233 lines
4.9 KiB
YAML
233 lines
4.9 KiB
YAML
apiVersion: policy/v1beta1
|
|
kind: PodSecurityPolicy
|
|
metadata:
|
|
name: loki
|
|
labels:
|
|
app.kubernetes.io/name: loki
|
|
spec:
|
|
privileged: false
|
|
allowPrivilegeEscalation: false
|
|
volumes:
|
|
- 'configMap'
|
|
- 'emptyDir'
|
|
- 'persistentVolumeClaim'
|
|
- 'secret'
|
|
- 'projected'
|
|
- 'downwardAPI'
|
|
hostNetwork: false
|
|
hostIPC: false
|
|
hostPID: false
|
|
runAsUser:
|
|
rule: 'MustRunAsNonRoot'
|
|
seLinux:
|
|
rule: 'RunAsAny'
|
|
supplementalGroups:
|
|
rule: 'MustRunAs'
|
|
ranges:
|
|
- min: 1
|
|
max: 65535
|
|
fsGroup:
|
|
rule: 'MustRunAs'
|
|
ranges:
|
|
- min: 1
|
|
max: 65535
|
|
readOnlyRootFilesystem: true
|
|
requiredDropCapabilities:
|
|
- ALL
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: loki
|
|
namespace: monitoring
|
|
labels:
|
|
app.kubernetes.io/name: loki
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: loki
|
|
namespace: monitoring
|
|
labels:
|
|
app.kubernetes.io/name: loki
|
|
data:
|
|
loki.yaml: |
|
|
auth_enabled: false
|
|
chunk_store_config:
|
|
max_look_back_period: 0s
|
|
compactor:
|
|
shared_store: filesystem
|
|
working_directory: /data/loki/boltdb-shipper-compactor
|
|
ingester:
|
|
chunk_block_size: 262144
|
|
chunk_idle_period: 3m
|
|
chunk_retain_period: 1m
|
|
lifecycler:
|
|
ring:
|
|
kvstore:
|
|
store: inmemory
|
|
replication_factor: 1
|
|
max_transfer_retries: 0
|
|
limits_config:
|
|
enforce_metric_name: false
|
|
reject_old_samples: true
|
|
reject_old_samples_max_age: 168h
|
|
schema_config:
|
|
configs:
|
|
- from: "2020-10-24"
|
|
index:
|
|
period: 24h
|
|
prefix: index_
|
|
object_store: filesystem
|
|
schema: v11
|
|
store: boltdb-shipper
|
|
server:
|
|
http_listen_port: 3100
|
|
storage_config:
|
|
boltdb_shipper:
|
|
active_index_directory: /data/loki/boltdb-shipper-active
|
|
cache_location: /data/loki/boltdb-shipper-cache
|
|
cache_ttl: 24h
|
|
shared_store: filesystem
|
|
filesystem:
|
|
directory: /data/loki/chunks
|
|
table_manager:
|
|
retention_deletes_enabled: true
|
|
retention_period: 720h
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: loki
|
|
namespace: monitoring
|
|
labels:
|
|
app.kubernetes.io/name: loki
|
|
rules:
|
|
- apiGroups: ['extensions']
|
|
resources: ['podsecuritypolicies']
|
|
verbs: ['use']
|
|
resourceNames: [loki]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: loki
|
|
namespace: monitoring
|
|
labels:
|
|
app.kubernetes.io/name: loki
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: loki
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: loki
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: loki-headless
|
|
namespace: monitoring
|
|
labels:
|
|
app.kubernetes.io/name: loki
|
|
variant: headless
|
|
spec:
|
|
clusterIP: None
|
|
ports:
|
|
- port: 3100
|
|
protocol: TCP
|
|
name: http-metrics
|
|
targetPort: http-metrics
|
|
selector:
|
|
app.kubernetes.io/name: loki
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: loki
|
|
namespace: monitoring
|
|
labels:
|
|
app.kubernetes.io/name: loki
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 3100
|
|
protocol: TCP
|
|
name: http-metrics
|
|
targetPort: http-metrics
|
|
selector:
|
|
app.kubernetes.io/name: loki
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: loki
|
|
namespace: monitoring
|
|
labels:
|
|
app.kubernetes.io/name: loki
|
|
spec:
|
|
podManagementPolicy: OrderedReady
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: loki
|
|
serviceName: loki-headless
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: loki
|
|
annotations:
|
|
prometheus.io/port: http-metrics
|
|
prometheus.io/scrape: "true"
|
|
spec:
|
|
serviceAccountName: loki
|
|
securityContext:
|
|
fsGroup: 10001
|
|
runAsGroup: 10001
|
|
runAsNonRoot: true
|
|
runAsUser: 10001
|
|
containers:
|
|
- name: loki
|
|
image: "grafana/loki:2.2.1"
|
|
imagePullPolicy: IfNotPresent
|
|
args:
|
|
- "-config.file=/etc/loki/loki.yaml"
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/loki
|
|
- name: storage
|
|
mountPath: "/data"
|
|
subPath:
|
|
ports:
|
|
- name: http-metrics
|
|
containerPort: 3100
|
|
protocol: TCP
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: http-metrics
|
|
initialDelaySeconds: 45
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: http-metrics
|
|
initialDelaySeconds: 45
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
terminationGracePeriodSeconds: 4800
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: loki
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: storage
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: "10Gi"
|
|
storageClassName: scw-bssd
|
|
|