2021-06-14 09:09:27 +00:00
|
|
|
apiVersion: v1
|
|
|
|
kind: ServiceAccount
|
|
|
|
metadata:
|
|
|
|
name: promtail
|
|
|
|
namespace: monitoring
|
|
|
|
labels:
|
|
|
|
app.kubernetes.io/name: promtail
|
|
|
|
---
|
|
|
|
apiVersion: policy/v1beta1
|
|
|
|
kind: PodSecurityPolicy
|
|
|
|
metadata:
|
|
|
|
name: promtail
|
|
|
|
namespace: monitoring
|
|
|
|
labels:
|
|
|
|
app.kubernetes.io/name: promtail
|
|
|
|
spec:
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
fsGroup:
|
|
|
|
rule: RunAsAny
|
|
|
|
hostIPC: false
|
|
|
|
hostNetwork: false
|
|
|
|
hostPID: false
|
|
|
|
privileged: false
|
|
|
|
readOnlyRootFilesystem: true
|
|
|
|
requiredDropCapabilities:
|
|
|
|
- ALL
|
|
|
|
runAsUser:
|
|
|
|
rule: RunAsAny
|
|
|
|
seLinux:
|
|
|
|
rule: RunAsAny
|
|
|
|
supplementalGroups:
|
|
|
|
rule: RunAsAny
|
|
|
|
volumes:
|
|
|
|
- secret
|
|
|
|
- configMap
|
|
|
|
- hostPath
|
|
|
|
- projected
|
|
|
|
- downwardAPI
|
|
|
|
- emptyDir
|
|
|
|
---
|
|
|
|
apiVersion: v1
|
|
|
|
kind: ConfigMap
|
|
|
|
metadata:
|
|
|
|
name: promtail
|
|
|
|
namespace: monitoring
|
|
|
|
labels:
|
|
|
|
app.kubernetes.io/name: promtail
|
|
|
|
data:
|
|
|
|
promtail.yaml: |
|
|
|
|
client:
|
|
|
|
backoff_config:
|
|
|
|
max_period: 5m
|
|
|
|
max_retries: 10
|
|
|
|
min_period: 500ms
|
|
|
|
batchsize: 1048576
|
|
|
|
batchwait: 1s
|
|
|
|
external_labels: {}
|
|
|
|
timeout: 10s
|
|
|
|
positions:
|
|
|
|
filename: /run/promtail/positions.yaml
|
|
|
|
server:
|
|
|
|
http_listen_port: 3101
|
2021-11-27 14:14:58 +00:00
|
|
|
clients:
|
|
|
|
- url: http://loki.auth-proxy.svc:80/loki/api/v1/push
|
|
|
|
external_labels:
|
|
|
|
kubernetes_cluster: scaleway
|
2021-06-14 09:09:27 +00:00
|
|
|
target_config:
|
|
|
|
sync_period: 10s
|
|
|
|
scrape_configs:
|
2021-11-27 21:02:05 +00:00
|
|
|
- job_name: kubernetes-pods
|
2021-06-14 09:09:27 +00:00
|
|
|
pipeline_stages:
|
|
|
|
- docker: {}
|
2021-12-26 13:57:45 +00:00
|
|
|
- cri: {}
|
2021-06-18 18:33:02 +00:00
|
|
|
- match:
|
2021-11-27 21:11:52 +00:00
|
|
|
selector: '{app="weave-net"}'
|
2021-06-18 18:33:02 +00:00
|
|
|
action: drop
|
|
|
|
- match:
|
|
|
|
selector: '{filename=~".*konnectivity.*"}'
|
|
|
|
action: drop
|
|
|
|
- match:
|
|
|
|
selector: '{name=~".*"} |~ ".*/healthz.*"'
|
|
|
|
action: drop
|
2021-11-27 21:10:14 +00:00
|
|
|
- match:
|
|
|
|
selector: '{name=~".*"} |~ ".*/api/health.*"'
|
|
|
|
action: drop
|
2021-06-18 18:33:02 +00:00
|
|
|
- match:
|
|
|
|
selector: '{name=~".*"} |~ ".*kube-probe/.*"'
|
|
|
|
action: drop
|
|
|
|
- match:
|
2021-11-27 20:16:30 +00:00
|
|
|
selector: '{app="internal-proxy"}'
|
2021-06-18 18:33:02 +00:00
|
|
|
action: drop
|
2021-11-27 21:10:14 +00:00
|
|
|
- match:
|
|
|
|
selector: '{app="promtail"}'
|
|
|
|
action: drop
|
2021-11-28 08:45:47 +00:00
|
|
|
- match:
|
|
|
|
selector: '{app="ingress-nginx"}'
|
|
|
|
stages:
|
|
|
|
- json:
|
|
|
|
expressions:
|
|
|
|
request_host: host
|
|
|
|
request_path: path
|
|
|
|
request_method: method
|
|
|
|
response_status: status
|
|
|
|
- drop:
|
|
|
|
source: "request_path"
|
|
|
|
value: "/healthz"
|
|
|
|
- labels:
|
|
|
|
request_host:
|
|
|
|
request_method:
|
|
|
|
response_status:
|
2021-06-14 09:09:27 +00:00
|
|
|
kubernetes_sd_configs:
|
2021-11-27 21:02:05 +00:00
|
|
|
- role: pod
|
2021-06-14 09:09:27 +00:00
|
|
|
relabel_configs:
|
2021-11-27 21:02:05 +00:00
|
|
|
- source_labels:
|
|
|
|
- __meta_kubernetes_pod_controller_name
|
|
|
|
regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})?
|
|
|
|
action: replace
|
|
|
|
target_label: __tmp_controller_name
|
|
|
|
- source_labels:
|
|
|
|
- __meta_kubernetes_pod_label_app_kubernetes_io_name
|
|
|
|
- __meta_kubernetes_pod_label_app
|
|
|
|
- __tmp_controller_name
|
|
|
|
- __meta_kubernetes_pod_name
|
|
|
|
regex: ^;*([^;]+)(;.*)?$
|
|
|
|
action: replace
|
|
|
|
target_label: app
|
|
|
|
- source_labels:
|
|
|
|
- __meta_kubernetes_pod_label_app_kubernetes_io_component
|
|
|
|
- __meta_kubernetes_pod_label_component
|
|
|
|
regex: ^;*([^;]+)(;.*)?$
|
|
|
|
action: replace
|
|
|
|
target_label: component
|
|
|
|
- action: replace
|
|
|
|
source_labels:
|
|
|
|
- __meta_kubernetes_pod_node_name
|
|
|
|
target_label: node_name
|
|
|
|
- action: replace
|
|
|
|
source_labels:
|
|
|
|
- __meta_kubernetes_namespace
|
|
|
|
target_label: namespace
|
|
|
|
- action: replace
|
|
|
|
replacement: $1
|
|
|
|
separator: /
|
|
|
|
source_labels:
|
|
|
|
- namespace
|
|
|
|
- app
|
|
|
|
target_label: job
|
|
|
|
- action: replace
|
|
|
|
source_labels:
|
|
|
|
- __meta_kubernetes_pod_name
|
|
|
|
target_label: pod
|
|
|
|
- action: replace
|
|
|
|
source_labels:
|
|
|
|
- __meta_kubernetes_pod_container_name
|
|
|
|
target_label: container
|
|
|
|
- action: replace
|
|
|
|
replacement: /var/log/pods/*$1/*.log
|
|
|
|
separator: /
|
|
|
|
source_labels:
|
|
|
|
- __meta_kubernetes_pod_uid
|
|
|
|
- __meta_kubernetes_pod_container_name
|
|
|
|
target_label: __path__
|
|
|
|
- action: replace
|
|
|
|
replacement: /var/log/pods/*$1/*.log
|
|
|
|
regex: true/(.*)
|
|
|
|
separator: /
|
|
|
|
source_labels:
|
|
|
|
- __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash
|
|
|
|
- __meta_kubernetes_pod_annotation_kubernetes_io_config_hash
|
|
|
|
- __meta_kubernetes_pod_container_name
|
|
|
|
target_label: __path__
|
2021-11-28 08:45:47 +00:00
|
|
|
- action: labelmap
|
|
|
|
regex: __meta_kubernetes_pod_label_(.+)
|
2021-06-15 04:50:18 +00:00
|
|
|
|
2021-06-14 09:09:27 +00:00
|
|
|
---
|
|
|
|
kind: ClusterRole
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
metadata:
|
|
|
|
name: promtail-clusterrole
|
|
|
|
labels:
|
|
|
|
app.kubernetes.io/name: promtail
|
|
|
|
rules:
|
|
|
|
- apiGroups: [""] # "" indicates the core API group
|
|
|
|
resources:
|
|
|
|
- nodes
|
|
|
|
- nodes/proxy
|
|
|
|
- services
|
|
|
|
- endpoints
|
|
|
|
- pods
|
|
|
|
verbs: ["get", "watch", "list"]
|
|
|
|
---
|
|
|
|
kind: ClusterRoleBinding
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
metadata:
|
|
|
|
name: promtail-clusterrolebinding
|
|
|
|
labels:
|
|
|
|
app.kubernetes.io/name: promtail
|
|
|
|
subjects:
|
|
|
|
- kind: ServiceAccount
|
|
|
|
name: promtail
|
|
|
|
namespace: monitoring
|
|
|
|
roleRef:
|
|
|
|
kind: ClusterRole
|
|
|
|
name: promtail-clusterrole
|
|
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
---
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
kind: Role
|
|
|
|
metadata:
|
|
|
|
name: promtail
|
|
|
|
namespace: monitoring
|
|
|
|
labels:
|
|
|
|
app.kubernetes.io/name: promtail
|
|
|
|
rules:
|
|
|
|
- apiGroups: ['extensions']
|
|
|
|
resources: ['podsecuritypolicies']
|
|
|
|
verbs: ['use']
|
|
|
|
resourceNames: [promtail]
|
|
|
|
---
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
kind: RoleBinding
|
|
|
|
metadata:
|
|
|
|
name: promtail
|
|
|
|
namespace: monitoring
|
|
|
|
labels:
|
|
|
|
app.kubernetes.io/name: promtail
|
|
|
|
roleRef:
|
|
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
kind: Role
|
|
|
|
name: promtail
|
|
|
|
subjects:
|
|
|
|
- kind: ServiceAccount
|
|
|
|
name: promtail
|
|
|
|
---
|
|
|
|
|
2021-11-27 20:02:52 +00:00
|
|
|
apiVersion: apps/v1
|
|
|
|
kind: DaemonSet
|
|
|
|
metadata:
|
|
|
|
name: promtail
|
|
|
|
namespace: monitoring
|
|
|
|
labels:
|
|
|
|
app.kubernetes.io/name: promtail
|
|
|
|
annotations:
|
|
|
|
configmap.reloader.stakater.com/reload: "promtail"
|
|
|
|
spec:
|
|
|
|
selector:
|
|
|
|
matchLabels:
|
|
|
|
app.kubernetes.io/name: promtail
|
|
|
|
template:
|
|
|
|
metadata:
|
|
|
|
labels:
|
|
|
|
app.kubernetes.io/name: promtail
|
|
|
|
annotations:
|
|
|
|
prometheus.io/port: http-metrics
|
|
|
|
prometheus.io/scrape: "true"
|
|
|
|
spec:
|
|
|
|
serviceAccountName: promtail
|
|
|
|
containers:
|
|
|
|
- name: promtail
|
2022-05-24 06:24:04 +00:00
|
|
|
image: "grafana/promtail:2.5.0"
|
2021-11-27 20:02:52 +00:00
|
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
args:
|
|
|
|
- "-config.file=/etc/promtail/promtail.yaml"
|
|
|
|
volumeMounts:
|
|
|
|
- name: config
|
|
|
|
mountPath: /etc/promtail
|
|
|
|
- name: run
|
|
|
|
mountPath: /run/promtail
|
|
|
|
- mountPath: /var/lib/docker/containers
|
|
|
|
name: docker
|
|
|
|
readOnly: true
|
|
|
|
- mountPath: /var/log/pods
|
|
|
|
name: pods
|
|
|
|
readOnly: true
|
|
|
|
env:
|
|
|
|
- name: HOSTNAME
|
|
|
|
valueFrom:
|
|
|
|
fieldRef:
|
|
|
|
fieldPath: spec.nodeName
|
|
|
|
ports:
|
|
|
|
- containerPort: 3101
|
|
|
|
name: http-metrics
|
|
|
|
securityContext:
|
|
|
|
readOnlyRootFilesystem: true
|
|
|
|
runAsGroup: 0
|
|
|
|
runAsUser: 0
|
|
|
|
readinessProbe:
|
|
|
|
failureThreshold: 5
|
|
|
|
httpGet:
|
|
|
|
path: /ready
|
|
|
|
port: http-metrics
|
|
|
|
initialDelaySeconds: 10
|
|
|
|
periodSeconds: 10
|
|
|
|
successThreshold: 1
|
|
|
|
timeoutSeconds: 1
|
|
|
|
tolerations:
|
|
|
|
- effect: NoSchedule
|
|
|
|
key: node-role.kubernetes.io/master
|
|
|
|
operator: Exists
|
|
|
|
volumes:
|
|
|
|
- name: config
|
|
|
|
configMap:
|
|
|
|
name: promtail
|
|
|
|
- name: run
|
|
|
|
hostPath:
|
|
|
|
path: /run/promtail
|
|
|
|
- hostPath:
|
|
|
|
path: /var/lib/docker/containers
|
|
|
|
name: docker
|
|
|
|
- hostPath:
|
|
|
|
path: /var/log/pods
|
|
|
|
name: pods
|
2021-06-14 09:09:27 +00:00
|
|
|
---
|