Added promtail

.pre-commit-config.yaml

@@ -21,7 +21,9 @@ repos:
     hooks:
       - id: kubeconform
 
-  - repo: https://github.com/tarioch/flux-check-hook
+  # Linting does not work with external values.yaml
-    rev: v0.8.0
+  # TODO: Include url to schema in values.yaml and validate based on that?
-    hooks:
+  # - repo: https://github.com/tarioch/flux-check-hook
-      - id: check-flux-helm-values
+  #   rev: v0.8.0
+  #   hooks:
+  #     - id: check-flux-helm-values

clusters/titan.lan.huizinga.dev/infra/kustomization.yaml

@@ -13,6 +13,7 @@ resources:
   - ./../../../infra/kube-vip
   - ./../../../infra/kyverno
   - ./../../../infra/lldap
+  - ./../../../infra/loki
   - ./../../../infra/node-feature-discovery
   - ./../../../infra/rook-ceph
   - ./../../../infra/topolvm

infra/loki/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./loki.yaml
+  - ./promtail.yaml

infra/loki/loki.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: loki
+  namespace: flux-system
+  labels:
+    alert: flux-infra
+spec:
+  interval: 15m
+  path: ./infra/loki/loki
+  dependsOn:
+    - name: rook-ceph
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true

infra/loki/loki/helm-release.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: loki
+spec:
+  chart:
+    spec:
+      chart: loki
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: grafana
+      version: 6.29.0
+  interval: 15m
+  timeout: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: loki-values

infra/loki/loki/helm-repository.yaml

@@ -0,0 +1,7 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: grafana
+spec:
+  interval: 15m
+  url: https://grafana.github.io/helm-charts

infra/loki/loki/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: loki
+resources:
+  - ./namespace.yaml
+  - ./object-bucket-claim-chunks.yaml
+  - ./object-bucket-claim-ruler.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: loki-values
+    files:
+      - ./values.yaml

infra/loki/loki/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: loki

infra/loki/loki/object-bucket-claim-chunks.yaml

@@ -0,0 +1,7 @@
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: chunks
+spec:
+  generateBucketName: chunks
+  storageClassName: ceph-bucket

infra/loki/loki/object-bucket-claim-ruler.yaml

@@ -0,0 +1,7 @@
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: ruler
+spec:
+  generateBucketName: ruler
+  storageClassName: ceph-bucket

infra/loki/loki/values.yaml

@@ -0,0 +1,100 @@
+global:
+  extraArgs:
+    - -config.expand-env=true
+  extraEnvFrom:
+    - secretRef:
+        name: chunks
+      prefix: CHUNKS_
+    - configMapRef:
+        name: chunks
+      prefix: CHUNKS_
+    - secretRef:
+        name: ruler
+      prefix: RULER_
+    - configMapRef:
+        name: ruler
+      prefix: RULER_
+
+loki:
+  schemaConfig:
+    configs:
+      - from: "2024-04-01"
+        store: tsdb
+        object_store: s3
+        schema: v13
+        index:
+          prefix: loki_index_
+          period: 24h
+  pattern_ingester:
+    enabled: true
+  limits_config:
+    allow_structured_metadata: true
+    volume_enabled: true
+    retention_period: 672h # 28 days retention
+  querier:
+    max_concurrent: 4
+
+  storage:
+    type: s3
+    bucketNames:
+      chunks: "${CHUNKS_BUCKET_NAME}"
+      ruler: "${RULER_BUCKET_NAME}"
+    s3:
+      # s3 URL can be used to specify the endpoint, access key, secret key, and bucket name this works well for S3 compatible storages or if you are hosting Loki on-premises and want to use S3 as the storage backend. Either use the s3 URL or the individual fields below (AWS endpoint, region, secret).
+      # s3: s3://access_key:secret_access_key@custom_endpoint/bucket_name
+      # AWS endpoint URL
+      endpoint: "${CHUNKS_BUCKET_HOST}"
+      # AWS region where the S3 bucket is located
+      region: "${CHUNKS_BUCKET_REGION}"
+      # AWS secret access key
+      secretAccessKey: "${CHUNKS_SECRET_ACCESS_KEY}"
+      # AWS access key ID
+      accessKeyId: "${CHUNKS_ACCESS_KEY_ID}"
+      # AWS signature version (e.g., v2 or v4)
+      # signatureVersion: <your-signature-version>
+      # Forces the path style for S3 (true/false)
+      s3ForcePathStyle: true
+      # Allows insecure (HTTP) connections (true/false)
+      insecure: true
+      # HTTP configuration settings
+      # http_config: {}
+  # NOTE: Normally these values are set from loki.storage, however we do not use the same credentials so we have to overwrite the values
+  rulerConfig:
+    storage:
+      type: s3
+      s3:
+        bucketnames: ${RULER_BUCKET_NAME}
+        endpoint: ${RULER_BUCKET_HOST}
+        region: ${RULER_BUCKET_REGION}
+        secret_access_key: ${RULER_SECRET_ACCESS_KEY}
+        access_key_id: ${RULER_ACCESS_KEY_ID}
+        s3forcepathstyle: true
+        insecure: true
+
+deploymentMode: SimpleScalable
+
+backend:
+  replicas: 3
+
+  # NOTE: There appears to be an error in the helm chart, it uses extraEnv instead of extraEnvFrom from global
+  extraEnvFrom:
+    - secretRef:
+        name: chunks
+      prefix: CHUNKS_
+    - configMapRef:
+        name: chunks
+      prefix: CHUNKS_
+    - secretRef:
+        name: ruler
+      prefix: RULER_
+    - configMapRef:
+        name: ruler
+      prefix: RULER_
+read:
+  replicas: 3
+write:
+  replicas: 3
+
+# Disable minio storage
+minio:
+  enabled: false

infra/loki/promtail.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: promtail
+  namespace: flux-system
+  labels:
+    alert: flux-infra
+spec:
+  interval: 15m
+  path: ./infra/loki/promtail
+  dependsOn:
+    - name: loki
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true

infra/loki/promtail/helm-release.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: promtail
+spec:
+  chart:
+    spec:
+      chart: promtail
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: grafana
+      version: 6.16.6
+  interval: 15m
+  timeout: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: promtail-values

infra/loki/promtail/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: loki
+resources:
+  - ./helm-release.yaml
+
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: promtail-values
+    files:
+      - ./values.yaml

infra/loki/promtail/values.yaml

@@ -0,0 +1,14 @@
+initContainer:
+  # -- Specifies whether the init container for setting inotify max user instances is to be enabled
+  - name: init
+    # -- Docker registry, image and tag for the init container image
+    image: docker.io/busybox:1.33
+    # -- Docker image pull policy for the init container image
+    imagePullPolicy: IfNotPresent
+    # -- The inotify max user instances to configure
+    command:
+      - sh
+      - -c
+      - sysctl -w fs.inotify.max_user_instances=512
+    securityContext:
+      privileged: true