apiVersion: v1
kind: ServiceAccount
metadata:
  name: promtail
  namespace: monitoring
  labels:
    app.kubernetes.io/name: promtail
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: promtail
  namespace: monitoring
  labels:
    app.kubernetes.io/name: promtail
data:
  promtail.yaml: |
    client:
      backoff_config:
        max_period: 5m
        max_retries: 10
        min_period: 500ms
      batchsize: 1048576
      batchwait: 1s
      external_labels: {}
      timeout: 10s
    positions:
      filename: /run/promtail/positions.yaml
    server:
      http_listen_port: 3101
    clients:
    - url: http://loki-distributed.auth-proxy.svc:80/loki/api/v1/push
      external_labels:
        kubernetes_cluster: scaleway
    target_config:
      sync_period: 10s
    scrape_configs:
    - job_name: kubernetes-pods
      pipeline_stages:
        - docker: {}
        - cri: {}
        - match:
            selector: '{app="weave-net"}'
            action: drop
        - match:
            selector: '{filename=~".*konnectivity.*"}'
            action: drop
        - match:
            selector: '{name=~".*"} |~ ".*/healthz.*"'
            action: drop
        - match:
            selector: '{name=~".*"} |~ ".*/api/health.*"'
            action: drop
        - match:
            selector: '{name=~".*"} |~ ".*kube-probe/.*"'
            action: drop
        - match:
            selector: '{app="internal-proxy"}'
            action: drop
        - match:
            selector: '{app="non-auth-proxy"}'
            action: drop
        - match:
            selector: '{app="vpa"}'
            action: drop
        - match:
            selector: '{app="promtail"}'
            action: drop
        - match:
            selector: '{app="csi-node"}'
            action: drop
        - match:
            selector: '{app="victoria-metrics"}'
            action: drop
        - match:
            selector: '{app="git-sync"}'
            action: drop
        - match:
            selector: '{app="ingress-nginx"}'
            stages:
            - json:
                expressions:
                  request_host: host
                  request_path: path
                  request_method: method
                  response_status: status
            - drop:
                source: "request_path"
                value:  "/healthz"
            - drop:
                source: "request_path"
                value:  "/health"
            - labels:
                request_host:
                request_method:
                response_status:
      kubernetes_sd_configs:
        - role: pod
      relabel_configs:
        - source_labels:
            - __meta_kubernetes_pod_controller_name
          regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})?
          action: replace
          target_label: __tmp_controller_name
        - source_labels:
            - __meta_kubernetes_pod_label_app_kubernetes_io_name
            - __meta_kubernetes_pod_label_app
            - __tmp_controller_name
            - __meta_kubernetes_pod_name
          regex: ^;*([^;]+)(;.*)?$
          action: replace
          target_label: app
        - source_labels:
            - __meta_kubernetes_pod_label_app_kubernetes_io_component
            - __meta_kubernetes_pod_label_component
          regex: ^;*([^;]+)(;.*)?$
          action: replace
          target_label: component
        - action: replace
          source_labels:
            - __meta_kubernetes_pod_node_name
          target_label: node_name
        - action: replace
          source_labels:
            - __meta_kubernetes_namespace
          target_label: namespace
        - action: replace
          replacement: $1
          separator: /
          source_labels:
            - namespace
            - app
          target_label: job
        - action: replace
          source_labels:
            - __meta_kubernetes_pod_name
          target_label: pod
        - action: replace
          source_labels:
            - __meta_kubernetes_pod_container_name
          target_label: container
        - action: replace
          replacement: /var/log/pods/*$1/*.log
          separator: /
          source_labels:
            - __meta_kubernetes_pod_uid
            - __meta_kubernetes_pod_container_name
          target_label: __path__
        - action: replace
          replacement: /var/log/pods/*$1/*.log
          regex: true/(.*)
          separator: /
          source_labels:
            - __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash
            - __meta_kubernetes_pod_annotation_kubernetes_io_config_hash
            - __meta_kubernetes_pod_container_name
          target_label: __path__
        - action: labelmap
          regex: __meta_kubernetes_pod_label_(.+)

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: promtail-clusterrole
  labels:
    app.kubernetes.io/name: promtail
rules:
- apiGroups: [""] # "" indicates the core API group
  resources:
  - nodes
  - nodes/proxy
  - services
  - endpoints
  - pods
  verbs: ["get", "watch", "list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: promtail-clusterrolebinding
  labels:
    app.kubernetes.io/name: promtail
subjects:
  - kind: ServiceAccount
    name: promtail
    namespace: monitoring
roleRef:
  kind: ClusterRole
  name: promtail-clusterrole
  apiGroup: rbac.authorization.k8s.io
---

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: promtail
  namespace: monitoring
  labels:
    app.kubernetes.io/name: promtail
  annotations:
    configmap.reloader.stakater.com/reload: "promtail"
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: promtail
  template:
    metadata:
      labels:
        app.kubernetes.io/name: promtail
      annotations:
        prometheus.io/port: http-metrics
        prometheus.io/scrape: "true"
    spec:
      serviceAccountName: promtail
      containers:
        - name: promtail
          image: "grafana/promtail:2.9.10"
          imagePullPolicy: IfNotPresent
          args:
            - "-config.file=/etc/promtail/promtail.yaml"
          volumeMounts:
            - name: config
              mountPath: /etc/promtail
            - name: run
              mountPath: /run/promtail
            - mountPath: /var/lib/docker/containers
              name: docker
              readOnly: true
            - mountPath: /var/log/pods
              name: pods
              readOnly: true
          env:
            - name: HOSTNAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          ports:
            - containerPort: 3101
              name: http-metrics
          securityContext:
            readOnlyRootFilesystem: true
            runAsGroup: 0
            runAsUser: 0
          readinessProbe:
            failureThreshold: 5
            httpGet:
              path: /ready
              port: http-metrics
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
      tolerations:
        - effect: NoSchedule
          key: node-role.kubernetes.io/master
          operator: Exists
      volumes:
        - name: config
          configMap:
            name: promtail
        - name: run
          hostPath:
            path: /run/promtail
        - hostPath:
            path: /var/lib/docker/containers
          name: docker
        - hostPath:
            path: /var/log/pods
          name: pods
---