github.com/grafana/pyroscope@v1.18.0/examples/grafana-alloy-auto-instrumentation/ebpf/kubernetes/alloy.yaml (about) 1 apiVersion: v1 2 kind: Namespace 3 metadata: 4 name: pyroscope-ebpf 5 --- 6 7 apiVersion: rbac.authorization.k8s.io/v1 8 kind: ClusterRole # needed for the discovery.kubernetes alloy component 9 metadata: 10 name: grafana-alloy-role 11 rules: 12 - apiGroups: 13 - "" 14 resources: 15 - pods 16 verbs: 17 - get 18 - list 19 - watch 20 21 --- 22 23 apiVersion: v1 24 kind: ServiceAccount 25 metadata: 26 name: grafana-alloy 27 namespace: pyroscope-ebpf 28 --- 29 30 apiVersion: rbac.authorization.k8s.io/v1 31 kind: ClusterRoleBinding 32 metadata: 33 name: grafana-alloy-binding 34 roleRef: 35 apiGroup: rbac.authorization.k8s.io 36 kind: ClusterRole 37 name: grafana-alloy-role 38 subjects: 39 - kind: ServiceAccount 40 name: grafana-alloy 41 namespace: pyroscope-ebpf 42 43 --- 44 45 apiVersion: apps/v1 46 kind: DaemonSet 47 metadata: 48 name: grafana-alloy 49 namespace: pyroscope-ebpf 50 spec: 51 selector: 52 matchLabels: 53 app: grafana-alloy 54 template: 55 metadata: 56 labels: 57 app: grafana-alloy 58 spec: 59 serviceAccountName: grafana-alloy 60 containers: 61 - name: grafana-alloy 62 image: grafana/alloy:latest 63 command: 64 - /bin/alloy 65 - run 66 - /etc/alloy-config/config.alloy 67 - --server.http.listen-addr=0.0.0.0:12345 68 env: 69 - name: HOSTNAME 70 valueFrom: 71 fieldRef: 72 fieldPath: spec.nodeName 73 ports: 74 - containerPort: 12345 75 volumeMounts: 76 - name: alloy-config 77 mountPath: /etc/alloy-config 78 securityContext: 79 privileged: true 80 runAsGroup: 0 81 runAsUser: 0 82 volumes: 83 - name: alloy-config 84 configMap: 85 name: alloy-config 86 87 hostPID: true 88 89 --- 90 91 apiVersion: v1 92 kind: ConfigMap 93 metadata: 94 name: alloy-config 95 namespace: pyroscope-ebpf 96 data: 97 config.alloy: | 98 // This is an example grafana alloy config to set up eBPF profiling in kubernetes. 99 // for more info see https://grafana.com/docs/pyroscope/latest/configure-client/grafana-alloy/ebpf/setup-kubernetes/ 100 logging { 101 level = "debug" 102 format = "logfmt" 103 } 104 105 discovery.kubernetes "local_pods" { 106 selectors { 107 field = "spec.nodeName=" + env("HOSTNAME") // Note: this assume HOSTNAME is set to the node name 108 role = "pod" 109 } 110 role = "pod" 111 } 112 113 discovery.relabel "specific_pods" { 114 targets = discovery.kubernetes.local_pods.targets 115 rule { 116 action = "drop" 117 regex = "Succeeded|Failed|Completed" 118 source_labels = ["__meta_kubernetes_pod_phase"] 119 } 120 121 rule { 122 action = "replace" 123 source_labels = ["__meta_kubernetes_namespace"] 124 target_label = "namespace" 125 } 126 rule { 127 action = "replace" 128 source_labels = ["__meta_kubernetes_pod_name"] 129 target_label = "pod" 130 } 131 rule { 132 action = "replace" 133 source_labels = ["__meta_kubernetes_pod_node_name"] 134 target_label = "node" 135 } 136 137 rule { 138 action = "replace" 139 source_labels = ["__meta_kubernetes_pod_container_name"] 140 target_label = "container" 141 } 142 143 // provide arbitrary service_name label, otherwise it will be set to {__meta_kubernetes_namespace}/{__meta_kubernetes_pod_container_name} 144 rule { 145 action = "replace" 146 regex = "(.*)@(.*)" 147 replacement = "${1}/${2}" 148 separator = "@" 149 source_labels = ["__meta_kubernetes_namespace", "__meta_kubernetes_pod_container_name"] 150 target_label = "service_name" 151 } 152 153 // Filter specific targets to profile 154 rule { 155 source_labels = ["service_name"] 156 regex = "(.*alloy|.*pyroscope|.*fast-slow)" 157 action = "keep" 158 } 159 } 160 161 pyroscope.ebpf "instance" { 162 forward_to = [pyroscope.write.endpoint.receiver] 163 targets = discovery.relabel.specific_pods.output 164 python_enabled = true 165 } 166 167 pyroscope.write "endpoint" { 168 endpoint { 169 url = "http://pyroscope.pyroscope-ebpf.svc.cluster.local.:4040" 170 // url = "<Grafana Cloud URL>" 171 // basic_auth { 172 // username = "<Grafana Cloud User>" 173 // password = "<Grafana Cloud Password>" 174 // } 175 } 176 } 177 ---