github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/applications/loki-stack/promtail-loki-stack/promtail-loki-stack.yaml (about) 1 apiVersion: v1 2 kind: Namespace 3 metadata: 4 name: promtail-loki-stack-system 5 --- 6 # Source: loki-stack/charts/grafana/templates/podsecuritypolicy.yaml 7 apiVersion: policy/v1beta1 8 kind: PodSecurityPolicy 9 metadata: 10 name: loki-grafana 11 namespace: promtail-loki-stack-system 12 labels: 13 helm.sh/chart: grafana-5.7.10 14 app.kubernetes.io/name: grafana 15 app.kubernetes.io/instance: loki 16 app.kubernetes.io/version: "7.5.0" 17 18 annotations: 19 seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' 20 seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' 21 apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' 22 apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' 23 spec: 24 privileged: false 25 allowPrivilegeEscalation: false 26 requiredDropCapabilities: 27 # Default set from Docker, without DAC_OVERRIDE or CHOWN 28 - FOWNER 29 - FSETID 30 - KILL 31 - SETGID 32 - SETUID 33 - SETPCAP 34 - NET_BIND_SERVICE 35 - NET_RAW 36 - SYS_CHROOT 37 - MKNOD 38 - AUDIT_WRITE 39 - SETFCAP 40 volumes: 41 - 'configMap' 42 - 'emptyDir' 43 - 'projected' 44 - 'secret' 45 - 'downwardAPI' 46 - 'persistentVolumeClaim' 47 hostNetwork: false 48 hostIPC: false 49 hostPID: false 50 runAsUser: 51 rule: 'RunAsAny' 52 seLinux: 53 rule: 'RunAsAny' 54 supplementalGroups: 55 rule: 'RunAsAny' 56 fsGroup: 57 rule: 'RunAsAny' 58 readOnlyRootFilesystem: false 59 --- 60 # Source: loki-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml 61 apiVersion: policy/v1beta1 62 kind: PodSecurityPolicy 63 metadata: 64 name: loki-grafana-test 65 namespace: promtail-loki-stack-system 66 labels: 67 helm.sh/chart: grafana-5.7.10 68 app.kubernetes.io/name: grafana 69 app.kubernetes.io/instance: loki 70 app.kubernetes.io/version: "7.5.0" 71 72 spec: 73 allowPrivilegeEscalation: true 74 privileged: false 75 hostNetwork: false 76 hostIPC: false 77 hostPID: false 78 fsGroup: 79 rule: RunAsAny 80 seLinux: 81 rule: RunAsAny 82 supplementalGroups: 83 rule: RunAsAny 84 runAsUser: 85 rule: RunAsAny 86 volumes: 87 - configMap 88 - downwardAPI 89 - emptyDir 90 - projected 91 - secret 92 --- 93 # Source: loki-stack/charts/loki/templates/podsecuritypolicy.yaml 94 apiVersion: policy/v1beta1 95 kind: PodSecurityPolicy 96 metadata: 97 name: loki 98 labels: 99 app: loki 100 chart: loki-2.5.0 101 102 release: loki 103 spec: 104 privileged: false 105 allowPrivilegeEscalation: false 106 volumes: 107 - 'configMap' 108 - 'emptyDir' 109 - 'persistentVolumeClaim' 110 - 'secret' 111 - 'projected' 112 - 'downwardAPI' 113 hostNetwork: false 114 hostIPC: false 115 hostPID: false 116 runAsUser: 117 rule: 'MustRunAsNonRoot' 118 seLinux: 119 rule: 'RunAsAny' 120 supplementalGroups: 121 rule: 'MustRunAs' 122 ranges: 123 - min: 1 124 max: 65535 125 fsGroup: 126 rule: 'MustRunAs' 127 ranges: 128 - min: 1 129 max: 65535 130 readOnlyRootFilesystem: true 131 requiredDropCapabilities: 132 - ALL 133 --- 134 # Source: loki-stack/charts/promtail/templates/podsecuritypolicy.yaml 135 apiVersion: policy/v1beta1 136 kind: PodSecurityPolicy 137 metadata: 138 name: loki-promtail 139 labels: 140 app: promtail 141 chart: promtail-2.2.0 142 143 release: loki 144 spec: 145 allowPrivilegeEscalation: false 146 fsGroup: 147 rule: RunAsAny 148 hostIPC: false 149 hostNetwork: false 150 hostPID: false 151 privileged: false 152 readOnlyRootFilesystem: true 153 requiredDropCapabilities: 154 - ALL 155 runAsUser: 156 rule: RunAsAny 157 seLinux: 158 rule: RunAsAny 159 supplementalGroups: 160 rule: RunAsAny 161 volumes: 162 - secret 163 - configMap 164 - hostPath 165 - projected 166 - downwardAPI 167 - emptyDir 168 --- 169 # Source: loki-stack/charts/grafana/templates/serviceaccount.yaml 170 apiVersion: v1 171 kind: ServiceAccount 172 metadata: 173 labels: 174 helm.sh/chart: grafana-5.7.10 175 app.kubernetes.io/name: grafana 176 app.kubernetes.io/instance: loki 177 app.kubernetes.io/version: "7.5.0" 178 179 name: loki-grafana 180 namespace: promtail-loki-stack-system 181 --- 182 # Source: loki-stack/charts/grafana/templates/tests/test-serviceaccount.yaml 183 apiVersion: v1 184 kind: ServiceAccount 185 metadata: 186 labels: 187 helm.sh/chart: grafana-5.7.10 188 app.kubernetes.io/name: grafana 189 app.kubernetes.io/instance: loki 190 app.kubernetes.io/version: "7.5.0" 191 192 name: loki-grafana-test 193 namespace: promtail-loki-stack-system 194 --- 195 # Source: loki-stack/charts/loki/templates/serviceaccount.yaml 196 apiVersion: v1 197 kind: ServiceAccount 198 metadata: 199 labels: 200 app: loki 201 chart: loki-2.5.0 202 203 release: loki 204 annotations: 205 { } 206 name: loki 207 namespace: promtail-loki-stack-system 208 --- 209 # Source: loki-stack/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml 210 apiVersion: v1 211 kind: ServiceAccount 212 metadata: 213 labels: 214 app.kubernetes.io/name: kube-state-metrics 215 helm.sh/chart: kube-state-metrics-2.8.14 216 217 app.kubernetes.io/instance: loki 218 name: loki-kube-state-metrics 219 namespace: promtail-loki-stack-system 220 imagePullSecrets: 221 [ ] 222 --- 223 # Source: loki-stack/charts/prometheus/templates/alertmanager/serviceaccount.yaml 224 apiVersion: v1 225 kind: ServiceAccount 226 metadata: 227 labels: 228 component: "alertmanager" 229 app: prometheus 230 release: loki 231 chart: prometheus-11.16.9 232 233 name: loki-prometheus-alertmanager 234 namespace: promtail-loki-stack-system 235 annotations: 236 { } 237 --- 238 # Source: loki-stack/charts/prometheus/templates/node-exporter/serviceaccount.yaml 239 apiVersion: v1 240 kind: ServiceAccount 241 metadata: 242 labels: 243 component: "node-exporter" 244 app: prometheus 245 release: loki 246 chart: prometheus-11.16.9 247 248 name: loki-prometheus-node-exporter 249 namespace: promtail-loki-stack-system 250 annotations: 251 { } 252 --- 253 # Source: loki-stack/charts/prometheus/templates/pushgateway/serviceaccount.yaml 254 apiVersion: v1 255 kind: ServiceAccount 256 metadata: 257 labels: 258 component: "pushgateway" 259 app: prometheus 260 release: loki 261 chart: prometheus-11.16.9 262 263 name: loki-prometheus-pushgateway 264 namespace: promtail-loki-stack-system 265 annotations: 266 { } 267 --- 268 # Source: loki-stack/charts/prometheus/templates/server/serviceaccount.yaml 269 apiVersion: v1 270 kind: ServiceAccount 271 metadata: 272 labels: 273 component: "server" 274 app: prometheus 275 release: loki 276 chart: prometheus-11.16.9 277 278 name: loki-prometheus-server 279 namespace: promtail-loki-stack-system 280 annotations: 281 { } 282 --- 283 # Source: loki-stack/charts/promtail/templates/serviceaccount.yaml 284 apiVersion: v1 285 kind: ServiceAccount 286 metadata: 287 labels: 288 app: promtail 289 chart: promtail-2.2.0 290 291 release: loki 292 name: loki-promtail 293 namespace: promtail-loki-stack-system 294 --- 295 # Source: loki-stack/charts/grafana/templates/secret.yaml 296 apiVersion: v1 297 kind: Secret 298 metadata: 299 name: loki-grafana 300 namespace: promtail-loki-stack-system 301 labels: 302 helm.sh/chart: grafana-5.7.10 303 app.kubernetes.io/name: grafana 304 app.kubernetes.io/instance: loki 305 app.kubernetes.io/version: "7.5.0" 306 307 type: Opaque 308 data: 309 admin-user: "YWRtaW4=" 310 admin-password: "ZDNrUElqOFlaY1Q3R0piUnNSNk9iTTc4a1ZjdjcwQ1JxbE9yTzUxSw==" 311 ldap-toml: "" 312 --- 313 # Source: loki-stack/charts/loki/templates/secret.yaml 314 apiVersion: v1 315 kind: Secret 316 metadata: 317 name: loki 318 namespace: promtail-loki-stack-system 319 labels: 320 app: loki 321 chart: loki-2.5.0 322 release: loki 323 324 data: 325 loki.yaml: YXV0aF9lbmFibGVkOiBmYWxzZQpjaHVua19zdG9yZV9jb25maWc6CiAgbWF4X2xvb2tfYmFja19wZXJpb2Q6IDBzCmNvbXBhY3RvcjoKICBzaGFyZWRfc3RvcmU6IGZpbGVzeXN0ZW0KICB3b3JraW5nX2RpcmVjdG9yeTogL2RhdGEvbG9raS9ib2x0ZGItc2hpcHBlci1jb21wYWN0b3IKaW5nZXN0ZXI6CiAgY2h1bmtfYmxvY2tfc2l6ZTogMjYyMTQ0CiAgY2h1bmtfaWRsZV9wZXJpb2Q6IDNtCiAgY2h1bmtfcmV0YWluX3BlcmlvZDogMW0KICBsaWZlY3ljbGVyOgogICAgcmluZzoKICAgICAga3ZzdG9yZToKICAgICAgICBzdG9yZTogaW5tZW1vcnkKICAgICAgcmVwbGljYXRpb25fZmFjdG9yOiAxCiAgbWF4X3RyYW5zZmVyX3JldHJpZXM6IDAKbGltaXRzX2NvbmZpZzoKICBlbmZvcmNlX21ldHJpY19uYW1lOiBmYWxzZQogIHJlamVjdF9vbGRfc2FtcGxlczogdHJ1ZQogIHJlamVjdF9vbGRfc2FtcGxlc19tYXhfYWdlOiAxNjhoCnNjaGVtYV9jb25maWc6CiAgY29uZmlnczoKICAtIGZyb206ICIyMDIwLTEwLTI0IgogICAgaW5kZXg6CiAgICAgIHBlcmlvZDogMjRoCiAgICAgIHByZWZpeDogaW5kZXhfCiAgICBvYmplY3Rfc3RvcmU6IGZpbGVzeXN0ZW0KICAgIHNjaGVtYTogdjExCiAgICBzdG9yZTogYm9sdGRiLXNoaXBwZXIKc2VydmVyOgogIGh0dHBfbGlzdGVuX3BvcnQ6IDMxMDAKc3RvcmFnZV9jb25maWc6CiAgYm9sdGRiX3NoaXBwZXI6CiAgICBhY3RpdmVfaW5kZXhfZGlyZWN0b3J5OiAvZGF0YS9sb2tpL2JvbHRkYi1zaGlwcGVyLWFjdGl2ZQogICAgY2FjaGVfbG9jYXRpb246IC9kYXRhL2xva2kvYm9sdGRiLXNoaXBwZXItY2FjaGUKICAgIGNhY2hlX3R0bDogMjRoCiAgICBzaGFyZWRfc3RvcmU6IGZpbGVzeXN0ZW0KICBmaWxlc3lzdGVtOgogICAgZGlyZWN0b3J5OiAvZGF0YS9sb2tpL2NodW5rcwp0YWJsZV9tYW5hZ2VyOgogIHJldGVudGlvbl9kZWxldGVzX2VuYWJsZWQ6IGZhbHNlCiAgcmV0ZW50aW9uX3BlcmlvZDogMHM= 326 --- 327 # Source: loki-stack/charts/grafana/templates/configmap.yaml 328 apiVersion: v1 329 kind: ConfigMap 330 metadata: 331 name: loki-grafana 332 namespace: promtail-loki-stack-system 333 labels: 334 helm.sh/chart: grafana-5.7.10 335 app.kubernetes.io/name: grafana 336 app.kubernetes.io/instance: loki 337 app.kubernetes.io/version: "7.5.0" 338 339 data: 340 grafana.ini: | 341 [analytics] 342 check_for_updates = true 343 [grafana_net] 344 url = https://grafana.net 345 [log] 346 mode = console 347 [paths] 348 data = /var/lib/grafana/data 349 logs = /var/log/grafana 350 plugins = /var/lib/grafana/plugins 351 provisioning = /etc/grafana/provisioning 352 --- 353 # Source: loki-stack/charts/grafana/templates/tests/test-configmap.yaml 354 apiVersion: v1 355 kind: ConfigMap 356 metadata: 357 name: loki-grafana-test 358 namespace: promtail-loki-stack-system 359 labels: 360 helm.sh/chart: grafana-5.7.10 361 app.kubernetes.io/name: grafana 362 app.kubernetes.io/instance: loki 363 app.kubernetes.io/version: "7.5.0" 364 365 data: 366 run.sh: |- 367 @test "Test Health" { 368 url="http://loki-grafana/api/health" 369 370 code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') 371 [ "$code" == "200" ] 372 } 373 --- 374 # Source: loki-stack/charts/prometheus/templates/alertmanager/cm.yaml 375 apiVersion: v1 376 kind: ConfigMap 377 metadata: 378 labels: 379 component: "alertmanager" 380 app: prometheus 381 release: loki 382 chart: prometheus-11.16.9 383 384 name: loki-prometheus-alertmanager 385 namespace: promtail-loki-stack-system 386 data: 387 alertmanager.yml: | 388 global: {} 389 receivers: 390 - name: default-receiver 391 route: 392 group_interval: 5m 393 group_wait: 10s 394 receiver: default-receiver 395 repeat_interval: 3h 396 --- 397 # Source: loki-stack/charts/prometheus/templates/server/cm.yaml 398 apiVersion: v1 399 kind: ConfigMap 400 metadata: 401 labels: 402 component: "server" 403 app: prometheus 404 release: loki 405 chart: prometheus-11.16.9 406 407 name: loki-prometheus-server 408 namespace: promtail-loki-stack-system 409 data: 410 alerting_rules.yml: | 411 {} 412 alerts: | 413 {} 414 prometheus.yml: | 415 global: 416 evaluation_interval: 1m 417 scrape_interval: 1m 418 scrape_timeout: 10s 419 rule_files: 420 - /etc/config/recording_rules.yml 421 - /etc/config/alerting_rules.yml 422 - /etc/config/rules 423 - /etc/config/alerts 424 scrape_configs: 425 - job_name: prometheus 426 static_configs: 427 - targets: 428 - localhost:9090 429 - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 430 job_name: kubernetes-apiservers 431 kubernetes_sd_configs: 432 - role: endpoints 433 relabel_configs: 434 - action: keep 435 regex: default;kubernetes;https 436 source_labels: 437 - __meta_kubernetes_namespace 438 - __meta_kubernetes_service_name 439 - __meta_kubernetes_endpoint_port_name 440 scheme: https 441 tls_config: 442 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 443 insecure_skip_verify: true 444 - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 445 job_name: kubernetes-nodes 446 kubernetes_sd_configs: 447 - role: node 448 relabel_configs: 449 - action: labelmap 450 regex: __meta_kubernetes_node_label_(.+) 451 - replacement: kubernetes.default.svc:443 452 target_label: __address__ 453 - regex: (.+) 454 replacement: /api/v1/nodes/$1/proxy/metrics 455 source_labels: 456 - __meta_kubernetes_node_name 457 target_label: __metrics_path__ 458 scheme: https 459 tls_config: 460 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 461 insecure_skip_verify: true 462 - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 463 job_name: kubernetes-nodes-cadvisor 464 kubernetes_sd_configs: 465 - role: node 466 relabel_configs: 467 - action: labelmap 468 regex: __meta_kubernetes_node_label_(.+) 469 - replacement: kubernetes.default.svc:443 470 target_label: __address__ 471 - regex: (.+) 472 replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor 473 source_labels: 474 - __meta_kubernetes_node_name 475 target_label: __metrics_path__ 476 scheme: https 477 tls_config: 478 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 479 insecure_skip_verify: true 480 - job_name: kubernetes-service-endpoints 481 kubernetes_sd_configs: 482 - role: endpoints 483 relabel_configs: 484 - action: keep 485 regex: true 486 source_labels: 487 - __meta_kubernetes_service_annotation_prometheus_io_scrape 488 - action: replace 489 regex: (https?) 490 source_labels: 491 - __meta_kubernetes_service_annotation_prometheus_io_scheme 492 target_label: __scheme__ 493 - action: replace 494 regex: (.+) 495 source_labels: 496 - __meta_kubernetes_service_annotation_prometheus_io_path 497 target_label: __metrics_path__ 498 - action: replace 499 regex: ([^:]+)(?::\d+)?;(\d+) 500 replacement: $1:$2 501 source_labels: 502 - __address__ 503 - __meta_kubernetes_service_annotation_prometheus_io_port 504 target_label: __address__ 505 - action: labelmap 506 regex: __meta_kubernetes_service_label_(.+) 507 - action: replace 508 source_labels: 509 - __meta_kubernetes_namespace 510 target_label: kubernetes_namespace 511 - action: replace 512 source_labels: 513 - __meta_kubernetes_service_name 514 target_label: kubernetes_name 515 - action: replace 516 source_labels: 517 - __meta_kubernetes_pod_node_name 518 target_label: kubernetes_node 519 - job_name: kubernetes-service-endpoints-slow 520 kubernetes_sd_configs: 521 - role: endpoints 522 relabel_configs: 523 - action: keep 524 regex: true 525 source_labels: 526 - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow 527 - action: replace 528 regex: (https?) 529 source_labels: 530 - __meta_kubernetes_service_annotation_prometheus_io_scheme 531 target_label: __scheme__ 532 - action: replace 533 regex: (.+) 534 source_labels: 535 - __meta_kubernetes_service_annotation_prometheus_io_path 536 target_label: __metrics_path__ 537 - action: replace 538 regex: ([^:]+)(?::\d+)?;(\d+) 539 replacement: $1:$2 540 source_labels: 541 - __address__ 542 - __meta_kubernetes_service_annotation_prometheus_io_port 543 target_label: __address__ 544 - action: labelmap 545 regex: __meta_kubernetes_service_label_(.+) 546 - action: replace 547 source_labels: 548 - __meta_kubernetes_namespace 549 target_label: kubernetes_namespace 550 - action: replace 551 source_labels: 552 - __meta_kubernetes_service_name 553 target_label: kubernetes_name 554 - action: replace 555 source_labels: 556 - __meta_kubernetes_pod_node_name 557 target_label: kubernetes_node 558 scrape_interval: 5m 559 scrape_timeout: 30s 560 - honor_labels: true 561 job_name: prometheus-pushgateway 562 kubernetes_sd_configs: 563 - role: service 564 relabel_configs: 565 - action: keep 566 regex: pushgateway 567 source_labels: 568 - __meta_kubernetes_service_annotation_prometheus_io_probe 569 - job_name: kubernetes-services 570 kubernetes_sd_configs: 571 - role: service 572 metrics_path: /probe 573 params: 574 module: 575 - http_2xx 576 relabel_configs: 577 - action: keep 578 regex: true 579 source_labels: 580 - __meta_kubernetes_service_annotation_prometheus_io_probe 581 - source_labels: 582 - __address__ 583 target_label: __param_target 584 - replacement: blackbox 585 target_label: __address__ 586 - source_labels: 587 - __param_target 588 target_label: instance 589 - action: labelmap 590 regex: __meta_kubernetes_service_label_(.+) 591 - source_labels: 592 - __meta_kubernetes_namespace 593 target_label: kubernetes_namespace 594 - source_labels: 595 - __meta_kubernetes_service_name 596 target_label: kubernetes_name 597 - job_name: kubernetes-pods 598 kubernetes_sd_configs: 599 - role: pod 600 relabel_configs: 601 - action: keep 602 regex: true 603 source_labels: 604 - __meta_kubernetes_pod_annotation_prometheus_io_scrape 605 - action: replace 606 regex: (.+) 607 source_labels: 608 - __meta_kubernetes_pod_annotation_prometheus_io_path 609 target_label: __metrics_path__ 610 - action: replace 611 regex: ([^:]+)(?::\d+)?;(\d+) 612 replacement: $1:$2 613 source_labels: 614 - __address__ 615 - __meta_kubernetes_pod_annotation_prometheus_io_port 616 target_label: __address__ 617 - action: labelmap 618 regex: __meta_kubernetes_pod_label_(.+) 619 - action: replace 620 source_labels: 621 - __meta_kubernetes_namespace 622 target_label: kubernetes_namespace 623 - action: replace 624 source_labels: 625 - __meta_kubernetes_pod_name 626 target_label: kubernetes_pod_name 627 - action: drop 628 regex: Pending|Succeeded|Failed 629 source_labels: 630 - __meta_kubernetes_pod_phase 631 - job_name: kubernetes-pods-slow 632 kubernetes_sd_configs: 633 - role: pod 634 relabel_configs: 635 - action: keep 636 regex: true 637 source_labels: 638 - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow 639 - action: replace 640 regex: (.+) 641 source_labels: 642 - __meta_kubernetes_pod_annotation_prometheus_io_path 643 target_label: __metrics_path__ 644 - action: replace 645 regex: ([^:]+)(?::\d+)?;(\d+) 646 replacement: $1:$2 647 source_labels: 648 - __address__ 649 - __meta_kubernetes_pod_annotation_prometheus_io_port 650 target_label: __address__ 651 - action: labelmap 652 regex: __meta_kubernetes_pod_label_(.+) 653 - action: replace 654 source_labels: 655 - __meta_kubernetes_namespace 656 target_label: kubernetes_namespace 657 - action: replace 658 source_labels: 659 - __meta_kubernetes_pod_name 660 target_label: kubernetes_pod_name 661 - action: drop 662 regex: Pending|Succeeded|Failed 663 source_labels: 664 - __meta_kubernetes_pod_phase 665 scrape_interval: 5m 666 scrape_timeout: 30s 667 alerting: 668 alertmanagers: 669 - kubernetes_sd_configs: 670 - role: pod 671 tls_config: 672 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 673 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 674 relabel_configs: 675 - source_labels: [__meta_kubernetes_namespace] 676 regex: promtail-loki-stack-system 677 action: keep 678 - source_labels: [__meta_kubernetes_pod_label_app] 679 regex: prometheus 680 action: keep 681 - source_labels: [__meta_kubernetes_pod_label_component] 682 regex: alertmanager 683 action: keep 684 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe] 685 regex: .* 686 action: keep 687 - source_labels: [__meta_kubernetes_pod_container_port_number] 688 regex: "9093" 689 action: keep 690 recording_rules.yml: | 691 {} 692 rules: | 693 {} 694 --- 695 # Source: loki-stack/charts/promtail/templates/configmap.yaml 696 apiVersion: v1 697 kind: ConfigMap 698 metadata: 699 name: loki-promtail 700 namespace: promtail-loki-stack-system 701 labels: 702 app: promtail 703 chart: promtail-2.2.0 704 release: loki 705 706 data: 707 promtail.yaml: | 708 client: 709 backoff_config: 710 max_period: 5m 711 max_retries: 10 712 min_period: 500ms 713 batchsize: 1048576 714 batchwait: 1s 715 external_labels: {} 716 timeout: 10s 717 positions: 718 filename: /run/promtail/positions.yaml 719 server: 720 http_listen_port: 3101 721 target_config: 722 sync_period: 10s 723 scrape_configs: 724 - job_name: kubernetes-pods-name 725 pipeline_stages: 726 - docker: {} 727 kubernetes_sd_configs: 728 - role: pod 729 relabel_configs: 730 - source_labels: 731 - __meta_kubernetes_pod_label_name 732 target_label: __service__ 733 - source_labels: 734 - __meta_kubernetes_pod_node_name 735 target_label: __host__ 736 - action: drop 737 regex: '' 738 source_labels: 739 - __service__ 740 - action: labelmap 741 regex: __meta_kubernetes_pod_label_(.+) 742 - action: replace 743 replacement: $1 744 separator: / 745 source_labels: 746 - __meta_kubernetes_namespace 747 - __service__ 748 target_label: job 749 - action: replace 750 source_labels: 751 - __meta_kubernetes_namespace 752 target_label: namespace 753 - action: replace 754 source_labels: 755 - __meta_kubernetes_pod_name 756 target_label: pod 757 - action: replace 758 source_labels: 759 - __meta_kubernetes_pod_container_name 760 target_label: container 761 - replacement: /var/log/pods/*$1/*.log 762 separator: / 763 source_labels: 764 - __meta_kubernetes_pod_uid 765 - __meta_kubernetes_pod_container_name 766 target_label: __path__ 767 - job_name: kubernetes-pods-app 768 pipeline_stages: 769 - docker: {} 770 kubernetes_sd_configs: 771 - role: pod 772 relabel_configs: 773 - action: drop 774 regex: .+ 775 source_labels: 776 - __meta_kubernetes_pod_label_name 777 - source_labels: 778 - __meta_kubernetes_pod_label_app 779 target_label: __service__ 780 - source_labels: 781 - __meta_kubernetes_pod_node_name 782 target_label: __host__ 783 - action: drop 784 regex: '' 785 source_labels: 786 - __service__ 787 - action: labelmap 788 regex: __meta_kubernetes_pod_label_(.+) 789 - action: replace 790 replacement: $1 791 separator: / 792 source_labels: 793 - __meta_kubernetes_namespace 794 - __service__ 795 target_label: job 796 - action: replace 797 source_labels: 798 - __meta_kubernetes_namespace 799 target_label: namespace 800 - action: replace 801 source_labels: 802 - __meta_kubernetes_pod_name 803 target_label: pod 804 - action: replace 805 source_labels: 806 - __meta_kubernetes_pod_container_name 807 target_label: container 808 - replacement: /var/log/pods/*$1/*.log 809 separator: / 810 source_labels: 811 - __meta_kubernetes_pod_uid 812 - __meta_kubernetes_pod_container_name 813 target_label: __path__ 814 - job_name: kubernetes-pods-direct-controllers 815 pipeline_stages: 816 - docker: {} 817 kubernetes_sd_configs: 818 - role: pod 819 relabel_configs: 820 - action: drop 821 regex: .+ 822 separator: '' 823 source_labels: 824 - __meta_kubernetes_pod_label_name 825 - __meta_kubernetes_pod_label_app 826 - action: drop 827 regex: '[0-9a-z-.]+-[0-9a-f]{8,10}' 828 source_labels: 829 - __meta_kubernetes_pod_controller_name 830 - source_labels: 831 - __meta_kubernetes_pod_controller_name 832 target_label: __service__ 833 - source_labels: 834 - __meta_kubernetes_pod_node_name 835 target_label: __host__ 836 - action: drop 837 regex: '' 838 source_labels: 839 - __service__ 840 - action: labelmap 841 regex: __meta_kubernetes_pod_label_(.+) 842 - action: replace 843 replacement: $1 844 separator: / 845 source_labels: 846 - __meta_kubernetes_namespace 847 - __service__ 848 target_label: job 849 - action: replace 850 source_labels: 851 - __meta_kubernetes_namespace 852 target_label: namespace 853 - action: replace 854 source_labels: 855 - __meta_kubernetes_pod_name 856 target_label: pod 857 - action: replace 858 source_labels: 859 - __meta_kubernetes_pod_container_name 860 target_label: container 861 - replacement: /var/log/pods/*$1/*.log 862 separator: / 863 source_labels: 864 - __meta_kubernetes_pod_uid 865 - __meta_kubernetes_pod_container_name 866 target_label: __path__ 867 - job_name: kubernetes-pods-indirect-controller 868 pipeline_stages: 869 - docker: {} 870 kubernetes_sd_configs: 871 - role: pod 872 relabel_configs: 873 - action: drop 874 regex: .+ 875 separator: '' 876 source_labels: 877 - __meta_kubernetes_pod_label_name 878 - __meta_kubernetes_pod_label_app 879 - action: keep 880 regex: '[0-9a-z-.]+-[0-9a-f]{8,10}' 881 source_labels: 882 - __meta_kubernetes_pod_controller_name 883 - action: replace 884 regex: '([0-9a-z-.]+)-[0-9a-f]{8,10}' 885 source_labels: 886 - __meta_kubernetes_pod_controller_name 887 target_label: __service__ 888 - source_labels: 889 - __meta_kubernetes_pod_node_name 890 target_label: __host__ 891 - action: drop 892 regex: '' 893 source_labels: 894 - __service__ 895 - action: labelmap 896 regex: __meta_kubernetes_pod_label_(.+) 897 - action: replace 898 replacement: $1 899 separator: / 900 source_labels: 901 - __meta_kubernetes_namespace 902 - __service__ 903 target_label: job 904 - action: replace 905 source_labels: 906 - __meta_kubernetes_namespace 907 target_label: namespace 908 - action: replace 909 source_labels: 910 - __meta_kubernetes_pod_name 911 target_label: pod 912 - action: replace 913 source_labels: 914 - __meta_kubernetes_pod_container_name 915 target_label: container 916 - replacement: /var/log/pods/*$1/*.log 917 separator: / 918 source_labels: 919 - __meta_kubernetes_pod_uid 920 - __meta_kubernetes_pod_container_name 921 target_label: __path__ 922 - job_name: kubernetes-pods-static 923 pipeline_stages: 924 - docker: {} 925 kubernetes_sd_configs: 926 - role: pod 927 relabel_configs: 928 - action: drop 929 regex: '' 930 source_labels: 931 - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror 932 - action: replace 933 source_labels: 934 - __meta_kubernetes_pod_label_component 935 target_label: __service__ 936 - source_labels: 937 - __meta_kubernetes_pod_node_name 938 target_label: __host__ 939 - action: drop 940 regex: '' 941 source_labels: 942 - __service__ 943 - action: labelmap 944 regex: __meta_kubernetes_pod_label_(.+) 945 - action: replace 946 replacement: $1 947 separator: / 948 source_labels: 949 - __meta_kubernetes_namespace 950 - __service__ 951 target_label: job 952 - action: replace 953 source_labels: 954 - __meta_kubernetes_namespace 955 target_label: namespace 956 - action: replace 957 source_labels: 958 - __meta_kubernetes_pod_name 959 target_label: pod 960 - action: replace 961 source_labels: 962 - __meta_kubernetes_pod_container_name 963 target_label: container 964 - replacement: /var/log/pods/*$1/*.log 965 separator: / 966 source_labels: 967 - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror 968 - __meta_kubernetes_pod_container_name 969 target_label: __path__ 970 --- 971 # Source: loki-stack/templates/datasources.yaml 972 apiVersion: v1 973 kind: ConfigMap 974 metadata: 975 name: loki-loki-stack 976 namespace: promtail-loki-stack-system 977 labels: 978 app: loki-stack 979 chart: loki-stack-2.4.1 980 release: loki 981 982 grafana_datasource: "1" 983 data: 984 loki-stack-datasource.yaml: |- 985 apiVersion: 1 986 datasources: 987 - name: Loki 988 type: loki 989 access: proxy 990 url: http://loki:3100 991 version: 1 992 - name: Prometheus 993 type: prometheus 994 access: proxy 995 url: http://loki-prometheus-server:80 996 version: 1 997 --- 998 # Source: loki-stack/charts/grafana/templates/clusterrole.yaml 999 kind: ClusterRole 1000 apiVersion: rbac.authorization.k8s.io/v1 1001 metadata: 1002 labels: 1003 helm.sh/chart: grafana-5.7.10 1004 app.kubernetes.io/name: grafana 1005 app.kubernetes.io/instance: loki 1006 app.kubernetes.io/version: "7.5.0" 1007 1008 name: loki-grafana-clusterrole 1009 rules: 1010 - apiGroups: [ "" ] # "" indicates the core API group 1011 resources: [ "configmaps", "secrets" ] 1012 verbs: [ "get", "watch", "list" ] 1013 --- 1014 # Source: loki-stack/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml 1015 apiVersion: rbac.authorization.k8s.io/v1 1016 kind: ClusterRole 1017 metadata: 1018 labels: 1019 app.kubernetes.io/name: kube-state-metrics 1020 helm.sh/chart: kube-state-metrics-2.8.14 1021 1022 app.kubernetes.io/instance: loki 1023 name: loki-kube-state-metrics 1024 rules: 1025 1026 - apiGroups: [ "certificates.k8s.io" ] 1027 resources: 1028 - certificatesigningrequests 1029 verbs: [ "list", "watch" ] 1030 1031 - apiGroups: [ "" ] 1032 resources: 1033 - configmaps 1034 verbs: [ "list", "watch" ] 1035 1036 - apiGroups: [ "batch" ] 1037 resources: 1038 - cronjobs 1039 verbs: [ "list", "watch" ] 1040 1041 - apiGroups: [ "extensions", "apps" ] 1042 resources: 1043 - daemonsets 1044 verbs: [ "list", "watch" ] 1045 1046 - apiGroups: [ "extensions", "apps" ] 1047 resources: 1048 - deployments 1049 verbs: [ "list", "watch" ] 1050 1051 - apiGroups: [ "" ] 1052 resources: 1053 - endpoints 1054 verbs: [ "list", "watch" ] 1055 1056 - apiGroups: [ "autoscaling" ] 1057 resources: 1058 - horizontalpodautoscalers 1059 verbs: [ "list", "watch" ] 1060 1061 - apiGroups: [ "extensions", "networking.k8s.io" ] 1062 resources: 1063 - ingresses 1064 verbs: [ "list", "watch" ] 1065 1066 - apiGroups: [ "batch" ] 1067 resources: 1068 - jobs 1069 verbs: [ "list", "watch" ] 1070 1071 - apiGroups: [ "" ] 1072 resources: 1073 - limitranges 1074 verbs: [ "list", "watch" ] 1075 1076 - apiGroups: [ "admissionregistration.k8s.io" ] 1077 resources: 1078 - mutatingwebhookconfigurations 1079 verbs: [ "list", "watch" ] 1080 1081 - apiGroups: [ "" ] 1082 resources: 1083 - namespaces 1084 verbs: [ "list", "watch" ] 1085 1086 - apiGroups: [ "networking.k8s.io" ] 1087 resources: 1088 - networkpolicies 1089 verbs: [ "list", "watch" ] 1090 1091 - apiGroups: [ "" ] 1092 resources: 1093 - nodes 1094 verbs: [ "list", "watch" ] 1095 1096 - apiGroups: [ "" ] 1097 resources: 1098 - persistentvolumeclaims 1099 verbs: [ "list", "watch" ] 1100 1101 - apiGroups: [ "" ] 1102 resources: 1103 - persistentvolumes 1104 verbs: [ "list", "watch" ] 1105 1106 - apiGroups: [ "policy" ] 1107 resources: 1108 - poddisruptionbudgets 1109 verbs: [ "list", "watch" ] 1110 1111 - apiGroups: [ "" ] 1112 resources: 1113 - pods 1114 verbs: [ "list", "watch" ] 1115 1116 - apiGroups: [ "extensions", "apps" ] 1117 resources: 1118 - replicasets 1119 verbs: [ "list", "watch" ] 1120 1121 - apiGroups: [ "" ] 1122 resources: 1123 - replicationcontrollers 1124 verbs: [ "list", "watch" ] 1125 1126 - apiGroups: [ "" ] 1127 resources: 1128 - resourcequotas 1129 verbs: [ "list", "watch" ] 1130 1131 - apiGroups: [ "" ] 1132 resources: 1133 - secrets 1134 verbs: [ "list", "watch" ] 1135 1136 - apiGroups: [ "" ] 1137 resources: 1138 - services 1139 verbs: [ "list", "watch" ] 1140 1141 - apiGroups: [ "apps" ] 1142 resources: 1143 - statefulsets 1144 verbs: [ "list", "watch" ] 1145 1146 - apiGroups: [ "storage.k8s.io" ] 1147 resources: 1148 - storageclasses 1149 verbs: [ "list", "watch" ] 1150 1151 - apiGroups: [ "admissionregistration.k8s.io" ] 1152 resources: 1153 - validatingwebhookconfigurations 1154 verbs: [ "list", "watch" ] 1155 1156 - apiGroups: [ "storage.k8s.io" ] 1157 resources: 1158 - volumeattachments 1159 verbs: [ "list", "watch" ] 1160 --- 1161 # Source: loki-stack/charts/prometheus/templates/alertmanager/clusterrole.yaml 1162 apiVersion: rbac.authorization.k8s.io/v1 1163 kind: ClusterRole 1164 metadata: 1165 labels: 1166 component: "alertmanager" 1167 app: prometheus 1168 release: loki 1169 chart: prometheus-11.16.9 1170 1171 name: loki-prometheus-alertmanager 1172 rules: 1173 [ ] 1174 --- 1175 # Source: loki-stack/charts/prometheus/templates/pushgateway/clusterrole.yaml 1176 apiVersion: rbac.authorization.k8s.io/v1 1177 kind: ClusterRole 1178 metadata: 1179 labels: 1180 component: "pushgateway" 1181 app: prometheus 1182 release: loki 1183 chart: prometheus-11.16.9 1184 1185 name: loki-prometheus-pushgateway 1186 rules: 1187 [ ] 1188 --- 1189 # Source: loki-stack/charts/prometheus/templates/server/clusterrole.yaml 1190 apiVersion: rbac.authorization.k8s.io/v1 1191 kind: ClusterRole 1192 metadata: 1193 labels: 1194 component: "server" 1195 app: prometheus 1196 release: loki 1197 chart: prometheus-11.16.9 1198 1199 name: loki-prometheus-server 1200 rules: 1201 - apiGroups: 1202 - "" 1203 resources: 1204 - nodes 1205 - nodes/proxy 1206 - nodes/metrics 1207 - services 1208 - endpoints 1209 - pods 1210 - ingresses 1211 - configmaps 1212 verbs: 1213 - get 1214 - list 1215 - watch 1216 - apiGroups: 1217 - "extensions" 1218 - "networking.k8s.io" 1219 resources: 1220 - ingresses/status 1221 - ingresses 1222 verbs: 1223 - get 1224 - list 1225 - watch 1226 - nonResourceURLs: 1227 - "/metrics" 1228 verbs: 1229 - get 1230 --- 1231 # Source: loki-stack/charts/promtail/templates/clusterrole.yaml 1232 kind: ClusterRole 1233 apiVersion: rbac.authorization.k8s.io/v1 1234 metadata: 1235 labels: 1236 app: promtail 1237 chart: promtail-2.2.0 1238 release: loki 1239 1240 name: loki-promtail-clusterrole 1241 rules: 1242 - apiGroups: [ "" ] # "" indicates the core API group 1243 resources: 1244 - nodes 1245 - nodes/proxy 1246 - services 1247 - endpoints 1248 - pods 1249 verbs: [ "get", "watch", "list" ] 1250 --- 1251 # Source: loki-stack/charts/grafana/templates/clusterrolebinding.yaml 1252 kind: ClusterRoleBinding 1253 apiVersion: rbac.authorization.k8s.io/v1 1254 metadata: 1255 name: loki-grafana-clusterrolebinding 1256 labels: 1257 helm.sh/chart: grafana-5.7.10 1258 app.kubernetes.io/name: grafana 1259 app.kubernetes.io/instance: loki 1260 app.kubernetes.io/version: "7.5.0" 1261 1262 subjects: 1263 - kind: ServiceAccount 1264 name: loki-grafana 1265 namespace: promtail-loki-stack-system 1266 roleRef: 1267 kind: ClusterRole 1268 name: loki-grafana-clusterrole 1269 apiGroup: rbac.authorization.k8s.io 1270 --- 1271 # Source: loki-stack/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml 1272 apiVersion: rbac.authorization.k8s.io/v1 1273 kind: ClusterRoleBinding 1274 metadata: 1275 labels: 1276 app.kubernetes.io/name: kube-state-metrics 1277 helm.sh/chart: kube-state-metrics-2.8.14 1278 app.kubernetes.io/instance: loki 1279 name: loki-kube-state-metrics 1280 roleRef: 1281 apiGroup: rbac.authorization.k8s.io 1282 kind: ClusterRole 1283 name: loki-kube-state-metrics 1284 subjects: 1285 - kind: ServiceAccount 1286 name: loki-kube-state-metrics 1287 namespace: promtail-loki-stack-system 1288 --- 1289 # Source: loki-stack/charts/prometheus/templates/alertmanager/clusterrolebinding.yaml 1290 apiVersion: rbac.authorization.k8s.io/v1 1291 kind: ClusterRoleBinding 1292 metadata: 1293 labels: 1294 component: "alertmanager" 1295 app: prometheus 1296 release: loki 1297 chart: prometheus-11.16.9 1298 1299 name: loki-prometheus-alertmanager 1300 subjects: 1301 - kind: ServiceAccount 1302 name: loki-prometheus-alertmanager 1303 namespace: promtail-loki-stack-system 1304 roleRef: 1305 apiGroup: rbac.authorization.k8s.io 1306 kind: ClusterRole 1307 name: loki-prometheus-alertmanager 1308 --- 1309 # Source: loki-stack/charts/prometheus/templates/pushgateway/clusterrolebinding.yaml 1310 apiVersion: rbac.authorization.k8s.io/v1 1311 kind: ClusterRoleBinding 1312 metadata: 1313 labels: 1314 component: "pushgateway" 1315 app: prometheus 1316 release: loki 1317 chart: prometheus-11.16.9 1318 1319 name: loki-prometheus-pushgateway 1320 subjects: 1321 - kind: ServiceAccount 1322 name: loki-prometheus-pushgateway 1323 namespace: promtail-loki-stack-system 1324 roleRef: 1325 apiGroup: rbac.authorization.k8s.io 1326 kind: ClusterRole 1327 name: loki-prometheus-pushgateway 1328 --- 1329 # Source: loki-stack/charts/prometheus/templates/server/clusterrolebinding.yaml 1330 apiVersion: rbac.authorization.k8s.io/v1 1331 kind: ClusterRoleBinding 1332 metadata: 1333 labels: 1334 component: "server" 1335 app: prometheus 1336 release: loki 1337 chart: prometheus-11.16.9 1338 1339 name: loki-prometheus-server 1340 subjects: 1341 - kind: ServiceAccount 1342 name: loki-prometheus-server 1343 namespace: promtail-loki-stack-system 1344 roleRef: 1345 apiGroup: rbac.authorization.k8s.io 1346 kind: ClusterRole 1347 name: loki-prometheus-server 1348 --- 1349 # Source: loki-stack/charts/promtail/templates/clusterrolebinding.yaml 1350 kind: ClusterRoleBinding 1351 apiVersion: rbac.authorization.k8s.io/v1 1352 metadata: 1353 name: loki-promtail-clusterrolebinding 1354 labels: 1355 app: promtail 1356 chart: promtail-2.2.0 1357 release: loki 1358 1359 subjects: 1360 - kind: ServiceAccount 1361 name: loki-promtail 1362 namespace: promtail-loki-stack-system 1363 roleRef: 1364 kind: ClusterRole 1365 name: loki-promtail-clusterrole 1366 apiGroup: rbac.authorization.k8s.io 1367 --- 1368 # Source: loki-stack/charts/grafana/templates/role.yaml 1369 apiVersion: rbac.authorization.k8s.io/v1 1370 kind: Role 1371 metadata: 1372 name: loki-grafana 1373 namespace: promtail-loki-stack-system 1374 labels: 1375 helm.sh/chart: grafana-5.7.10 1376 app.kubernetes.io/name: grafana 1377 app.kubernetes.io/instance: loki 1378 app.kubernetes.io/version: "7.5.0" 1379 1380 rules: 1381 - apiGroups: [ 'extensions' ] 1382 resources: [ 'podsecuritypolicies' ] 1383 verbs: [ 'use' ] 1384 resourceNames: [ loki-grafana ] 1385 --- 1386 # Source: loki-stack/charts/grafana/templates/tests/test-role.yaml 1387 apiVersion: rbac.authorization.k8s.io/v1 1388 kind: Role 1389 metadata: 1390 name: loki-grafana-test 1391 namespace: promtail-loki-stack-system 1392 labels: 1393 helm.sh/chart: grafana-5.7.10 1394 app.kubernetes.io/name: grafana 1395 app.kubernetes.io/instance: loki 1396 app.kubernetes.io/version: "7.5.0" 1397 1398 rules: 1399 - apiGroups: [ 'policy' ] 1400 resources: [ 'podsecuritypolicies' ] 1401 verbs: [ 'use' ] 1402 resourceNames: [ loki-grafana-test ] 1403 --- 1404 # Source: loki-stack/charts/loki/templates/role.yaml 1405 apiVersion: rbac.authorization.k8s.io/v1 1406 kind: Role 1407 metadata: 1408 name: loki 1409 namespace: promtail-loki-stack-system 1410 labels: 1411 app: loki 1412 chart: loki-2.5.0 1413 1414 release: loki 1415 rules: 1416 - apiGroups: [ 'extensions' ] 1417 resources: [ 'podsecuritypolicies' ] 1418 verbs: [ 'use' ] 1419 resourceNames: [ loki ] 1420 --- 1421 # Source: loki-stack/charts/promtail/templates/role.yaml 1422 apiVersion: rbac.authorization.k8s.io/v1 1423 kind: Role 1424 metadata: 1425 name: loki-promtail 1426 namespace: promtail-loki-stack-system 1427 labels: 1428 app: promtail 1429 chart: promtail-2.2.0 1430 1431 release: loki 1432 rules: 1433 - apiGroups: [ 'extensions' ] 1434 resources: [ 'podsecuritypolicies' ] 1435 verbs: [ 'use' ] 1436 resourceNames: [ loki-promtail ] 1437 --- 1438 # Source: loki-stack/charts/grafana/templates/rolebinding.yaml 1439 apiVersion: rbac.authorization.k8s.io/v1 1440 kind: RoleBinding 1441 metadata: 1442 name: loki-grafana 1443 namespace: promtail-loki-stack-system 1444 labels: 1445 helm.sh/chart: grafana-5.7.10 1446 app.kubernetes.io/name: grafana 1447 app.kubernetes.io/instance: loki 1448 app.kubernetes.io/version: "7.5.0" 1449 1450 roleRef: 1451 apiGroup: rbac.authorization.k8s.io 1452 kind: Role 1453 name: loki-grafana 1454 subjects: 1455 - kind: ServiceAccount 1456 name: loki-grafana 1457 namespace: promtail-loki-stack-system 1458 --- 1459 # Source: loki-stack/charts/grafana/templates/tests/test-rolebinding.yaml 1460 apiVersion: rbac.authorization.k8s.io/v1 1461 kind: RoleBinding 1462 metadata: 1463 name: loki-grafana-test 1464 namespace: promtail-loki-stack-system 1465 labels: 1466 helm.sh/chart: grafana-5.7.10 1467 app.kubernetes.io/name: grafana 1468 app.kubernetes.io/instance: loki 1469 app.kubernetes.io/version: "7.5.0" 1470 1471 roleRef: 1472 apiGroup: rbac.authorization.k8s.io 1473 kind: Role 1474 name: loki-grafana-test 1475 subjects: 1476 - kind: ServiceAccount 1477 name: loki-grafana-test 1478 namespace: promtail-loki-stack-system 1479 --- 1480 # Source: loki-stack/charts/loki/templates/rolebinding.yaml 1481 apiVersion: rbac.authorization.k8s.io/v1 1482 kind: RoleBinding 1483 metadata: 1484 name: loki 1485 namespace: promtail-loki-stack-system 1486 labels: 1487 app: loki 1488 chart: loki-2.5.0 1489 1490 release: loki 1491 roleRef: 1492 apiGroup: rbac.authorization.k8s.io 1493 kind: Role 1494 name: loki 1495 subjects: 1496 - kind: ServiceAccount 1497 name: loki 1498 --- 1499 # Source: loki-stack/charts/promtail/templates/rolebinding.yaml 1500 apiVersion: rbac.authorization.k8s.io/v1 1501 kind: RoleBinding 1502 metadata: 1503 name: loki-promtail 1504 namespace: promtail-loki-stack-system 1505 labels: 1506 app: promtail 1507 chart: promtail-2.2.0 1508 1509 release: loki 1510 roleRef: 1511 apiGroup: rbac.authorization.k8s.io 1512 kind: Role 1513 name: loki-promtail 1514 subjects: 1515 - kind: ServiceAccount 1516 name: loki-promtail 1517 --- 1518 # Source: loki-stack/charts/grafana/templates/service.yaml 1519 apiVersion: v1 1520 kind: Service 1521 metadata: 1522 name: loki-grafana 1523 namespace: promtail-loki-stack-system 1524 labels: 1525 helm.sh/chart: grafana-5.7.10 1526 app.kubernetes.io/name: grafana 1527 app.kubernetes.io/instance: loki 1528 app.kubernetes.io/version: "7.5.0" 1529 1530 spec: 1531 type: ClusterIP 1532 ports: 1533 - name: service 1534 port: 80 1535 protocol: TCP 1536 targetPort: 3000 1537 1538 selector: 1539 app.kubernetes.io/name: grafana 1540 app.kubernetes.io/instance: loki 1541 --- 1542 # Source: loki-stack/charts/loki/templates/service-headless.yaml 1543 apiVersion: v1 1544 kind: Service 1545 metadata: 1546 name: loki-headless 1547 namespace: promtail-loki-stack-system 1548 labels: 1549 app: loki 1550 chart: loki-2.5.0 1551 release: loki 1552 1553 variant: headless 1554 spec: 1555 clusterIP: None 1556 ports: 1557 - port: 3100 1558 protocol: TCP 1559 name: http-metrics 1560 targetPort: http-metrics 1561 selector: 1562 app: loki 1563 release: loki 1564 --- 1565 # Source: loki-stack/charts/loki/templates/service.yaml 1566 apiVersion: v1 1567 kind: Service 1568 metadata: 1569 name: loki 1570 namespace: promtail-loki-stack-system 1571 labels: 1572 app: loki 1573 chart: loki-2.5.0 1574 release: loki 1575 1576 annotations: 1577 { } 1578 spec: 1579 type: ClusterIP 1580 ports: 1581 - port: 3100 1582 protocol: TCP 1583 name: http-metrics 1584 targetPort: http-metrics 1585 selector: 1586 app: loki 1587 release: loki 1588 --- 1589 # Source: loki-stack/charts/prometheus/charts/kube-state-metrics/templates/service.yaml 1590 apiVersion: v1 1591 kind: Service 1592 metadata: 1593 name: loki-kube-state-metrics 1594 namespace: promtail-loki-stack-system 1595 labels: 1596 app.kubernetes.io/name: kube-state-metrics 1597 helm.sh/chart: "kube-state-metrics-2.8.14" 1598 app.kubernetes.io/instance: "loki" 1599 app.kubernetes.io/managed-by: "Helm" 1600 annotations: 1601 prometheus.io/scrape: 'true' 1602 spec: 1603 type: "ClusterIP" 1604 ports: 1605 - name: "http" 1606 protocol: TCP 1607 port: 8080 1608 targetPort: 8080 1609 selector: 1610 app.kubernetes.io/name: kube-state-metrics 1611 app.kubernetes.io/instance: loki 1612 --- 1613 # Source: loki-stack/charts/prometheus/templates/alertmanager/service.yaml 1614 apiVersion: v1 1615 kind: Service 1616 metadata: 1617 labels: 1618 component: "alertmanager" 1619 app: prometheus 1620 release: loki 1621 chart: prometheus-11.16.9 1622 1623 name: loki-prometheus-alertmanager 1624 namespace: promtail-loki-stack-system 1625 spec: 1626 ports: 1627 - name: http 1628 port: 80 1629 protocol: TCP 1630 targetPort: 9093 1631 selector: 1632 component: "alertmanager" 1633 app: prometheus 1634 release: loki 1635 sessionAffinity: None 1636 type: "ClusterIP" 1637 --- 1638 # Source: loki-stack/charts/prometheus/templates/node-exporter/svc.yaml 1639 apiVersion: v1 1640 kind: Service 1641 metadata: 1642 annotations: 1643 prometheus.io/scrape: "true" 1644 labels: 1645 component: "node-exporter" 1646 app: prometheus 1647 release: loki 1648 chart: prometheus-11.16.9 1649 1650 name: loki-prometheus-node-exporter 1651 namespace: promtail-loki-stack-system 1652 spec: 1653 clusterIP: None 1654 ports: 1655 - name: metrics 1656 port: 9100 1657 protocol: TCP 1658 targetPort: 9100 1659 selector: 1660 component: "node-exporter" 1661 app: prometheus 1662 release: loki 1663 type: "ClusterIP" 1664 --- 1665 # Source: loki-stack/charts/prometheus/templates/pushgateway/service.yaml 1666 apiVersion: v1 1667 kind: Service 1668 metadata: 1669 annotations: 1670 prometheus.io/probe: pushgateway 1671 labels: 1672 component: "pushgateway" 1673 app: prometheus 1674 release: loki 1675 chart: prometheus-11.16.9 1676 1677 name: loki-prometheus-pushgateway 1678 namespace: promtail-loki-stack-system 1679 spec: 1680 ports: 1681 - name: http 1682 port: 9091 1683 protocol: TCP 1684 targetPort: 9091 1685 selector: 1686 component: "pushgateway" 1687 app: prometheus 1688 release: loki 1689 type: "ClusterIP" 1690 --- 1691 # Source: loki-stack/charts/prometheus/templates/server/service.yaml 1692 apiVersion: v1 1693 kind: Service 1694 metadata: 1695 labels: 1696 component: "server" 1697 app: prometheus 1698 release: loki 1699 chart: prometheus-11.16.9 1700 1701 name: loki-prometheus-server 1702 namespace: promtail-loki-stack-system 1703 spec: 1704 ports: 1705 - name: http 1706 port: 80 1707 protocol: TCP 1708 targetPort: 9090 1709 selector: 1710 component: "server" 1711 app: prometheus 1712 release: loki 1713 sessionAffinity: None 1714 type: "ClusterIP" 1715 --- 1716 # Source: loki-stack/charts/prometheus/templates/node-exporter/daemonset.yaml 1717 apiVersion: apps/v1 1718 kind: DaemonSet 1719 metadata: 1720 labels: 1721 component: "node-exporter" 1722 app: prometheus 1723 release: loki 1724 chart: prometheus-11.16.9 1725 1726 name: loki-prometheus-node-exporter 1727 namespace: promtail-loki-stack-system 1728 spec: 1729 selector: 1730 matchLabels: 1731 component: "node-exporter" 1732 app: prometheus 1733 release: loki 1734 updateStrategy: 1735 type: RollingUpdate 1736 template: 1737 metadata: 1738 labels: 1739 component: "node-exporter" 1740 app: prometheus 1741 release: loki 1742 chart: prometheus-11.16.9 1743 1744 spec: 1745 serviceAccountName: loki-prometheus-node-exporter 1746 containers: 1747 - name: prometheus-node-exporter 1748 image: "prom/node-exporter:v1.0.1" 1749 imagePullPolicy: "IfNotPresent" 1750 args: 1751 - --path.procfs=/host/proc 1752 - --path.sysfs=/host/sys 1753 - --web.listen-address=:9100 1754 ports: 1755 - name: metrics 1756 containerPort: 9100 1757 hostPort: 9100 1758 resources: 1759 { } 1760 volumeMounts: 1761 - name: proc 1762 mountPath: /host/proc 1763 readOnly: true 1764 - name: sys 1765 mountPath: /host/sys 1766 readOnly: true 1767 hostNetwork: true 1768 hostPID: true 1769 volumes: 1770 - name: proc 1771 hostPath: 1772 path: /proc 1773 - name: sys 1774 hostPath: 1775 path: /sys 1776 --- 1777 # Source: loki-stack/charts/promtail/templates/daemonset.yaml 1778 apiVersion: apps/v1 1779 kind: DaemonSet 1780 metadata: 1781 name: loki-promtail 1782 namespace: promtail-loki-stack-system 1783 labels: 1784 app: promtail 1785 chart: promtail-2.2.0 1786 release: loki 1787 1788 annotations: 1789 { } 1790 spec: 1791 selector: 1792 matchLabels: 1793 app: promtail 1794 release: loki 1795 updateStrategy: 1796 { } 1797 template: 1798 metadata: 1799 labels: 1800 app: promtail 1801 release: loki 1802 annotations: 1803 checksum/config: ad21432dd2ad6c66e7d2c829818738179faa22e4a92fe3ec22b8d997cbd54be5 1804 prometheus.io/port: http-metrics 1805 prometheus.io/scrape: "true" 1806 spec: 1807 serviceAccountName: loki-promtail 1808 containers: 1809 - name: promtail 1810 image: "grafana/promtail:2.1.0" 1811 imagePullPolicy: IfNotPresent 1812 args: 1813 - "-config.file=/etc/promtail/promtail.yaml" 1814 - "-client.url=http://loki:3100/loki/api/v1/push" 1815 volumeMounts: 1816 - name: config 1817 mountPath: /etc/promtail 1818 - name: run 1819 mountPath: /run/promtail 1820 - mountPath: /var/lib/docker/containers 1821 name: docker 1822 readOnly: true 1823 - mountPath: /var/log/pods 1824 name: pods 1825 readOnly: true 1826 env: 1827 - name: HOSTNAME 1828 valueFrom: 1829 fieldRef: 1830 fieldPath: spec.nodeName 1831 ports: 1832 - containerPort: 3101 1833 name: http-metrics 1834 securityContext: 1835 readOnlyRootFilesystem: true 1836 runAsGroup: 0 1837 runAsUser: 0 1838 readinessProbe: 1839 failureThreshold: 5 1840 httpGet: 1841 path: /ready 1842 port: http-metrics 1843 initialDelaySeconds: 10 1844 periodSeconds: 10 1845 successThreshold: 1 1846 timeoutSeconds: 1 1847 resources: 1848 { } 1849 nodeSelector: 1850 { } 1851 affinity: 1852 { } 1853 tolerations: 1854 - effect: NoSchedule 1855 key: node-role.kubernetes.io/master 1856 operator: Exists 1857 volumes: 1858 - name: config 1859 configMap: 1860 name: loki-promtail 1861 - name: run 1862 hostPath: 1863 path: /run/promtail 1864 - hostPath: 1865 path: /var/lib/docker/containers 1866 name: docker 1867 - hostPath: 1868 path: /var/log/pods 1869 name: pods 1870 --- 1871 # Source: loki-stack/charts/grafana/templates/deployment.yaml 1872 apiVersion: apps/v1 1873 kind: Deployment 1874 metadata: 1875 name: loki-grafana 1876 namespace: promtail-loki-stack-system 1877 labels: 1878 helm.sh/chart: grafana-5.7.10 1879 app.kubernetes.io/name: grafana 1880 app.kubernetes.io/instance: loki 1881 app.kubernetes.io/version: "7.5.0" 1882 1883 spec: 1884 replicas: 1 1885 revisionHistoryLimit: 10 1886 selector: 1887 matchLabels: 1888 app.kubernetes.io/name: grafana 1889 app.kubernetes.io/instance: loki 1890 strategy: 1891 type: RollingUpdate 1892 template: 1893 metadata: 1894 labels: 1895 app.kubernetes.io/name: grafana 1896 app.kubernetes.io/instance: loki 1897 annotations: 1898 checksum/config: ab12cdbec5d9a2639ccfac833b1d93f19d6082447aded0831b41a9ce9fe4684d 1899 checksum/dashboards-json-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b 1900 checksum/sc-dashboard-provider-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b 1901 checksum/secret: 190c9744a1594e19fa8cffae90bcfbaf3c64d967ceca3b1f04de68cc915b0484 1902 spec: 1903 1904 serviceAccountName: loki-grafana 1905 securityContext: 1906 fsGroup: 472 1907 runAsGroup: 472 1908 runAsUser: 472 1909 initContainers: 1910 - name: grafana-sc-datasources 1911 image: "kiwigrid/k8s-sidecar:0.1.209" 1912 imagePullPolicy: IfNotPresent 1913 env: 1914 - name: METHOD 1915 value: LIST 1916 - name: LABEL 1917 value: "grafana_datasource" 1918 - name: FOLDER 1919 value: "/etc/grafana/provisioning/datasources" 1920 - name: RESOURCE 1921 value: "both" 1922 resources: 1923 { } 1924 volumeMounts: 1925 - name: sc-datasources-volume 1926 mountPath: "/etc/grafana/provisioning/datasources" 1927 containers: 1928 - name: grafana 1929 image: "grafana/grafana:7.5.0" 1930 imagePullPolicy: IfNotPresent 1931 volumeMounts: 1932 - name: config 1933 mountPath: "/etc/grafana/grafana.ini" 1934 subPath: grafana.ini 1935 - name: storage 1936 mountPath: "/var/lib/grafana" 1937 - name: sc-datasources-volume 1938 mountPath: "/etc/grafana/provisioning/datasources" 1939 ports: 1940 - name: service 1941 containerPort: 80 1942 protocol: TCP 1943 - name: grafana 1944 containerPort: 3000 1945 protocol: TCP 1946 env: 1947 - name: GF_SECURITY_ADMIN_USER 1948 valueFrom: 1949 secretKeyRef: 1950 name: loki-grafana 1951 key: admin-user 1952 - name: GF_SECURITY_ADMIN_PASSWORD 1953 valueFrom: 1954 secretKeyRef: 1955 name: loki-grafana 1956 key: admin-password 1957 1958 livenessProbe: 1959 failureThreshold: 10 1960 httpGet: 1961 path: /api/health 1962 port: 3000 1963 initialDelaySeconds: 60 1964 timeoutSeconds: 30 1965 readinessProbe: 1966 httpGet: 1967 path: /api/health 1968 port: 3000 1969 resources: 1970 { } 1971 volumes: 1972 - name: config 1973 configMap: 1974 name: loki-grafana 1975 - name: storage 1976 emptyDir: { } 1977 - name: sc-datasources-volume 1978 emptyDir: { } 1979 --- 1980 # Source: loki-stack/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml 1981 apiVersion: apps/v1 1982 kind: Deployment 1983 metadata: 1984 name: loki-kube-state-metrics 1985 namespace: promtail-loki-stack-system 1986 labels: 1987 app.kubernetes.io/name: kube-state-metrics 1988 helm.sh/chart: "kube-state-metrics-2.8.14" 1989 app.kubernetes.io/instance: "loki" 1990 app.kubernetes.io/managed-by: "Helm" 1991 spec: 1992 selector: 1993 matchLabels: 1994 app.kubernetes.io/name: kube-state-metrics 1995 replicas: 1 1996 template: 1997 metadata: 1998 labels: 1999 app.kubernetes.io/name: kube-state-metrics 2000 app.kubernetes.io/instance: "loki" 2001 spec: 2002 hostNetwork: false 2003 serviceAccountName: loki-kube-state-metrics 2004 securityContext: 2005 fsGroup: 65534 2006 runAsGroup: 65534 2007 runAsUser: 65534 2008 containers: 2009 - name: kube-state-metrics 2010 args: 2011 - --collectors=certificatesigningrequests 2012 - --collectors=configmaps 2013 - --collectors=cronjobs 2014 - --collectors=daemonsets 2015 - --collectors=deployments 2016 - --collectors=endpoints 2017 - --collectors=horizontalpodautoscalers 2018 - --collectors=ingresses 2019 - --collectors=jobs 2020 - --collectors=limitranges 2021 - --collectors=mutatingwebhookconfigurations 2022 - --collectors=namespaces 2023 - --collectors=networkpolicies 2024 - --collectors=nodes 2025 - --collectors=persistentvolumeclaims 2026 - --collectors=persistentvolumes 2027 - --collectors=poddisruptionbudgets 2028 - --collectors=pods 2029 - --collectors=replicasets 2030 - --collectors=replicationcontrollers 2031 - --collectors=resourcequotas 2032 - --collectors=secrets 2033 - --collectors=services 2034 - --collectors=statefulsets 2035 - --collectors=storageclasses 2036 - --collectors=validatingwebhookconfigurations 2037 - --collectors=volumeattachments 2038 imagePullPolicy: IfNotPresent 2039 image: "quay.io/coreos/kube-state-metrics:v1.9.7" 2040 ports: 2041 - containerPort: 8080 2042 livenessProbe: 2043 httpGet: 2044 path: /healthz 2045 port: 8080 2046 initialDelaySeconds: 5 2047 timeoutSeconds: 5 2048 readinessProbe: 2049 httpGet: 2050 path: / 2051 port: 8080 2052 initialDelaySeconds: 5 2053 timeoutSeconds: 5 2054 --- 2055 # Source: loki-stack/charts/prometheus/templates/alertmanager/deploy.yaml 2056 apiVersion: apps/v1 2057 kind: Deployment 2058 metadata: 2059 labels: 2060 component: "alertmanager" 2061 app: prometheus 2062 release: loki 2063 chart: prometheus-11.16.9 2064 2065 name: loki-prometheus-alertmanager 2066 namespace: promtail-loki-stack-system 2067 spec: 2068 selector: 2069 matchLabels: 2070 component: "alertmanager" 2071 app: prometheus 2072 release: loki 2073 replicas: 1 2074 template: 2075 metadata: 2076 labels: 2077 component: "alertmanager" 2078 app: prometheus 2079 release: loki 2080 chart: prometheus-11.16.9 2081 2082 spec: 2083 serviceAccountName: loki-prometheus-alertmanager 2084 containers: 2085 - name: prometheus-alertmanager 2086 image: "prom/alertmanager:v0.21.0" 2087 imagePullPolicy: "IfNotPresent" 2088 env: 2089 - name: POD_IP 2090 valueFrom: 2091 fieldRef: 2092 apiVersion: v1 2093 fieldPath: status.podIP 2094 args: 2095 - --config.file=/etc/config/alertmanager.yml 2096 - --storage.path=/data 2097 - --cluster.advertise-address=$(POD_IP):6783 2098 - --web.external-url=http://localhost:9093 2099 2100 ports: 2101 - containerPort: 9093 2102 readinessProbe: 2103 httpGet: 2104 path: /-/ready 2105 port: 9093 2106 initialDelaySeconds: 30 2107 timeoutSeconds: 30 2108 resources: 2109 { } 2110 volumeMounts: 2111 - name: config-volume 2112 mountPath: /etc/config 2113 - name: storage-volume 2114 mountPath: "/data" 2115 subPath: "" 2116 - name: prometheus-alertmanager-configmap-reload 2117 image: "jimmidyson/configmap-reload:v0.4.0" 2118 imagePullPolicy: "IfNotPresent" 2119 args: 2120 - --volume-dir=/etc/config 2121 - --webhook-url=http://127.0.0.1:9093/-/reload 2122 resources: 2123 { } 2124 volumeMounts: 2125 - name: config-volume 2126 mountPath: /etc/config 2127 readOnly: true 2128 securityContext: 2129 fsGroup: 65534 2130 runAsGroup: 65534 2131 runAsNonRoot: true 2132 runAsUser: 65534 2133 volumes: 2134 - name: config-volume 2135 configMap: 2136 name: loki-prometheus-alertmanager 2137 - name: storage-volume 2138 emptyDir: 2139 { } 2140 --- 2141 # Source: loki-stack/charts/prometheus/templates/pushgateway/deploy.yaml 2142 apiVersion: apps/v1 2143 kind: Deployment 2144 metadata: 2145 labels: 2146 component: "pushgateway" 2147 app: prometheus 2148 release: loki 2149 chart: prometheus-11.16.9 2150 2151 name: loki-prometheus-pushgateway 2152 namespace: promtail-loki-stack-system 2153 spec: 2154 selector: 2155 matchLabels: 2156 component: "pushgateway" 2157 app: prometheus 2158 release: loki 2159 replicas: 1 2160 template: 2161 metadata: 2162 labels: 2163 component: "pushgateway" 2164 app: prometheus 2165 release: loki 2166 chart: prometheus-11.16.9 2167 2168 spec: 2169 serviceAccountName: loki-prometheus-pushgateway 2170 containers: 2171 - name: prometheus-pushgateway 2172 image: "prom/pushgateway:v1.2.0" 2173 imagePullPolicy: "IfNotPresent" 2174 ports: 2175 - containerPort: 9091 2176 livenessProbe: 2177 httpGet: 2178 path: /-/healthy 2179 port: 9091 2180 initialDelaySeconds: 10 2181 timeoutSeconds: 10 2182 readinessProbe: 2183 httpGet: 2184 path: /-/ready 2185 port: 9091 2186 initialDelaySeconds: 10 2187 timeoutSeconds: 10 2188 resources: 2189 { } 2190 securityContext: 2191 runAsNonRoot: true 2192 runAsUser: 65534 2193 --- 2194 # Source: loki-stack/charts/prometheus/templates/server/deploy.yaml 2195 apiVersion: apps/v1 2196 kind: Deployment 2197 metadata: 2198 labels: 2199 component: "server" 2200 app: prometheus 2201 release: loki 2202 chart: prometheus-11.16.9 2203 2204 name: loki-prometheus-server 2205 namespace: promtail-loki-stack-system 2206 spec: 2207 selector: 2208 matchLabels: 2209 component: "server" 2210 app: prometheus 2211 release: loki 2212 replicas: 1 2213 template: 2214 metadata: 2215 labels: 2216 component: "server" 2217 app: prometheus 2218 release: loki 2219 chart: prometheus-11.16.9 2220 2221 spec: 2222 serviceAccountName: loki-prometheus-server 2223 containers: 2224 - name: prometheus-server-configmap-reload 2225 image: "jimmidyson/configmap-reload:v0.4.0" 2226 imagePullPolicy: "IfNotPresent" 2227 args: 2228 - --volume-dir=/etc/config 2229 - --webhook-url=http://127.0.0.1:9090/-/reload 2230 resources: 2231 { } 2232 volumeMounts: 2233 - name: config-volume 2234 mountPath: /etc/config 2235 readOnly: true 2236 2237 - name: prometheus-server 2238 image: "prom/prometheus:v2.21.0" 2239 imagePullPolicy: "IfNotPresent" 2240 args: 2241 - --storage.tsdb.retention.time=15d 2242 - --config.file=/etc/config/prometheus.yml 2243 - --storage.tsdb.path=/data 2244 - --web.console.libraries=/etc/prometheus/console_libraries 2245 - --web.console.templates=/etc/prometheus/consoles 2246 - --web.enable-lifecycle 2247 ports: 2248 - containerPort: 9090 2249 readinessProbe: 2250 httpGet: 2251 path: /-/ready 2252 port: 9090 2253 initialDelaySeconds: 30 2254 periodSeconds: 5 2255 timeoutSeconds: 30 2256 failureThreshold: 3 2257 successThreshold: 1 2258 livenessProbe: 2259 httpGet: 2260 path: /-/healthy 2261 port: 9090 2262 initialDelaySeconds: 30 2263 periodSeconds: 15 2264 timeoutSeconds: 30 2265 failureThreshold: 3 2266 successThreshold: 1 2267 resources: 2268 { } 2269 volumeMounts: 2270 - name: config-volume 2271 mountPath: /etc/config 2272 - name: storage-volume 2273 mountPath: /data 2274 subPath: "" 2275 securityContext: 2276 fsGroup: 65534 2277 runAsGroup: 65534 2278 runAsNonRoot: true 2279 runAsUser: 65534 2280 terminationGracePeriodSeconds: 300 2281 volumes: 2282 - name: config-volume 2283 configMap: 2284 name: loki-prometheus-server 2285 - name: storage-volume 2286 emptyDir: 2287 { } 2288 --- 2289 # Source: loki-stack/charts/loki/templates/statefulset.yaml 2290 apiVersion: apps/v1 2291 kind: StatefulSet 2292 metadata: 2293 name: loki 2294 namespace: promtail-loki-stack-system 2295 labels: 2296 app: loki 2297 chart: loki-2.5.0 2298 release: loki 2299 2300 annotations: 2301 { } 2302 spec: 2303 podManagementPolicy: OrderedReady 2304 replicas: 1 2305 selector: 2306 matchLabels: 2307 app: loki 2308 release: loki 2309 serviceName: loki-headless 2310 updateStrategy: 2311 type: RollingUpdate 2312 template: 2313 metadata: 2314 labels: 2315 app: loki 2316 name: loki 2317 release: loki 2318 annotations: 2319 checksum/config: 00d4c165659a863ee06faa51a95cc74278ec32a9d6fca17e24619afc6258c064 2320 prometheus.io/port: http-metrics 2321 prometheus.io/scrape: "true" 2322 spec: 2323 serviceAccountName: loki 2324 securityContext: 2325 fsGroup: 10001 2326 runAsGroup: 10001 2327 runAsNonRoot: true 2328 runAsUser: 10001 2329 initContainers: 2330 [ ] 2331 containers: 2332 - name: loki 2333 image: "grafana/loki:2.2.0" 2334 imagePullPolicy: IfNotPresent 2335 args: 2336 - "-config.file=/etc/loki/loki.yaml" 2337 volumeMounts: 2338 - name: config 2339 mountPath: /etc/loki 2340 - name: storage 2341 mountPath: "/data" 2342 ports: 2343 - name: http-metrics 2344 containerPort: 3100 2345 protocol: TCP 2346 livenessProbe: 2347 httpGet: 2348 path: /ready 2349 port: http-metrics 2350 initialDelaySeconds: 45 2351 readinessProbe: 2352 httpGet: 2353 path: /ready 2354 port: http-metrics 2355 initialDelaySeconds: 45 2356 resources: 2357 { } 2358 securityContext: 2359 readOnlyRootFilesystem: true 2360 nodeSelector: 2361 { } 2362 affinity: 2363 { } 2364 tolerations: 2365 [ ] 2366 terminationGracePeriodSeconds: 4800 2367 volumes: 2368 - name: config 2369 secret: 2370 secretName: loki 2371 volumeClaimTemplates: 2372 - metadata: 2373 name: storage 2374 annotations: 2375 { } 2376 spec: 2377 accessModes: 2378 - ReadWriteOnce 2379 resources: 2380 requests: 2381 storage: "50Gi" 2382 storageClassName: local-hostpath