rework Loki
All checks were successful
ci/woodpecker/push/dashboard Pipeline was successful

This commit is contained in:
Aaron Riedel 2024-10-03 14:16:28 +02:00
parent f2a6cf73da
commit 3bed5fc4a4
Signed by: aaron
GPG key ID: 643004654D40D577
4 changed files with 134 additions and 12 deletions

6
loki/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ./secret-generator.yaml
resources:
- ./namespace.yaml

View file

@ -0,0 +1,10 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./secret.yaml

47
loki/secret.yaml Normal file
View file

@ -0,0 +1,47 @@
apiVersion: v1
kind: Secret
metadata:
namespace: logs
name: loki-bucket-secret
type: Opaque
stringData:
S3_LOKI_ACCESS_KEY_ID: ENC[AES256_GCM,data:EK9PR0EZO6gwCFAB/DRg1OuAm10=,iv:kk8xWafJlJpkgty8m2klv/EMSHZvxm/rYDlkUG0Hoh4=,tag:tvRhZ3Han4Bh02f0wZx9sw==,type:str]
S3_LOKI_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:OyQ5QTQz0Bznki15bkOfMm9StPfXGRbJyyAnVPnif+MixMss5Ugvuw==,iv:s4B4HQBKR2hV6GIWD6Vvfx4TkijVdchV0nP4YDf+FvY=,tag:QrlLcr2rqpMMVo+GHzG/aw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeDNSblZkQ3BndWNEcXdl
Q3l1ZkU5NEV3UTkvY2dmK2xWK1RLRFVUOFM0CkFWV1RodkZHbGtEVm1CUmlkRGZK
YTNhT0hCVERSRUdmQVdVOVlPYVc2bG8KLS0tIDdVdmpiT1hxZExadUdMcWl5Mkdq
ZjFFWHh2bWNBSE5MeEJ1S00zOWpGU3cKPOjdYqv1dKlpfrE4CwyjTM27W/O2ax9k
XHVBDtg9E9g4d5E1Mf3o+bfWl96wVteVr/W5ZaGE/WRSqIa+nBC4rA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TXVpRlFTYVRQR3Nid1Ir
ODRuTFVVQkFpSCtIZzR3YkRPR05vbituOFRBCllQVkdja1RHaXl5c2VERlV4SjE5
UWt1RkNlRHF6WFJwMk9qZU1XZEwwTjgKLS0tIHBWUSs5a0VWNHkzakNzZmdmUlkw
Rk9FSTFMYnA1V1pyakxDSlVzVzhKS3cKSFJ0H4Z5Q8FzrpRWUUQgpBj+nSdNT9yR
ZeF3+hZZCQwIaMTxq8RXq6zyUtQsLRXUnPl+59NmPmNKaPkKi8X9tA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZUZMYXZHWXpYN0ZYNE5J
bmIxWWhGcko2enJBdnpjdTFUY3RwMnZIaFc0Cmo1NHZVMzFxK2Y3K3UxWHB3UnQr
UmV6bzl2Rk1xMVF6NXM4MmdMeWVKZnMKLS0tIFBEZG5RTE4zNXNJYTlxd2VxRW5p
YklZWHhseUp6d1AwRHp6QnRBL3JWZ3MKO19rYxmCZDro3x83aM5oHI26TpITblCU
X40297QCc2pWWfYSfGa3H3IUZMFe5STvPGoKUhRWZ+XMqYb6c2kp/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-03T12:15:16Z"
mac: ENC[AES256_GCM,data:59efYmiDE6RzTR6H7qd9ujfmRXmW7NNQVdX4viU5OWMHTGCN0Yf7rDFbPLSlagUFbAImGZgcSZ6hD9qwk4Xl4PIoVwQ6P9nGky6tI4ljEjQPvzceSSeMvhDyvrrDryr+qs2E6aeLCJF4uHXa7u/XhgvxsN6teFeFLg9SjJzjkEY=,iv:/bQd9wn+5FuPcF9HsgeZuzpzLusaJXYGQn8Pj5VHlWU=,tag:BxMtpEEG2OvGZA+n/OdJeA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.0

View file

@ -1,14 +1,7 @@
minio:
enabled: true
replicas: 3
drivesPerNode: 2
persistence:
size: 15Gi
storageClass: longhorn-local
loki:
auth_enabled: false
persistence:
size: 30Gi
size: 10Gi
schemaConfig:
configs:
- from: 2024-04-14
@ -19,20 +12,86 @@ loki:
prefix: index_
period: 24h
limits_config:
retention_period: 168h
retention_period: 24h
compactor:
compaction_interval: 15m
retention_enabled: true
retention_delete_delay: 1h
retention_delete_worker_count: 150
delete_request_store: s3
storage:
bucketNames:
chunks: yolokube-logs
s3:
endpoint: https://fsn1.your-objectstorage.com
s3: s3://yolokube-logs
s3forcepathstyle: true
accessKeyId: ${S3_LOKI_ACCESS_KEY_ID}
secretAccessKey: ${S3_LOKI_SECRET_ACCESS_KEY}
monitoring:
selfMonitoring:
grafanaAgent:
installOperator: false
dashboards:
enabled: true
serviceMonitor:
enabled: true
read:
extraArgs:
- '-config.expand-env=true'
extraEnv:
- name: S3_LOKI_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: loki-bucket-secret
key: S3_LOKI_ACCESS_KEY_ID
- name: S3_LOKI_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: loki-bucket-secret
key: S3_LOKI_SECRET_ACCESS_KEY
write:
extraArgs:
- '-config.expand-env=true'
extraEnv:
- name: S3_LOKI_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: loki-bucket-secret
key: S3_LOKI_ACCESS_KEY_ID
- name: S3_LOKI_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: loki-bucket-secret
key: S3_LOKI_SECRET_ACCESS_KEY
persistence:
storageClass: longhorn-local
backend:
extraArgs:
- '-config.expand-env=true'
extraEnv:
- name: S3_LOKI_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: loki-bucket-secret
key: S3_LOKI_ACCESS_KEY_ID
- name: S3_LOKI_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: loki-bucket-secret
key: S3_LOKI_SECRET_ACCESS_KEY
persistence:
storageClass: longhorn-local
compactor:
extraArgs:
- '-config.expand-env=true'
extraEnv:
- name: S3_LOKI_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: loki-bucket-secret
key: S3_LOKI_ACCESS_KEY_ID
- name: S3_LOKI_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: loki-bucket-secret
key: S3_LOKI_SECRET_ACCESS_KEY
persistence:
storageClass: longhorn-local