 2156 - name: storage 2157 mountPath: "/data" 2158 ports: 2159 - name: http-metrics 2160 containerPort: 3100 2161 protocol: TCP 2162 livenessProbe: 2163 httpGet: 2164 path: /ready 2165 port: http-metrics 2166 initialDelaySeconds: 45 2167 readinessProbe: 2168 httpGet: 2169 path: /ready 2170 port: http-metrics 2171 initialDelaySeconds: 45 2172 resources: 2173 { } 2174 securityContext: 2175 readOnlyRootFilesystem: true 2176 nodeSelector: 2177 { } 2178 affinity: 2179 { } 2180 tolerations: 2181 [ ] 2182 terminationGracePeriodSeconds: 4800 2183 volumes: 2184 - name: config 2185 secret: 2186 secretName: loki 2187 volumeClaimTemplates: 2188 - metadata: 2189 name: storage 2190 annotations: 2191 { } 2192 spec: 2193 accessModes: 2194 - ReadWriteOnce 2195 resources: 2196 requests: 2197 storage: "50Gi" 2198 storageClassName: local-hostpath