AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 1 Releases Activity
513af4f9c5
cluster.fun/manifests/monitoring/promtail.yaml
Marcus Noble 513af4f9c5
Disable promtail 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
2021-11-27 14:27:04 +00:00

635 lines
17 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ServiceAccount
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
spec:
allowPrivilegeEscalation: false
fsGroup:
rule: RunAsAny
hostIPC: false
hostNetwork: false
hostPID: false
privileged: false
readOnlyRootFilesystem: true
requiredDropCapabilities:
- ALL
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- secret
- configMap
- hostPath
- projected
- downwardAPI
- emptyDir
---
apiVersion: v1
kind: ConfigMap
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
data:
promtail.yaml: |
client:
backoff_config:
max_period: 5m
max_retries: 10
min_period: 500ms
batchsize: 1048576
batchwait: 1s
external_labels: {}
timeout: 10s
positions:
filename: /run/promtail/positions.yaml
server:
http_listen_port: 3101
clients:
- url: http://loki.auth-proxy.svc:80/loki/api/v1/push
external_labels:
kubernetes_cluster: scaleway
target_config:
sync_period: 10s
scrape_configs:
- job_name: kubernetes-pods-name
pipeline_stages:
- docker: {}
- match:
selector: '{name="weave-net"}'
action: drop
- match:
selector: '{filename=~".*konnectivity.*"}'
action: drop
- match:
selector: '{name=~".*"} |~ ".*/healthz.*"'
action: drop
- match:
selector: '{name=~".*"} |~ ".*kube-probe/.*"'
action: drop
- match:
selector: '{app="inlets"}'
action: drop
- match:
selector: '{namespace="tekton-pipelines"}'
action: drop
- match:
selector: '{k8s_app="traefik-ingress-lb"}'
stages:
- json:
expressions:
request_host: RequestHost
request_path: RequestPath
error: error
- drop:
source: "request_path"
value: "/healthz"
- template:
source: has_error
template: '{{ if .error }}true{{ else }}false{{ end }}'
- labels:
request_host:
has_error:
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels:
- __meta_kubernetes_pod_label_name
target_label: __service__
- source_labels:
- __meta_kubernetes_pod_node_name
target_label: __host__
- action: drop
regex: ''
source_labels:
- __service__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- action: replace
replacement: $1
separator: /
source_labels:
- __meta_kubernetes_namespace
- __service__
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: pod
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- job_name: kubernetes-pods-app
pipeline_stages:
- docker: {}
- match:
selector: '{name="weave-net"}'
action: drop
- match:
selector: '{filename=~".*konnectivity.*"}'
action: drop
- match:
selector: '{name=~".*"} |~ ".*/healthz.*"'
action: drop
- match:
selector: '{name=~".*"} |~ ".*kube-probe/.*"'
action: drop
- match:
selector: '{app="inlets"}'
action: drop
- match:
selector: '{namespace="tekton-pipelines"}'
action: drop
- match:
selector: '{k8s_app="traefik-ingress-lb"}'
stages:
- json:
expressions:
request_host: RequestHost
request_path: RequestPath
error: error
- drop:
source: "request_path"
value: "/healthz"
- template:
source: has_error
template: '{{ if .error }}true{{ else }}false{{ end }}'
- labels:
request_host:
has_error:
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: drop
regex: .+
source_labels:
- __meta_kubernetes_pod_label_name
- source_labels:
- __meta_kubernetes_pod_label_app
target_label: __service__
- source_labels:
- __meta_kubernetes_pod_node_name
target_label: __host__
- action: drop
regex: ''
source_labels:
- __service__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- action: replace
replacement: $1
separator: /
source_labels:
- __meta_kubernetes_namespace
- __service__
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: pod
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- job_name: kubernetes-pods-direct-controllers
pipeline_stages:
- docker: {}
- match:
selector: '{name="weave-net"}'
action: drop
- match:
selector: '{filename=~".*konnectivity.*"}'
action: drop
- match:
selector: '{name=~".*"} |~ ".*/healthz.*"'
action: drop
- match:
selector: '{name=~".*"} |~ ".*kube-probe/.*"'
action: drop
- match:
selector: '{app="inlets"}'
action: drop
- match:
selector: '{namespace="tekton-pipelines"}'
action: drop
- match:
selector: '{k8s_app="traefik-ingress-lb"}'
stages:
- json:
expressions:
request_host: RequestHost
request_path: RequestPath
error: error
- drop:
source: "request_path"
value: "/healthz"
- template:
source: has_error
template: '{{ if .error }}true{{ else }}false{{ end }}'
- labels:
request_host:
has_error:
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: drop
regex: .+
separator: ''
source_labels:
- __meta_kubernetes_pod_label_name
- __meta_kubernetes_pod_label_app
- action: drop
regex: '[0-9a-z-.]+-[0-9a-f]{8,10}'
source_labels:
- __meta_kubernetes_pod_controller_name
- source_labels:
- __meta_kubernetes_pod_controller_name
target_label: __service__
- source_labels:
- __meta_kubernetes_pod_node_name
target_label: __host__
- action: drop
regex: ''
source_labels:
- __service__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- action: replace
replacement: $1
separator: /
source_labels:
- __meta_kubernetes_namespace
- __service__
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: pod
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- job_name: kubernetes-pods-indirect-controller
pipeline_stages:
- docker: {}
- match:
selector: '{name="weave-net"}'
action: drop
- match:
selector: '{filename=~".*konnectivity.*"}'
action: drop
- match:
selector: '{name=~".*"} |~ ".*/healthz.*"'
action: drop
- match:
selector: '{name=~".*"} |~ ".*kube-probe/.*"'
action: drop
- match:
selector: '{app="inlets"}'
action: drop
- match:
selector: '{namespace="tekton-pipelines"}'
action: drop
- match:
selector: '{k8s_app="traefik-ingress-lb"}'
stages:
- json:
expressions:
request_host: RequestHost
request_path: RequestPath
error: error
- drop:
source: "request_path"
value: "/healthz"
- template:
source: has_error
template: '{{ if .error }}true{{ else }}false{{ end }}'
- labels:
request_host:
has_error:
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: drop
regex: .+
separator: ''
source_labels:
- __meta_kubernetes_pod_label_name
- __meta_kubernetes_pod_label_app
- action: keep
regex: '[0-9a-z-.]+-[0-9a-f]{8,10}'
source_labels:
- __meta_kubernetes_pod_controller_name
- action: replace
regex: '([0-9a-z-.]+)-[0-9a-f]{8,10}'
source_labels:
- __meta_kubernetes_pod_controller_name
target_label: __service__
- source_labels:
- __meta_kubernetes_pod_node_name
target_label: __host__
- action: drop
regex: ''
source_labels:
- __service__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- action: replace
replacement: $1
separator: /
source_labels:
- __meta_kubernetes_namespace
- __service__
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: pod
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- job_name: kubernetes-pods-static
pipeline_stages:
- docker: {}
- match:
selector: '{name="weave-net"}'
action: drop
- match:
selector: '{filename=~".*konnectivity.*"}'
action: drop
- match:
selector: '{name=~".*"} |~ ".*/healthz.*"'
action: drop
- match:
selector: '{name=~".*"} |~ ".*kube-probe/.*"'
action: drop
- match:
selector: '{app="inlets"}'
action: drop
- match:
selector: '{namespace="tekton-pipelines"}'
action: drop
- match:
selector: '{k8s_app="traefik-ingress-lb"}'
stages:
- json:
expressions:
request_host: RequestHost
request_path: RequestPath
error: error
- drop:
source: "request_path"
value: "/healthz"
- template:
source: has_error
template: '{{ if .error }}true{{ else }}false{{ end }}'
- labels:
request_host:
has_error:
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: drop
regex: ''
source_labels:
- __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror
- action: replace
source_labels:
- __meta_kubernetes_pod_label_component
target_label: __service__
- source_labels:
- __meta_kubernetes_pod_node_name
target_label: __host__
- action: drop
regex: ''
source_labels:
- __service__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- action: replace
replacement: $1
separator: /
source_labels:
- __meta_kubernetes_namespace
- __service__
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: pod
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror
- __meta_kubernetes_pod_container_name
target_label: __path__
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: promtail-clusterrole
labels:
app.kubernetes.io/name: promtail
rules:
- apiGroups: [""] # "" indicates the core API group
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs: ["get", "watch", "list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: promtail-clusterrolebinding
labels:
app.kubernetes.io/name: promtail
subjects:
- kind: ServiceAccount
name: promtail
namespace: monitoring
roleRef:
kind: ClusterRole
name: promtail-clusterrole
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [promtail]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: promtail
subjects:
- kind: ServiceAccount
name: promtail
---
# apiVersion: apps/v1
# kind: DaemonSet
# metadata:
# name: promtail
# namespace: monitoring
# labels:
# app.kubernetes.io/name: promtail
# annotations:
# configmap.reloader.stakater.com/reload: "promtail"
# spec:
# selector:
# matchLabels:
# app.kubernetes.io/name: promtail
# template:
# metadata:
# labels:
# app.kubernetes.io/name: promtail
# annotations:
# prometheus.io/port: http-metrics
# prometheus.io/scrape: "true"
# spec:
# serviceAccountName: promtail
# containers:
# - name: promtail
# image: "grafana/promtail:2.2.1"
# imagePullPolicy: IfNotPresent
# args:
# - "-config.file=/etc/promtail/promtail.yaml"
# volumeMounts:
# - name: config
# mountPath: /etc/promtail
# - name: run
# mountPath: /run/promtail
# - mountPath: /var/lib/docker/containers
# name: docker
# readOnly: true
# - mountPath: /var/log/pods
# name: pods
# readOnly: true
# env:
# - name: HOSTNAME
# valueFrom:
# fieldRef:
# fieldPath: spec.nodeName
# ports:
# - containerPort: 3101
# name: http-metrics
# securityContext:
# readOnlyRootFilesystem: true
# runAsGroup: 0
# runAsUser: 0
# readinessProbe:
# failureThreshold: 5
# httpGet:
# path: /ready
# port: http-metrics
# initialDelaySeconds: 10
# periodSeconds: 10
# successThreshold: 1
# timeoutSeconds: 1
# tolerations:
# - effect: NoSchedule
# key: node-role.kubernetes.io/master
# operator: Exists
# volumes:
# - name: config
# configMap:
# name: promtail
# - name: run
# hostPath:
# path: /run/promtail
# - hostPath:
# path: /var/lib/docker/containers
# name: docker
# - hostPath:
# path: /var/log/pods
# name: pods
---
Reference in New Issue View Git Blame Copy Permalink