cluster.fun/manifests/monitoring/promtail.yaml

724 lines
21 KiB
YAML
Raw Normal View History

2021-06-14 09:09:27 +00:00
apiVersion: v1
kind: ServiceAccount
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
spec:
allowPrivilegeEscalation: false
fsGroup:
rule: RunAsAny
hostIPC: false
hostNetwork: false
hostPID: false
privileged: false
readOnlyRootFilesystem: true
requiredDropCapabilities:
- ALL
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- secret
- configMap
- hostPath
- projected
- downwardAPI
- emptyDir
---
apiVersion: v1
kind: ConfigMap
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
data:
promtail.yaml: |
client:
backoff_config:
max_period: 5m
max_retries: 10
min_period: 500ms
batchsize: 1048576
batchwait: 1s
external_labels: {}
timeout: 10s
positions:
filename: /run/promtail/positions.yaml
server:
http_listen_port: 3101
clients:
- url: http://loki.auth-proxy.svc:80/loki/api/v1/push
external_labels:
kubernetes_cluster: scaleway
2021-06-14 09:09:27 +00:00
target_config:
sync_period: 10s
scrape_configs:
- job_name: kubernetes-pods
2021-06-14 09:09:27 +00:00
pipeline_stages:
- docker: {}
2021-06-18 18:33:02 +00:00
- match:
2021-11-27 21:11:52 +00:00
selector: '{app="weave-net"}'
2021-06-18 18:33:02 +00:00
action: drop
- match:
selector: '{filename=~".*konnectivity.*"}'
action: drop
- match:
selector: '{name=~".*"} |~ ".*/healthz.*"'
action: drop
2021-11-27 21:10:14 +00:00
- match:
selector: '{name=~".*"} |~ ".*/api/health.*"'
action: drop
2021-06-18 18:33:02 +00:00
- match:
selector: '{name=~".*"} |~ ".*kube-probe/.*"'
action: drop
- match:
selector: '{app="internal-proxy"}'
2021-06-18 18:33:02 +00:00
action: drop
2021-11-27 21:10:14 +00:00
- match:
selector: '{app="promtail"}'
action: drop
- match:
selector: '{app="ingress-nginx"}'
stages:
- json:
expressions:
request_host: host
request_path: path
request_method: method
response_status: status
- drop:
source: "request_path"
value: "/healthz"
- labels:
request_host:
request_method:
response_status:
2021-06-14 09:09:27 +00:00
kubernetes_sd_configs:
- role: pod
2021-06-14 09:09:27 +00:00
relabel_configs:
- source_labels:
- __meta_kubernetes_pod_controller_name
regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})?
action: replace
target_label: __tmp_controller_name
- source_labels:
- __meta_kubernetes_pod_label_app_kubernetes_io_name
- __meta_kubernetes_pod_label_app
- __tmp_controller_name
- __meta_kubernetes_pod_name
regex: ^;*([^;]+)(;.*)?$
action: replace
target_label: app
- source_labels:
- __meta_kubernetes_pod_label_app_kubernetes_io_component
- __meta_kubernetes_pod_label_component
regex: ^;*([^;]+)(;.*)?$
action: replace
target_label: component
- action: replace
source_labels:
- __meta_kubernetes_pod_node_name
target_label: node_name
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
replacement: $1
separator: /
source_labels:
- namespace
- app
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: pod
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container
- action: replace
replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- action: replace
replacement: /var/log/pods/*$1/*.log
regex: true/(.*)
separator: /
source_labels:
- __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash
- __meta_kubernetes_pod_annotation_kubernetes_io_config_hash
- __meta_kubernetes_pod_container_name
target_label: __path__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
2021-06-15 04:50:18 +00:00
# - job_name: kubernetes-pods-name
# pipeline_stages:
# - docker: {}
# - match:
# selector: '{name="weave-net"}'
# action: drop
# - match:
# selector: '{filename=~".*konnectivity.*"}'
# action: drop
# - match:
# selector: '{name=~".*"} |~ ".*/healthz.*"'
# action: drop
# - match:
# selector: '{name=~".*"} |~ ".*kube-probe/.*"'
# action: drop
# - match:
# selector: '{app="internal-proxy"}'
# action: drop
# # - match:
# # selector: '{k8s_app="traefik-ingress-lb"}'
# # stages:
# # - json:
# # expressions:
# # request_host: RequestHost
# # request_path: RequestPath
# # error: error
# # - drop:
# # source: "request_path"
# # value: "/healthz"
# # - template:
# # source: has_error
# # template: '{{ if .error }}true{{ else }}false{{ end }}'
# # - labels:
# # request_host:
# # has_error:
# kubernetes_sd_configs:
# - role: pod
# relabel_configs:
# - source_labels:
# - __meta_kubernetes_pod_label_name
# target_label: __service__
# - source_labels:
# - __meta_kubernetes_pod_node_name
# target_label: __host__
# - action: drop
# regex: ''
# source_labels:
# - __service__
# - action: labelmap
# regex: __meta_kubernetes_pod_label_(.+)
# - action: replace
# replacement: $1
# separator: /
# source_labels:
# - __meta_kubernetes_namespace
# - __service__
# target_label: job
# - action: replace
# source_labels:
# - __meta_kubernetes_namespace
# target_label: namespace
# - action: replace
# source_labels:
# - __meta_kubernetes_pod_name
# target_label: pod
# - action: replace
# source_labels:
# - __meta_kubernetes_pod_container_name
# target_label: container
# - replacement: /var/log/pods/*$1/*.log
# separator: /
# source_labels:
# - __meta_kubernetes_pod_uid
# - __meta_kubernetes_pod_container_name
# target_label: __path__
2021-06-15 04:50:18 +00:00
# - job_name: kubernetes-pods-app
# pipeline_stages:
# - docker: {}
# - match:
# selector: '{name="weave-net"}'
# action: drop
# - match:
# selector: '{filename=~".*konnectivity.*"}'
# action: drop
# - match:
# selector: '{name=~".*"} |~ ".*/healthz.*"'
# action: drop
# - match:
# selector: '{name=~".*"} |~ ".*kube-probe/.*"'
# action: drop
# - match:
# selector: '{app="internal-proxy"}'
# action: drop
# # - match:
# # selector: '{k8s_app="traefik-ingress-lb"}'
# # stages:
# # - json:
# # expressions:
# # request_host: RequestHost
# # request_path: RequestPath
# # error: error
# # - drop:
# # source: "request_path"
# # value: "/healthz"
# # - template:
# # source: has_error
# # template: '{{ if .error }}true{{ else }}false{{ end }}'
# # - labels:
# # request_host:
# # has_error:
# kubernetes_sd_configs:
# - role: pod
# relabel_configs:
# - action: drop
# regex: .+
# source_labels:
# - __meta_kubernetes_pod_label_name
# - source_labels:
# - __meta_kubernetes_pod_label_app
# target_label: __service__
# - source_labels:
# - __meta_kubernetes_pod_node_name
# target_label: __host__
# - action: drop
# regex: ''
# source_labels:
# - __service__
# - action: labelmap
# regex: __meta_kubernetes_pod_label_(.+)
# - action: replace
# replacement: $1
# separator: /
# source_labels:
# - __meta_kubernetes_namespace
# - __service__
# target_label: job
# - action: replace
# source_labels:
# - __meta_kubernetes_namespace
# target_label: namespace
# - action: replace
# source_labels:
# - __meta_kubernetes_pod_name
# target_label: pod
# - action: replace
# source_labels:
# - __meta_kubernetes_pod_container_name
# target_label: container
# - replacement: /var/log/pods/*$1/*.log
# separator: /
# source_labels:
# - __meta_kubernetes_pod_uid
# - __meta_kubernetes_pod_container_name
# target_label: __path__
2021-06-15 04:50:18 +00:00
# - job_name: kubernetes-pods-direct-controllers
# pipeline_stages:
# - docker: {}
# - match:
# selector: '{name="weave-net"}'
# action: drop
# - match:
# selector: '{filename=~".*konnectivity.*"}'
# action: drop
# - match:
# selector: '{name=~".*"} |~ ".*/healthz.*"'
# action: drop
# - match:
# selector: '{name=~".*"} |~ ".*kube-probe/.*"'
# action: drop
# - match:
# selector: '{app="internal-proxy"}'
# action: drop
# # - match:
# # selector: '{k8s_app="traefik-ingress-lb"}'
# # stages:
# # - json:
# # expressions:
# # request_host: RequestHost
# # request_path: RequestPath
# # error: error
# # - drop:
# # source: "request_path"
# # value: "/healthz"
# # - template:
# # source: has_error
# # template: '{{ if .error }}true{{ else }}false{{ end }}'
# # - labels:
# # request_host:
# # has_error:
# kubernetes_sd_configs:
# - role: pod
# relabel_configs:
# - action: drop
# regex: .+
# separator: ''
# source_labels:
# - __meta_kubernetes_pod_label_name
# - __meta_kubernetes_pod_label_app
# - action: drop
# regex: '[0-9a-z-.]+-[0-9a-f]{8,10}'
# source_labels:
# - __meta_kubernetes_pod_controller_name
# - source_labels:
# - __meta_kubernetes_pod_controller_name
# target_label: __service__
# - source_labels:
# - __meta_kubernetes_pod_node_name
# target_label: __host__
# - action: drop
# regex: ''
# source_labels:
# - __service__
# - action: labelmap
# regex: __meta_kubernetes_pod_label_(.+)
# - action: replace
# replacement: $1
# separator: /
# source_labels:
# - __meta_kubernetes_namespace
# - __service__
# target_label: job
# - action: replace
# source_labels:
# - __meta_kubernetes_namespace
# target_label: namespace
# - action: replace
# source_labels:
# - __meta_kubernetes_pod_name
# target_label: pod
# - action: replace
# source_labels:
# - __meta_kubernetes_pod_container_name
# target_label: container
# - replacement: /var/log/pods/*$1/*.log
# separator: /
# source_labels:
# - __meta_kubernetes_pod_uid
# - __meta_kubernetes_pod_container_name
# target_label: __path__
2021-06-15 04:50:18 +00:00
# - job_name: kubernetes-pods-indirect-controller
# pipeline_stages:
# - docker: {}
# - match:
# selector: '{name="weave-net"}'
# action: drop
# - match:
# selector: '{filename=~".*konnectivity.*"}'
# action: drop
# - match:
# selector: '{name=~".*"} |~ ".*/healthz.*"'
# action: drop
# - match:
# selector: '{name=~".*"} |~ ".*kube-probe/.*"'
# action: drop
# - match:
# selector: '{app="internal-proxy"}'
# action: drop
# # - match:
# # selector: '{k8s_app="traefik-ingress-lb"}'
# # stages:
# # - json:
# # expressions:
# # request_host: RequestHost
# # request_path: RequestPath
# # error: error
# # - drop:
# # source: "request_path"
# # value: "/healthz"
# # - template:
# # source: has_error
# # template: '{{ if .error }}true{{ else }}false{{ end }}'
# # - labels:
# # request_host:
# # has_error:
# kubernetes_sd_configs:
# - role: pod
# relabel_configs:
# - action: drop
# regex: .+
# separator: ''
# source_labels:
# - __meta_kubernetes_pod_label_name
# - __meta_kubernetes_pod_label_app
# - action: keep
# regex: '[0-9a-z-.]+-[0-9a-f]{8,10}'
# source_labels:
# - __meta_kubernetes_pod_controller_name
# - action: replace
# regex: '([0-9a-z-.]+)-[0-9a-f]{8,10}'
# source_labels:
# - __meta_kubernetes_pod_controller_name
# target_label: __service__
# - source_labels:
# - __meta_kubernetes_pod_node_name
# target_label: __host__
# - action: drop
# regex: ''
# source_labels:
# - __service__
# - action: labelmap
# regex: __meta_kubernetes_pod_label_(.+)
# - action: replace
# replacement: $1
# separator: /
# source_labels:
# - __meta_kubernetes_namespace
# - __service__
# target_label: job
# - action: replace
# source_labels:
# - __meta_kubernetes_namespace
# target_label: namespace
# - action: replace
# source_labels:
# - __meta_kubernetes_pod_name
# target_label: pod
# - action: replace
# source_labels:
# - __meta_kubernetes_pod_container_name
# target_label: container
# - replacement: /var/log/pods/*$1/*.log
# separator: /
# source_labels:
# - __meta_kubernetes_pod_uid
# - __meta_kubernetes_pod_container_name
# target_label: __path__
# - job_name: kubernetes-pods-static
# pipeline_stages:
# - docker: {}
# - match:
# selector: '{name="weave-net"}'
# action: drop
# - match:
# selector: '{filename=~".*konnectivity.*"}'
# action: drop
# - match:
# selector: '{name=~".*"} |~ ".*/healthz.*"'
# action: drop
# - match:
# selector: '{name=~".*"} |~ ".*kube-probe/.*"'
# action: drop
# - match:
# selector: '{app="internal-proxy"}'
# action: drop
# # - match:
# # selector: '{k8s_app="traefik-ingress-lb"}'
# # stages:
# # - json:
# # expressions:
# # request_host: RequestHost
# # request_path: RequestPath
# # error: error
# # - drop:
# # source: "request_path"
# # value: "/healthz"
# # - template:
# # source: has_error
# # template: '{{ if .error }}true{{ else }}false{{ end }}'
# # - labels:
# # request_host:
# # has_error:
# kubernetes_sd_configs:
# - role: pod
# relabel_configs:
# - action: drop
# regex: ''
# source_labels:
# - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror
# - action: replace
# source_labels:
# - __meta_kubernetes_pod_label_component
# target_label: __service__
# - source_labels:
# - __meta_kubernetes_pod_node_name
# target_label: __host__
# - action: drop
# regex: ''
# source_labels:
# - __service__
# - action: labelmap
# regex: __meta_kubernetes_pod_label_(.+)
# - action: replace
# replacement: $1
# separator: /
# source_labels:
# - __meta_kubernetes_namespace
# - __service__
# target_label: job
# - action: replace
# source_labels:
# - __meta_kubernetes_namespace
# target_label: namespace
# - action: replace
# source_labels:
# - __meta_kubernetes_pod_name
# target_label: pod
# - action: replace
# source_labels:
# - __meta_kubernetes_pod_container_name
# target_label: container
# - replacement: /var/log/pods/*$1/*.log
# separator: /
# source_labels:
# - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror
# - __meta_kubernetes_pod_container_name
# target_label: __path__
2021-06-18 18:33:02 +00:00
2021-06-14 09:09:27 +00:00
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: promtail-clusterrole
labels:
app.kubernetes.io/name: promtail
rules:
- apiGroups: [""] # "" indicates the core API group
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs: ["get", "watch", "list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: promtail-clusterrolebinding
labels:
app.kubernetes.io/name: promtail
subjects:
- kind: ServiceAccount
name: promtail
namespace: monitoring
roleRef:
kind: ClusterRole
name: promtail-clusterrole
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [promtail]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: promtail
subjects:
- kind: ServiceAccount
name: promtail
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
annotations:
configmap.reloader.stakater.com/reload: "promtail"
spec:
selector:
matchLabels:
app.kubernetes.io/name: promtail
template:
metadata:
labels:
app.kubernetes.io/name: promtail
annotations:
prometheus.io/port: http-metrics
prometheus.io/scrape: "true"
spec:
serviceAccountName: promtail
containers:
- name: promtail
image: "grafana/promtail:2.2.1"
imagePullPolicy: IfNotPresent
args:
- "-config.file=/etc/promtail/promtail.yaml"
volumeMounts:
- name: config
mountPath: /etc/promtail
- name: run
mountPath: /run/promtail
- mountPath: /var/lib/docker/containers
name: docker
readOnly: true
- mountPath: /var/log/pods
name: pods
readOnly: true
env:
- name: HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
ports:
- containerPort: 3101
name: http-metrics
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 0
runAsUser: 0
readinessProbe:
failureThreshold: 5
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
volumes:
- name: config
configMap:
name: promtail
- name: run
hostPath:
path: /run/promtail
- hostPath:
path: /var/lib/docker/containers
name: docker
- hostPath:
path: /var/log/pods
name: pods
2021-06-14 09:09:27 +00:00
---