core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding dependencies, binary autostart

Browse Source
This commit is contained in:
plm
2024-12-16 14:55:43 +01:00
parent 5e1503f0bc
commit 10b01fdc40
318 changed files with 47355 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

184
opencloud/charts/loki/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,184 @@
***********************************************************************
Welcome to Grafana Loki
Chart version: {{ .Chart.Version }}
Chart Name: {{ .Chart.Name }}
Loki version: {{ .Chart.AppVersion }}
***********************************************************************
** Please be patient while the chart is being deployed **
Tip:
Watch the deployment status using the command: kubectl get pods -w --namespace {{ $.Release.Namespace }}
If pods are taking too long to schedule make sure pod affinity can be fulfilled in the current cluster.
***********************************************************************
Installed components:
***********************************************************************
{{- if .Values.monitoring.selfMonitoring.enabled }}
* grafana-agent-operator
{{- end }}
{{- if eq (include "loki.deployment.isSingleBinary" .) "true" }}
* loki
{{- else -}}
{{- if .Values.gateway.enabled }}
* gateway
{{- end }}
{{- if .Values.minio.enabled }}
* minio
{{- end }}
{{- if eq (include "loki.deployment.isScalable" .) "true" }}
* read
* write
{{- if not .Values.read.legacyReadTarget }}
* backend
{{- end }}
{{- else }}
* compactor
* index gateway
* query scheduler
* ruler
* distributor
* ingester
* querier
* query frontend
{{- end }}
{{- end }}
{{- if eq (include "loki.deployment.isSingleBinary" .) "true" }}
Loki has been deployed as a single binary.
This means a single pod is handling reads and writes. You can scale that pod vertically by adding more CPU and memory resources.
{{- end }}
***********************************************************************
Sending logs to Loki
***********************************************************************
{{- if .Values.gateway.enabled }}
Loki has been configured with a gateway (nginx) to support reads and writes from a single component.
{{- end }}
You can send logs from inside the cluster using the cluster DNS:
{{- if .Values.gateway.enabled }}
http://{{ include "loki.gatewayFullname" . }}.{{ $.Release.Namespace }}.svc.cluster.local/loki/api/v1/push
{{- else }}
{{- if eq (include "loki.deployment.isSingleBinary" .) "true" }}
http://{{ include "loki.singleBinaryFullname" . }}.{{ $.Release.Namespace }}.svc.cluster.local:{{ .Values.loki.server.http_listen_port }}/loki/api/v1/push
{{- end}}
{{- if eq (include "loki.deployment.isScalable" .) "true" }}
http://{{ include "loki.writeFullname" . }}.{{ $.Release.Namespace }}.svc.cluster.local:{{ .Values.loki.server.http_listen_port }}/loki/api/v1/push
{{- end }}
{{- if eq (include "loki.deployment.isDistributed" .) "true" }}
http://{{ include "loki.distributorFullname" . }}.{{ $.Release.Namespace }}.svc.cluster.local:3100/loki/api/v1/push
{{- end }}
{{- end }}
You can test to send data from outside the cluster by port-forwarding the gateway to your local machine:
{{- if .Values.gateway.enabled }}
kubectl port-forward --namespace {{ $.Release.Namespace }} svc/{{ include "loki.gatewayFullname" . }} 3100:{{ .Values.gateway.service.port }} &
{{- else }}
{{- if eq (include "loki.deployment.isSingleBinary" .) "true" }}
kubectl port-forward --namespace {{ $.Release.Namespace }} svc/{{ include "loki.singleBinaryFullname" . }} 3100:{{ .Values.loki.server.http_listen_port }} &
{{- end}}
{{- if eq (include "loki.deployment.isScalable" .) "true" }}
kubectl port-forward --namespace {{ $.Release.Namespace }} svc/{{ include "loki.writeFullname" . }} 3100:{{ .Values.loki.server.http_listen_port }} &
{{- end }}
{{- if eq (include "loki.deployment.isDistributed" .) "true" }}
kubectl port-forward --namespace {{ $.Release.Namespace }} svc/{{ include "loki.distributorFullname" . }} 3100:3100 &
{{- end }}
{{- end }}
And then using http://127.0.0.1:3100/loki/api/v1/push URL as shown below:
```
curl -H "Content-Type: application/json" -XPOST -s "http://127.0.0.1:3100/loki/api/v1/push" \
--data-raw "{\"streams\": [{\"stream\": {\"job\": \"test\"}, \"values\": [[\"$(date +%s)000000000\", \"fizzbuzz\"]]}]}"
{{- if .Values.loki.auth_enabled }} \
-H X-Scope-OrgId:foo
{{- end}}
```
Then verify that Loki did received the data using the following command:
```
curl "http://127.0.0.1:3100/loki/api/v1/query_range" --data-urlencode 'query={job="test"}' {{- if .Values.loki.auth_enabled }} -H X-Scope-OrgId:foo {{- end}} | jq .data.result
```
***********************************************************************
Connecting Grafana to Loki
***********************************************************************
If Grafana operates within the cluster, you'll set up a new Loki datasource by utilizing the following URL:
{{- if .Values.gateway.enabled }}
http://{{ include "loki.gatewayFullname" . }}.{{ $.Release.Namespace }}.svc.cluster.local/
{{- else }}
{{- if eq (include "loki.deployment.isSingleBinary" .) "true" }}
http://{{ include "loki.singleBinaryFullname" . }}.{{ $.Release.Namespace }}.svc.cluster.local:{{ .Values.loki.server.http_listen_port }}/
{{- end}}
{{- if eq (include "loki.deployment.isScalable" .) "true" }}
http://{{ include "loki.readFullname" . }}.{{ $.Release.Namespace }}.svc.cluster.local:{{ .Values.loki.server.http_listen_port }}/
{{- end }}
{{- if eq (include "loki.deployment.isDistributed" .) "true" }}
http://{{ include "loki.queryFrontendFullname" . }}.{{ $.Release.Namespace }}.svc.cluster.local:3100/
{{- end }}
{{- end }}
{{- if .Values.loki.auth_enabled }}
***********************************************************************
Multi-tenancy
***********************************************************************
Loki is configured with auth enabled (multi-tenancy) and expects tenant headers (`X-Scope-OrgID`) to be set for all API calls.
You must configure Grafana's Loki datasource using the `HTTP Headers` section with the `X-Scope-OrgID` to target a specific tenant.
For each tenant, you can create a different datasource.
The agent of your choice must also be configured to propagate this header.
For example, when using Promtail you can use the `tenant` stage. https://grafana.com/docs/loki/latest/send-data/promtail/stages/tenant/
When not provided with the `X-Scope-OrgID` while auth is enabled, Loki will reject reads and writes with a 404 status code `no org id`.
You can also use a reverse proxy, to automatically add the `X-Scope-OrgID` header as suggested by https://grafana.com/docs/loki/latest/operations/authentication/
For more information, read our documentation about multi-tenancy: https://grafana.com/docs/loki/latest/operations/multi-tenancy/
> When using curl you can pass `X-Scope-OrgId` header using `-H X-Scope-OrgId:foo` option, where foo can be replaced with the tenant of your choice.
{{- end }}

1132
opencloud/charts/loki/templates/_helpers.tpl Normal file
View File

File diff suppressed because it is too large Load Diff

24
opencloud/charts/loki/templates/admin-api/_helpers.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{/*
adminApi fullname
*/}}
{{- define "enterprise-logs.adminApiFullname" -}}
{{ include "loki.fullname" . }}-admin-api
{{- end }}
{{/*
adminApi common labels
*/}}
{{- define "enterprise-logs.adminApiLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: admin-api
target: admin-api
{{- end }}
{{/*
adminApi selector labels
*/}}
{{- define "enterprise-logs.adminApiSelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: admin-api
target: admin-api
{{- end }}

176
opencloud/charts/loki/templates/admin-api/deployment-admin-api.yaml Normal file
View File

@@ -0,0 +1,176 @@
{{- if .Values.enterprise.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "enterprise-logs.adminApiFullname" . }}
labels:
{{- include "enterprise-logs.adminApiLabels" . | nindent 4 }}
{{- with .Values.adminApi.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- with .Values.adminApi.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.adminApi.replicas }}
selector:
matchLabels:
{{- include "enterprise-logs.adminApiSelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.adminApi.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "enterprise-logs.adminApiSelectorLabels" . | nindent 8 }}
{{- with .Values.adminApi.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- if .Values.useExternalConfig }}
checksum/config: {{ .Values.externalConfigVersion }}
{{- else }}
checksum/config: {{ include "loki.configMapOrSecretContentHash" (dict "ctx" . "name" "/config.yaml") }}
{{- end}}
{{- with .Values.adminApi.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
{{- with .Values.adminApi.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "loki.serviceAccountName" . }}
{{- if .Values.adminApi.priorityClassName }}
priorityClassName: {{ .Values.adminApi.priorityClassName }}
{{- end }}
securityContext:
{{- toYaml .Values.adminApi.podSecurityContext | nindent 8 }}
initContainers:
# Taken from
# https://github.com/minio/charts/blob/a5c84bcbad884728bff5c9c23541f936d57a13b3/minio/templates/post-install-create-bucket-job.yaml
{{- if .Values.minio.enabled }}
- name: minio-mc
image: "{{ .Values.minio.mcImage.repository }}:{{ .Values.minio.mcImage.tag }}"
imagePullPolicy: {{ .Values.minio.mcImage.pullPolicy }}
command: ["/bin/sh", "/config/initialize"]
env:
- name: MINIO_ENDPOINT
value: {{ .Release.Name }}-minio
- name: MINIO_PORT
value: {{ .Values.minio.service.port | quote }}
volumeMounts:
- name: minio-configuration
mountPath: /config
{{- if .Values.minio.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.minio.configPathmc }}certs
{{ end }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.adminApi.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: admin-api
image: "{{ template "loki.image" . }}"
imagePullPolicy: {{ .Values.enterprise.image.pullPolicy }}
args:
- -target=admin-api
- -config.file=/etc/loki/config/config.yaml
{{- if .Values.minio.enabled }}
- -admin.client.backend-type=s3
- -admin.client.s3.endpoint={{ template "loki.minio" . }}
- -admin.client.s3.bucket-name=enterprise-logs-admin
- -admin.client.s3.access-key-id={{ .Values.minio.accessKey }}
- -admin.client.s3.secret-access-key={{ .Values.minio.secretKey }}
- -admin.client.s3.insecure=true
{{- end }}
{{- range $key, $value := .Values.adminApi.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: license
mountPath: /etc/loki/license
- name: storage
mountPath: /data
{{- if .Values.adminApi.extraVolumeMounts }}
{{ toYaml .Values.adminApi.extraVolumeMounts | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
readinessProbe:
{{- toYaml .Values.adminApi.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.adminApi.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.adminApi.containerSecurityContext | nindent 12 }}
env:
{{- if .Values.adminApi.env }}
{{ toYaml .Values.adminApi.env | nindent 12 }}
{{- end }}
{{- with .Values.adminApi.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.adminApi.extraContainers }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- toYaml .Values.adminApi.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.adminApi.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.adminApi.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.adminApi.terminationGracePeriodSeconds }}
volumes:
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
- name: storage
emptyDir: {}
{{- if .Values.adminApi.extraVolumes }}
{{ toYaml .Values.adminApi.extraVolumes | nindent 8 }}
{{- end }}
{{- if .Values.minio.enabled }}
- name: minio-configuration
projected:
sources:
- configMap:
name: {{ .Release.Name }}-minio
- secret:
name: {{ .Release.Name }}-minio
{{- if .Values.minio.tls.enabled }}
- name: cert-secret-volume-mc
secret:
secretName: {{ .Values.minio.tls.certSecret }}
items:
- key: {{ .Values.minio.tls.publicCrt }}
path: CAs/public.crt
{{- end }}
{{- end }}
{{- end }}

28
opencloud/charts/loki/templates/admin-api/service-admin-api.yaml Normal file
View File

@@ -0,0 +1,28 @@
{{- if .Values.enterprise.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "enterprise-logs.adminApiFullname" . }}
labels:
{{- include "enterprise-logs.adminApiLabels" . | nindent 4 }}
{{- with .Values.adminApi.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.adminApi.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 3100
protocol: TCP
targetPort: http-metrics
- name: grpc
port: 9095
protocol: TCP
targetPort: grpc
selector:
{{- include "enterprise-logs.adminApiSelectorLabels" . | nindent 4 }}
{{- end }}

32
opencloud/charts/loki/templates/backend/_helpers-backend.tpl Normal file
View File

@@ -0,0 +1,32 @@
{{/*
backend fullname
*/}}
{{- define "loki.backendFullname" -}}
{{ include "loki.name" . }}-backend
{{- end }}
{{/*
backend common labels
*/}}
{{- define "loki.backendLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: backend
{{- end }}
{{/*
backend selector labels
*/}}
{{- define "loki.backendSelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: backend
{{- end }}
{{/*
backend priority class name
*/}}
{{- define "loki.backendPriorityClassName" -}}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.backend.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}

20
opencloud/charts/loki/templates/backend/clusterrole.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if and (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
{{- include "loki.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "loki.fullname" . }}-clusterrole
{{- if .Values.sidecar.rules.enabled }}
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
{{- else }}
rules: []
{{- end }}
{{- end }}

25
opencloud/charts/loki/templates/backend/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- if (not .Values.rbac.namespaced) }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "loki.fullname" . }}-clusterrolebinding
labels:
{{- include "loki.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "loki.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
{{- if (not .Values.rbac.useExistingRole) }}
name: {{ template "loki.fullname" . }}-clusterrole
{{- else }}
name: {{ .Values.rbac.useExistingRole }}
{{- end }}
apiGroup: rbac.authorization.k8s.io
{{- end -}}

50
opencloud/charts/loki/templates/backend/hpa.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- $autoscalingv2 := .Capabilities.APIVersions.Has "autoscaling/v2" -}}
{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) ( .Values.backend.autoscaling.enabled ) }}
{{- if $autoscalingv2 }}
apiVersion: autoscaling/v2
{{- else }}
apiVersion: autoscaling/v2beta1
{{- end }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "loki.backendFullname" . }}
labels:
{{- include "loki.backendLabels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ include "loki.backendFullname" . }}
minReplicas: {{ .Values.backend.autoscaling.minReplicas }}
maxReplicas: {{ .Values.backend.autoscaling.maxReplicas }}
{{- with .Values.backend.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
metrics:
{{- with .Values.backend.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if $autoscalingv2 }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.backend.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if $autoscalingv2 }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- end }}

15
opencloud/charts/loki/templates/backend/poddisruptionbudget-backend.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- if and $isSimpleScalable (gt (int .Values.backend.replicas) 1) (not .Values.read.legacyReadTarget ) }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.backendFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.backendLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "loki.backendSelectorLabels" . | nindent 6 }}
maxUnavailable: 1
{{- end }}

34
opencloud/charts/loki/templates/backend/query-scheduler-discovery.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.querySchedulerFullname" . }}-discovery
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.backendSelectorLabels" . | nindent 4 }}
prometheus.io/service-monitor: "false"
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.backend.service.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: http-metrics
port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
- name: grpc
port: {{ .Values.loki.server.grpc_listen_port }}
targetPort: grpc
protocol: TCP
selector:
{{- include "loki.backendSelectorLabels" . | nindent 4 }}
{{- end }}

40
opencloud/charts/loki/templates/backend/service-backend-headless.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.backendFullname" . }}-headless
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.backendSelectorLabels" . | nindent 4 }}
{{- with .Values.loki.serviceLabels }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.backend.service.labels }}
{{- toYaml . | nindent 4}}
{{- end }}
variant: headless
prometheus.io/service-monitor: "false"
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.backend.service.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
- name: grpc
port: {{ .Values.loki.server.grpc_listen_port }}
targetPort: grpc
protocol: TCP
selector:
{{- include "loki.backendSelectorLabels" . | nindent 4 }}
{{- end }}

37
opencloud/charts/loki/templates/backend/service-backend.yaml Normal file
View File

@@ -0,0 +1,37 @@
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.backendFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.backendLabels" . | nindent 4 }}
{{- with .Values.loki.serviceLabels }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.backend.service.labels }}
{{- toYaml . | nindent 4}}
{{- end }}
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.backend.service.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
port: {{ .Values.loki.server.http_listen_port }}
targetPort: http-metrics
protocol: TCP
- name: grpc
port: {{ .Values.loki.server.grpc_listen_port }}
targetPort: grpc
protocol: TCP
selector:
{{- include "loki.backendSelectorLabels" . | nindent 4 }}
{{- end }}

287
opencloud/charts/loki/templates/backend/statefulset-backend.yaml Normal file
View File

@@ -0,0 +1,287 @@
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "loki.backendFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.backendLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
{{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.backend.annotations))}}
annotations:
{{- with .Values.loki.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.backend.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if not .Values.backend.autoscaling.enabled }}
{{- if eq .Values.deploymentMode "SingleBinary" }}
replicas: 0
{{- else }}
replicas: {{ .Values.backend.replicas }}
{{- end }}
{{- end }}
podManagementPolicy: {{ .Values.backend.podManagementPolicy }}
updateStrategy:
rollingUpdate:
partition: 0
serviceName: {{ include "loki.backendFullname" . }}-headless
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
{{- if and (semverCompare ">= 1.23-0" (include "loki.kubeVersion" .)) (.Values.backend.persistence.enableStatefulSetAutoDeletePVC) (.Values.backend.persistence.volumeClaimsEnabled) }}
{{/*
Data on the backend nodes is easy to replace, so we want to always delete PVCs to make
operation easier, and will rely on re-fetching data when needed.
*/}}
persistentVolumeClaimRetentionPolicy:
whenDeleted: Delete
whenScaled: Delete
{{- end }}
selector:
matchLabels:
{{- include "loki.backendSelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
checksum/config: {{ include "loki.configMapOrSecretContentHash" (dict "ctx" . "name" "/config.yaml") }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.backendSelectorLabels" . | nindent 8 }}
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.selectorLabels }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: {{ include "loki.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.backendPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.backend.terminationGracePeriodSeconds }}
{{- if .Values.backend.initContainers }}
initContainers:
{{- with .Values.backend.initContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
containers:
{{- if .Values.sidecar.rules.enabled }}
- name: loki-sc-rules
{{- if .Values.sidecar.image.sha }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.image.pullPolicy }}
env:
- name: METHOD
value: {{ .Values.sidecar.rules.watchMethod }}
- name: LABEL
value: "{{ .Values.sidecar.rules.label }}"
{{- if .Values.sidecar.rules.labelValue }}
- name: LABEL_VALUE
value: {{ quote .Values.sidecar.rules.labelValue }}
{{- end }}
- name: FOLDER
value: "{{ .Values.sidecar.rules.folder }}"
- name: RESOURCE
value: {{ quote .Values.sidecar.rules.resource }}
{{- if .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
{{- end }}
{{- if .Values.sidecar.rules.searchNamespace }}
- name: NAMESPACE
value: "{{ .Values.sidecar.rules.searchNamespace | join "," }}"
{{- end }}
{{- if .Values.sidecar.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
value: "{{ .Values.sidecar.skipTlsVerify }}"
{{- end }}
{{- if .Values.sidecar.rules.script }}
- name: SCRIPT
value: "{{ .Values.sidecar.rules.script }}"
{{- end }}
{{- if .Values.sidecar.rules.watchServerTimeout }}
- name: WATCH_SERVER_TIMEOUT
value: "{{ .Values.sidecar.rules.watchServerTimeout }}"
{{- end }}
{{- if .Values.sidecar.rules.watchClientTimeout }}
- name: WATCH_CLIENT_TIMEOUT
value: "{{ .Values.sidecar.rules.watchClientTimeout }}"
{{- end }}
{{- if .Values.sidecar.rules.logLevel }}
- name: LOG_LEVEL
value: "{{ .Values.sidecar.rules.logLevel }}"
{{- end }}
{{- if .Values.sidecar.livenessProbe }}
livenessProbe:
{{- toYaml .Values.sidecar.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.sidecar.readinessProbe }}
readinessProbe:
{{- toYaml .Values.sidecar.readinessProbe | nindent 12 }}
{{- end }}
{{- if .Values.sidecar.resources }}
resources:
{{- toYaml .Values.sidecar.resources | nindent 12 }}
{{- end }}
{{- if .Values.sidecar.securityContext }}
securityContext:
{{- toYaml .Values.sidecar.securityContext | nindent 12 }}
{{- end }}
volumeMounts:
- name: sc-rules-volume
mountPath: {{ .Values.sidecar.rules.folder | quote }}
{{- end}}
- name: loki
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
args:
- -config.file=/etc/loki/config/config.yaml
- -target={{ .Values.backend.targetModule }}
- -legacy-read-mode=false
{{- with .Values.backend.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.loki.server.http_listen_port }}
protocol: TCP
- name: grpc
containerPort: {{ .Values.loki.server.grpc_listen_port }}
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.backend.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.backend.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
readinessProbe:
{{- toYaml .Values.loki.readinessProbe | nindent 12 }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: tmp
mountPath: /tmp
- name: data
mountPath: /var/loki
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end}}
{{- if .Values.sidecar.rules.enabled }}
- name: sc-rules-volume
mountPath: {{ .Values.sidecar.rules.folder | quote }}
{{- end}}
{{- with .Values.backend.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.backend.resources | nindent 12 }}
{{- with .Values.backend.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.dnsConfig }}
dnsConfig:
{{- tpl . $ | nindent 8 }}
{{- end }}
{{- with .Values.backend.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: tmp
emptyDir: {}
{{- if not .Values.backend.persistence.volumeClaimsEnabled }}
- name: data
{{- toYaml .Values.backend.persistence.dataVolumeParameters | nindent 10 }}
{{- end}}
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
{{- if .Values.sidecar.rules.enabled }}
- name: sc-rules-volume
{{- if .Values.sidecar.rules.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.sidecar.rules.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end -}}
{{- with .Values.backend.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.backend.persistence.volumeClaimsEnabled }}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
{{- with .Values.backend.persistence.annotations }}
annotations:
{{- toYaml . | nindent 10 }}
{{- end }}
spec:
accessModes:
- ReadWriteOnce
{{- with .Values.backend.persistence.storageClass }}
storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }}
{{- end }}
resources:
requests:
storage: {{ .Values.backend.persistence.size | quote }}
{{- with .Values.backend.persistence.selector }}
selector:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- end }}

32
opencloud/charts/loki/templates/bloom-builder/_helpers-bloom-builder.tpl Normal file
View File

@@ -0,0 +1,32 @@
{{/*
bloom-builder fullname
*/}}
{{- define "loki.bloomBuilderFullname" -}}
{{ include "loki.fullname" . }}-bloom-builder
{{- end }}
{{/*
bloom-builder common labels
*/}}
{{- define "loki.bloomBuilderLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: bloom-builder
{{- end }}
{{/*
bloom-builder selector labels
*/}}
{{- define "loki.bloomBuilderSelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: bloom-builder
{{- end }}
{{/*
bloom-builder priority class name
*/}}
{{- define "loki.bloomBuilderPriorityClassName" -}}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.bloomBuilder.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}

150
opencloud/charts/loki/templates/bloom-builder/deployment-bloom-builder.yaml Normal file
View File

@@ -0,0 +1,150 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if (and $isDistributed (gt (int .Values.bloomPlanner.replicas) 0)) -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "loki.bloomBuilderFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.bloomBuilderLabels" . | nindent 4 }}
{{- with .Values.loki.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.bloomBuilder.autoscaling.enabled }}
replicas: {{ .Values.bloomBuilder.replicas }}
{{- end }}
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "loki.bloomBuilderSelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomBuilder.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.bloomBuilderSelectorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomBuilder.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomBuilder.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.bloomBuilderPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.bloomBuilder.terminationGracePeriodSeconds }}
containers:
- name: bloom-builder
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
{{- if or .Values.loki.command .Values.bloomBuilder.command }}
command:
- {{ coalesce .Values.bloomBuilder.command .Values.loki.command | quote }}
{{- end }}
args:
- -config.file=/etc/loki/config/config.yaml
- -target=bloom-builder
{{- with .Values.bloomBuilder.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.bloomBuilder.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.bloomBuilder.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
readinessProbe:
{{- toYaml .Values.loki.readinessProbe | nindent 12 }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
- name: temp
mountPath: /tmp
- name: data
mountPath: /var/loki
{{- with .Values.bloomBuilder.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.bloomBuilder.resources | nindent 12 }}
{{- if .Values.bloomBuilder.extraContainers }}
{{- toYaml .Values.bloomBuilder.extraContainers | nindent 8}}
{{- end }}
{{- with .Values.bloomBuilder.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomBuilder.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomBuilder.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
- name: temp
emptyDir: {}
- name: data
emptyDir: {}
{{- with .Values.bloomBuilder.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end -}}

55
opencloud/charts/loki/templates/bloom-builder/hpa.yaml Normal file
View File

@@ -0,0 +1,55 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.bloomBuilder.autoscaling.enabled }}
{{- $apiVersion := include "loki.hpa.apiVersion" . -}}
apiVersion: {{ $apiVersion }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "loki.bloomBuilderFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.bloomBuilderLabels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "loki.bloomBuilderFullname" . }}
minReplicas: {{ .Values.bloomBuilder.autoscaling.minReplicas }}
maxReplicas: {{ .Values.bloomBuilder.autoscaling.maxReplicas }}
metrics:
{{- with .Values.bloomBuilder.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.bloomBuilder.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.bloomBuilder.autoscaling.customMetrics }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.bloomBuilder.autoscaling.behavior.enabled }}
behavior:
{{- with .Values.bloomBuilder.autoscaling.behavior.scaleDown }}
scaleDown: {{ toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.bloomBuilder.autoscaling.behavior.scaleUp }}
scaleUp: {{ toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}

21
opencloud/charts/loki/templates/bloom-builder/poddisruptionbudget-bloom-builder.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed (gt (int .Values.bloomBuilder.replicas) 1) }}
{{- if kindIs "invalid" .Values.bloomBuilder.maxUnavailable }}
{{- fail "`.Values.bloomBuilder.maxUnavailable` must be set when `.Values.bloomBuilder.replicas` is greater than 1." }}
{{- else }}
apiVersion: {{ include "loki.pdb.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.bloomBuilderFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.bloomBuilderLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "loki.bloomBuilderSelectorLabels" . | nindent 6 }}
{{- with .Values.bloomBuilder.maxUnavailable }}
maxUnavailable: {{ . }}
{{- end }}
{{- end }}
{{- end }}

46
opencloud/charts/loki/templates/bloom-builder/service-bloom-builder-headless.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if (and $isDistributed (or (gt (int .Values.bloomBuilder.replicas) 0)) .Values.bloomBuilder.autoscaling.enabled) -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.bloomBuilderFullname" . }}-headless
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.bloomBuilderLabels" . | nindent 4 }}
{{- with .Values.bloomBuilder.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
prometheus.io/service-monitor: "false"
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.bloomBuilder.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
clusterIP: None
type: ClusterIP
publishNotReadyAddresses: true
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.bloomBuilder.appProtocol.grpc }}
appProtocol: {{ .Values.bloomBuilder.appProtocol.grpc }}
{{- end }}
- name: grpclb
port: 9096
targetPort: grpc
protocol: TCP
{{- if .Values.bloomBuilder.appProtocol.grpc }}
appProtocol: {{ .Values.bloomBuilder.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.bloomBuilderSelectorLabels" . | nindent 4 }}
{{- end -}}

44
opencloud/charts/loki/templates/bloom-builder/service-bloom-builder.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if (and $isDistributed (gt (int .Values.bloomBuilder.replicas) 0)) -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.bloomBuilderFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.bloomBuilderLabels" . | nindent 4 }}
{{- with .Values.bloomBuilder.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.bloomBuilder.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
publishNotReadyAddresses: true
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.bloomBuilder.appProtocol.grpc }}
appProtocol: {{ .Values.bloomBuilder.appProtocol.grpc }}
{{- end }}
- name: grpclb
port: 9096
targetPort: grpc
protocol: TCP
{{- if .Values.bloomBuilder.appProtocol.grpc }}
appProtocol: {{ .Values.bloomBuilder.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.bloomBuilderSelectorLabels" . | nindent 4 }}
{{- end -}}

58
opencloud/charts/loki/templates/bloom-gateway/_helpers-bloom-gateway.tpl Normal file
View File

@@ -0,0 +1,58 @@
{{/*
bloom gateway fullname
*/}}
{{- define "loki.bloomGatewayFullname" -}}
{{ include "loki.fullname" . }}-bloom-gateway
{{- end }}
{{/*
bloom gateway common labels
*/}}
{{- define "loki.bloomGatewayLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: bloom-gateway
{{- end }}
{{/*
bloom gateway selector labels
*/}}
{{- define "loki.bloomGatewaySelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: bloom-gateway
{{- end }}
{{/*
bloom gateway readinessProbe
*/}}
{{- define "loki.bloomGateway.readinessProbe" -}}
{{- with .Values.bloomGateway.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 2 }}
{{- else }}
{{- with .Values.loki.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
bloom gateway priority class name
*/}}
{{- define "loki.bloomGatewayPriorityClassName" }}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.bloomGateway.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}
{{/*
Create the name of the bloom gateway service account
*/}}
{{- define "loki.bloomGatewayServiceAccountName" -}}
{{- if .Values.bloomGateway.serviceAccount.create -}}
{{ default (print (include "loki.serviceAccountName" .) "-bloom-gateway") .Values.bloomGateway.serviceAccount.name }}
{{- else -}}
{{ default (include "loki.serviceAccountName" .) .Values.bloomGateway.serviceAccount.name }}
{{- end -}}
{{- end -}}

39
opencloud/charts/loki/templates/bloom-gateway/service-bloom-gateway-headless.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if $isDistributed -}}
{{- if (gt (int .Values.bloomGateway.replicas) 0) -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.bloomGatewayFullname" . }}-headless
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.bloomGatewaySelectorLabels" . | nindent 4 }}
{{- with .Values.bloomGateway.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.bloomGateway.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.bloomGateway.appProtocol.grpc }}
appProtocol: {{ .Values.bloomGateway.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.bloomGatewaySelectorLabels" . | nindent 4 }}
{{- end -}}
{{- end -}}

181
opencloud/charts/loki/templates/bloom-gateway/statefulset-bloom-gateway.yaml Normal file
View File

@@ -0,0 +1,181 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if (and $isDistributed (gt (int .Values.bloomGateway.replicas) 0)) -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "loki.bloomGatewayFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.bloomGatewayLabels" . | nindent 4 }}
{{- with .Values.loki.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.bloomGateway.replicas }}
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: {{ include "loki.bloomGatewayFullname" . }}-headless
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
{{- if and (semverCompare ">= 1.23-0" (include "loki.kubeVersion" .)) (.Values.bloomGateway.persistence.enableStatefulSetAutoDeletePVC) }}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.bloomGateway.persistence.whenDeleted }}
whenScaled: {{ .Values.bloomGateway.persistence.whenScaled }}
{{- end }}
selector:
matchLabels:
{{- include "loki.bloomGatewaySelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomGateway.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.bloomGatewaySelectorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomGateway.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomGateway.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.bloomGatewayPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.bloomGateway.terminationGracePeriodSeconds }}
{{- with .Values.bloomGateway.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: bloom-gateway
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
{{- if or .Values.loki.command .Values.bloomGateway.command }}
command:
- {{ coalesce .Values.bloomGateway.command .Values.loki.command | quote }}
{{- end }}
args:
- -config.file=/etc/loki/config/config.yaml
- -target=bloom-gateway
{{- with .Values.bloomGateway.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.bloomGateway.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.bloomGateway.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
{{- include "loki.bloomGateway.readinessProbe" . | nindent 10 }}
volumeMounts:
- name: temp
mountPath: /tmp
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
{{- with .Values.bloomGateway.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.bloomGateway.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.bloomGateway.extraContainers }}
{{- toYaml .Values.bloomGateway.extraContainers | nindent 8}}
{{- end }}
{{- with .Values.bloomGateway.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomGateway.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomGateway.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: temp
emptyDir: {}
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
{{- if not .Values.bloomGateway.persistence.enabled }}
- name: data
emptyDir: {}
{{- end }}
{{- with .Values.bloomGateway.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.bloomGateway.persistence.enabled }}
volumeClaimTemplates:
{{- range .Values.bloomGateway.persistence.claims }}
- metadata:
name: {{ .name }}
{{- with .annotations }}
annotations:
{{- . | toYaml | nindent 10 }}
{{- end }}
spec:
accessModes:
- ReadWriteOnce
{{- with .storageClass }}
storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }}
{{- end }}
resources:
requests:
storage: {{ .size | quote }}
{{- end }}
{{- end }}
{{- end -}}

58
opencloud/charts/loki/templates/bloom-planner/_helpers-bloom-planner.tpl Normal file
View File

@@ -0,0 +1,58 @@
{{/*
bloom planner fullname
*/}}
{{- define "loki.bloomPlannerFullname" -}}
{{ include "loki.fullname" . }}-bloom-planner
{{- end }}
{{/*
bloom planner common labels
*/}}
{{- define "loki.bloomPlannerLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: bloom-planner
{{- end }}
{{/*
bloom planner selector labels
*/}}
{{- define "loki.bloomPlannerSelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: bloom-planner
{{- end }}
{{/*
bloom planner readinessProbe
*/}}
{{- define "loki.bloomPlanner.readinessProbe" -}}
{{- with .Values.bloomPlanner.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 2 }}
{{- else }}
{{- with .Values.loki.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
bloom planner priority class name
*/}}
{{- define "loki.bloomPlannerPriorityClassName" }}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.bloomPlanner.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}
{{/*
Create the name of the bloom planner service account
*/}}
{{- define "loki.bloomPlannerServiceAccountName" -}}
{{- if .Values.bloomPlanner.serviceAccount.create -}}
{{ default (print (include "loki.serviceAccountName" .) "-bloom-planner") .Values.bloomPlanner.serviceAccount.name }}
{{- else -}}
{{ default (include "loki.serviceAccountName" .) .Values.bloomPlanner.serviceAccount.name }}
{{- end -}}
{{- end -}}

37
opencloud/charts/loki/templates/bloom-planner/service-bloom-planner-headless.yaml Normal file
View File

@@ -0,0 +1,37 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if (and $isDistributed (gt (int .Values.bloomPlanner.replicas) 0)) -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.bloomPlannerFullname" . }}-headless
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.bloomPlannerSelectorLabels" . | nindent 4 }}
{{- with .Values.bloomPlanner.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.bloomPlanner.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.bloomPlanner.appProtocol.grpc }}
appProtocol: {{ .Values.bloomPlanner.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.bloomPlannerSelectorLabels" . | nindent 4 }}
{{- end -}}

181
opencloud/charts/loki/templates/bloom-planner/statefulset-bloom-planner.yaml Normal file
View File

@@ -0,0 +1,181 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if (and $isDistributed (gt (int .Values.bloomPlanner.replicas) 0)) -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "loki.bloomPlannerFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.bloomPlannerLabels" . | nindent 4 }}
{{- with .Values.loki.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.bloomPlanner.replicas }}
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: {{ include "loki.bloomPlannerFullname" . }}-headless
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
{{- if and (semverCompare ">= 1.23-0" (include "loki.kubeVersion" .)) (.Values.bloomPlanner.persistence.enableStatefulSetAutoDeletePVC) }}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.bloomPlanner.persistence.whenDeleted }}
whenScaled: {{ .Values.bloomPlanner.persistence.whenScaled }}
{{- end }}
selector:
matchLabels:
{{- include "loki.bloomPlannerSelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomPlanner.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.bloomPlannerSelectorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomPlanner.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomPlanner.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.bloomPlannerPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.bloomPlanner.terminationGracePeriodSeconds }}
{{- with .Values.bloomPlanner.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: bloom-planner
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
{{- if or .Values.loki.command .Values.bloomPlanner.command }}
command:
- {{ coalesce .Values.bloomPlanner.command .Values.loki.command | quote }}
{{- end }}
args:
- -config.file=/etc/loki/config/config.yaml
- -target=bloom-planner
{{- with .Values.bloomPlanner.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.bloomPlanner.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.bloomPlanner.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
{{- include "loki.bloomPlanner.readinessProbe" . | nindent 10 }}
volumeMounts:
- name: temp
mountPath: /tmp
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
{{- with .Values.bloomPlanner.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.bloomPlanner.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.bloomPlanner.extraContainers }}
{{- toYaml .Values.bloomPlanner.extraContainers | nindent 8}}
{{- end }}
{{- with .Values.bloomPlanner.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomPlanner.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.bloomPlanner.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: temp
emptyDir: {}
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
{{- if not .Values.bloomPlanner.persistence.enabled }}
- name: data
emptyDir: {}
{{- end }}
{{- with .Values.bloomPlanner.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.bloomPlanner.persistence.enabled }}
volumeClaimTemplates:
{{- range .Values.bloomPlanner.persistence.claims }}
- metadata:
name: {{ .name }}
{{- with .annotations }}
annotations:
{{- . | toYaml | nindent 10 }}
{{- end }}
spec:
accessModes:
- ReadWriteOnce
{{- with .storageClass }}
storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }}
{{- end }}
resources:
requests:
storage: {{ .size | quote }}
{{- end }}
{{- end }}
{{- end -}}

16
opencloud/charts/loki/templates/chunks-cache/poddisruptionbudget-chunks-cache.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.chunksCache.enabled }}
apiVersion: {{ include "loki.pdb.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.fullname" . }}-memcached-chunks-cache
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: memcached-chunks-cache
spec:
selector:
matchLabels:
{{- include "loki.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: memcached-chunks-cache
maxUnavailable: 1
{{- end -}}

1
opencloud/charts/loki/templates/chunks-cache/service-chunks-cache-headless.yaml Normal file
View File

@@ -0,0 +1 @@
{{- include "loki.memcached.service" (dict "ctx" $ "valuesSection" "chunksCache" "component" "chunks-cache" ) }}

1
opencloud/charts/loki/templates/chunks-cache/statefulset-chunks-cache.yaml Normal file
View File

@@ -0,0 +1 @@
{{- include "loki.memcached.statefulSet" (dict "ctx" $ "valuesSection" "chunksCache" "component" "chunks-cache" ) }}

238
opencloud/charts/loki/templates/ciliumnetworkpolicy.yaml Normal file
View File

@@ -0,0 +1,238 @@
{{- if and (.Values.networkPolicy.enabled) (eq .Values.networkPolicy.flavor "cilium") }}
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: {{ include "loki.name" . }}-namespace-only
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
endpointSelector: {}
egress:
- toEndpoints:
- {}
ingress:
- fromEndpoints:
- {}
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-dns
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
endpointSelector:
matchLabels:
{{- include "loki.selectorLabels" . | nindent 6 }}
egress:
- toPorts:
- ports:
- port: dns
protocol: UDP
toEndpoints:
- namespaceSelector: {}
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: {{ include "loki.name" . }}-ingress
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
endpointSelector:
matchExpressions:
- key: app.kubernetes.io/component
operator: In
values:
{{- if .Values.gateway.enabled }}
- gateway
{{- else }}
- read
- write
{{- end }}
matchLabels:
{{- include "loki.selectorLabels" . | nindent 6 }}
ingress:
- toPorts:
- ports:
- port: http
protocol: TCP
{{- if .Values.networkPolicy.ingress.namespaceSelector }}
fromEndpoints:
- matchLabels:
{{- toYaml .Values.networkPolicy.ingress.namespaceSelector | nindent 8 }}
{{- if .Values.networkPolicy.ingress.podSelector }}
{{- toYaml .Values.networkPolicy.ingress.podSelector | nindent 8 }}
{{- end }}
{{- end }}
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: {{ include "loki.name" . }}-ingress-metrics
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
endpointSelector:
matchLabels:
{{- include "loki.selectorLabels" . | nindent 6 }}
ingress:
- toPorts:
- ports:
- port: http-metrics
protocol: TCP
{{- if .Values.networkPolicy.metrics.cidrs }}
{{- range $cidr := .Values.networkPolicy.metrics.cidrs }}
toCIDR:
- {{ $cidr }}
{{- end }}
{{- if .Values.networkPolicy.metrics.namespaceSelector }}
fromEndpoints:
- matchLabels:
{{- toYaml .Values.networkPolicy.metrics.namespaceSelector | nindent 8 }}
{{- if .Values.networkPolicy.metrics.podSelector }}
{{- toYaml .Values.networkPolicy.metrics.podSelector | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-alertmanager
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
endpointSelector:
matchLabels:
{{- include "loki.backendSelectorLabels" . | nindent 6 }}
egress:
- toPorts:
- ports:
- port: "{{ .Values.networkPolicy.alertmanager.port }}"
protocol: TCP
{{- if .Values.networkPolicy.alertmanager.namespaceSelector }}
toEndpoints:
- matchLabels:
{{- toYaml .Values.networkPolicy.alertmanager.namespaceSelector | nindent 8 }}
{{- if .Values.networkPolicy.alertmanager.podSelector }}
{{- toYaml .Values.networkPolicy.alertmanager.podSelector | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.externalStorage.ports }}
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-external-storage
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
endpointSelector:
matchLabels:
{{- include "loki.selectorLabels" . | nindent 6 }}
egress:
- toPorts:
- ports:
{{- range $port := .Values.networkPolicy.externalStorage.ports }}
- port: "{{ $port }}"
protocol: TCP
{{- end }}
{{- if .Values.networkPolicy.externalStorage.cidrs }}
{{- range $cidr := .Values.networkPolicy.externalStorage.cidrs }}
toCIDR:
- {{ $cidr }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.egressWorld.enabled }}
{{- $global := . }}
{{- $componentsList := list "read" "write" "backend" }}
{{- if .Values.tableManager.enabled }}
{{- $componentsList = append $componentsList "table-manager" }}
{{- end }}
{{- range $component := $componentsList }}
{{- with $global }}
---
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: {{ include "loki.name" . }}-{{ $component }}-world-egress
namespace: {{ .Release.Namespace }}
spec:
endpointSelector:
matchLabels:
{{- if eq $component "read" }}
{{- include "loki.readSelectorLabels" . | nindent 6 }}
{{- else if eq $component "write" }}
{{- include "loki.writeSelectorLabels" . | nindent 6 }}
{{- else if eq $component "table-manager" }}
{{- include "loki.tableManagerSelectorLabels" . | nindent 6 }}
{{- else }}
{{- include "loki.backendSelectorLabels" . | nindent 6 }}
{{- end }}
egress:
- toEntities:
- world
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.egressKubeApiserver.enabled }}
---
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: {{ include "loki.name" . }}-backend-kubeapiserver-egress
namespace: {{ .Release.Namespace }}
spec:
endpointSelector:
matchLabels:
{{- include "loki.backendSelectorLabels" . | nindent 6 }}
egress:
- toEntities:
- kube-apiserver
{{- end }}
{{- end }}
{{- if and .Values.networkPolicy.discovery.port (eq .Values.networkPolicy.flavor "cilium") }}
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-discovery
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
endpointSelector:
matchLabels:
{{- include "loki.selectorLabels" . | nindent 6 }}
egress:
- toPorts:
- ports:
- port: "{{ .Values.networkPolicy.discovery.port }}"
protocol: TCP
{{- if .Values.networkPolicy.discovery.namespaceSelector }}
toEndpoints:
- matchLabels:
{{- toYaml .Values.networkPolicy.discovery.namespaceSelector | nindent 8 }}
{{- if .Values.networkPolicy.discovery.podSelector }}
{{- toYaml .Values.networkPolicy.discovery.podSelector | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

81
opencloud/charts/loki/templates/compactor/_helpers-compactor.tpl Normal file
View File

@@ -0,0 +1,81 @@
{{/*
compactor fullname
*/}}
{{- define "loki.compactorFullname" -}}
{{ include "loki.fullname" . }}-compactor
{{- end }}
{{/*
compactor common labels
*/}}
{{- define "loki.compactorLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: compactor
{{- end }}
{{/*
compactor selector labels
*/}}
{{- define "loki.compactorSelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: compactor
{{- end }}
{{/*
compactor image
*/}}
{{- define "loki.compactorImage" -}}
{{- $dict := dict "loki" .Values.loki.image "service" .Values.compactor.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion -}}
{{- include "loki.lokiImage" $dict -}}
{{- end }}
{{/*
compactor readinessProbe
*/}}
{{- define "loki.compactor.readinessProbe" -}}
{{- with .Values.compactor.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 2 }}
{{- else }}
{{- with .Values.loki.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
compactor livenessProbe
*/}}
{{- define "loki.compactor.livenessProbe" -}}
{{- with .Values.compactor.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 2 }}
{{- else }}
{{- with .Values.loki.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
compactor priority class name
*/}}
{{- define "loki.compactorPriorityClassName" }}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.compactor.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}
{{/*
Create the name of the compactor service account
*/}}
{{- define "loki.compactorServiceAccountName" -}}
{{- if .Values.compactor.serviceAccount.create -}}
{{ default (print (include "loki.serviceAccountName" .) "-compactor") .Values.compactor.serviceAccount.name }}
{{- else -}}
{{ default (include "loki.serviceAccountName" .) .Values.compactor.serviceAccount.name }}
{{- end -}}
{{- end -}}

38
opencloud/charts/loki/templates/compactor/service-compactor.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if $isDistributed }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.compactorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
{{- with .Values.compactor.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/component: compactor
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.compactor.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.compactor.appProtocol.grpc }}
appProtocol: {{ .Values.compactor.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: compactor
{{- end }}

193
opencloud/charts/loki/templates/compactor/statefulset-compactor.yaml Normal file
View File

@@ -0,0 +1,193 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if $isDistributed }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "loki.compactorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.compactorLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.compactor.replicas }}
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: {{ include "loki.compactorFullname" . }}-headless
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
{{- if and (semverCompare ">= 1.23-0" (include "loki.kubeVersion" .)) (.Values.compactor.persistence.enableStatefulSetAutoDeletePVC) }}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.compactor.persistence.whenDeleted }}
whenScaled: {{ .Values.compactor.persistence.whenScaled }}
{{- end }}
selector:
matchLabels:
{{- include "loki.compactorSelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.compactor.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.compactorSelectorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.compactor.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
{{- with .Values.compactor.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.compactor.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.compactorPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.compactor.terminationGracePeriodSeconds }}
{{- with .Values.compactor.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: compactor
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
{{- if or .Values.loki.command .Values.compactor.command }}
command:
- {{ coalesce .Values.compactor.command .Values.loki.command | quote }}
{{- end }}
args:
- -config.file=/etc/loki/config/config.yaml
- -target=compactor
{{- with .Values.compactor.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.compactor.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.compactor.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
{{- include "loki.compactor.readinessProbe" . | nindent 10 }}
{{- include "loki.compactor.livenessProbe" . | nindent 10 }}
volumeMounts:
- name: temp
mountPath: /tmp
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
{{- with .Values.compactor.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.compactor.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.compactor.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.compactor.extraContainers }}
{{- toYaml .Values.compactor.extraContainers | nindent 8}}
{{- end }}
{{- with .Values.compactor.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.compactor.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.compactor.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: temp
emptyDir: {}
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
{{- if not .Values.compactor.persistence.enabled }}
- name: data
emptyDir: {}
{{- end }}
{{- with .Values.compactor.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.compactor.persistence.enabled }}
volumeClaimTemplates:
{{- range .Values.compactor.persistence.claims }}
- metadata:
name: {{ .name }}
{{- with .annotations }}
annotations:
{{- . | toYaml | nindent 10 }}
{{- end }}
spec:
accessModes:
- ReadWriteOnce
{{- with .storageClass }}
storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }}
{{- end }}
resources:
requests:
storage: {{ .size | quote }}
{{- end }}
{{- end }}
{{- end }}

21
opencloud/charts/loki/templates/config.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.loki.generatedConfigObjectName -}}
apiVersion: v1
{{- if eq .Values.loki.configStorageType "Secret" }}
kind: Secret
{{- else }}
kind: ConfigMap
{{- end }}
metadata:
name: {{ tpl .Values.loki.generatedConfigObjectName . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
{{- if eq .Values.loki.configStorageType "Secret" }}
data:
config.yaml: {{ include "loki.calculatedConfig" . | b64enc }}
{{- else }}
data:
config.yaml: |
{{ include "loki.calculatedConfig" . | nindent 4 }}
{{- end -}}
{{- end }}

32
opencloud/charts/loki/templates/distributor/_helpers-distributor.tpl Normal file
View File

@@ -0,0 +1,32 @@
{{/*
distributor fullname
*/}}
{{- define "loki.distributorFullname" -}}
{{ include "loki.fullname" . }}-distributor
{{- end }}
{{/*
distributor common labels
*/}}
{{- define "loki.distributorLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: distributor
{{- end }}
{{/*
distributor selector labels
*/}}
{{- define "loki.distributorSelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: distributor
{{- end }}
{{/*
distributor priority class name
*/}}
{{- define "loki.distributorPriorityClassName" -}}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.distributor.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}

158
opencloud/charts/loki/templates/distributor/deployment-distributor.yaml Normal file
View File

@@ -0,0 +1,158 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if $isDistributed -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "loki.distributorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.distributorLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.distributor.autoscaling.enabled }}
replicas: {{ .Values.distributor.replicas }}
{{- end }}
strategy:
rollingUpdate:
maxSurge: {{ .Values.distributor.maxSurge }}
maxUnavailable: 1
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "loki.distributorSelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.distributor.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.distributorSelectorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.distributor.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
{{- with .Values.distributor.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.distributor.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.distributorPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.distributor.terminationGracePeriodSeconds }}
containers:
- name: distributor
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
{{- if or .Values.loki.command .Values.distributor.command }}
command:
- {{ coalesce .Values.distributor.command .Values.loki.command | quote }}
{{- end }}
args:
- -config.file=/etc/loki/config/config.yaml
- -target=distributor
{{- if .Values.ingester.zoneAwareReplication.enabled }}
{{- if and (.Values.ingester.zoneAwareReplication.migration.enabled) (not .Values.ingester.zoneAwareReplication.migration.writePath) }}
- -distributor.zone-awareness-enabled=false
{{- else }}
- -distributor.zone-awareness-enabled=true
{{- end }}
{{- end }}
{{- with .Values.distributor.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.distributor.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.distributor.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
readinessProbe:
{{- toYaml .Values.loki.readinessProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.loki.livenessProbe | nindent 12 }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
{{- with .Values.distributor.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.distributor.resources | nindent 12 }}
{{- if .Values.distributor.extraContainers }}
{{- toYaml .Values.distributor.extraContainers | nindent 8}}
{{- end }}
{{- with .Values.distributor.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.distributor.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.distributor.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
{{- with .Values.distributor.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end -}}

54
opencloud/charts/loki/templates/distributor/hpa.yaml Normal file
View File

@@ -0,0 +1,54 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.distributor.autoscaling.enabled }}
{{- $apiVersion := include "loki.hpa.apiVersion" . -}}
apiVersion: {{ $apiVersion }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "loki.distributorFullname" . }}
labels:
{{- include "loki.distributorLabels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "loki.distributorFullname" . }}
minReplicas: {{ .Values.distributor.autoscaling.minReplicas }}
maxReplicas: {{ .Values.distributor.autoscaling.maxReplicas }}
metrics:
{{- with .Values.distributor.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.distributor.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.distributor.autoscaling.customMetrics }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.distributor.autoscaling.behavior.enabled }}
behavior:
{{- with .Values.distributor.autoscaling.behavior.scaleDown }}
scaleDown: {{ toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.distributor.autoscaling.behavior.scaleUp }}
scaleUp: {{ toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}

21
opencloud/charts/loki/templates/distributor/poddisruptionbudget-distributor.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed (gt (int .Values.distributor.replicas) 1) }}
{{- if kindIs "invalid" .Values.distributor.maxUnavailable }}
{{- fail "`.Values.distributor.maxUnavailable` must be set when `.Values.distributor.replicas` is greater than 1." }}
{{- else }}
apiVersion: {{ include "loki.pdb.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.distributorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.distributorLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "loki.distributorSelectorLabels" . | nindent 6 }}
{{- with .Values.distributor.maxUnavailable }}
maxUnavailable: {{ . }}
{{- end }}
{{- end }}
{{- end }}

39
opencloud/charts/loki/templates/distributor/service-distributor-headless.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if $isDistributed -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.distributorFullname" . }}-headless
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.distributorSelectorLabels" . | nindent 4 }}
{{- with .Values.distributor.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
variant: headless
prometheus.io/service-monitor: "false"
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.distributor.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.distributor.appProtocol.grpc }}
appProtocol: {{ .Values.distributor.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.distributorSelectorLabels" . | nindent 4 }}
{{- end -}}

36
opencloud/charts/loki/templates/distributor/service-distributor.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if $isDistributed -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.distributorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.distributorLabels" . | nindent 4 }}
{{- with .Values.distributor.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.distributor.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.distributor.appProtocol.grpc }}
appProtocol: {{ .Values.distributor.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.distributorSelectorLabels" . | nindent 4 }}
{{- end -}}

8
opencloud/charts/loki/templates/extra-manifests.yaml Normal file
View File

@@ -0,0 +1,8 @@
{{- range .Values.extraObjects }}
---
{{- if kindIs "map" . }}
{{ tpl (toYaml .) $ }}
{{- else }}
{{ tpl . $ }}
{{- end }}
{{- end }}

47
opencloud/charts/loki/templates/gateway/_helpers-gateway.tpl Normal file
View File

@@ -0,0 +1,47 @@
{{/*
gateway fullname
*/}}
{{- define "loki.gatewayFullname" -}}
{{ include "loki.fullname" . }}-gateway
{{- end }}
{{/*
gateway common labels
*/}}
{{- define "loki.gatewayLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: gateway
{{- end }}
{{/*
gateway selector labels
*/}}
{{- define "loki.gatewaySelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: gateway
{{- end }}
{{/*
gateway auth secret name
*/}}
{{- define "loki.gatewayAuthSecret" -}}
{{ .Values.gateway.basicAuth.existingSecret | default (include "loki.gatewayFullname" . ) }}
{{- end }}
{{/*
gateway Docker image
*/}}
{{- define "loki.gatewayImage" -}}
{{- $dict := dict "service" .Values.gateway.image "global" .Values.global.image -}}
{{- include "loki.baseImage" $dict -}}
{{- end }}
{{/*
gateway priority class name
*/}}
{{- define "loki.gatewayPriorityClassName" -}}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.gateway.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}

12
opencloud/charts/loki/templates/gateway/configmap-gateway.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.gateway.enabled (not (and .Values.enterprise.enabled .Values.enterprise.gelGateway)) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "loki.gatewayFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
data:
nginx.conf: |
{{- tpl .Values.gateway.nginxConfig.file . | indent 2 }}
{{- end }}

152
opencloud/charts/loki/templates/gateway/deployment-gateway-enterprise.yaml Normal file
View File

@@ -0,0 +1,152 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}}
{{- if and .Values.gateway.enabled .Values.enterprise.enabled .Values.enterprise.gelGateway }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "loki.gatewayFullname" . }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
{{- with .Values.enterpriseGateway.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.enterpriseGateway.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.enterpriseGateway.replicas }}
selector:
matchLabels:
{{- include "loki.gatewaySelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.enterpriseGateway.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "loki.gatewaySelectorLabels" . | nindent 8 }}
{{- with .Values.enterpriseGateway.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
{{- if .Values.useExternalConfig }}
checksum/config: {{ .Values.externalConfigVersion }}
{{- else }}
checksum/config: {{ include "loki.configMapOrSecretContentHash" (dict "ctx" . "name" "/config.yaml") }}
{{- end}}
{{- with .Values.enterpriseGateway.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
{{- with .Values.enterpriseGateway.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "loki.serviceAccountName" . }}
{{- if .Values.enterpriseGateway.priorityClassName }}
priorityClassName: {{ .Values.enterpriseGateway.priorityClassName }}
{{- end }}
securityContext:
{{- toYaml .Values.enterpriseGateway.podSecurityContext | nindent 8 }}
initContainers:
{{- toYaml .Values.enterpriseGateway.initContainers | nindent 8 }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.enterpriseGateway.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: gateway
image: "{{ template "loki.image" . }}"
imagePullPolicy: {{ .Values.enterprise.image.pullPolicy }}
args:
- -target=gateway
- -config.file=/etc/loki/config/config.yaml
{{- if .Values.minio.enabled }}
- -admin.client.backend-type=s3
- -admin.client.s3.endpoint={{ template "loki.minio" . }}
- -admin.client.s3.bucket-name=enterprise-logs-admin
- -admin.client.s3.access-key-id={{ .Values.minio.accessKey }}
- -admin.client.s3.secret-access-key={{ .Values.minio.secretKey }}
- -admin.client.s3.insecure=true
{{- end }}
{{- if and $isDistributed .Values.enterpriseGateway.useDefaultProxyURLs }}
- -gateway.proxy.default.url=http://{{ template "loki.fullname" . }}-admin-api.{{ .Release.Namespace }}.svc:3100
- -gateway.proxy.admin-api.url=http://{{ template "loki.fullname" . }}-admin-api.{{ .Release.Namespace }}.svc:3100
- -gateway.proxy.distributor.url=dns:///{{ template "loki.fullname" . }}-distributor-headless.{{ .Release.Namespace }}.svc:9095
- -gateway.proxy.ingester.url=http://{{ template "loki.fullname" . }}-ingester.{{ .Release.Namespace }}.svc:3100
- -gateway.proxy.query-frontend.url=http://{{ template "loki.fullname" . }}-query-frontend.{{ .Release.Namespace }}.svc:3100
- -gateway.proxy.ruler.url=http://{{ template "loki.fullname" . }}-ruler.{{ .Release.Namespace }}.svc:3100
{{- end }}
{{- if and $isSimpleScalable .Values.enterpriseGateway.useDefaultProxyURLs }}
- -gateway.proxy.default.url=http://{{ template "enterprise-logs.adminApiFullname" . }}.{{ .Release.Namespace }}.svc:3100
- -gateway.proxy.admin-api.url=http://{{ template "enterprise-logs.adminApiFullname" . }}.{{ .Release.Namespace }}.svc:3100
- -gateway.proxy.compactor.url=http://{{ template "loki.backendFullname" . }}-headless.{{ .Release.Namespace }}.svc:3100
- -gateway.proxy.distributor.url=dns:///{{ template "loki.writeFullname" . }}-headless.{{ .Release.Namespace }}.svc:9095
- -gateway.proxy.ingester.url=http://{{ template "loki.writeFullname" . }}.{{ .Release.Namespace }}.svc:3100
- -gateway.proxy.query-frontend.url=http://{{ template "loki.readFullname" . }}.{{ .Release.Namespace }}.svc:3100
- -gateway.proxy.ruler.url=http://{{ template "loki.backendFullname" . }}-headless.{{ .Release.Namespace }}.svc:3100
- -gateway.proxy.query-scheduler.url=http://{{ template "loki.backendFullname" . }}-headless.{{ .Release.Namespace }}.svc:3100
{{- end }}
{{- range $key, $value := .Values.enterpriseGateway.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: license
mountPath: /etc/loki/license
- name: storage
mountPath: /data
{{- if .Values.enterpriseGateway.extraVolumeMounts }}
{{ toYaml .Values.enterpriseGateway.extraVolumeMounts | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
readinessProbe:
{{- toYaml .Values.enterpriseGateway.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.enterpriseGateway.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.enterpriseGateway.containerSecurityContext | nindent 12 }}
env:
{{- if .Values.enterpriseGateway.env }}
{{ toYaml .Values.enterpriseGateway.env | nindent 12 }}
{{- end }}
{{- with .Values.enterpriseGateway.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.enterpriseGateway.extraContainers }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- toYaml .Values.enterpriseGateway.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.enterpriseGateway.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.enterpriseGateway.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.enterpriseGateway.terminationGracePeriodSeconds }}
volumes:
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
- name: storage
emptyDir: {}
{{- if .Values.enterpriseGateway.extraVolumes }}
{{ toYaml .Values.enterpriseGateway.extraVolumes | nindent 8 }}
{{- end }}
{{- end }}

138
opencloud/charts/loki/templates/gateway/deployment-gateway-nginx.yaml Normal file
View File

@@ -0,0 +1,138 @@
{{- if and .Values.gateway.enabled (not (and .Values.enterprise.enabled .Values.enterprise.gelGateway)) }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "loki.gatewayFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
{{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.backend.annotations))}}
annotations:
{{- with .Values.loki.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.gateway.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if not .Values.gateway.autoscaling.enabled }}
replicas: {{ .Values.gateway.replicas }}
{{- end }}
{{- with .Values.gateway.deploymentStrategy }}
strategy:
{{ toYaml . | trim | indent 4 }}
{{- end }}
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "loki.gatewaySelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
checksum/config: {{ include "loki.configMapOrSecretContentHash" (dict "ctx" . "name" "/gateway/configmap-gateway.yaml") }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.gateway.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.gateway.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.gatewaySelectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{ include "loki.enableServiceLinks" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end -}}
{{- include "loki.gatewayPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.gateway.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.gateway.terminationGracePeriodSeconds }}
containers:
- name: nginx
image: {{ include "loki.gatewayImage" . }}
imagePullPolicy: {{ .Values.gateway.image.pullPolicy }}
ports:
- name: http-metrics
containerPort: {{ .Values.gateway.containerPort }}
protocol: TCP
{{- with .Values.gateway.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.gateway.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
readinessProbe:
{{- toYaml .Values.gateway.readinessProbe | nindent 12 }}
securityContext:
{{- toYaml .Values.gateway.containerSecurityContext | nindent 12 }}
{{- with .Values.gateway.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- name: config
mountPath: /etc/nginx
{{- if .Values.gateway.basicAuth.enabled }}
- name: auth
mountPath: /etc/nginx/secrets
{{- end }}
- name: tmp
mountPath: /tmp
- name: docker-entrypoint-d-override
mountPath: /docker-entrypoint.d
{{- if .Values.gateway.extraVolumeMounts }}
{{- toYaml .Values.gateway.extraVolumeMounts | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.gateway.resources | nindent 12 }}
{{- if .Values.gateway.extraContainers }}
{{- toYaml .Values.gateway.extraContainers | nindent 8}}
{{- end }}
{{- with .Values.gateway.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.gateway.dnsConfig }}
dnsConfig:
{{- tpl . $ | nindent 8 }}
{{- end }}
{{- with .Values.gateway.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.gateway.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.gateway.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ include "loki.gatewayFullname" . }}
{{- if .Values.gateway.basicAuth.enabled }}
- name: auth
secret:
secretName: {{ include "loki.gatewayAuthSecret" . }}
{{- end }}
- name: tmp
emptyDir: {}
- name: docker-entrypoint-d-override
emptyDir: {}
{{- if .Values.gateway.extraVolumes }}
{{- toYaml .Values.gateway.extraVolumes | nindent 8 }}
{{- end }}
{{- end }}

50
opencloud/charts/loki/templates/gateway/hpa.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- $autoscalingv2 := .Capabilities.APIVersions.Has "autoscaling/v2" -}}
{{- if .Values.gateway.autoscaling.enabled }}
{{- if $autoscalingv2 }}
apiVersion: autoscaling/v2
{{- else }}
apiVersion: autoscaling/v2beta1
{{- end }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "loki.gatewayFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "loki.gatewayFullname" . }}
minReplicas: {{ .Values.gateway.autoscaling.minReplicas }}
maxReplicas: {{ .Values.gateway.autoscaling.maxReplicas }}
{{- with .Values.gateway.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
metrics:
{{- with .Values.gateway.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if $autoscalingv2 }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.gateway.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if $autoscalingv2 }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- end }}

59
opencloud/charts/loki/templates/gateway/ingress-gateway.yaml Normal file
View File

@@ -0,0 +1,59 @@
{{- if and .Values.gateway.enabled -}}
{{- if .Values.gateway.ingress.enabled -}}
{{- $ingressApiIsStable := eq (include "loki.ingress.isStable" .) "true" -}}
{{- $ingressSupportsIngressClassName := eq (include "loki.ingress.supportsIngressClassName" .) "true" -}}
{{- $ingressSupportsPathType := eq (include "loki.ingress.supportsPathType" .) "true" -}}
apiVersion: {{ include "loki.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "loki.gatewayFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
{{- range $labelKey, $labelValue := .Values.gateway.ingress.labels }}
{{ $labelKey }}: {{ $labelValue | toYaml }}
{{- end }}
{{- with .Values.gateway.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and $ingressSupportsIngressClassName .Values.gateway.ingress.ingressClassName }}
ingressClassName: {{ .Values.gateway.ingress.ingressClassName }}
{{- end -}}
{{- if .Values.gateway.ingress.tls }}
tls:
{{- range .Values.gateway.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- with .secretName }}
secretName: {{ . }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.gateway.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if $ingressSupportsPathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if $ingressApiIsStable }}
service:
name: {{ include "loki.gatewayFullname" $ }}
port:
number: {{ $.Values.gateway.service.port }}
{{- else }}
serviceName: {{ include "loki.gatewayFullname" $ }}
servicePort: {{ $.Values.gateway.service.port }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

19
opencloud/charts/loki/templates/gateway/poddisruptionbudget-gateway.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if and .Values.gateway.enabled }}
{{- if or
(and (not .Values.gateway.autoscaling.enabled) (gt (int .Values.gateway.replicas) 1))
(and .Values.gateway.autoscaling.enabled (gt (int .Values.gateway.autoscaling.minReplicas) 1))
}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.gatewayFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "loki.gatewaySelectorLabels" . | nindent 6 }}
maxUnavailable: 1
{{- end }}
{{- end }}

14
opencloud/charts/loki/templates/gateway/secret-gateway.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- with .Values.gateway }}
{{- if and .enabled .basicAuth.enabled (not .basicAuth.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "loki.gatewayFullname" $ }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" $ | nindent 4 }}
stringData:
.htpasswd: |
{{- tpl .basicAuth.htpasswd $ | nindent 4 }}
{{- end }}
{{- end }}

40
opencloud/charts/loki/templates/gateway/service-gateway.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.gateway.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.gatewayFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.gatewayLabels" . | nindent 4 }}
{{- with .Values.loki.serviceLabels }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.gateway.service.labels }}
{{- toYaml . | nindent 4}}
{{- end }}
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.gateway.service.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: {{ .Values.gateway.service.type }}
{{- with .Values.gateway.service.clusterIP }}
clusterIP: {{ . }}
{{- end }}
{{- if and (eq "LoadBalancer" .Values.gateway.service.type) .Values.gateway.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.gateway.service.loadBalancerIP }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.gateway.service.port }}
targetPort: http-metrics
{{- if and (eq "NodePort" .Values.gateway.service.type) .Values.gateway.service.nodePort }}
nodePort: {{ .Values.gateway.service.nodePort }}
{{- end }}
protocol: TCP
selector:
{{- include "loki.gatewaySelectorLabels" . | nindent 4 }}
{{- end }}

40
opencloud/charts/loki/templates/index-gateway/_helpers-index-gateway.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{/*
index-gateway fullname
*/}}
{{- define "loki.indexGatewayFullname" -}}
{{ include "loki.fullname" . }}-index-gateway
{{- end }}
{{/*
index-gateway common labels
*/}}
{{- define "loki.indexGatewayLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: index-gateway
{{- end }}
{{/*
index-gateway selector labels
*/}}
{{- define "loki.indexGatewaySelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: index-gateway
{{- end }}
{{/*
index-gateway image
*/}}
{{- define "loki.indexGatewayImage" -}}
{{- $dict := dict "loki" .Values.loki.image "service" .Values.indexGateway.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion -}}
{{- include "loki.lokiImage" $dict -}}
{{- end }}
{{/*
index-gateway priority class name
*/}}
{{- define "loki.indexGatewayPriorityClassName" -}}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.indexGateway.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}

21
opencloud/charts/loki/templates/index-gateway/poddisruptionbudget-index-gateway.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed (gt (int .Values.indexGateway.replicas) 1) }}
{{- if kindIs "invalid" .Values.indexGateway.maxUnavailable }}
{{- fail "`.Values.indexGateway.maxUnavailable` must be set when `.Values.indexGateway.replicas` is greater than 1." }}
{{- else }}
apiVersion: {{ include "loki.pdb.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.indexGatewayFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.indexGatewayLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "loki.indexGatewaySelectorLabels" . | nindent 6 }}
{{- with .Values.indexGateway.maxUnavailable }}
maxUnavailable: {{ . }}
{{- end }}
{{- end }}
{{- end }}

35
opencloud/charts/loki/templates/index-gateway/service-index-gateway-headless.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if $isDistributed }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.indexGatewayFullname" . }}-headless
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.indexGatewaySelectorLabels" . | nindent 4 }}
prometheus.io/service-monitor: "false"
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.indexGateway.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- with .Values.indexGateway.appProtocol.grpc }}
appProtocol: {{ . }}
{{- end }}
selector:
{{- include "loki.indexGatewaySelectorLabels" . | nindent 4 }}
{{- end }}

36
opencloud/charts/loki/templates/index-gateway/service-index-gateway.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if $isDistributed }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.indexGatewayFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.indexGatewayLabels" . | nindent 4 }}
{{- with .Values.indexGateway.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.indexGateway.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- with .Values.indexGateway.appProtocol.grpc }}
appProtocol: {{ . }}
{{- end }}
selector:
{{- include "loki.indexGatewaySelectorLabels" . | nindent 4 }}
{{- end }}

192
opencloud/charts/loki/templates/index-gateway/statefulset-index-gateway.yaml Normal file
View File

@@ -0,0 +1,192 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if $isDistributed }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "loki.indexGatewayFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.indexGatewayLabels" . | nindent 4 }}
{{- with .Values.loki.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.indexGateway.replicas }}
{{- with .Values.indexGateway.updateStrategy }}
updateStrategy:
{{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }}
serviceName: {{ include "loki.indexGatewayFullname" . }}-headless
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
{{- if and (semverCompare ">= 1.23-0" (include "loki.kubeVersion" .)) (.Values.indexGateway.persistence.enableStatefulSetAutoDeletePVC) }}
{{/*
Data on the read nodes is easy to replace, so we want to always delete PVCs to make
operation easier, and will rely on re-fetching data when needed.
*/}}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.indexGateway.persistence.whenDeleted }}
whenScaled: {{ .Values.indexGateway.persistence.whenScaled }}
{{- end }}
selector:
matchLabels:
{{- include "loki.indexGatewaySelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.indexGateway.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.indexGatewaySelectorLabels" . | nindent 8 }}
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.indexGateway.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.indexGateway.joinMemberlist }}
app.kubernetes.io/part-of: memberlist
{{- end }}
spec:
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.indexGateway.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.indexGatewayPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.indexGateway.terminationGracePeriodSeconds }}
{{- with .Values.indexGateway.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: index-gateway
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
args:
- -config.file=/etc/loki/config/config.yaml
- -target=index-gateway
{{- with .Values.indexGateway.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
{{- if .Values.indexGateway.joinMemberlist }}
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- end }}
{{- with .Values.indexGateway.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.indexGateway.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
readinessProbe:
{{- toYaml .Values.loki.readinessProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.loki.livenessProbe | nindent 12 }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
{{- with .Values.indexGateway.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.indexGateway.resources | nindent 12 }}
{{- if .Values.indexGateway.extraContainers }}
{{- toYaml .Values.indexGateway.extraContainers | nindent 8}}
{{- end }}
{{- with .Values.indexGateway.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.indexGateway.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.indexGateway.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.indexGateway.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
{{- with .Values.indexGateway.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if not .Values.indexGateway.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if .Values.indexGateway.persistence.inMemory }}
- name: data
{{- if .Values.indexGateway.persistence.inMemory }}
emptyDir:
medium: Memory
{{- end }}
{{- if .Values.indexGateway.persistence.size }}
sizeLimit: {{ .Values.indexGateway.persistence.size }}
{{- end }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: data
{{- with .Values.indexGateway.persistence.annotations }}
annotations:
{{- . | toYaml | nindent 10 }}
{{- end }}
spec:
accessModes:
- ReadWriteOnce
{{- with .Values.indexGateway.persistence.storageClass }}
storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }}
{{- end }}
resources:
requests:
storage: {{ .Values.indexGateway.persistence.size | quote }}
{{- end }}
{{- end }}

74
opencloud/charts/loki/templates/ingester/_helpers-ingester.tpl Normal file
View File

@@ -0,0 +1,74 @@
{{/*
ingester fullname
*/}}
{{- define "loki.ingesterFullname" -}}
{{ include "loki.fullname" . }}-ingester
{{- end }}
{{/*
ingester common labels
*/}}
{{- define "loki.ingesterLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: ingester
{{- end }}
{{/*
ingester selector labels
*/}}
{{- define "loki.ingesterSelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: ingester
{{- end }}
{{/*
ingester priority class name
*/}}
{{- define "loki.ingesterPriorityClassName" -}}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.ingester.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}
{{- define "loki.ingester.readinessProbe" -}}
{{- with .Values.ingester.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 2 }}
{{- else }}
{{- with .Values.loki.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "loki.ingester.livenessProbe" -}}
{{- with .Values.ingester.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 2 }}
{{- else }}
{{- with .Values.loki.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
expects global context
*/}}
{{- define "loki.ingester.replicaCount" -}}
{{- ceil (divf .Values.ingester.replicas 3) -}}
{{- end -}}
{{/*
expects a dict
{
"replicas": replicas in a zone,
"ctx": global context
}
*/}}
{{- define "loki.ingester.maxUnavailable" -}}
{{- ceil (mulf .replicas (divf (int .ctx.Values.ingester.zoneAwareReplication.maxUnavailablePct) 100)) -}}
{{- end -}}

55
opencloud/charts/loki/templates/ingester/hpa-zone-a.yaml Normal file
View File

@@ -0,0 +1,55 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.ingester.autoscaling.enabled .Values.ingester.zoneAwareReplication.enabled }}
{{- $apiVersion := include "loki.hpa.apiVersion" . -}}
apiVersion: {{ $apiVersion }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "loki.ingesterFullname" . }}-zone-a
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ include "loki.ingesterFullname" . }}-zone-a
minReplicas: {{ .Values.ingester.autoscaling.minReplicas }}
maxReplicas: {{ .Values.ingester.autoscaling.maxReplicas }}
metrics:
{{- with .Values.ingester.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.ingester.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.ingester.autoscaling.customMetrics }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.ingester.autoscaling.behavior.enabled }}
behavior:
{{- with .Values.ingester.autoscaling.behavior.scaleDown }}
scaleDown: {{ toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.ingester.autoscaling.behavior.scaleUp }}
scaleUp: {{ toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}

55
opencloud/charts/loki/templates/ingester/hpa-zone-b.yaml Normal file
View File

@@ -0,0 +1,55 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.ingester.autoscaling.enabled .Values.ingester.zoneAwareReplication.enabled }}
{{- $apiVersion := include "loki.hpa.apiVersion" . -}}
apiVersion: {{ $apiVersion }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "loki.ingesterFullname" . }}-zone-b
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ include "loki.ingesterFullname" . }}-zone-b
minReplicas: {{ .Values.ingester.autoscaling.minReplicas }}
maxReplicas: {{ .Values.ingester.autoscaling.maxReplicas }}
metrics:
{{- with .Values.ingester.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.ingester.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.ingester.autoscaling.customMetrics }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.ingester.autoscaling.behavior.enabled }}
behavior:
{{- with .Values.ingester.autoscaling.behavior.scaleDown }}
scaleDown: {{ toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.ingester.autoscaling.behavior.scaleUp }}
scaleUp: {{ toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}

55
opencloud/charts/loki/templates/ingester/hpa-zone-c.yaml Normal file
View File

@@ -0,0 +1,55 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.ingester.autoscaling.enabled .Values.ingester.zoneAwareReplication.enabled }}
{{- $apiVersion := include "loki.hpa.apiVersion" . -}}
apiVersion: {{ $apiVersion }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "loki.ingesterFullname" . }}-zone-c
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ include "loki.ingesterFullname" . }}-zone-c
minReplicas: {{ .Values.ingester.autoscaling.minReplicas }}
maxReplicas: {{ .Values.ingester.autoscaling.maxReplicas }}
metrics:
{{- with .Values.ingester.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.ingester.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.ingester.autoscaling.customMetrics }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.ingester.autoscaling.behavior.enabled }}
behavior:
{{- with .Values.ingester.autoscaling.behavior.scaleDown }}
scaleDown: {{ toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.ingester.autoscaling.behavior.scaleUp }}
scaleUp: {{ toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}

55
opencloud/charts/loki/templates/ingester/hpa.yaml Normal file
View File

@@ -0,0 +1,55 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.ingester.autoscaling.enabled (or (not .Values.ingester.zoneAwareReplication.enabled) .Values.ingester.zoneAwareReplication.migration.enabled) }}
{{- $apiVersion := include "loki.hpa.apiVersion" . -}}
apiVersion: {{ $apiVersion }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "loki.ingesterFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ include "loki.ingesterFullname" . }}
minReplicas: {{ .Values.ingester.autoscaling.minReplicas }}
maxReplicas: {{ .Values.ingester.autoscaling.maxReplicas }}
metrics:
{{- with .Values.ingester.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.ingester.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if (eq $apiVersion "autoscaling/v2") }}
target:
type: Utilization
averageUtilization: {{ . }}
{{- else }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.ingester.autoscaling.customMetrics }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.ingester.autoscaling.behavior.enabled }}
behavior:
{{- with .Values.ingester.autoscaling.behavior.scaleDown }}
scaleDown: {{ toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.ingester.autoscaling.behavior.scaleUp }}
scaleUp: {{ toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}

21
opencloud/charts/loki/templates/ingester/poddisruptionbudget-ingester-rollout.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed (gt (int .Values.ingester.replicas) 1) (.Values.ingester.zoneAwareReplication.enabled) }}
{{- if kindIs "invalid" .Values.ingester.maxUnavailable }}
{{- fail "`.Values.ingester.maxUnavailable` must be set when `.Values.ingester.replicas` is greater than 1." }}
{{- else }}
apiVersion: {{ include "loki.pdb.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.ingesterFullname" . }}-rollout
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
rollout-group: ingester
{{- with .Values.ingester.maxUnavailable }}
maxUnavailable: {{ . }}
{{- end }}
{{- end }}
{{- end }}

27
opencloud/charts/loki/templates/ingester/poddisruptionbudget-ingester.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed (gt (int .Values.ingester.replicas) 1) (or (not .Values.ingester.zoneAwareReplication.enabled) .Values.ingester.zoneAwareReplication.migration.enabled) }}
{{- if kindIs "invalid" .Values.ingester.maxUnavailable }}
{{- fail "`.Values.ingester.maxUnavailable` must be set when `.Values.ingester.replicas` is greater than 1." }}
{{- else }}
apiVersion: {{ include "loki.pdb.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "loki.ingesterFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "loki.ingesterSelectorLabels" . | nindent 6 }}
{{/* zone aware ingesters get their own pod disruption budget, ignore them here */}}
matchExpressions:
- key: rollout-group
operator: NotIn
values:
- "ingester"
{{- with .Values.ingester.maxUnavailable }}
maxUnavailable: {{ . }}
{{- end }}
{{- end }}
{{- end }}

35
opencloud/charts/loki/templates/ingester/service-ingester-headless.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed (or (not .Values.ingester.zoneAwareReplication.enabled) .Values.ingester.zoneAwareReplication.migration.enabled) }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.ingesterFullname" . }}-headless
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterSelectorLabels" . | nindent 4 }}
prometheus.io/service-monitor: "false"
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.ingester.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.ingester.appProtocol.grpc }}
appProtocol: {{ .Values.ingester.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.ingesterSelectorLabels" . | nindent 4 }}
{{- end -}}

38
opencloud/charts/loki/templates/ingester/service-ingester-zone-a-headless.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.ingester.zoneAwareReplication.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.ingesterFullname" . }}-zone-a-headless
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
{{- with .Values.ingester.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.ingester.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
clusterIP: None
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.ingester.appProtocol.grpc }}
appProtocol: {{ .Values.ingester.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.ingesterSelectorLabels" . | nindent 4 }}
name: ingester-zone-a
rollout-group: ingester
{{- end -}}

38
opencloud/charts/loki/templates/ingester/service-ingester-zone-b-headless.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.ingester.zoneAwareReplication.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.ingesterFullname" . }}-zone-b-headless
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
{{- with .Values.ingester.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.ingester.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
clusterIP: None
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.ingester.appProtocol.grpc }}
appProtocol: {{ .Values.ingester.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.ingesterSelectorLabels" . | nindent 4 }}
name: ingester-zone-b
rollout-group: ingester
{{- end -}}

38
opencloud/charts/loki/templates/ingester/service-ingester-zone-c-headless.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.ingester.zoneAwareReplication.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.ingesterFullname" . }}-zone-c-headless
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
{{- with .Values.ingester.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.ingester.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
clusterIP: None
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.ingester.appProtocol.grpc }}
appProtocol: {{ .Values.ingester.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.ingesterSelectorLabels" . | nindent 4 }}
name: ingester-zone-c
rollout-group: ingester
{{- end -}}

36
opencloud/charts/loki/templates/ingester/service-ingester.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed (or (not .Values.ingester.zoneAwareReplication.enabled) .Values.ingester.zoneAwareReplication.migration.enabled) }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.ingesterFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
{{- with .Values.ingester.serviceLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .Values.ingester.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
{{- if .Values.ingester.appProtocol.grpc }}
appProtocol: {{ .Values.ingester.appProtocol.grpc }}
{{- end }}
selector:
{{- include "loki.ingesterSelectorLabels" . | nindent 4 }}
{{- end -}}

234
opencloud/charts/loki/templates/ingester/statefulset-ingester-zone-a.yaml Normal file
View File

@@ -0,0 +1,234 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.ingester.zoneAwareReplication.enabled }}
{{- $replicas := (include "loki.ingester.replicaCount" .) -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "loki.ingesterFullname" . }}-zone-a
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
rollout-group: ingester
name: ingester-zone-a
annotations:
rollout-max-unavailable: "{{ include "loki.ingester.maxUnavailable" (dict "ctx" . "replicas" $replicas)}}"
{{- with .Values.loki.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.ingester.zoneAwareReplication.zoneA.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.ingester.autoscaling.enabled }}
replicas: {{ $replicas }}
{{- end }}
podManagementPolicy: Parallel
serviceName: {{ include "loki.ingesterFullname" . }}-zone-a
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
{{- if and (semverCompare ">= 1.23-0" (include "loki.kubeVersion" .)) (.Values.ingester.persistence.enableStatefulSetAutoDeletePVC) }}
{{/*
Data on the read nodes is easy to replace, so we want to always delete PVCs to make
operation easier, and will rely on re-fetching data when needed.
*/}}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.ingester.persistence.whenDeleted }}
whenScaled: {{ .Values.ingester.persistence.whenScaled }}
{{- end }}
selector:
matchLabels:
{{- include "loki.ingesterSelectorLabels" . | nindent 6 }}
name: ingester-zone-a
rollout-group: ingester
{{- with .Values.ingester.updateStrategy }}
updateStrategy:
{{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.zoneAwareReplication.zoneA.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.ingesterSelectorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
name: ingester-zone-a
rollout-group: ingester
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
{{- with .Values.ingester.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.ingesterPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.ingester.terminationGracePeriodSeconds }}
{{- with .Values.ingester.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: ingester
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
{{- if or .Values.loki.command .Values.ingester.command }}
command:
- {{ coalesce .Values.ingester.command .Values.loki.command | quote }}
{{- end }}
args:
- -config.file=/etc/loki/config/config.yaml
- -ingester.availability-zone=zone-a
- -ingester.unregister-on-shutdown=false
- -ingester.tokens-file-path=/var/loki/ring-tokens
- -target=ingester
{{- with .Values.ingester.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.ingester.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
{{- include "loki.ingester.readinessProbe" . | nindent 10 }}
{{- include "loki.ingester.livenessProbe" . | nindent 10 }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
{{- with .Values.ingester.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.ingester.extraContainers }}
{{- toYaml .Values.ingester.extraContainers | nindent 8}}
{{- end }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: rollout-group
operator: In
values:
- ingester
- key: name
operator: NotIn
values:
- ingester-zone-a
topologyKey: kubernetes.io/hostname
{{- with .Values.ingester.zoneAwareReplication.zoneA.extraAffinity }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.zoneAwareReplication.zoneA.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
{{- with .Values.ingester.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if not .Values.ingester.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if .Values.ingester.persistence.inMemory }}
- name: data
{{- if .Values.ingester.persistence.inMemory }}
emptyDir:
medium: Memory
{{- end }}
{{- if .Values.ingester.persistence.size }}
sizeLimit: {{ .Values.ingester.persistence.size }}
{{- end }}
{{- else }}
volumeClaimTemplates:
{{- range .Values.ingester.persistence.claims }}
- metadata:
name: {{ .name }}
{{- with .annotations }}
annotations:
{{- . | toYaml | nindent 10 }}
{{- end }}
spec:
accessModes:
- ReadWriteOnce
{{- with .storageClass }}
storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }}
{{- end }}
resources:
requests:
storage: {{ .size | quote }}
{{- end }}
{{- end }}
{{- end }}

234
opencloud/charts/loki/templates/ingester/statefulset-ingester-zone-b.yaml Normal file
View File

@@ -0,0 +1,234 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.ingester.zoneAwareReplication.enabled }}
{{- $replicas := (include "loki.ingester.replicaCount" .) -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "loki.ingesterFullname" . }}-zone-b
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
rollout-group: ingester
name: ingester-zone-b
annotations:
rollout-max-unavailable: "{{ include "loki.ingester.maxUnavailable" (dict "ctx" . "replicas" $replicas)}}"
{{- with .Values.loki.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.ingester.zoneAwareReplication.zoneB.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.ingester.autoscaling.enabled }}
replicas: {{ $replicas }}
{{- end }}
podManagementPolicy: Parallel
serviceName: {{ include "loki.ingesterFullname" . }}-zone-b
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
{{- if and (semverCompare ">= 1.23-0" (include "loki.kubeVersion" .)) (.Values.ingester.persistence.enableStatefulSetAutoDeletePVC) }}
{{/*
Data on the read nodes is easy to replace, so we want to always delete PVCs to make
operation easier, and will rely on re-fetching data when needed.
*/}}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.ingester.persistence.whenDeleted }}
whenScaled: {{ .Values.ingester.persistence.whenScaled }}
{{- end }}
selector:
matchLabels:
{{- include "loki.ingesterSelectorLabels" . | nindent 6 }}
name: ingester-zone-b
rollout-group: ingester
{{- with .Values.ingester.updateStrategy }}
updateStrategy:
{{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.zoneAwareReplication.zoneB.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.ingesterSelectorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
name: ingester-zone-b
rollout-group: ingester
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
{{- with .Values.ingester.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.ingesterPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.ingester.terminationGracePeriodSeconds }}
{{- with .Values.ingester.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: ingester
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
{{- if or .Values.loki.command .Values.ingester.command }}
command:
- {{ coalesce .Values.ingester.command .Values.loki.command | quote }}
{{- end }}
args:
- -config.file=/etc/loki/config/config.yaml
- -ingester.availability-zone=zone-b
- -ingester.unregister-on-shutdown=false
- -ingester.tokens-file-path=/var/loki/ring-tokens
- -target=ingester
{{- with .Values.ingester.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.ingester.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
{{- include "loki.ingester.readinessProbe" . | nindent 10 }}
{{- include "loki.ingester.livenessProbe" . | nindent 10 }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
{{- with .Values.ingester.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.ingester.extraContainers }}
{{- toYaml .Values.ingester.extraContainers | nindent 8}}
{{- end }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: rollout-group
operator: In
values:
- ingester
- key: name
operator: NotIn
values:
- ingester-zone-b
topologyKey: kubernetes.io/hostname
{{- with .Values.ingester.zoneAwareReplication.zoneB.extraAffinity }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.zoneAwareReplication.zoneB.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
{{- with .Values.ingester.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if not .Values.ingester.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if .Values.ingester.persistence.inMemory }}
- name: data
{{- if .Values.ingester.persistence.inMemory }}
emptyDir:
medium: Memory
{{- end }}
{{- if .Values.ingester.persistence.size }}
sizeLimit: {{ .Values.ingester.persistence.size }}
{{- end }}
{{- else }}
volumeClaimTemplates:
{{- range .Values.ingester.persistence.claims }}
- metadata:
name: {{ .name }}
{{- with .annotations }}
annotations:
{{- . | toYaml | nindent 10 }}
{{- end }}
spec:
accessModes:
- ReadWriteOnce
{{- with .storageClass }}
storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }}
{{- end }}
resources:
requests:
storage: {{ .size | quote }}
{{- end }}
{{- end }}
{{- end }}

234
opencloud/charts/loki/templates/ingester/statefulset-ingester-zone-c.yaml Normal file
View File

@@ -0,0 +1,234 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed .Values.ingester.zoneAwareReplication.enabled }}
{{- $replicas := (include "loki.ingester.replicaCount" .) -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "loki.ingesterFullname" . }}-zone-c
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
rollout-group: ingester
name: ingester-zone-c
annotations:
rollout-max-unavailable: "{{ include "loki.ingester.maxUnavailable" (dict "ctx" . "replicas" $replicas)}}"
{{- with .Values.loki.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.ingester.zoneAwareReplication.zoneC.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.ingester.autoscaling.enabled }}
replicas: {{ $replicas }}
{{- end }}
podManagementPolicy: Parallel
serviceName: {{ include "loki.ingesterFullname" . }}-zone-c
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
{{- if and (semverCompare ">= 1.23-0" (include "loki.kubeVersion" .)) (.Values.ingester.persistence.enableStatefulSetAutoDeletePVC) }}
{{/*
Data on the read nodes is easy to replace, so we want to always delete PVCs to make
operation easier, and will rely on re-fetching data when needed.
*/}}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.ingester.persistence.whenDeleted }}
whenScaled: {{ .Values.ingester.persistence.whenScaled }}
{{- end }}
selector:
matchLabels:
{{- include "loki.ingesterSelectorLabels" . | nindent 6 }}
name: ingester-zone-c
rollout-group: ingester
{{- with .Values.ingester.updateStrategy }}
updateStrategy:
{{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.zoneAwareReplication.zoneC.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.ingesterSelectorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
name: ingester-zone-c
rollout-group: ingester
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
{{- with .Values.ingester.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.ingesterPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.ingester.terminationGracePeriodSeconds }}
{{- with .Values.ingester.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: ingester
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
{{- if or .Values.loki.command .Values.ingester.command }}
command:
- {{ coalesce .Values.ingester.command .Values.loki.command | quote }}
{{- end }}
args:
- -config.file=/etc/loki/config/config.yaml
- -ingester.availability-zone=zone-c
- -ingester.unregister-on-shutdown=false
- -ingester.tokens-file-path=/var/loki/ring-tokens
- -target=ingester
{{- with .Values.ingester.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.ingester.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
{{- include "loki.ingester.readinessProbe" . | nindent 10 }}
{{- include "loki.ingester.livenessProbe" . | nindent 10 }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
{{- with .Values.ingester.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.ingester.extraContainers }}
{{- toYaml .Values.ingester.extraContainers | nindent 8}}
{{- end }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: rollout-group
operator: In
values:
- ingester
- key: name
operator: NotIn
values:
- ingester-zone-c
topologyKey: kubernetes.io/hostname
{{- with .Values.ingester.zoneAwareReplication.zoneC.extraAffinity }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.zoneAwareReplication.zoneC.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
{{- with .Values.ingester.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if not .Values.ingester.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if .Values.ingester.persistence.inMemory }}
- name: data
{{- if .Values.ingester.persistence.inMemory }}
emptyDir:
medium: Memory
{{- end }}
{{- if .Values.ingester.persistence.size }}
sizeLimit: {{ .Values.ingester.persistence.size }}
{{- end }}
{{- else }}
volumeClaimTemplates:
{{- range .Values.ingester.persistence.claims }}
- metadata:
name: {{ .name }}
{{- with .annotations }}
annotations:
{{- . | toYaml | nindent 10 }}
{{- end }}
spec:
accessModes:
- ReadWriteOnce
{{- with .storageClass }}
storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }}
{{- end }}
resources:
requests:
storage: {{ .size | quote }}
{{- end }}
{{- end }}
{{- end }}

205
opencloud/charts/loki/templates/ingester/statefulset-ingester.yaml Normal file
View File

@@ -0,0 +1,205 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if and $isDistributed (or (not .Values.ingester.zoneAwareReplication.enabled) .Values.ingester.zoneAwareReplication.migration.enabled) }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "loki.ingesterFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.ingesterLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.ingester.autoscaling.enabled }}
replicas: {{ .Values.ingester.replicas }}
{{- end }}
podManagementPolicy: Parallel
{{- with .Values.ingester.updateStrategy }}
updateStrategy:
{{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }}
serviceName: {{ include "loki.ingesterFullname" . }}-headless
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
{{- if and (semverCompare ">= 1.23-0" (include "loki.kubeVersion" .)) (.Values.ingester.persistence.enableStatefulSetAutoDeletePVC) }}
{{/*
Data on the read nodes is easy to replace, so we want to always delete PVCs to make
operation easier, and will rely on re-fetching data when needed.
*/}}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.ingester.persistence.whenDeleted }}
whenScaled: {{ .Values.ingester.persistence.whenScaled }}
{{- end }}
selector:
matchLabels:
{{- include "loki.ingesterSelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.ingesterSelectorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
{{- with .Values.ingester.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.ingesterPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.ingester.terminationGracePeriodSeconds }}
{{- with .Values.ingester.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: ingester
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
{{- if or .Values.loki.command .Values.ingester.command }}
command:
- {{ coalesce .Values.ingester.command .Values.loki.command | quote }}
{{- end }}
args:
- -config.file=/etc/loki/config/config.yaml
- -ingester.availability-zone=zone-default
- -target=ingester
{{- with .Values.ingester.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.ingester.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
{{- include "loki.ingester.readinessProbe" . | nindent 10 }}
{{- include "loki.ingester.livenessProbe" . | nindent 10 }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
{{- with .Values.ingester.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ingester.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.ingester.extraContainers }}
{{- toYaml .Values.ingester.extraContainers | nindent 8}}
{{- end }}
{{- with .Values.ingester.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingester.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
{{- with .Values.ingester.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if not .Values.ingester.persistence.enabled }}
- name: data
emptyDir: { }
{{- else if .Values.ingester.persistence.inMemory }}
- name: data
{{- if .Values.ingester.persistence.inMemory }}
emptyDir:
medium: Memory
{{- end }}
{{- if .Values.ingester.persistence.size }}
sizeLimit: {{ .Values.ingester.persistence.size }}
{{- end }}
{{- else }}
volumeClaimTemplates:
{{- range .Values.ingester.persistence.claims }}
- metadata:
name: {{ .name }}
{{- with .annotations }}
annotations:
{{- . | toYaml | nindent 10 }}
{{- end }}
spec:
accessModes:
- ReadWriteOnce
{{- with .storageClass }}
storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }}
{{- end }}
resources:
requests:
storage: {{ .size | quote }}
{{- end }}
{{- end }}
{{- end }}

40
opencloud/charts/loki/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.ingress.enabled }}
{{- $ingressSupportsIngressClassName := eq (include "loki.ingress.supportsIngressClassName" .) "true" -}}
apiVersion: {{ include "loki.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "loki.fullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
{{- with .Values.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
{{- end -}}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- with .secretName }}
secretName: {{ . }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range $.Values.ingress.hosts }}
- host: {{ tpl . $ | quote }}
http:
paths:
{{- include "loki.ingress.servicePaths" $ | indent 10}}
{{- end }}
{{- end }}

40
opencloud/charts/loki/templates/loki-canary/_helpers.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{/*
canary fullname
*/}}
{{- define "loki-canary.fullname" -}}
{{ include "loki.name" . }}-canary
{{- end }}
{{/*
canary common labels
*/}}
{{- define "loki-canary.labels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: canary
{{- end }}
{{/*
canary selector labels
*/}}
{{- define "loki-canary.selectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: canary
{{- end }}
{{/*
Docker image name for loki-canary
*/}}
{{- define "loki-canary.image" -}}
{{- $dict := dict "service" .Values.lokiCanary.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion -}}
{{- include "loki.baseImage" $dict -}}
{{- end -}}
{{/*
canary priority class name
*/}}
{{- define "loki-canary.priorityClassName" -}}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.lokiCanary.priorityClassName .Values.read.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}

123
opencloud/charts/loki/templates/loki-canary/daemonset.yaml Normal file
View File

@@ -0,0 +1,123 @@
{{- with .Values.lokiCanary -}}
{{- if .enabled -}}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "loki-canary.fullname" $ }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki-canary.labels" $ | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "loki-canary.selectorLabels" $ | nindent 6 }}
{{- with .updateStrategy }}
updateStrategy:
{{- toYaml . | nindent 4 }}
{{- end }}
template:
metadata:
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki-canary.selectorLabels" $ | nindent 8 }}
{{- with .podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "loki-canary.fullname" $ }}
{{- with $.Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki-canary.priorityClassName" $ | nindent 6 }}
securityContext:
{{- toYaml $.Values.loki.podSecurityContext | nindent 8 }}
containers:
- name: loki-canary
image: {{ include "loki-canary.image" $ }}
imagePullPolicy: {{ $.Values.loki.image.pullPolicy }}
args:
- -addr={{- include "loki.host" $ }}
- -labelname={{ .labelname }}
- -labelvalue=$(POD_NAME)
{{- if $.Values.enterprise.enabled }}
- -user=$(USER)
- -tenant-id=$(USER)
- -pass=$(PASS)
{{- else if $.Values.loki.auth_enabled }}
- -user={{ $.Values.monitoring.selfMonitoring.tenant.name }}
- -tenant-id={{ $.Values.monitoring.selfMonitoring.tenant.name }}
- -pass={{ $.Values.monitoring.selfMonitoring.tenant.password }}
{{- end }}
{{- if .push }}
- -push=true
{{- end }}
{{- with .extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml $.Values.loki.containerSecurityContext | nindent 12 }}
volumeMounts:
{{- with $.Values.lokiCanary.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3500
protocol: TCP
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
{{ if $.Values.enterprise.enabled }}
- name: USER
valueFrom:
secretKeyRef:
name: {{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}
key: username
- name: PASS
valueFrom:
secretKeyRef:
name: {{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}
key: password
{{- end -}}
{{- with .extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
readinessProbe:
httpGet:
path: /metrics
port: http-metrics
initialDelaySeconds: 15
timeoutSeconds: 1
{{- with .resources}}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- with $.Values.lokiCanary.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

34
opencloud/charts/loki/templates/loki-canary/service.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- with .Values.lokiCanary -}}
{{- if .enabled -}}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki-canary.fullname" $ }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki-canary.labels" $ | nindent 4 }}
{{- with $.Values.loki.serviceLabels }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .service.labels }}
{{- toYaml . | nindent 4}}
{{- end }}
annotations:
{{- with $.Values.loki.serviceAnnotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- with .service.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 3500
targetPort: http-metrics
protocol: TCP
selector:
{{- include "loki-canary.selectorLabels" $ | nindent 4 }}
{{- end -}}
{{- end -}}

21
opencloud/charts/loki/templates/loki-canary/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- with .Values.lokiCanary -}}
{{- if .enabled -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "loki-canary.fullname" $ }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki-canary.labels" $ | nindent 4 }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ $.Values.serviceAccount.automountServiceAccountToken }}
{{- with $.Values.serviceAccount.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

178
opencloud/charts/loki/templates/memcached/_memcached-statefulset.tpl Normal file
View File

@@ -0,0 +1,178 @@
{{/*
memcached StatefulSet
Params:
ctx = . context
valuesSection = name of the section in values.yaml
component = name of the component
valuesSection and component are specified separately because helm prefers camelcase for naming convetion and k8s components are named with snake case.
*/}}
{{- define "loki.memcached.statefulSet" -}}
{{ with (index $.ctx.Values $.valuesSection) }}
{{- if .enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "loki.resourceName" (dict "ctx" $.ctx "component" $.component) }}
labels:
{{- include "loki.labels" $.ctx | nindent 4 }}
app.kubernetes.io/component: "memcached-{{ $.component }}"
name: "memcached-{{ $.component }}"
annotations:
{{- toYaml .annotations | nindent 4 }}
namespace: {{ $.ctx.Release.Namespace | quote }}
spec:
podManagementPolicy: {{ .podManagementPolicy }}
replicas: {{ .replicas }}
selector:
matchLabels:
{{- include "loki.selectorLabels" $.ctx | nindent 6 }}
app.kubernetes.io/component: "memcached-{{ $.component }}"
name: "memcached-{{ $.component }}"
updateStrategy:
{{- toYaml .statefulStrategy | nindent 4 }}
serviceName: {{ template "loki.fullname" $.ctx }}-{{ $.component }}
template:
metadata:
labels:
{{- include "loki.selectorLabels" $.ctx | nindent 8 }}
app.kubernetes.io/component: "memcached-{{ $.component }}"
name: "memcached-{{ $.component }}"
{{- with $.ctx.Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
{{- with $.ctx.Values.global.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "loki.serviceAccountName" $.ctx }}
{{- if .priorityClassName }}
priorityClassName: {{ .priorityClassName }}
{{- end }}
securityContext:
{{- toYaml $.ctx.Values.memcached.podSecurityContext | nindent 8 }}
initContainers:
{{- toYaml .initContainers | nindent 8 }}
nodeSelector:
{{- toYaml .nodeSelector | nindent 8 }}
affinity:
{{- toYaml .affinity | nindent 8 }}
topologySpreadConstraints:
{{- toYaml .topologySpreadConstraints | nindent 8 }}
tolerations:
{{- toYaml .tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .terminationGracePeriodSeconds }}
{{- with $.ctx.Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .extraVolumes }}
volumes:
{{- toYaml .extraVolumes | nindent 8 }}
{{- end }}
containers:
{{- if .extraContainers }}
{{ toYaml .extraContainers | nindent 8 }}
{{- end }}
- name: memcached
{{- with $.ctx.Values.memcached.image }}
image: {{ .repository }}:{{ .tag }}
imagePullPolicy: {{ .pullPolicy }}
{{- end }}
resources:
{{- if .resources }}
{{- toYaml .resources | nindent 12 }}
{{- else }}
{{- /* Calculate requested memory as round(allocatedMemory * 1.2). But with integer built-in operators. */}}
{{- $requestMemory := div (add (mul .allocatedMemory 12) 5) 10 }}
limits:
memory: {{ $requestMemory }}Mi
requests:
cpu: 500m
memory: {{ $requestMemory }}Mi
{{- end }}
ports:
- containerPort: {{ .port }}
name: client
{{- /* Calculate storage size as round(.persistence.storageSize * 0.9). But with integer built-in operators. */}}
{{- $persistenceSize := (div (mul (trimSuffix "Gi" .persistence.storageSize | trimSuffix "G") 9) 10 ) }}
args:
- -m {{ .allocatedMemory }}
- --extended=modern,track_sizes{{ if .persistence.enabled }},ext_path={{ .persistence.mountPath }}/file:{{ $persistenceSize }}G,ext_wbuf_size=16{{ end }}{{ with .extraExtendedOptions }},{{ . }}{{ end }}
- -I {{ .maxItemMemory }}m
- -c {{ .connectionLimit }}
- -v
- -u {{ .port }}
{{- range $key, $value := .extraArgs }}
- "-{{ $key }}{{ if $value }} {{ $value }}{{ end }}"
{{- end }}
env:
{{- with $.ctx.Values.global.extraEnv }}
{{ toYaml . | nindent 12 }}
{{- end }}
envFrom:
{{- with $.ctx.Values.global.extraEnvFrom }}
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml $.ctx.Values.memcached.containerSecurityContext | nindent 12 }}
{{- if or .persistence.enabled .extraVolumeMounts }}
volumeMounts:
{{- if .persistence.enabled }}
- name: data
mountPath: {{ .persistence.mountPath }}
{{- end }}
{{- if .extraVolumeMounts }}
{{- toYaml .extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
{{- if $.ctx.Values.memcachedExporter.enabled }}
- name: exporter
{{- with $.ctx.Values.memcachedExporter.image }}
image: {{ .repository}}:{{ .tag }}
imagePullPolicy: {{ .pullPolicy }}
{{- end }}
ports:
- containerPort: 9150
name: http-metrics
args:
- "--memcached.address=localhost:{{ .port }}"
- "--web.listen-address=0.0.0.0:9150"
{{- range $key, $value := $.ctx.Values.memcachedExporter.extraArgs }}
- "--{{ $key }}{{ if $value }}={{ $value }}{{ end }}"
{{- end }}
resources:
{{- toYaml $.ctx.Values.memcachedExporter.resources | nindent 12 }}
securityContext:
{{- toYaml $.ctx.Values.memcachedExporter.containerSecurityContext | nindent 12 }}
{{- if .extraVolumeMounts }}
volumeMounts:
{{- toYaml .extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
{{- if .persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
{{- with .persistence.storageClass }}
storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }}
{{- end }}
resources:
requests:
storage: {{ .persistence.storageSize | quote }}
{{- end }}
{{- end -}}
{{- end -}}
{{- end -}}

42
opencloud/charts/loki/templates/memcached/_memcached-svc.tpl Normal file
View File

@@ -0,0 +1,42 @@
{{/*
memcached Service
Params:
ctx = . context
valuesSection = name of the section in values.yaml
component = name of the component
valuesSection and component are specified separately because helm prefers camelcase for naming convetion and k8s components are named with snake case.
*/}}
{{- define "loki.memcached.service" -}}
{{ with (index $.ctx.Values $.valuesSection) }}
{{- if .enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "loki.resourceName" (dict "ctx" $.ctx "component" $.component) }}
labels:
{{- include "loki.labels" $.ctx | nindent 4 }}
app.kubernetes.io/component: "memcached-{{ $.component }}"
{{- with .service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .service.annotations | nindent 4 }}
namespace: {{ $.ctx.Release.Namespace | quote }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: memcached-client
port: {{ .port }}
targetPort: {{ .port }}
{{ if $.ctx.Values.memcachedExporter.enabled -}}
- name: http-metrics
port: 9150
targetPort: 9150
{{ end }}
selector:
{{- include "loki.selectorLabels" $.ctx | nindent 4 }}
app.kubernetes.io/component: "memcached-{{ $.component }}"
{{- end -}}
{{- end -}}
{{- end -}}

47
opencloud/charts/loki/templates/monitoring/_helpers-monitoring.tpl Normal file
View File

@@ -0,0 +1,47 @@
{{/*
Client definition for LogsInstance
*/}}
{{- define "loki.logsInstanceClient" -}}
{{- $isSingleBinary := eq (include "loki.deployment.isSingleBinary" .) "true" -}}
{{- $url := printf "http://%s.%s.svc.%s:%s/loki/api/v1/push" (include "loki.writeFullname" .) .Release.Namespace .Values.global.clusterDomain ( .Values.loki.server.http_listen_port | toString ) }}
{{- if $isSingleBinary }}
{{- $url = printf "http://%s.%s.svc.%s:%s/loki/api/v1/push" (include "loki.singleBinaryFullname" .) .Release.Namespace .Values.global.clusterDomain ( .Values.loki.server.http_listen_port | toString ) }}
{{- else if .Values.gateway.enabled -}}
{{- $url = printf "http://%s.%s.svc.%s/loki/api/v1/push" (include "loki.gatewayFullname" .) .Release.Namespace .Values.global.clusterDomain }}
{{- end -}}
- url: {{ $url }}
externalLabels:
cluster: {{ include "loki.clusterLabel" . }}
{{- if .Values.enterprise.enabled }}
basicAuth:
username:
name: {{ include "enterprise-logs.selfMonitoringTenantSecret" . }}
key: username
password:
name: {{ include "enterprise-logs.selfMonitoringTenantSecret" . }}
key: password
{{- else if .Values.loki.auth_enabled }}
tenantId: {{ .Values.monitoring.selfMonitoring.tenant.name | quote }}
{{- end }}
{{- end -}}
{{/*
Convert a recording rule group to yaml
*/}}
{{- define "loki.ruleGroupToYaml" -}}
{{- range . }}
- name: {{ .name }}
rules:
{{- toYaml .rules | nindent 4 }}
{{- end }}
{{- end }}
{{/*
GrafanaAgent priority class name
*/}}
{{- define "grafana-agent.priorityClassName" -}}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.monitoring.selfMonitoring.grafanaAgent.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}

6
opencloud/charts/loki/templates/monitoring/dashboards/_helpers-dashboards.tpl Normal file
View File

@@ -0,0 +1,6 @@
{{/*
dashboards name
*/}}
{{- define "loki.dashboardsName" -}}
{{ include "loki.name" . }}-dashboards
{{- end }}

30
opencloud/charts/loki/templates/monitoring/dashboards/configmap-1.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- with .Values.monitoring.dashboards }}
{{- if .enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "loki.dashboardsName" $ }}-1
namespace: {{ .namespace | default $.Release.Namespace }}
labels:
{{- include "loki.labels" $ | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
"loki-chunks.json": |
{{ $.Files.Get "src/dashboards/loki-chunks.json" | fromJson | toJson }}
"loki-deletion.json": |
{{ $.Files.Get "src/dashboards/loki-deletion.json" | fromJson | toJson }}
"loki-logs.json": |
{{ $.Files.Get "src/dashboards/loki-logs.json" | fromJson | toJson }}
"loki-mixin-recording-rules.json": |
{{ $.Files.Get "src/dashboards/loki-mixin-recording-rules.json" | fromJson | toJson }}
"loki-operational.json": |
{{ $.Files.Get "src/dashboards/loki-operational.json" | fromJson | toJson }}
{{- end -}}
{{- end -}}

30
opencloud/charts/loki/templates/monitoring/dashboards/configmap-2.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- with .Values.monitoring.dashboards }}
{{- if .enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "loki.dashboardsName" $ }}-2
namespace: {{ .namespace | default $.Release.Namespace }}
labels:
{{- include "loki.labels" $ | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
"loki-reads-resources.json": |
{{ $.Files.Get "src/dashboards/loki-reads-resources.json" | fromJson | toJson }}
"loki-reads.json": |
{{ $.Files.Get "src/dashboards/loki-reads.json" | fromJson | toJson }}
"loki-retention.json": |
{{ $.Files.Get "src/dashboards/loki-retention.json" | fromJson | toJson }}
"loki-writes-resources.json": |
{{ $.Files.Get "src/dashboards/loki-writes-resources.json" | fromJson | toJson }}
"loki-writes.json": |
{{ $.Files.Get "src/dashboards/loki-writes.json" | fromJson | toJson }}
{{- end -}}
{{- end -}}

100
opencloud/charts/loki/templates/monitoring/grafana-agent.yaml Normal file
View File

@@ -0,0 +1,100 @@
{{- if .Values.monitoring.selfMonitoring.enabled }}
{{- with .Values.monitoring.selfMonitoring.grafanaAgent }}
apiVersion: monitoring.grafana.com/v1alpha1
kind: GrafanaAgent
metadata:
name: {{ include "loki.fullname" $ }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" $ | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
serviceAccountName: {{ include "loki.fullname" $ }}-grafana-agent
enableConfigReadAPI: {{ .enableConfigReadAPI }}
{{- include "grafana-agent.priorityClassName" $ | nindent 2 }}
logs:
instanceSelector:
matchLabels:
{{- include "loki.selectorLabels" $ | nindent 8 }}
{{- with $.Values.monitoring.serviceMonitor}}
{{- if .metricsInstance.remoteWrite}}
metrics:
instanceSelector:
matchLabels:
{{- include "loki.selectorLabels" $ | nindent 8 }}
{{- end }}
{{- end }}
{{- with .resources }}
resources:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .tolerations }}
tolerations:
{{- toYaml . | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "loki.fullname" $ }}-grafana-agent
namespace: {{ .namespace | default $.Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "loki.fullname" $ }}-grafana-agent
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- nodes/metrics
- services
- endpoints
- pods
- events
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- nonResourceURLs:
- /metrics
- /metrics/cadvisor
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "loki.fullname" $ }}-grafana-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "loki.fullname" $ }}-grafana-agent
subjects:
- kind: ServiceAccount
name: {{ include "loki.fullname" $ }}-grafana-agent
namespace: {{ .namespace | default $.Release.Namespace }}
{{- end}}
{{- end}}

30
opencloud/charts/loki/templates/monitoring/logs-instance.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if .Values.monitoring.selfMonitoring.enabled }}
{{- with .Values.monitoring.selfMonitoring.logsInstance }}
apiVersion: monitoring.grafana.com/v1alpha1
kind: LogsInstance
metadata:
name: {{ include "loki.fullname" $ }}
namespace: {{ $.Release.Namespace }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "loki.labels" $ | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
clients:
{{- include "loki.logsInstanceClient" $ | nindent 4}}
{{- with .clients}}
{{- toYaml . | nindent 4 }}
{{- end }}
podLogsNamespaceSelector: {}
podLogsSelector:
matchLabels:
{{- include "loki.selectorLabels" $ | nindent 6 }}
{{- end -}}
{{- end -}}

22
opencloud/charts/loki/templates/monitoring/loki-alerts.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- with .Values.monitoring.rules }}
{{- if and ($.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") .enabled .alerting }}
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
{{- include "loki.labels" $ | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "loki.fullname" $ }}-loki-alerts
namespace: {{ .namespace | default $.Release.Namespace }}
spec:
groups:
{{- include "loki.ruleGroupToYaml" (tpl ($.Files.Get "src/alerts.yaml.tpl") $ | fromYaml).groups | indent 4 }}
{{- end }}
{{- end }}

23
opencloud/charts/loki/templates/monitoring/loki-rules.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- with .Values.monitoring.rules }}
{{- if and ($.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") .enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
{{- include "loki.labels" $ | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "loki.fullname" $ }}-loki-rules
namespace: {{ .namespace | default $.Release.Namespace }}
spec:
groups:
{{- include "loki.ruleGroupToYaml" (tpl ($.Files.Get "src/rules.yaml.tpl") $ | fromYaml).groups | indent 4 }}
{{- include "loki.ruleGroupToYaml" .additionalGroups | indent 4 }}
{{- end }}
{{- end }}

30
opencloud/charts/loki/templates/monitoring/metrics-instance.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if .Values.monitoring.serviceMonitor.enabled }}
{{- with .Values.monitoring.serviceMonitor.metricsInstance }}
{{- if and ($.Capabilities.APIVersions.Has "monitoring.grafana.com/v1alpha1/MetricsInstance") .enabled }}
apiVersion: monitoring.grafana.com/v1alpha1
kind: MetricsInstance
metadata:
name: {{ include "loki.fullname" $ }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "loki.labels" $ | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .remoteWrite}}
remoteWrite:
{{- toYaml . | nindent 4 }}
{{- end }}
serviceMonitorNamespaceSelector: {}
serviceMonitorSelector:
matchLabels:
{{- include "loki.selectorLabels" $ | nindent 6 }}
{{- end -}}
{{- end -}}
{{- end -}}

62
opencloud/charts/loki/templates/monitoring/pod-logs.yaml Normal file
View File

@@ -0,0 +1,62 @@
---
{{- if .Values.monitoring.selfMonitoring.enabled }}
{{- with .Values.monitoring.selfMonitoring.podLogs }}
apiVersion: {{ .apiVersion }}
kind: PodLogs
metadata:
name: {{ include "loki.fullname" $ }}
namespace: {{ $.Release.Namespace }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "loki.labels" $ | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
pipelineStages:
- cri: { }
{{- with .additionalPipelineStages }}
{{- toYaml . | nindent 4 }}
{{- end }}
relabelings:
- action: replace
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: __host__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- action: replace
replacement: "$1"
separator: "-"
sourceLabels:
- __meta_kubernetes_pod_label_app_kubernetes_io_name
- __meta_kubernetes_pod_label_app_kubernetes_io_component
targetLabel: __service__
- action: replace
replacement: "$1"
separator: "/"
sourceLabels:
- __meta_kubernetes_namespace
- __service__
targetLabel: job
- action: replace
sourceLabels:
- __meta_kubernetes_pod_container_name
targetLabel: container
- action: replace
replacement: "{{ include "loki.clusterLabel" $ }}"
targetLabel: cluster
{{- with .relabelings }}
{{- toYaml . | nindent 4 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ $.Release.Namespace }}
selector:
matchLabels:
{{- include "loki.selectorLabels" $ | nindent 6 }}
{{- end }}
{{- end }}

63
opencloud/charts/loki/templates/monitoring/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,63 @@
{{- with .Values.monitoring.serviceMonitor }}
{{- if and ($.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") .enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "loki.fullname" $ }}
namespace: {{ $.Release.Namespace }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "loki.labels" $ | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .namespaceSelector }}
namespaceSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels:
{{- include "loki.selectorLabels" $ | nindent 6 }}
matchExpressions:
- key: prometheus.io/service-monitor
operator: NotIn
values:
- "false"
endpoints:
- port: http-metrics
path: /metrics
{{- with .interval }}
interval: {{ . }}
{{- end }}
{{- with .scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
relabelings:
- sourceLabels: [job]
action: replace
replacement: "{{ $.Release.Namespace }}/$1"
targetLabel: job
- action: replace
replacement: "{{ include "loki.clusterLabel" $ }}"
targetLabel: cluster
{{- with .relabelings }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .scheme }}
scheme: {{ . }}
{{- end }}
{{- with .tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

203
opencloud/charts/loki/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,203 @@
{{- if and (.Values.networkPolicy.enabled) (eq .Values.networkPolicy.flavor "kubernetes") }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-namespace-only
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
policyTypes:
- Ingress
- Egress
podSelector: {}
egress:
- to:
- podSelector: {}
ingress:
- from:
- podSelector: {}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-dns
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
policyTypes:
- Egress
podSelector:
matchLabels:
{{- include "loki.selectorLabels" . | nindent 6 }}
egress:
- ports:
- port: dns
protocol: UDP
to:
- namespaceSelector: {}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-ingress
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
policyTypes:
- Ingress
podSelector:
matchExpressions:
- key: app.kubernetes.io/component
operator: In
values:
{{- if .Values.gateway.enabled }}
- gateway
{{- else }}
- read
- write
{{- end }}
matchLabels:
{{- include "loki.selectorLabels" . | nindent 6 }}
ingress:
- ports:
- port: http-metrics
protocol: TCP
{{- if .Values.networkPolicy.ingress.namespaceSelector }}
from:
- namespaceSelector:
{{- toYaml .Values.networkPolicy.ingress.namespaceSelector | nindent 12 }}
{{- if .Values.networkPolicy.ingress.podSelector }}
podSelector:
{{- toYaml .Values.networkPolicy.ingress.podSelector | nindent 12 }}
{{- end }}
{{- end }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-ingress-metrics
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
policyTypes:
- Ingress
podSelector:
matchLabels:
{{- include "loki.selectorLabels" . | nindent 6 }}
ingress:
- ports:
- port: http-metrics
protocol: TCP
{{- if .Values.networkPolicy.metrics.cidrs }}
from:
{{- range $cidr := .Values.networkPolicy.metrics.cidrs }}
- ipBlock:
cidr: {{ $cidr }}
{{- end }}
{{- if .Values.networkPolicy.metrics.namespaceSelector }}
- namespaceSelector:
{{- toYaml .Values.networkPolicy.metrics.namespaceSelector | nindent 12 }}
{{- if .Values.networkPolicy.metrics.podSelector }}
podSelector:
{{- toYaml .Values.networkPolicy.metrics.podSelector | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-alertmanager
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
policyTypes:
- Egress
podSelector:
matchLabels:
{{- include "loki.backendSelectorLabels" . | nindent 6 }}
egress:
- ports:
- port: {{ .Values.networkPolicy.alertmanager.port }}
protocol: TCP
{{- if .Values.networkPolicy.alertmanager.namespaceSelector }}
to:
- namespaceSelector:
{{- toYaml .Values.networkPolicy.alertmanager.namespaceSelector | nindent 12 }}
{{- if .Values.networkPolicy.alertmanager.podSelector }}
podSelector:
{{- toYaml .Values.networkPolicy.alertmanager.podSelector | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.externalStorage.ports }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-external-storage
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
policyTypes:
- Egress
podSelector:
matchLabels:
{{- include "loki.selectorLabels" . | nindent 6 }}
egress:
- ports:
{{- range $port := .Values.networkPolicy.externalStorage.ports }}
- port: {{ $port }}
protocol: TCP
{{- end }}
{{- if .Values.networkPolicy.externalStorage.cidrs }}
to:
{{- range $cidr := .Values.networkPolicy.externalStorage.cidrs }}
- ipBlock:
cidr: {{ $cidr }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if and .Values.networkPolicy.discovery.port (eq .Values.networkPolicy.flavor "kubernetes") }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "loki.name" . }}-egress-discovery
namespace: {{ $.Release.Namespace }}
labels:
{{- include "loki.labels" . | nindent 4 }}
spec:
policyTypes:
- Egress
podSelector:
matchLabels:
{{- include "loki.selectorLabels" . | nindent 6 }}
egress:
- ports:
- port: {{ .Values.networkPolicy.discovery.port }}
protocol: TCP
{{- if .Values.networkPolicy.discovery.namespaceSelector }}
to:
- namespaceSelector:
{{- toYaml .Values.networkPolicy.discovery.namespaceSelector | nindent 12 }}
{{- if .Values.networkPolicy.discovery.podSelector }}
podSelector:
{{- toYaml .Values.networkPolicy.discovery.podSelector | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}

58
opencloud/charts/loki/templates/pattern-ingester/_helpers-pattern-ingester.tpl Normal file
View File

@@ -0,0 +1,58 @@
{{/*
pattern ingester fullname
*/}}
{{- define "loki.patternIngesterFullname" -}}
{{ include "loki.fullname" . }}-pattern-ingester
{{- end }}
{{/*
pattern ingester common labels
*/}}
{{- define "loki.patternIngesterLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: pattern-ingester
{{- end }}
{{/*
pattern ingester selector labels
*/}}
{{- define "loki.patternIngesterSelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: pattern-ingester
{{- end }}
{{/*
pattern ingester readinessProbe
*/}}
{{- define "loki.patternIngester.readinessProbe" -}}
{{- with .Values.patternIngester.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 2 }}
{{- else }}
{{- with .Values.loki.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
pattern ingester priority class name
*/}}
{{- define "loki.patternIngesterPriorityClassName" }}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.patternIngester.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}
{{/*
Create the name of the pattern ingester service account
*/}}
{{- define "loki.patternIngesterServiceAccountName" -}}
{{- if .Values.patternIngester.serviceAccount.create -}}
{{ default (print (include "loki.serviceAccountName" .) "-pattern-ingester") .Values.patternIngester.serviceAccount.name }}
{{- else -}}
{{ default (include "loki.serviceAccountName" .) .Values.patternIngester.serviceAccount.name }}
{{- end -}}
{{- end -}}

187
opencloud/charts/loki/templates/pattern-ingester/statefulset-pattern-ingester.yaml Normal file
View File

@@ -0,0 +1,187 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if $isDistributed }}
{{- if (gt (int .Values.patternIngester.replicas) 0) -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "loki.patternIngesterFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.patternIngesterLabels" . | nindent 4 }}
{{- with .Values.loki.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.patternIngester.replicas }}
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: {{ include "loki.patternIngesterFullname" . }}-headless
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
{{- if and (semverCompare ">= 1.23-0" (include "loki.kubeVersion" .)) (.Values.patternIngester.persistence.enableStatefulSetAutoDeletePVC) }}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.patternIngester.persistence.whenDeleted }}
whenScaled: {{ .Values.patternIngester.persistence.whenScaled }}
{{- end }}
selector:
matchLabels:
{{- include "loki.patternIngesterSelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.patternIngester.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.patternIngesterSelectorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.patternIngester.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.patternIngester.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.patternIngesterPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.patternIngester.terminationGracePeriodSeconds }}
{{- with .Values.patternIngester.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: pattern-ingester
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
{{- if or .Values.loki.command .Values.patternIngester.command }}
command:
- {{ coalesce .Values.patternIngester.command .Values.loki.command | quote }}
{{- end }}
args:
- -config.file=/etc/loki/config/config.yaml
- -target=pattern-ingester
{{- with .Values.patternIngester.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.patternIngester.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.patternIngester.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
{{- include "loki.patternIngester.readinessProbe" . | nindent 10 }}
volumeMounts:
- name: temp
mountPath: /tmp
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
{{- with .Values.patternIngester.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.patternIngester.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.patternIngester.extraContainers }}
{{- toYaml .Values.patternIngester.extraContainers | nindent 8}}
{{- end }}
{{- with .Values.patternIngester.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.patternIngester.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.patternIngester.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.patternIngester.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: temp
emptyDir: {}
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
{{- if not .Values.patternIngester.persistence.enabled }}
- name: data
emptyDir: {}
{{- end }}
{{- with .Values.patternIngester.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.patternIngester.persistence.enabled }}
volumeClaimTemplates:
{{- range .Values.patternIngester.persistence.claims }}
- metadata:
name: {{ .name }}
{{- with .annotations }}
annotations:
{{- . | toYaml | nindent 10 }}
{{- end }}
spec:
accessModes:
- ReadWriteOnce
{{- with .storageClass }}
storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }}
{{- end }}
resources:
requests:
storage: {{ .size | quote }}
{{- end }}
{{- end }}
{{- end -}}
{{- end -}}

41
opencloud/charts/loki/templates/podsecuritypolicy.yaml Normal file
View File

@@ -0,0 +1,41 @@
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "loki.name" . }}
labels:
{{- include "loki.labels" . | nindent 4 }}
{{- if .Values.rbac.pspAnnotations }}
annotations:
{{ toYaml .Values.rbac.pspAnnotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
volumes:
- 'configMap'
- 'emptyDir'
- 'persistentVolumeClaim'
- 'secret'
- 'projected'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: true
requiredDropCapabilities:
- ALL
{{- end }}

32
opencloud/charts/loki/templates/provisioner/_helpers.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{/*
provisioner fullname
*/}}
{{- define "enterprise-logs.provisionerFullname" -}}
{{ include "loki.name" . }}-provisioner
{{- end }}
{{/*
provisioner common labels
*/}}
{{- define "enterprise-logs.provisionerLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: provisioner
{{- end }}
{{/*
provisioner selector labels
*/}}
{{- define "enterprise-logs.provisionerSelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: provisioner
{{- end }}
{{/*
provisioner image name
*/}}
{{- define "enterprise-logs.provisionerImage" -}}
{{- $dict := dict "service" .Values.enterprise.provisioner.image "global" .Values.global.image "defaultVersion" "latest" -}}
{{- include "loki.baseImage" $dict -}}
{{- end -}}

147
opencloud/charts/loki/templates/provisioner/job-provisioner.yaml Normal file
View File

@@ -0,0 +1,147 @@
{{ if and .Values.enterprise.provisioner.enabled .Values.enterprise.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "enterprise-logs.provisionerFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
{{- with .Values.enterprise.provisioner.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.enterprise.provisioner.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
"helm.sh/hook": post-install
"helm.sh/hook-weight": "15"
spec:
backoffLimit: 6
completions: 1
parallelism: 1
template:
metadata:
labels:
{{- include "enterprise-logs.provisionerSelectorLabels" . | nindent 8 }}
{{- with .Values.enterprise.provisioner.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.enterprise.provisioner.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.enterprise.provisioner.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
securityContext:
{{- toYaml .Values.enterprise.provisioner.securityContext | nindent 8 }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
initContainers:
- name: provisioner
image: {{ template "enterprise-logs.provisionerImage" . }}
imagePullPolicy: {{ .Values.enterprise.provisioner.image.pullPolicy }}
command:
- /bin/sh
- -exuc
- |
{{- range .Values.enterprise.provisioner.additionalTenants }}
/usr/bin/enterprise-logs-provisioner \
-bootstrap-path=/bootstrap \
-cluster-name={{ include "loki.clusterName" $ }} \
-gel-url={{ include "loki.address" $ }} \
-instance={{ .name }} \
-access-policy=write-{{ .name }}:{{ .name }}:logs:write \
-access-policy=read-{{ .name }}:{{ .name }}:logs:read \
-token=write-{{ .name }} \
-token=read-{{ .name }}
{{- end -}}
{{- with .Values.monitoring.selfMonitoring.tenant }}
/usr/bin/enterprise-logs-provisioner \
-bootstrap-path=/bootstrap \
-cluster-name={{ include "loki.clusterName" $ }} \
-gel-url={{ include "loki.address" $ }} \
-instance={{ .name }} \
-access-policy=self-monitoring:{{ .name }}:logs:write,logs:read \
-token=self-monitoring
{{- end }}
volumeMounts:
{{- with .Values.enterprise.provisioner.extraVolumeMounts }}
{{ toYaml . | nindent 12 }}
{{- end }}
- name: bootstrap
mountPath: /bootstrap
- name: admin-token
mountPath: /bootstrap/token
subPath: token
{{- with .Values.enterprise.provisioner.env }}
env:
{{ toYaml . | nindent 12 }}
{{- end }}
containers:
- name: create-secret
image: {{ include "loki.kubectlImage" . }}
imagePullPolicy: {{ .Values.kubectlImage.pullPolicy }}
command:
- /bin/bash
- -exuc
- |
# In case, the admin resources have already been created, the provisioner job
# does not write the token files to the bootstrap mount.
# Therefore, secrets are only created if the respective token files exist.
# Note: the following bash commands should always return a success status code.
# Therefore, in case the token file does not exist, the first clause of the
# or-operation is successful.
{{- range .Values.enterprise.provisioner.additionalTenants }}
! test -s /bootstrap/token-write-{{ .name }} || \
kubectl --namespace "{{ .secretNamespace }}" create secret generic "{{ include "enterprise-logs.provisionedSecretPrefix" $ }}-{{ .name }}" \
--from-literal=token-write="$(cat /bootstrap/token-write-{{ .name }})" \
--from-literal=token-read="$(cat /bootstrap/token-read-{{ .name }})"
{{- end }}
{{- $namespace := $.Release.Namespace }}
{{- with .Values.monitoring.selfMonitoring.tenant }}
{{- $secretNamespace := tpl .secretNamespace $ }}
! test -s /bootstrap/token-self-monitoring || \
kubectl --namespace "{{ $namespace }}" create secret generic "{{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}" \
--from-literal=username="{{ .name }}" \
--from-literal=password="$(cat /bootstrap/token-self-monitoring)"
{{- if not (eq $secretNamespace $namespace) }}
! test -s /bootstrap/token-self-monitoring || \
kubectl --namespace "{{ $secretNamespace }}" create secret generic "{{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}" \
--from-literal=username="{{ .name }}" \
--from-literal=password="$(cat /bootstrap/token-self-monitoring)"
{{- end }}
{{- end }}
volumeMounts:
{{- with .Values.enterprise.provisioner.extraVolumeMounts }}
{{ toYaml . | nindent 12 }}
{{- end }}
- name: bootstrap
mountPath: /bootstrap
{{- with .Values.enterprise.provisioner.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.enterprise.provisioner.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.enterprise.provisioner.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
restartPolicy: OnFailure
serviceAccount: {{ include "enterprise-logs.provisionerFullname" . }}
serviceAccountName: {{ include "enterprise-logs.provisionerFullname" . }}
volumes:
- name: admin-token
secret:
secretName: "{{ include "enterprise-logs.adminTokenSecret" . }}"
- name: bootstrap
emptyDir: {}
{{- end }}

21
opencloud/charts/loki/templates/provisioner/role-provisioner.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{ if and (and .Values.enterprise.provisioner.enabled .Values.enterprise.enabled) (not .Values.rbac.namespaced)}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "enterprise-logs.provisionerFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
{{- with .Values.enterprise.provisioner.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.enterprise.provisioner.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
"helm.sh/hook": post-install
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
{{- end }}

26
opencloud/charts/loki/templates/provisioner/rolebinding-provisioner.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{ if and (and .Values.enterprise.provisioner.enabled .Values.enterprise.enabled) (not .Values.rbac.namespaced)}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "enterprise-logs.provisionerFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
{{- with .Values.enterprise.provisioner.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.enterprise.provisioner.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
"helm.sh/hook": post-install
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "enterprise-logs.provisionerFullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "enterprise-logs.provisionerFullname" . }}
namespace: {{ $.Release.Namespace }}
{{- end }}

18
opencloud/charts/loki/templates/provisioner/serviceaccount-provisioner.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{ if and .Values.enterprise.provisioner.enabled .Values.enterprise.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "enterprise-logs.provisionerFullname" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
{{- with .Values.enterprise.provisioner.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.enterprise.provisioner.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
"helm.sh/hook": post-install
{{- end }}

32
opencloud/charts/loki/templates/querier/_helpers-querier.tpl Normal file
View File

@@ -0,0 +1,32 @@
{{/*
querier fullname
*/}}
{{- define "loki.querierFullname" -}}
{{ include "loki.fullname" . }}-querier
{{- end }}
{{/*
querier common labels
*/}}
{{- define "loki.querierLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: querier
{{- end }}
{{/*
querier selector labels
*/}}
{{- define "loki.querierSelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: querier
{{- end }}
{{/*
querier priority class name
*/}}
{{- define "loki.querierPriorityClassName" -}}
{{- $pcn := coalesce .Values.global.priorityClassName .Values.querier.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}

166
opencloud/charts/loki/templates/querier/deployment-querier.yaml Normal file
View File

@@ -0,0 +1,166 @@
{{- $isDistributed := eq (include "loki.deployment.isDistributed" .) "true" -}}
{{- if $isDistributed }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "loki.querierFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "loki.querierLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.querier.autoscaling.enabled }}
replicas: {{ .Values.querier.replicas }}
{{- end }}
strategy:
rollingUpdate:
maxSurge: {{ .Values.querier.maxSurge }}
maxUnavailable: 1
revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "loki.querierSelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "loki.config.checksum" . | nindent 8 }}
{{- with .Values.loki.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.querier.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "loki.querierSelectorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.loki.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.querier.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
{{- with .Values.querier.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "loki.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.querier.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "loki.querierPriorityClassName" . | nindent 6 }}
securityContext:
{{- toYaml .Values.loki.podSecurityContext | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.querier.terminationGracePeriodSeconds }}
{{- with .Values.querier.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: querier
image: {{ include "loki.image" . }}
imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
args:
- -config.file=/etc/loki/config/config.yaml
- -target=querier
{{- if .Values.ingester.zoneAwareReplication.enabled }}
{{- if and (.Values.ingester.zoneAwareReplication.migration.enabled) (not .Values.ingester.zoneAwareReplication.migration.readPath) }}
- -distributor.zone-awareness-enabled=false
{{- else }}
- -distributor.zone-awareness-enabled=true
{{- end }}
{{- end }}
{{- with .Values.querier.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
{{- with .Values.querier.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.querier.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.loki.containerSecurityContext | nindent 12 }}
readinessProbe:
{{- toYaml .Values.loki.readinessProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.loki.livenessProbe | nindent 12 }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
{{- if .Values.enterprise.enabled }}
- name: license
mountPath: /etc/loki/license
{{- end }}
{{- with .Values.querier.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.querier.resources | nindent 12 }}
{{- if .Values.querier.extraContainers }}
{{- toYaml .Values.querier.extraContainers | nindent 8}}
{{- end }}
{{- with .Values.querier.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.querier.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.querier.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.querier.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: runtime-config
configMap:
name: {{ template "loki.name" . }}-runtime
{{- if .Values.enterprise.enabled }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
{{- end }}
- name: data
emptyDir: {}
{{- with .Values.querier.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More