diff --git a/production/README.md b/production/README.md index 59114fee98bc0..b828536010133 100644 --- a/production/README.md +++ b/production/README.md @@ -1,9 +1,10 @@ # Running Loki -Currently there are four ways to try out Loki, in order from easier to hardest: +Currently there are five ways to try out Loki, in order from easier to hardest: - [Using our free hosted demo](#free-hosted-demo) - [Running it locally with Docker](#run-locally-using-docker) +- [Using Helm to deploy on Kubernetes](helm/) - [Building from source](#build-and-run-from-source) - [Using our Ksonnet config to run a fully-blown production setup](ksonnet/) diff --git a/production/helm/Chart.yaml b/production/helm/Chart.yaml new file mode 100644 index 0000000000000..3ec1773e637b6 --- /dev/null +++ b/production/helm/Chart.yaml @@ -0,0 +1,13 @@ +name: loki +version: 0.0.1 +appVersion: 0.0.1 +kubeVersion: "^1.10.0-0" +description: "Loki: like Prometheus, but for logs." +home: https://grafana.com/loki +icon: https://github.com/grafana/loki/raw/master/docs/logo.png +sources: + - https://github.com/grafana/loki +maintainers: + - name: Loki Maintainers + email: lokiproject@googlegroups.com +engine: gotpl \ No newline at end of file diff --git a/production/helm/README.md b/production/helm/README.md new file mode 100644 index 0000000000000..2e204ef33f45d --- /dev/null +++ b/production/helm/README.md @@ -0,0 +1,45 @@ +# Deploy Loki to Kubernetes with Helm + +## Prerequisites + +Make sure you have the helm configure on your cluster: + +```bash +$ helm init +``` + +Clone `grafana/loki` repository and navigate to `production helm` directory: + +```bash +$ git clone https://github.com/grafana/loki.git +$ cd loki/production/helm +``` + +## Deploy Loki and Promtail to your cluster + +```bash +$ helm install . -n loki --namespace +``` + +## Deploy Grafana to your cluster + +To install Grafana on your cluster with helm, use the following command: + +```bash +$ helm install stable/grafana -n loki-grafana -f grafana.yaml --namespace +``` + +To get the admin password for the Grafana pod, run the following command: + +```bash +$ kubectl get secret --namespace loki-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo +``` + +To access the Grafana UI, run the following command: + +```bash +$ kubectl port-forward --namespace service/loki-grafana 3000:80 +``` + +Navigate to http://localhost:3000 and login with `admin` and the password output above. +Then follow the [instructions for adding the loki datasource](/docs/usage.md), using the URL `http://loki:3100/`. diff --git a/production/helm/grafana.yaml b/production/helm/grafana.yaml new file mode 100644 index 0000000000000..0614cdfd3906c --- /dev/null +++ b/production/helm/grafana.yaml @@ -0,0 +1,5 @@ +image: + tag: master + +env: + GF_EXPLORE_ENABLED: true \ No newline at end of file diff --git a/production/helm/templates/loki/_helpers.tpl b/production/helm/templates/loki/_helpers.tpl new file mode 100644 index 0000000000000..2e333aae60f88 --- /dev/null +++ b/production/helm/templates/loki/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "loki.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "loki.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "loki.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "loki.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "loki.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/production/helm/templates/loki/configmap.yaml b/production/helm/templates/loki/configmap.yaml new file mode 100644 index 0000000000000..12718ceed1643 --- /dev/null +++ b/production/helm/templates/loki/configmap.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "loki.fullname" . }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + loki.yaml: | + auth_enabled: {{ .Values.loki.config.auth_enabled }} + + server: + http_listen_port: {{ .Values.loki.service.port }} + + ingester: + lifecycler: + ring: + store: {{ .Values.loki.config.ingester.lifecycler.ring.store }} + replication_factor: {{ .Values.loki.config.ingester.lifecycler.ring.replication_factor }} + +{{- if .Values.loki.config.schema_configs }} + schema_config: + configs: + {{- range .Values.loki.config.schema_configs }} + - from: {{ .from }} + store: {{ .store }} + object_store: {{ .object_store }} + schema: {{ .schema }} + index: + prefix: {{ .index.prefix }} + period: {{ .index.period }} + {{- end -}} +{{- end -}} + +{{- if .Values.loki.config.storage_configs }} + storage_config: + {{- range .Values.loki.config.storage_configs }} + {{ .name }}: + directory: {{ .directory }} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/production/helm/templates/loki/deployment.yaml b/production/helm/templates/loki/deployment.yaml new file mode 100644 index 0000000000000..b491d6ff21db2 --- /dev/null +++ b/production/helm/templates/loki/deployment.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ template "loki.fullname" . }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.loki.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.loki.replicas }} + selector: + matchLabels: + app: {{ template "loki.name" . }} + release: {{ .Release.Name }} + strategy: + type: {{ .Values.loki.deploymentStrategy }} + {{- if ne .Values.loki.deploymentStrategy "RollingUpdate" }} + rollingUpdate: null + {{- end }} + template: + metadata: + labels: + app: {{ template "loki.name" . }} + release: {{ .Release.Name }} +{{- with .Values.loki.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + serviceAccountName: {{ template "loki.serviceAccountName" . }} +{{- if .Values.loki.priorityClassName }} + priorityClassName: {{ .Values.loki.priorityClassName }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.loki.image.repository }}:{{ .Values.loki.image.tag }}" + imagePullPolicy: {{ .Values.loki.image.pullPolicy }} + args: + - "-config.file=/etc/loki/loki.yaml" + volumeMounts: + - name: config + mountPath: /etc/loki + ports: + - name: {{ template "loki.name" . }} + containerPort: {{ .Values.loki.service.port }} + protocol: TCP +{{- with .Values.loki.livenessProbe }} + livenessProbe: +{{ toYaml . | indent 12 }} +{{- end }} +{{- with .Values.loki.readinessProbe }} + readinessProbe: +{{ toYaml . | indent 12 }} +{{- end }} +{{- with .Values.loki.resources }} + resources: +{{ toYaml . | indent 12 }} +{{- end }} + {{- with .Values.loki.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.loki.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.loki.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "loki.fullname" . }} \ No newline at end of file diff --git a/production/helm/templates/loki/podsecuritypolicy.yaml b/production/helm/templates/loki/podsecuritypolicy.yaml new file mode 100644 index 0000000000000..a7c875191692e --- /dev/null +++ b/production/helm/templates/loki/podsecuritypolicy.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: extensions/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "loki.fullname" . }} + labels: + app: {{ template "loki.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'configMap' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: false +{{- end }} \ No newline at end of file diff --git a/production/helm/templates/loki/role.yaml b/production/helm/templates/loki/role.yaml new file mode 100644 index 0000000000000..cc09eb3de8262 --- /dev/null +++ b/production/helm/templates/loki/role.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ template "loki.fullname" . }} + labels: + app: {{ template "loki.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- if .Values.rbac.pspEnabled }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "loki.fullname" . }}] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/production/helm/templates/loki/rolebinding.yaml b/production/helm/templates/loki/rolebinding.yaml new file mode 100644 index 0000000000000..587ac9585a7a3 --- /dev/null +++ b/production/helm/templates/loki/rolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ template "loki.fullname" . }} + labels: + app: {{ template "loki.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "loki.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "loki.serviceAccountName" . }} +{{- end -}} \ No newline at end of file diff --git a/production/helm/templates/loki/service.yaml b/production/helm/templates/loki/service.yaml new file mode 100644 index 0000000000000..db03cf4a67a90 --- /dev/null +++ b/production/helm/templates/loki/service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "loki.fullname" . }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.loki.service.labels }} +{{ toYaml .Values.loki.service.labels | indent 4 }} +{{- end }} +{{- with .Values.loki.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + ports: + - name: {{ template "loki.name" . }} + port: {{ .Values.loki.service.port }} + protocol: TCP + targetPort: {{ .Values.loki.service.port }} + selector: + app: {{ template "loki.name" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/production/helm/templates/loki/serviceaccount.yaml b/production/helm/templates/loki/serviceaccount.yaml new file mode 100644 index 0000000000000..5ad0dcf6d50af --- /dev/null +++ b/production/helm/templates/loki/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "loki.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "loki.serviceAccountName" . }} +{{- end }} \ No newline at end of file diff --git a/production/helm/templates/promtail/_helpers.tpl b/production/helm/templates/promtail/_helpers.tpl new file mode 100644 index 0000000000000..a1a5bccefc7c0 --- /dev/null +++ b/production/helm/templates/promtail/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "promtail.name" -}} +{{- default .Chart.Name .Values.promtail.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "promtail.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.promtail.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "promtail.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "promtail.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "promtail.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/production/helm/templates/promtail/clusterrole.yaml b/production/helm/templates/promtail/clusterrole.yaml new file mode 100644 index 0000000000000..84bff8d2e3f6e --- /dev/null +++ b/production/helm/templates/promtail/clusterrole.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: {{ template "promtail.name" . }} + chart: {{ template "promtail.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.promtail.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "promtail.fullname" . }}-clusterrole +rules: +- apiGroups: [""] # "" indicates the core API group + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: ["get", "watch", "list"] +{{- end}} \ No newline at end of file diff --git a/production/helm/templates/promtail/clusterrolebinding.yaml b/production/helm/templates/promtail/clusterrolebinding.yaml new file mode 100644 index 0000000000000..f958a38915ad5 --- /dev/null +++ b/production/helm/templates/promtail/clusterrolebinding.yaml @@ -0,0 +1,23 @@ +{{- if .Values.rbac.create }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "promtail.fullname" . }}-clusterrolebinding + labels: + app: {{ template "promtail.name" . }} + chart: {{ template "promtail.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.promtail.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: {{ template "promtail.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "promtail.fullname" . }}-clusterrole + apiGroup: rbac.authorization.k8s.io +{{- end}} \ No newline at end of file diff --git a/production/helm/templates/promtail/configmap.yaml b/production/helm/templates/promtail/configmap.yaml new file mode 100644 index 0000000000000..c7f9c2ce023ac --- /dev/null +++ b/production/helm/templates/promtail/configmap.yaml @@ -0,0 +1,78 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "promtail.fullname" . }} + labels: + app: {{ template "promtail.name" . }} + chart: {{ template "promtail.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + promtail.yaml: | + scrape_configs: + - job_name: kubernetes-pods + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: ^$ + source_labels: + - __meta_kubernetes_pod_label_name + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_pod_label_name + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: instance + - replacement: /var/log/pods/$1 + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ + - job_name: kubernetes-pods-app + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: ^$ + source_labels: + - __meta_kubernetes_pod_label_app + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_pod_label_app + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: instance + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - replacement: /var/log/pods/$1 + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ \ No newline at end of file diff --git a/production/helm/templates/promtail/daemonset.yaml b/production/helm/templates/promtail/daemonset.yaml new file mode 100644 index 0000000000000..8da09af44c6de --- /dev/null +++ b/production/helm/templates/promtail/daemonset.yaml @@ -0,0 +1,98 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: {{ template "promtail.fullname" . }} + labels: + app: {{ template "promtail.name" . }} + chart: {{ template "promtail.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.promtail.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.promtail.replicas }} + selector: + matchLabels: + app: {{ template "promtail.name" . }} + release: {{ .Release.Name }} + strategy: + type: {{ .Values.promtail.deploymentStrategy }} + {{- if ne .Values.promtail.deploymentStrategy "RollingUpdate" }} + rollingUpdate: null + {{- end }} + template: + metadata: + labels: + app: {{ template "promtail.name" . }} + release: {{ .Release.Name }} +{{- with .Values.promtail.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + serviceAccountName: {{ template "promtail.serviceAccountName" . }} +{{- if .Values.promtail.priorityClassName }} + priorityClassName: {{ .Values.promtail.priorityClassName }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.promtail.image.repository }}:{{ .Values.promtail.image.tag }}" + imagePullPolicy: {{ .Values.promtail.image.pullPolicy }} + args: + - "-config.file=/etc/promtail/promtail.yaml" + - "-client.url=http://{{ template "loki.fullname" . }}:{{ .Values.loki.service.port }}/api/prom/push" + volumeMounts: + - name: config + mountPath: /etc/promtail + - name: varlog + mountPath: /var/log + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + ports: + - containerPort: 80 + name: http-metrics + securityContext: + privileged: true + runAsUser: 0 +{{- with .Values.promtail.livenessProbe }} + livenessProbe: +{{ toYaml . | indent 12 }} +{{- end }} +{{- with .Values.promtail.readinessProbe }} + readinessProbe: +{{ toYaml . | indent 12 }} +{{- end }} +{{- with .Values.promtail.resources }} + resources: +{{ toYaml . | indent 12 }} +{{- end }} + {{- with .Values.promtail.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.promtail.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.promtail.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "promtail.fullname" . }} + - name: varlog + hostPath: + path: /var/log + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers \ No newline at end of file diff --git a/production/helm/templates/promtail/podsecuritypolicy.yaml b/production/helm/templates/promtail/podsecuritypolicy.yaml new file mode 100644 index 0000000000000..72e57f3524895 --- /dev/null +++ b/production/helm/templates/promtail/podsecuritypolicy.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: extensions/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "promtail.fullname" . }} + labels: + app: {{ template "promtail.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + privileged: true + allowPrivilegeEscalation: true + volumes: + - 'secret' + - 'configMap' + - 'hostPath' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: false + {{- end }} \ No newline at end of file diff --git a/production/helm/templates/promtail/role.yaml b/production/helm/templates/promtail/role.yaml new file mode 100644 index 0000000000000..4de03d9e28bee --- /dev/null +++ b/production/helm/templates/promtail/role.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ template "promtail.fullname" . }} + labels: + app: {{ template "promtail.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- if .Values.rbac.pspEnabled }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "promtail.fullname" . }}] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/production/helm/templates/promtail/rolebinding.yaml b/production/helm/templates/promtail/rolebinding.yaml new file mode 100644 index 0000000000000..b23fb1374b09a --- /dev/null +++ b/production/helm/templates/promtail/rolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ template "promtail.fullname" . }} + labels: + app: {{ template "promtail.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "promtail.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "promtail.serviceAccountName" . }} +{{- end -}} \ No newline at end of file diff --git a/production/helm/templates/promtail/serviceaccount.yaml b/production/helm/templates/promtail/serviceaccount.yaml new file mode 100644 index 0000000000000..cce8581e20fad --- /dev/null +++ b/production/helm/templates/promtail/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "promtail.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "promtail.serviceAccountName" . }} +{{- end }} \ No newline at end of file diff --git a/production/helm/values.yaml b/production/helm/values.yaml new file mode 100644 index 0000000000000..4628fbef0a232 --- /dev/null +++ b/production/helm/values.yaml @@ -0,0 +1,130 @@ +rbac: + create: true + pspEnabled: true + +serviceAccount: + create: true + name: + +loki: + replicas: 1 + deploymentStrategy: RollingUpdate + + image: + repository: grafana/loki + tag: master + pullPolicy: IfNotPresent + + service: + port: 3100 + annotations: {} + labels: {} + + readinessProbe: {} + + livenessProbe: {} + + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + ## Pod Annotations + # podAnnotations: {} + + ## Deployment annotations + # annotations: {} + + ## Assign a PriorityClassName to pods if set + # priorityClassName: + + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + + ## Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + + config: + auth_enabled: false + ingester: + lifecycler: + ring: + store: inmemory + replication_factor: 1 + schema_configs: + - from: 0 + store: boltdb + object_store: filesystem + schema: v9 + index: + prefix: index_ + period: 168h + storage_configs: + - name: boltdb + directory: /tmp/loki/index + - name: filesystem + directory: /tmp/loki/chunks + +promtail: + nameOverride: promtail + replicas: 1 + deploymentStrategy: RollingUpdate + + image: + repository: grafana/promtail + tag: master + pullPolicy: IfNotPresent + + service: + port: 3100 + annotations: {} + labels: {} + + readinessProbe: {} + + livenessProbe: {} + + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + ## Pod Annotations + # podAnnotations: {} + + ## Deployment annotations + # annotations: {} + + ## Assign a PriorityClassName to pods if set + # priorityClassName: + + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + + ## Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} \ No newline at end of file