diff --git a/class/defaults.yml b/class/defaults.yml index 3495f59..d742d44 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -12,8 +12,8 @@ parameters: charts: loki: - source: https://grafana.github.io/helm-charts - version: v6.53.0 + source: https://grafana-community.github.io/helm-charts + version: v13.5.0 images: loki: @@ -28,6 +28,9 @@ parameters: nginx: registry: docker.io repository: nginxinc/nginx-unprivileged + accessLogExporter: + registry: ghcr.io + repository: jkroepke/access-log-exporter preset: legacy diff --git a/component/helm_values.jsonnet b/component/helm_values.jsonnet index 3bd6590..1489271 100644 --- a/component/helm_values.jsonnet +++ b/component/helm_values.jsonnet @@ -90,9 +90,11 @@ local openshift = if isOpenshift then com.makeMergeable({ }) else {}; local images = com.makeMergeable({ - image: { - repository: '%(registry)s/%(repository)s' % params.images.loki, - [if std.objectHas(params.images.loki, 'tag') then 'tag']: params.images.loki.tag, + loki: { + image: { + repository: '%(registry)s/%(repository)s' % params.images.loki, + [if std.objectHas(params.images.loki, 'tag') then 'tag']: params.images.loki.tag, + }, }, memcached: { image: { @@ -114,13 +116,19 @@ local images = com.makeMergeable({ [if std.objectHas(params.images.nginx, 'tag') then 'tag']: params.images.nginx.tag, }, }, + metrics: { + image: { + registry: params.images.accessLogExporter.registry, + repository: params.images.accessLogExporter.repository, + [if std.objectHas(params.images.accessLogExporter, 'tag') then 'tag']: params.images.accessLogExporter.tag, + }, + }, }, }); local global = com.makeMergeable({ global: { extraEnvFrom: [ { secretRef: { name: '%s-bucket-secret' % inv.parameters._instance } } ], - extraArgs: [ '-config.expand-env=true' ], podAnnotations: { bucketSecretVersion: '%s' % params.s3.auth.secretVersion, }, diff --git a/tests/extra-config.yml b/tests/extra-config.yml index 8a9efe9..3d5f9cd 100644 --- a/tests/extra-config.yml +++ b/tests/extra-config.yml @@ -22,6 +22,8 @@ parameters: registry: dockerhub.vshn.net nginx: registry: dockerhub.vshn.net + accessLogExporter: + tag: latest components: ruler: diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml index 4b28156..a1d2339 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml @@ -4,8 +4,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-clusterrole rules: - apiGroups: diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml index e45be68..07f5df7 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml @@ -4,8 +4,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-clusterrolebinding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml similarity index 85% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml index 416bd62..76953e3 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-backend namespace: syn-loki spec: diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml deleted file mode 100644 index d53956f..0000000 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-backend-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml deleted file mode 100644 index 5f0f8e2..0000000 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-backend - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/service.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/service.yaml new file mode 100644 index 0000000..a8ab703 --- /dev/null +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-backend + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-backend-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml similarity index 68% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml index 5b9e182..6787e40 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-backend namespace: syn-loki spec: @@ -26,15 +26,15 @@ spec: template: metadata: annotations: - checksum/config: 97913dbb9b85bb7a6df56d0176b64e94b3c339ab1700f212b9d56139f92b3d90 - kubectl.kubernetes.io/default-container: loki + checksum/config: 253c4147cd4e25cd49d9777c4546b92ddd55ae4feed09b4dbe135d92e484f7a6 + kubectl.kubernetes.io/default-container: backend labels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -49,15 +49,32 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml + - -config.expand-env=true - -target=backend - -legacy-read-mode=false - - -config.expand-env=true + env: + - name: GOMEMLIMIT + value: 1740MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: docker.io/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: backend ports: - containerPort: 3100 name: http-metrics @@ -90,15 +107,17 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config - mountPath: /etc/loki/runtime-config name: runtime-config - - mountPath: /tmp - name: tmp - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp - mountPath: /rules name: sc-rules-volume - env: @@ -116,26 +135,57 @@ spec: value: '60' - name: LOG_LEVEL value: INFO - image: docker.io/kiwigrid/k8s-sidecar:1.30.9 + - name: HEALTH_PORT + value: '8080' + image: docker.io/kiwigrid/k8s-sidecar:2.7.1 imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http-sidecar + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 name: loki-sc-rules + ports: + - containerPort: 8080 + name: http-sidecar + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http-sidecar + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: + - mountPath: /tmp + name: sc-rules-temp - mountPath: /rules name: sc-rules-volume + enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 300 volumes: - emptyDir: {} - name: tmp + name: temp - configMap: items: - key: config.yaml @@ -147,6 +197,8 @@ spec: name: runtime-config - emptyDir: {} name: sc-rules-volume + - emptyDir: {} + name: sc-rules-temp updateStrategy: rollingUpdate: partition: 0 diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml similarity index 89% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml index 9f10ad2..f73a2ac 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-chunks-cache namespace: syn-loki spec: diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml similarity index 87% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml index fb924fd..2ae9286 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: memcached-chunks-cache name: loki-chunks-cache namespace: syn-loki @@ -44,7 +44,7 @@ spec: envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/library/memcached:1.6.39-alpine + image: docker.io/library/memcached:1.6.41-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -76,10 +76,13 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - --memcached.address=localhost:11211 - --web.listen-address=0.0.0.0:9150 - image: docker.io/prom/memcached-exporter:v0.15.4 + image: docker.io/prom/memcached-exporter:v0.16.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -110,6 +113,9 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault initContainers: [] nodeSelector: {} securityContext: @@ -117,7 +123,9 @@ spec: runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 - serviceAccountName: loki + seccompProfile: + type: RuntimeDefault + serviceAccountName: loki-memcached terminationGracePeriodSeconds: 60 tolerations: [] topologySpreadConstraints: [] diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/config.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/config.yaml index 594044f..6d32f01 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/config.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/config.yaml @@ -46,6 +46,8 @@ data: mode: simple ingester: chunk_encoding: snappy + wal: + flush_on_shutdown: true limits_config: max_cache_freshness_per_query: 10m query_timeout: 300s @@ -55,8 +57,16 @@ data: split_queries_by_interval: 15m volume_enabled: true memberlist: + abort_if_cluster_join_fails: true + advertise_addr: ${HASH_RING_INSTANCE_ADDR} + advertise_port: 7946 + bind_port: 7946 join_members: - loki-memberlist.syn-loki.svc.cluster.local + max_join_backoff: 1m + max_join_retries: 10 + min_join_backoff: 1s + rejoin_interval: 90s pattern_ingester: enabled: false querier: @@ -99,10 +109,18 @@ data: schema: v13 store: tsdb server: + graceful_shutdown_timeout: 5s grpc_listen_port: 9095 + grpc_server_max_concurrent_streams: 1000 + grpc_server_max_recv_msg_size: 104857600 + grpc_server_max_send_msg_size: 104857600 + grpc_server_min_time_between_pings: 10s + grpc_server_ping_without_stream_allowed: true http_listen_port: 3100 - http_server_read_timeout: 600s - http_server_write_timeout: 600s + http_server_idle_timeout: 30s + http_server_read_timeout: 10m0s + http_server_write_timeout: 10m0s + log_level: info storage_config: bloom_shipper: working_directory: /var/loki/data/bloomshipper @@ -124,7 +142,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki namespace: syn-loki diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml deleted file mode 100644 index 0935f1f..0000000 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: v1 -data: - nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid \ - \ /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections\ - \ 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n\ - \ proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n\ - \ uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\ - \n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n\ - \ proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version\ - \ 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr\ - \ - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent\ - \ \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"\ - ';\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush on;\n\ - \ resolver kube-dns.kube-system.svc.cluster.local.;\n\n # if the X-Query-Tags\ - \ header is empty, set a noop= without a value as empty values are not logged\n\ - \ map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; \ - \ # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise,\ - \ preserve the original value\n }\n\n server {\n listen 8080;\n\ - \ listen [::]:8080;\n\n location = / {\n \n return\ - \ 200 'OK';\n auth_basic off;\n }\n\n ########################################################\n\ - \ # Configure backend targets\n location ^~ /ui {\n \n proxy_pass\ - \ http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Distributor\n location = /api/prom/push {\n \n proxy_pass\ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \ location = /loki/api/v1/push {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /distributor/ring {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /otlp/v1/logs {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # Ingester\n location = /flush {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \ location ^~ /ingester/ {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /ingester {\n \n internal; # to suppress\ - \ 301\n }\n\n # Ring\n location = /ring {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # MemberListKV\n location = /memberlist {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Ruler\n location = /ruler/ring {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /api/prom/rules {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location ^~ /api/prom/rules/ {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/rules {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location ^~ /loki/api/v1/rules/ {\n \n proxy_pass \ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n }\n \ - \ location = /prometheus/api/v1/alerts {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /prometheus/api/v1/rules {\n \n proxy_pass \ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Compactor\n location = /compactor/ring {\n \n proxy_pass\ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n \ - \ }\n location = /loki/api/v1/delete {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/cache/generation_numbers {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # IndexGateway\n location = /indexgateway/ring {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # QueryScheduler\n location = /scheduler/ring {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # Config\n location = /config {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\n\ - \n # QueryFrontend, Querier\n location = /api/prom/tail {\n proxy_set_header\ - \ Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \ - \ \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/tail {\n proxy_set_header Upgrade $http_upgrade;\n\ - \ proxy_set_header Connection \"upgrade\";\n \n proxy_pass \ - \ http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n }\n \ - \ location ^~ /api/prom/ {\n \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /api/prom {\n \n internal; # to suppress\ - \ 301\n }\n location ^~ /loki/api/v1/ {\n # pass custom headers set\ - \ by Grafana as X-Query-Tags which are logged as key/value pairs in metrics.go\ - \ log messages\n proxy_set_header X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\"\ - ;\n \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1 {\n \n internal; # to suppress\ - \ 301\n }\n }\n}\n" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-gateway - namespace: syn-loki diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml new file mode 100644 index 0000000..fef4e01 --- /dev/null +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml @@ -0,0 +1,288 @@ +apiVersion: v1 +data: + access-log-exporter.yaml: | + presets: + loki: + metrics: + - name: "http_requests_total" + type: "counter" + help: "The total number of client requests." + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_requests_completed_total" + type: "counter" + help: "The total number of completed requests." + valueIndex: 3 + replacements: + - string: "OK" + replacement: "1" + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_request_size_bytes" + type: "histogram" + buckets: [ 10,1000,100000,1000000,5000000,50000000,200000000 ] + help: "The request length (including request line, header, and request body)" + valueIndex: 5 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_response_size_bytes" + type: "histogram" + buckets: [ 10,1000,100000,1000000,5000000,50000000,200000000 ] + help: "The response length (including request line, header, and request body)" + valueIndex: 6 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_request_duration_seconds" + type: "histogram" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + help: "The time spent on receiving and response the response to the client" + valueIndex: 4 + math: + enabled: true + div: 1000 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_connect_duration_seconds" + type: "histogram" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + help: "The time spent on establishing a connection with the upstream server" + valueIndex: 8 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_header_duration_seconds" + type: "histogram" + help: "The time spent on receiving the response header from the upstream server" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + valueIndex: 9 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_request_duration_seconds" + type: "histogram" + help: "The time spent on receiving the response from the upstream server" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + valueIndex: 10 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid \ + \ /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections\ + \ 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n\ + \ proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n\ + \ uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\ + \n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n\ + \ proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version\ + \ 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr\ + \ - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent\ + \ \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"\ + ';\n # Exclude specific requests from logging\n map $request_uri $track {\n\ + \ default 1;\n ~^/$ 0;\n ~^/health 0;\n ~^/metrics 0;\n }\n\n #\ + \ simple_upstream preset\n log_format access_log_exporter '$http_host\\t$request_method\\\ + t$status\\t$request_completion\\t$request_time\\t$request_length\\t$bytes_sent\\\ + t$upstream_addr\\t$upstream_connect_time\\t$upstream_header_time\\t$upstream_response_time\\\ + t$request_uri';\n access_log syslog:server=127.0.0.1:8514,nohostname access_log_exporter\ + \ if=$track;\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush\ + \ on;\n resolver kube-dns.kube-system.svc.cluster.local.;\n\n # if the X-Query-Tags\ + \ header is empty, set a noop= without a value as empty values are not logged\n\ + \ map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; \ + \ # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise,\ + \ preserve the original value\n }\n\n server {\n listen 8080;\n\ + \ listen [::]:8080;\n\n location = / {\n \n return\ + \ 200 'OK';\n auth_basic off;\n }\n\n location = /stub_status {\n \ + \ stub_status on;\n satisfy any;\n access_log off;\n allow\ + \ 127.0.0.1;\n deny all;\n server_tokens on; # expose nginx version\n\ + \ }\n\n ########################################################\n #\ + \ Configure backend targets\n location ^~ /ui {\n \n set $backend\ + \ \"http://loki-read.syn-loki.svc.cluster.local:3100\";\n proxy_pass\ + \ $backend$request_uri;\n }\n\n # Distributor\n location = /api/prom/push\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/push\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /distributor/ring\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /otlp/v1/logs\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Ingester\n \ + \ location = /flush {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /ingester/\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /ingester\ + \ {\n \n internal; # to suppress 301\n }\n\n # Ring\n \ + \ location = /ring {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # MemberListKV\n\ + \ location = /memberlist {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Ruler\n location\ + \ = /ruler/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /api/prom/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /api/prom/rules/\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /loki/api/v1/rules/\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /prometheus/api/v1/alerts\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /prometheus/api/v1/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Compactor\n \ + \ location = /compactor/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/delete\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/cache/generation_numbers\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # IndexGateway\n\ + \ location = /indexgateway/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # QueryScheduler\n\ + \ location = /scheduler/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Config\n location\ + \ = /config {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # QueryFrontend,\ + \ Querier\n location = /api/prom/tail {\n proxy_set_header Upgrade $http_upgrade;\n\ + \ proxy_set_header Connection \"upgrade\";\n \n set $backend \ + \ \"http://loki-read.syn-loki.svc.cluster.local:3100\";\n proxy_pass \ + \ $backend$request_uri;\n }\n location = /loki/api/v1/tail {\n \ + \ proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"\ + upgrade\";\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /api/prom/\ + \ {\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /api/prom\ + \ {\n \n internal; # to suppress 301\n }\n location ^~\ + \ /loki/api/v1/ {\n # pass custom headers set by Grafana as X-Query-Tags\ + \ which are logged as key/value pairs in metrics.go log messages\n proxy_set_header\ + \ X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\"\ + ;\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1\ + \ {\n \n internal; # to suppress 301\n }\n }\n}\n" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway + namespace: syn-loki diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml similarity index 53% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml index 041cfe9..4eddbda 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-gateway namespace: syn-loki spec: @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/config: f364de581a42e19ddcd3b05818e5fa7ef25aee1047e40eb41561a7a127e0d579 + checksum/config: 2ac29b210397fb257fb28bb7defc2a7245d4fff101baf745bc1ca1281b373f26 labels: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki @@ -37,27 +37,29 @@ spec: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false containers: - - image: docker.io/nginxinc/nginx-unprivileged:1.29-alpine + - image: docker.io/nginxinc/nginx-unprivileged:1.30-alpine imagePullPolicy: IfNotPresent name: nginx ports: - containerPort: 8080 - name: http-metrics + name: http protocol: TCP readinessProbe: httpGet: path: / - port: http-metrics + port: http initialDelaySeconds: 15 timeoutSeconds: 1 - resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/nginx name: config @@ -65,13 +67,63 @@ spec: name: tmp - mountPath: /docker-entrypoint.d name: docker-entrypoint-d-override + - args: + - --nginx.scrape-url + - http://127.0.0.1:8080/stub_status + - --preset + - loki + image: ghcr.io/jkroepke/access-log-exporter:0.3.11 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http-metrics + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + name: exporter + ports: + - containerPort: 4040 + name: http-metrics + - containerPort: 8514 + name: syslog + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http-metrics + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + resources: + limits: {} + requests: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /config.yaml + name: config + subPath: access-log-exporter.yaml enableServiceLinks: true securityContext: fsGroup: 101 runAsGroup: 101 runAsNonRoot: true runAsUser: 101 - serviceAccountName: loki + seccompProfile: + type: RuntimeDefault + serviceAccountName: loki-gateway terminationGracePeriodSeconds: 30 volumes: - configMap: diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml deleted file mode 100644 index b83e157..0000000 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-gateway - namespace: syn-loki -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml new file mode 100644 index 0000000..59455a9 --- /dev/null +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway-exporter + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 4040 + protocol: TCP + targetPort: http-metrics + selector: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml similarity index 78% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml index 8335d30..7be5b4a 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml @@ -6,17 +6,17 @@ metadata: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 prometheus.io/service-monitor: 'false' name: loki-gateway namespace: syn-loki spec: ports: - - name: http-metrics + - name: http port: 80 protocol: TCP - targetPort: http-metrics + targetPort: http selector: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml new file mode 100644 index 0000000..e1da5a7 --- /dev/null +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway + namespace: syn-loki diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml new file mode 100644 index 0000000..e397742 --- /dev/null +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: memcached + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-memcached + namespace: syn-loki diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml similarity index 74% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml index c5b55b7..50099de 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-read namespace: syn-loki spec: @@ -25,12 +25,15 @@ spec: template: metadata: annotations: - checksum/config: 97913dbb9b85bb7a6df56d0176b64e94b3c339ab1700f212b9d56139f92b3d90 + checksum/config: 253c4147cd4e25cd49d9777c4546b92ddd55ae4feed09b4dbe135d92e484f7a6 + kubectl.kubernetes.io/default-container: read labels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -45,16 +48,31 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml - - -target=read - - -legacy-read-mode=false - - -common.compactor-grpc-address=loki-backend.syn-loki.svc.cluster.local:9095 - -config.expand-env=true + - -target=read + env: + - name: GOMEMLIMIT + value: 3481MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: docker.io/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: read ports: - containerPort: 3100 name: http-metrics @@ -86,25 +104,28 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config - mountPath: /etc/loki/runtime-config name: runtime-config - - mountPath: /tmp - name: tmp - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp + enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} - name: tmp - - emptyDir: {} - name: data + name: temp - configMap: items: - key: config.yaml @@ -114,3 +135,5 @@ spec: - configMap: name: loki-runtime name: runtime-config + - emptyDir: {} + name: data diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml similarity index 84% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml index 5130c5b..e2c9c39 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-read namespace: syn-loki spec: diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml deleted file mode 100644 index 14f15df..0000000 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-read-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml deleted file mode 100644 index 9d8a4e3..0000000 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-read - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/service.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/service.yaml new file mode 100644 index 0000000..87025ce --- /dev/null +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-read + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-read-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml similarity index 89% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml index 954f5a9..b89a7fd 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-results-cache namespace: syn-loki spec: diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml similarity index 87% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml index 09bed15..4cb9bab 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: memcached-results-cache name: loki-results-cache namespace: syn-loki @@ -44,7 +44,7 @@ spec: envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/library/memcached:1.6.39-alpine + image: docker.io/library/memcached:1.6.41-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -76,10 +76,13 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - --memcached.address=localhost:11211 - --web.listen-address=0.0.0.0:9150 - image: docker.io/prom/memcached-exporter:v0.15.4 + image: docker.io/prom/memcached-exporter:v0.16.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -110,6 +113,9 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault initContainers: [] nodeSelector: {} securityContext: @@ -117,7 +123,9 @@ spec: runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 - serviceAccountName: loki + seccompProfile: + type: RuntimeDefault + serviceAccountName: loki-memcached terminationGracePeriodSeconds: 60 tolerations: [] topologySpreadConstraints: [] diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml index 27ffcc1..b99235f 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml @@ -7,7 +7,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-runtime namespace: syn-loki diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml index d5419cf..c5a5c17 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml @@ -5,8 +5,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-memberlist namespace: syn-loki spec: diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml index 617bc0f..57b736f 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki namespace: syn-loki diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml similarity index 85% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml index 63a7ac6..3081ba4 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-write namespace: syn-loki spec: diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml deleted file mode 100644 index 4cdcaa8..0000000 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-write-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml deleted file mode 100644 index 0f21c73..0000000 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-write - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/service.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/service.yaml new file mode 100644 index 0000000..1ce1e25 --- /dev/null +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-write + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-write-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml similarity index 75% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml rename to tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml index 775a6b9..e8d2406 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml +++ b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-write namespace: syn-loki spec: @@ -23,14 +23,15 @@ spec: template: metadata: annotations: - checksum/config: 97913dbb9b85bb7a6df56d0176b64e94b3c339ab1700f212b9d56139f92b3d90 + checksum/config: 253c4147cd4e25cd49d9777c4546b92ddd55ae4feed09b4dbe135d92e484f7a6 + kubectl.kubernetes.io/default-container: write labels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -45,14 +46,31 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml - - -target=write - -config.expand-env=true + - -target=write + env: + - name: GOMEMLIMIT + value: 6963MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: docker.io/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: write ports: - containerPort: 3100 name: http-metrics @@ -85,6 +103,8 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config @@ -92,13 +112,19 @@ spec: name: runtime-config - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 300 volumes: + - emptyDir: {} + name: temp - configMap: items: - key: config.yaml diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml index 4b28156..a1d2339 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml @@ -4,8 +4,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-clusterrole rules: - apiGroups: diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml index e45be68..07f5df7 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml @@ -4,8 +4,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-clusterrolebinding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml similarity index 85% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml index 416bd62..76953e3 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-backend namespace: syn-loki spec: diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml deleted file mode 100644 index d53956f..0000000 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-backend-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml deleted file mode 100644 index 5f0f8e2..0000000 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-backend - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/service.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/service.yaml new file mode 100644 index 0000000..a8ab703 --- /dev/null +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-backend + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-backend-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml similarity index 68% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml index 5b9e182..1e46413 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-backend namespace: syn-loki spec: @@ -26,15 +26,15 @@ spec: template: metadata: annotations: - checksum/config: 97913dbb9b85bb7a6df56d0176b64e94b3c339ab1700f212b9d56139f92b3d90 - kubectl.kubernetes.io/default-container: loki + checksum/config: e81dcea6075fb76f3dcc004989d9ec9af42b181402735da0fce261f6cb4d9ea3 + kubectl.kubernetes.io/default-container: backend labels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -49,15 +49,32 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml + - -config.expand-env=true - -target=backend - -legacy-read-mode=false - - -config.expand-env=true + env: + - name: GOMEMLIMIT + value: 1740MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: dockerhub.vshn.net/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: backend ports: - containerPort: 3100 name: http-metrics @@ -90,15 +107,17 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config - mountPath: /etc/loki/runtime-config name: runtime-config - - mountPath: /tmp - name: tmp - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp - mountPath: /rules name: sc-rules-volume - env: @@ -116,26 +135,57 @@ spec: value: '60' - name: LOG_LEVEL value: INFO - image: docker.io/kiwigrid/k8s-sidecar:1.30.9 + - name: HEALTH_PORT + value: '8080' + image: docker.io/kiwigrid/k8s-sidecar:2.7.1 imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http-sidecar + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 name: loki-sc-rules + ports: + - containerPort: 8080 + name: http-sidecar + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http-sidecar + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: + - mountPath: /tmp + name: sc-rules-temp - mountPath: /rules name: sc-rules-volume + enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 300 volumes: - emptyDir: {} - name: tmp + name: temp - configMap: items: - key: config.yaml @@ -147,6 +197,8 @@ spec: name: runtime-config - emptyDir: {} name: sc-rules-volume + - emptyDir: {} + name: sc-rules-temp updateStrategy: rollingUpdate: partition: 0 diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml similarity index 89% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml index 9f10ad2..f73a2ac 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-chunks-cache namespace: syn-loki spec: diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml similarity index 88% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml index 9b387db..785d632 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: memcached-chunks-cache name: loki-chunks-cache namespace: syn-loki @@ -44,7 +44,7 @@ spec: envFrom: - secretRef: name: loki-bucket-secret - image: dockerhub.vshn.net/library/memcached:1.6.39-alpine + image: dockerhub.vshn.net/library/memcached:1.6.41-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -76,10 +76,13 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - --memcached.address=localhost:11211 - --web.listen-address=0.0.0.0:9150 - image: dockerhub.vshn.net/prom/memcached-exporter:v0.15.4 + image: dockerhub.vshn.net/prom/memcached-exporter:v0.16.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -110,6 +113,9 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault initContainers: [] nodeSelector: {} securityContext: @@ -117,7 +123,9 @@ spec: runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 - serviceAccountName: loki + seccompProfile: + type: RuntimeDefault + serviceAccountName: loki-memcached terminationGracePeriodSeconds: 60 tolerations: [] topologySpreadConstraints: [] diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/config.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/config.yaml index af2be4f..0f0de3e 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/config.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/config.yaml @@ -48,6 +48,8 @@ data: mode: simple ingester: chunk_encoding: snappy + wal: + flush_on_shutdown: true limits_config: max_cache_freshness_per_query: 10m query_timeout: 300s @@ -57,8 +59,16 @@ data: split_queries_by_interval: 15m volume_enabled: true memberlist: + abort_if_cluster_join_fails: true + advertise_addr: ${HASH_RING_INSTANCE_ADDR} + advertise_port: 7946 + bind_port: 7946 join_members: - loki-memberlist.syn-loki.svc.cluster.local + max_join_backoff: 1m + max_join_retries: 10 + min_join_backoff: 1s + rejoin_interval: 90s pattern_ingester: enabled: false querier: @@ -103,10 +113,18 @@ data: schema: v13 store: tsdb server: + graceful_shutdown_timeout: 5s grpc_listen_port: 9095 + grpc_server_max_concurrent_streams: 1000 + grpc_server_max_recv_msg_size: 104857600 + grpc_server_max_send_msg_size: 104857600 + grpc_server_min_time_between_pings: 10s + grpc_server_ping_without_stream_allowed: true http_listen_port: 3100 - http_server_read_timeout: 600s - http_server_write_timeout: 600s + http_server_idle_timeout: 30s + http_server_read_timeout: 10m0s + http_server_write_timeout: 10m0s + log_level: info storage_config: bloom_shipper: working_directory: /var/loki/data/bloomshipper @@ -128,7 +146,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki namespace: syn-loki diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml deleted file mode 100644 index 0935f1f..0000000 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: v1 -data: - nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid \ - \ /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections\ - \ 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n\ - \ proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n\ - \ uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\ - \n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n\ - \ proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version\ - \ 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr\ - \ - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent\ - \ \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"\ - ';\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush on;\n\ - \ resolver kube-dns.kube-system.svc.cluster.local.;\n\n # if the X-Query-Tags\ - \ header is empty, set a noop= without a value as empty values are not logged\n\ - \ map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; \ - \ # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise,\ - \ preserve the original value\n }\n\n server {\n listen 8080;\n\ - \ listen [::]:8080;\n\n location = / {\n \n return\ - \ 200 'OK';\n auth_basic off;\n }\n\n ########################################################\n\ - \ # Configure backend targets\n location ^~ /ui {\n \n proxy_pass\ - \ http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Distributor\n location = /api/prom/push {\n \n proxy_pass\ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \ location = /loki/api/v1/push {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /distributor/ring {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /otlp/v1/logs {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # Ingester\n location = /flush {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \ location ^~ /ingester/ {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /ingester {\n \n internal; # to suppress\ - \ 301\n }\n\n # Ring\n location = /ring {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # MemberListKV\n location = /memberlist {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Ruler\n location = /ruler/ring {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /api/prom/rules {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location ^~ /api/prom/rules/ {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/rules {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location ^~ /loki/api/v1/rules/ {\n \n proxy_pass \ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n }\n \ - \ location = /prometheus/api/v1/alerts {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /prometheus/api/v1/rules {\n \n proxy_pass \ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Compactor\n location = /compactor/ring {\n \n proxy_pass\ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n \ - \ }\n location = /loki/api/v1/delete {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/cache/generation_numbers {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # IndexGateway\n location = /indexgateway/ring {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # QueryScheduler\n location = /scheduler/ring {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # Config\n location = /config {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\n\ - \n # QueryFrontend, Querier\n location = /api/prom/tail {\n proxy_set_header\ - \ Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \ - \ \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/tail {\n proxy_set_header Upgrade $http_upgrade;\n\ - \ proxy_set_header Connection \"upgrade\";\n \n proxy_pass \ - \ http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n }\n \ - \ location ^~ /api/prom/ {\n \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /api/prom {\n \n internal; # to suppress\ - \ 301\n }\n location ^~ /loki/api/v1/ {\n # pass custom headers set\ - \ by Grafana as X-Query-Tags which are logged as key/value pairs in metrics.go\ - \ log messages\n proxy_set_header X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\"\ - ;\n \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1 {\n \n internal; # to suppress\ - \ 301\n }\n }\n}\n" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-gateway - namespace: syn-loki diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml new file mode 100644 index 0000000..fef4e01 --- /dev/null +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml @@ -0,0 +1,288 @@ +apiVersion: v1 +data: + access-log-exporter.yaml: | + presets: + loki: + metrics: + - name: "http_requests_total" + type: "counter" + help: "The total number of client requests." + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_requests_completed_total" + type: "counter" + help: "The total number of completed requests." + valueIndex: 3 + replacements: + - string: "OK" + replacement: "1" + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_request_size_bytes" + type: "histogram" + buckets: [ 10,1000,100000,1000000,5000000,50000000,200000000 ] + help: "The request length (including request line, header, and request body)" + valueIndex: 5 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_response_size_bytes" + type: "histogram" + buckets: [ 10,1000,100000,1000000,5000000,50000000,200000000 ] + help: "The response length (including request line, header, and request body)" + valueIndex: 6 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_request_duration_seconds" + type: "histogram" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + help: "The time spent on receiving and response the response to the client" + valueIndex: 4 + math: + enabled: true + div: 1000 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_connect_duration_seconds" + type: "histogram" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + help: "The time spent on establishing a connection with the upstream server" + valueIndex: 8 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_header_duration_seconds" + type: "histogram" + help: "The time spent on receiving the response header from the upstream server" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + valueIndex: 9 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_request_duration_seconds" + type: "histogram" + help: "The time spent on receiving the response from the upstream server" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + valueIndex: 10 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid \ + \ /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections\ + \ 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n\ + \ proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n\ + \ uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\ + \n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n\ + \ proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version\ + \ 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr\ + \ - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent\ + \ \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"\ + ';\n # Exclude specific requests from logging\n map $request_uri $track {\n\ + \ default 1;\n ~^/$ 0;\n ~^/health 0;\n ~^/metrics 0;\n }\n\n #\ + \ simple_upstream preset\n log_format access_log_exporter '$http_host\\t$request_method\\\ + t$status\\t$request_completion\\t$request_time\\t$request_length\\t$bytes_sent\\\ + t$upstream_addr\\t$upstream_connect_time\\t$upstream_header_time\\t$upstream_response_time\\\ + t$request_uri';\n access_log syslog:server=127.0.0.1:8514,nohostname access_log_exporter\ + \ if=$track;\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush\ + \ on;\n resolver kube-dns.kube-system.svc.cluster.local.;\n\n # if the X-Query-Tags\ + \ header is empty, set a noop= without a value as empty values are not logged\n\ + \ map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; \ + \ # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise,\ + \ preserve the original value\n }\n\n server {\n listen 8080;\n\ + \ listen [::]:8080;\n\n location = / {\n \n return\ + \ 200 'OK';\n auth_basic off;\n }\n\n location = /stub_status {\n \ + \ stub_status on;\n satisfy any;\n access_log off;\n allow\ + \ 127.0.0.1;\n deny all;\n server_tokens on; # expose nginx version\n\ + \ }\n\n ########################################################\n #\ + \ Configure backend targets\n location ^~ /ui {\n \n set $backend\ + \ \"http://loki-read.syn-loki.svc.cluster.local:3100\";\n proxy_pass\ + \ $backend$request_uri;\n }\n\n # Distributor\n location = /api/prom/push\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/push\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /distributor/ring\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /otlp/v1/logs\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Ingester\n \ + \ location = /flush {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /ingester/\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /ingester\ + \ {\n \n internal; # to suppress 301\n }\n\n # Ring\n \ + \ location = /ring {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # MemberListKV\n\ + \ location = /memberlist {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Ruler\n location\ + \ = /ruler/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /api/prom/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /api/prom/rules/\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /loki/api/v1/rules/\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /prometheus/api/v1/alerts\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /prometheus/api/v1/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Compactor\n \ + \ location = /compactor/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/delete\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/cache/generation_numbers\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # IndexGateway\n\ + \ location = /indexgateway/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # QueryScheduler\n\ + \ location = /scheduler/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Config\n location\ + \ = /config {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # QueryFrontend,\ + \ Querier\n location = /api/prom/tail {\n proxy_set_header Upgrade $http_upgrade;\n\ + \ proxy_set_header Connection \"upgrade\";\n \n set $backend \ + \ \"http://loki-read.syn-loki.svc.cluster.local:3100\";\n proxy_pass \ + \ $backend$request_uri;\n }\n location = /loki/api/v1/tail {\n \ + \ proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"\ + upgrade\";\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /api/prom/\ + \ {\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /api/prom\ + \ {\n \n internal; # to suppress 301\n }\n location ^~\ + \ /loki/api/v1/ {\n # pass custom headers set by Grafana as X-Query-Tags\ + \ which are logged as key/value pairs in metrics.go log messages\n proxy_set_header\ + \ X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\"\ + ;\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1\ + \ {\n \n internal; # to suppress 301\n }\n }\n}\n" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway + namespace: syn-loki diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml similarity index 53% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml index 041cfe9..eb065d8 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-gateway namespace: syn-loki spec: @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/config: f364de581a42e19ddcd3b05818e5fa7ef25aee1047e40eb41561a7a127e0d579 + checksum/config: 2ac29b210397fb257fb28bb7defc2a7245d4fff101baf745bc1ca1281b373f26 labels: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki @@ -37,27 +37,29 @@ spec: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false containers: - - image: docker.io/nginxinc/nginx-unprivileged:1.29-alpine + - image: docker.io/nginxinc/nginx-unprivileged:1.30-alpine imagePullPolicy: IfNotPresent name: nginx ports: - containerPort: 8080 - name: http-metrics + name: http protocol: TCP readinessProbe: httpGet: path: / - port: http-metrics + port: http initialDelaySeconds: 15 timeoutSeconds: 1 - resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/nginx name: config @@ -65,13 +67,63 @@ spec: name: tmp - mountPath: /docker-entrypoint.d name: docker-entrypoint-d-override + - args: + - --nginx.scrape-url + - http://127.0.0.1:8080/stub_status + - --preset + - loki + image: ghcr.io/jkroepke/access-log-exporter:latest + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http-metrics + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + name: exporter + ports: + - containerPort: 4040 + name: http-metrics + - containerPort: 8514 + name: syslog + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http-metrics + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + resources: + limits: {} + requests: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /config.yaml + name: config + subPath: access-log-exporter.yaml enableServiceLinks: true securityContext: fsGroup: 101 runAsGroup: 101 runAsNonRoot: true runAsUser: 101 - serviceAccountName: loki + seccompProfile: + type: RuntimeDefault + serviceAccountName: loki-gateway terminationGracePeriodSeconds: 30 volumes: - configMap: diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml deleted file mode 100644 index b83e157..0000000 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-gateway - namespace: syn-loki -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml new file mode 100644 index 0000000..59455a9 --- /dev/null +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway-exporter + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 4040 + protocol: TCP + targetPort: http-metrics + selector: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml similarity index 78% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml index 8335d30..7be5b4a 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml @@ -6,17 +6,17 @@ metadata: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 prometheus.io/service-monitor: 'false' name: loki-gateway namespace: syn-loki spec: ports: - - name: http-metrics + - name: http port: 80 protocol: TCP - targetPort: http-metrics + targetPort: http selector: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml new file mode 100644 index 0000000..e1da5a7 --- /dev/null +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway + namespace: syn-loki diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml new file mode 100644 index 0000000..e397742 --- /dev/null +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: memcached + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-memcached + namespace: syn-loki diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml similarity index 73% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml index af1d3e8..f5f5d0d 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-read namespace: syn-loki spec: @@ -25,12 +25,15 @@ spec: template: metadata: annotations: - checksum/config: 99e6aeb0be894be900b8fb72cf8cef97775a4598b2252821b7c174d425b6d175 + checksum/config: e81dcea6075fb76f3dcc004989d9ec9af42b181402735da0fce261f6cb4d9ea3 + kubectl.kubernetes.io/default-container: read labels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -45,16 +48,31 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml - - -target=read - - -legacy-read-mode=false - - -common.compactor-grpc-address=loki-backend.syn-loki.svc.cluster.local:9095 - -config.expand-env=true + - -target=read + env: + - name: GOMEMLIMIT + value: 3481MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: dockerhub.vshn.net/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: read ports: - containerPort: 3100 name: http-metrics @@ -86,25 +104,28 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config - mountPath: /etc/loki/runtime-config name: runtime-config - - mountPath: /tmp - name: tmp - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp + enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} - name: tmp - - emptyDir: {} - name: data + name: temp - configMap: items: - key: config.yaml @@ -114,3 +135,5 @@ spec: - configMap: name: loki-runtime name: runtime-config + - emptyDir: {} + name: data diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml similarity index 84% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml index 5130c5b..e2c9c39 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-read namespace: syn-loki spec: diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml deleted file mode 100644 index 14f15df..0000000 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-read-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml deleted file mode 100644 index 9d8a4e3..0000000 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-read - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/service.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/service.yaml new file mode 100644 index 0000000..87025ce --- /dev/null +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-read + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-read-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml similarity index 89% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml index 954f5a9..b89a7fd 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-results-cache namespace: syn-loki spec: diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml similarity index 88% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml index 74280c9..ad488da 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: memcached-results-cache name: loki-results-cache namespace: syn-loki @@ -44,7 +44,7 @@ spec: envFrom: - secretRef: name: loki-bucket-secret - image: dockerhub.vshn.net/library/memcached:1.6.39-alpine + image: dockerhub.vshn.net/library/memcached:1.6.41-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -76,10 +76,13 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - --memcached.address=localhost:11211 - --web.listen-address=0.0.0.0:9150 - image: dockerhub.vshn.net/prom/memcached-exporter:v0.15.4 + image: dockerhub.vshn.net/prom/memcached-exporter:v0.16.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -110,6 +113,9 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault initContainers: [] nodeSelector: {} securityContext: @@ -117,7 +123,9 @@ spec: runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 - serviceAccountName: loki + seccompProfile: + type: RuntimeDefault + serviceAccountName: loki-memcached terminationGracePeriodSeconds: 60 tolerations: [] topologySpreadConstraints: [] diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml index 27ffcc1..b99235f 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml @@ -7,7 +7,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-runtime namespace: syn-loki diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml index d5419cf..c5a5c17 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml @@ -5,8 +5,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-memberlist namespace: syn-loki spec: diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml index 617bc0f..57b736f 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki namespace: syn-loki diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml similarity index 85% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml index 63a7ac6..3081ba4 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-write namespace: syn-loki spec: diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml deleted file mode 100644 index 4cdcaa8..0000000 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-write-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml deleted file mode 100644 index 0f21c73..0000000 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-write - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/service.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/service.yaml new file mode 100644 index 0000000..1ce1e25 --- /dev/null +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-write + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-write-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml similarity index 75% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml rename to tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml index 2249f4f..763453e 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml +++ b/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-write namespace: syn-loki spec: @@ -23,14 +23,15 @@ spec: template: metadata: annotations: - checksum/config: 99e6aeb0be894be900b8fb72cf8cef97775a4598b2252821b7c174d425b6d175 + checksum/config: e81dcea6075fb76f3dcc004989d9ec9af42b181402735da0fce261f6cb4d9ea3 + kubectl.kubernetes.io/default-container: write labels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -45,14 +46,31 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml - - -target=write - -config.expand-env=true + - -target=write + env: + - name: GOMEMLIMIT + value: 6963MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: dockerhub.vshn.net/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: write ports: - containerPort: 3100 name: http-metrics @@ -85,6 +103,8 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config @@ -92,13 +112,19 @@ spec: name: runtime-config - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 300 volumes: + - emptyDir: {} + name: temp - configMap: items: - key: config.yaml diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml index 4b28156..a1d2339 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml @@ -4,8 +4,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-clusterrole rules: - apiGroups: diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml index e45be68..07f5df7 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml @@ -4,8 +4,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-clusterrolebinding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml similarity index 85% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml index 416bd62..76953e3 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-backend namespace: syn-loki spec: diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml deleted file mode 100644 index d53956f..0000000 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-backend-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml deleted file mode 100644 index 5f0f8e2..0000000 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-backend - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/service.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/service.yaml new file mode 100644 index 0000000..a8ab703 --- /dev/null +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-backend + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-backend-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml similarity index 68% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml index 90b685f..6787e40 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-backend namespace: syn-loki spec: @@ -26,15 +26,15 @@ spec: template: metadata: annotations: - checksum/config: ed99deaf97964980cf5ebbfc682c7cd41d9f2930725cc8c3f283f800d30afc0c - kubectl.kubernetes.io/default-container: loki + checksum/config: 253c4147cd4e25cd49d9777c4546b92ddd55ae4feed09b4dbe135d92e484f7a6 + kubectl.kubernetes.io/default-container: backend labels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -49,15 +49,32 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml + - -config.expand-env=true - -target=backend - -legacy-read-mode=false - - -config.expand-env=true + env: + - name: GOMEMLIMIT + value: 1740MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: docker.io/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: backend ports: - containerPort: 3100 name: http-metrics @@ -90,15 +107,17 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config - mountPath: /etc/loki/runtime-config name: runtime-config - - mountPath: /tmp - name: tmp - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp - mountPath: /rules name: sc-rules-volume - env: @@ -116,26 +135,57 @@ spec: value: '60' - name: LOG_LEVEL value: INFO - image: docker.io/kiwigrid/k8s-sidecar:1.30.9 + - name: HEALTH_PORT + value: '8080' + image: docker.io/kiwigrid/k8s-sidecar:2.7.1 imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http-sidecar + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 name: loki-sc-rules + ports: + - containerPort: 8080 + name: http-sidecar + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http-sidecar + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: + - mountPath: /tmp + name: sc-rules-temp - mountPath: /rules name: sc-rules-volume + enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 300 volumes: - emptyDir: {} - name: tmp + name: temp - configMap: items: - key: config.yaml @@ -147,6 +197,8 @@ spec: name: runtime-config - emptyDir: {} name: sc-rules-volume + - emptyDir: {} + name: sc-rules-temp updateStrategy: rollingUpdate: partition: 0 diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml similarity index 89% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml index 9f10ad2..f73a2ac 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-chunks-cache namespace: syn-loki spec: diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml similarity index 87% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml index fb924fd..2ae9286 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: memcached-chunks-cache name: loki-chunks-cache namespace: syn-loki @@ -44,7 +44,7 @@ spec: envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/library/memcached:1.6.39-alpine + image: docker.io/library/memcached:1.6.41-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -76,10 +76,13 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - --memcached.address=localhost:11211 - --web.listen-address=0.0.0.0:9150 - image: docker.io/prom/memcached-exporter:v0.15.4 + image: docker.io/prom/memcached-exporter:v0.16.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -110,6 +113,9 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault initContainers: [] nodeSelector: {} securityContext: @@ -117,7 +123,9 @@ spec: runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 - serviceAccountName: loki + seccompProfile: + type: RuntimeDefault + serviceAccountName: loki-memcached terminationGracePeriodSeconds: 60 tolerations: [] topologySpreadConstraints: [] diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/config.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/config.yaml index 594044f..6d32f01 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/config.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/config.yaml @@ -46,6 +46,8 @@ data: mode: simple ingester: chunk_encoding: snappy + wal: + flush_on_shutdown: true limits_config: max_cache_freshness_per_query: 10m query_timeout: 300s @@ -55,8 +57,16 @@ data: split_queries_by_interval: 15m volume_enabled: true memberlist: + abort_if_cluster_join_fails: true + advertise_addr: ${HASH_RING_INSTANCE_ADDR} + advertise_port: 7946 + bind_port: 7946 join_members: - loki-memberlist.syn-loki.svc.cluster.local + max_join_backoff: 1m + max_join_retries: 10 + min_join_backoff: 1s + rejoin_interval: 90s pattern_ingester: enabled: false querier: @@ -99,10 +109,18 @@ data: schema: v13 store: tsdb server: + graceful_shutdown_timeout: 5s grpc_listen_port: 9095 + grpc_server_max_concurrent_streams: 1000 + grpc_server_max_recv_msg_size: 104857600 + grpc_server_max_send_msg_size: 104857600 + grpc_server_min_time_between_pings: 10s + grpc_server_ping_without_stream_allowed: true http_listen_port: 3100 - http_server_read_timeout: 600s - http_server_write_timeout: 600s + http_server_idle_timeout: 30s + http_server_read_timeout: 10m0s + http_server_write_timeout: 10m0s + log_level: info storage_config: bloom_shipper: working_directory: /var/loki/data/bloomshipper @@ -124,7 +142,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki namespace: syn-loki diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml deleted file mode 100644 index 0935f1f..0000000 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: v1 -data: - nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid \ - \ /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections\ - \ 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n\ - \ proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n\ - \ uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\ - \n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n\ - \ proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version\ - \ 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr\ - \ - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent\ - \ \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"\ - ';\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush on;\n\ - \ resolver kube-dns.kube-system.svc.cluster.local.;\n\n # if the X-Query-Tags\ - \ header is empty, set a noop= without a value as empty values are not logged\n\ - \ map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; \ - \ # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise,\ - \ preserve the original value\n }\n\n server {\n listen 8080;\n\ - \ listen [::]:8080;\n\n location = / {\n \n return\ - \ 200 'OK';\n auth_basic off;\n }\n\n ########################################################\n\ - \ # Configure backend targets\n location ^~ /ui {\n \n proxy_pass\ - \ http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Distributor\n location = /api/prom/push {\n \n proxy_pass\ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \ location = /loki/api/v1/push {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /distributor/ring {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /otlp/v1/logs {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # Ingester\n location = /flush {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \ location ^~ /ingester/ {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /ingester {\n \n internal; # to suppress\ - \ 301\n }\n\n # Ring\n location = /ring {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # MemberListKV\n location = /memberlist {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Ruler\n location = /ruler/ring {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /api/prom/rules {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location ^~ /api/prom/rules/ {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/rules {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location ^~ /loki/api/v1/rules/ {\n \n proxy_pass \ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n }\n \ - \ location = /prometheus/api/v1/alerts {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /prometheus/api/v1/rules {\n \n proxy_pass \ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Compactor\n location = /compactor/ring {\n \n proxy_pass\ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n \ - \ }\n location = /loki/api/v1/delete {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/cache/generation_numbers {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # IndexGateway\n location = /indexgateway/ring {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # QueryScheduler\n location = /scheduler/ring {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # Config\n location = /config {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\n\ - \n # QueryFrontend, Querier\n location = /api/prom/tail {\n proxy_set_header\ - \ Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \ - \ \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/tail {\n proxy_set_header Upgrade $http_upgrade;\n\ - \ proxy_set_header Connection \"upgrade\";\n \n proxy_pass \ - \ http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n }\n \ - \ location ^~ /api/prom/ {\n \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /api/prom {\n \n internal; # to suppress\ - \ 301\n }\n location ^~ /loki/api/v1/ {\n # pass custom headers set\ - \ by Grafana as X-Query-Tags which are logged as key/value pairs in metrics.go\ - \ log messages\n proxy_set_header X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\"\ - ;\n \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1 {\n \n internal; # to suppress\ - \ 301\n }\n }\n}\n" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-gateway - namespace: syn-loki diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml new file mode 100644 index 0000000..fef4e01 --- /dev/null +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml @@ -0,0 +1,288 @@ +apiVersion: v1 +data: + access-log-exporter.yaml: | + presets: + loki: + metrics: + - name: "http_requests_total" + type: "counter" + help: "The total number of client requests." + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_requests_completed_total" + type: "counter" + help: "The total number of completed requests." + valueIndex: 3 + replacements: + - string: "OK" + replacement: "1" + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_request_size_bytes" + type: "histogram" + buckets: [ 10,1000,100000,1000000,5000000,50000000,200000000 ] + help: "The request length (including request line, header, and request body)" + valueIndex: 5 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_response_size_bytes" + type: "histogram" + buckets: [ 10,1000,100000,1000000,5000000,50000000,200000000 ] + help: "The response length (including request line, header, and request body)" + valueIndex: 6 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_request_duration_seconds" + type: "histogram" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + help: "The time spent on receiving and response the response to the client" + valueIndex: 4 + math: + enabled: true + div: 1000 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_connect_duration_seconds" + type: "histogram" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + help: "The time spent on establishing a connection with the upstream server" + valueIndex: 8 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_header_duration_seconds" + type: "histogram" + help: "The time spent on receiving the response header from the upstream server" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + valueIndex: 9 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_request_duration_seconds" + type: "histogram" + help: "The time spent on receiving the response from the upstream server" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + valueIndex: 10 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid \ + \ /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections\ + \ 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n\ + \ proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n\ + \ uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\ + \n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n\ + \ proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version\ + \ 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr\ + \ - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent\ + \ \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"\ + ';\n # Exclude specific requests from logging\n map $request_uri $track {\n\ + \ default 1;\n ~^/$ 0;\n ~^/health 0;\n ~^/metrics 0;\n }\n\n #\ + \ simple_upstream preset\n log_format access_log_exporter '$http_host\\t$request_method\\\ + t$status\\t$request_completion\\t$request_time\\t$request_length\\t$bytes_sent\\\ + t$upstream_addr\\t$upstream_connect_time\\t$upstream_header_time\\t$upstream_response_time\\\ + t$request_uri';\n access_log syslog:server=127.0.0.1:8514,nohostname access_log_exporter\ + \ if=$track;\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush\ + \ on;\n resolver kube-dns.kube-system.svc.cluster.local.;\n\n # if the X-Query-Tags\ + \ header is empty, set a noop= without a value as empty values are not logged\n\ + \ map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; \ + \ # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise,\ + \ preserve the original value\n }\n\n server {\n listen 8080;\n\ + \ listen [::]:8080;\n\n location = / {\n \n return\ + \ 200 'OK';\n auth_basic off;\n }\n\n location = /stub_status {\n \ + \ stub_status on;\n satisfy any;\n access_log off;\n allow\ + \ 127.0.0.1;\n deny all;\n server_tokens on; # expose nginx version\n\ + \ }\n\n ########################################################\n #\ + \ Configure backend targets\n location ^~ /ui {\n \n set $backend\ + \ \"http://loki-read.syn-loki.svc.cluster.local:3100\";\n proxy_pass\ + \ $backend$request_uri;\n }\n\n # Distributor\n location = /api/prom/push\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/push\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /distributor/ring\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /otlp/v1/logs\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Ingester\n \ + \ location = /flush {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /ingester/\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /ingester\ + \ {\n \n internal; # to suppress 301\n }\n\n # Ring\n \ + \ location = /ring {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # MemberListKV\n\ + \ location = /memberlist {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Ruler\n location\ + \ = /ruler/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /api/prom/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /api/prom/rules/\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /loki/api/v1/rules/\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /prometheus/api/v1/alerts\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /prometheus/api/v1/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Compactor\n \ + \ location = /compactor/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/delete\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/cache/generation_numbers\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # IndexGateway\n\ + \ location = /indexgateway/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # QueryScheduler\n\ + \ location = /scheduler/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Config\n location\ + \ = /config {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # QueryFrontend,\ + \ Querier\n location = /api/prom/tail {\n proxy_set_header Upgrade $http_upgrade;\n\ + \ proxy_set_header Connection \"upgrade\";\n \n set $backend \ + \ \"http://loki-read.syn-loki.svc.cluster.local:3100\";\n proxy_pass \ + \ $backend$request_uri;\n }\n location = /loki/api/v1/tail {\n \ + \ proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"\ + upgrade\";\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /api/prom/\ + \ {\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /api/prom\ + \ {\n \n internal; # to suppress 301\n }\n location ^~\ + \ /loki/api/v1/ {\n # pass custom headers set by Grafana as X-Query-Tags\ + \ which are logged as key/value pairs in metrics.go log messages\n proxy_set_header\ + \ X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\"\ + ;\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1\ + \ {\n \n internal; # to suppress 301\n }\n }\n}\n" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway + namespace: syn-loki diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml similarity index 53% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml index 041cfe9..4eddbda 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-gateway namespace: syn-loki spec: @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/config: f364de581a42e19ddcd3b05818e5fa7ef25aee1047e40eb41561a7a127e0d579 + checksum/config: 2ac29b210397fb257fb28bb7defc2a7245d4fff101baf745bc1ca1281b373f26 labels: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki @@ -37,27 +37,29 @@ spec: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false containers: - - image: docker.io/nginxinc/nginx-unprivileged:1.29-alpine + - image: docker.io/nginxinc/nginx-unprivileged:1.30-alpine imagePullPolicy: IfNotPresent name: nginx ports: - containerPort: 8080 - name: http-metrics + name: http protocol: TCP readinessProbe: httpGet: path: / - port: http-metrics + port: http initialDelaySeconds: 15 timeoutSeconds: 1 - resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/nginx name: config @@ -65,13 +67,63 @@ spec: name: tmp - mountPath: /docker-entrypoint.d name: docker-entrypoint-d-override + - args: + - --nginx.scrape-url + - http://127.0.0.1:8080/stub_status + - --preset + - loki + image: ghcr.io/jkroepke/access-log-exporter:0.3.11 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http-metrics + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + name: exporter + ports: + - containerPort: 4040 + name: http-metrics + - containerPort: 8514 + name: syslog + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http-metrics + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + resources: + limits: {} + requests: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /config.yaml + name: config + subPath: access-log-exporter.yaml enableServiceLinks: true securityContext: fsGroup: 101 runAsGroup: 101 runAsNonRoot: true runAsUser: 101 - serviceAccountName: loki + seccompProfile: + type: RuntimeDefault + serviceAccountName: loki-gateway terminationGracePeriodSeconds: 30 volumes: - configMap: diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml deleted file mode 100644 index b83e157..0000000 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-gateway - namespace: syn-loki -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml new file mode 100644 index 0000000..59455a9 --- /dev/null +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway-exporter + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 4040 + protocol: TCP + targetPort: http-metrics + selector: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml similarity index 78% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml index 8335d30..7be5b4a 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml @@ -6,17 +6,17 @@ metadata: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 prometheus.io/service-monitor: 'false' name: loki-gateway namespace: syn-loki spec: ports: - - name: http-metrics + - name: http port: 80 protocol: TCP - targetPort: http-metrics + targetPort: http selector: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml new file mode 100644 index 0000000..e1da5a7 --- /dev/null +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway + namespace: syn-loki diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml new file mode 100644 index 0000000..e397742 --- /dev/null +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: memcached + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-memcached + namespace: syn-loki diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml similarity index 74% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml index c5b55b7..50099de 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-read namespace: syn-loki spec: @@ -25,12 +25,15 @@ spec: template: metadata: annotations: - checksum/config: 97913dbb9b85bb7a6df56d0176b64e94b3c339ab1700f212b9d56139f92b3d90 + checksum/config: 253c4147cd4e25cd49d9777c4546b92ddd55ae4feed09b4dbe135d92e484f7a6 + kubectl.kubernetes.io/default-container: read labels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -45,16 +48,31 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml - - -target=read - - -legacy-read-mode=false - - -common.compactor-grpc-address=loki-backend.syn-loki.svc.cluster.local:9095 - -config.expand-env=true + - -target=read + env: + - name: GOMEMLIMIT + value: 3481MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: docker.io/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: read ports: - containerPort: 3100 name: http-metrics @@ -86,25 +104,28 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config - mountPath: /etc/loki/runtime-config name: runtime-config - - mountPath: /tmp - name: tmp - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp + enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} - name: tmp - - emptyDir: {} - name: data + name: temp - configMap: items: - key: config.yaml @@ -114,3 +135,5 @@ spec: - configMap: name: loki-runtime name: runtime-config + - emptyDir: {} + name: data diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml similarity index 84% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml index 5130c5b..e2c9c39 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-read namespace: syn-loki spec: diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml deleted file mode 100644 index 14f15df..0000000 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-read-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml deleted file mode 100644 index 9d8a4e3..0000000 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-read - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/service.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/service.yaml new file mode 100644 index 0000000..87025ce --- /dev/null +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/read/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-read + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-read-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml similarity index 89% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml index 954f5a9..b89a7fd 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-results-cache namespace: syn-loki spec: diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml similarity index 87% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml index 09bed15..4cb9bab 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: memcached-results-cache name: loki-results-cache namespace: syn-loki @@ -44,7 +44,7 @@ spec: envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/library/memcached:1.6.39-alpine + image: docker.io/library/memcached:1.6.41-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -76,10 +76,13 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - --memcached.address=localhost:11211 - --web.listen-address=0.0.0.0:9150 - image: docker.io/prom/memcached-exporter:v0.15.4 + image: docker.io/prom/memcached-exporter:v0.16.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -110,6 +113,9 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault initContainers: [] nodeSelector: {} securityContext: @@ -117,7 +123,9 @@ spec: runAsGroup: 11211 runAsNonRoot: true runAsUser: 11211 - serviceAccountName: loki + seccompProfile: + type: RuntimeDefault + serviceAccountName: loki-memcached terminationGracePeriodSeconds: 60 tolerations: [] topologySpreadConstraints: [] diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml index 27ffcc1..b99235f 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml @@ -7,7 +7,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-runtime namespace: syn-loki diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml index d5419cf..c5a5c17 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml @@ -5,8 +5,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-memberlist namespace: syn-loki spec: diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml index 617bc0f..57b736f 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki namespace: syn-loki diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml similarity index 85% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml index 63a7ac6..3081ba4 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-write namespace: syn-loki spec: diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml deleted file mode 100644 index 4cdcaa8..0000000 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-write-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml deleted file mode 100644 index 0f21c73..0000000 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-write - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/service.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/service.yaml new file mode 100644 index 0000000..1ce1e25 --- /dev/null +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-write + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-write-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml similarity index 75% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml rename to tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml index de5b2fe..e8d2406 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml +++ b/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-write namespace: syn-loki spec: @@ -23,14 +23,15 @@ spec: template: metadata: annotations: - checksum/config: ed99deaf97964980cf5ebbfc682c7cd41d9f2930725cc8c3f283f800d30afc0c + checksum/config: 253c4147cd4e25cd49d9777c4546b92ddd55ae4feed09b4dbe135d92e484f7a6 + kubectl.kubernetes.io/default-container: write labels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -45,14 +46,31 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml - - -target=write - -config.expand-env=true + - -target=write + env: + - name: GOMEMLIMIT + value: 6963MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: docker.io/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: write ports: - containerPort: 3100 name: http-metrics @@ -85,6 +103,8 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config @@ -92,13 +112,19 @@ spec: name: runtime-config - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 300 volumes: + - emptyDir: {} + name: temp - configMap: items: - key: config.yaml diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml index 4b28156..a1d2339 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml @@ -4,8 +4,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-clusterrole rules: - apiGroups: diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml index e45be68..07f5df7 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml @@ -4,8 +4,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-clusterrolebinding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml similarity index 85% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml index 416bd62..76953e3 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/poddisruptionbudget-backend.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-backend namespace: syn-loki spec: diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml deleted file mode 100644 index d53956f..0000000 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/service-backend-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-backend-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml deleted file mode 100644 index 5f0f8e2..0000000 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/service-backend.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-backend - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: backend - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/service.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/service.yaml new file mode 100644 index 0000000..a8ab703 --- /dev/null +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-backend + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-backend-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: backend + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml similarity index 68% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml index 0876459..cacb933 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/statefulset-backend.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/backend/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-backend namespace: syn-loki spec: @@ -26,15 +26,15 @@ spec: template: metadata: annotations: - checksum/config: 99e6aeb0be894be900b8fb72cf8cef97775a4598b2252821b7c174d425b6d175 - kubectl.kubernetes.io/default-container: loki + checksum/config: 7759465199f16fe29d4910000b47f1f071b2b11fdb92aa64ffb9868618ffd1f0 + kubectl.kubernetes.io/default-container: backend labels: app.kubernetes.io/component: backend app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -49,15 +49,32 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml + - -config.expand-env=true - -target=backend - -legacy-read-mode=false - - -config.expand-env=true + env: + - name: GOMEMLIMIT + value: 1740MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: docker.io/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: backend ports: - containerPort: 3100 name: http-metrics @@ -90,15 +107,17 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config - mountPath: /etc/loki/runtime-config name: runtime-config - - mountPath: /tmp - name: tmp - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp - mountPath: /rules name: sc-rules-volume - env: @@ -116,26 +135,57 @@ spec: value: '60' - name: LOG_LEVEL value: INFO - image: docker.io/kiwigrid/k8s-sidecar:1.30.9 + - name: HEALTH_PORT + value: '8080' + image: docker.io/kiwigrid/k8s-sidecar:2.7.1 imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http-sidecar + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 name: loki-sc-rules + ports: + - containerPort: 8080 + name: http-sidecar + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http-sidecar + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: + - mountPath: /tmp + name: sc-rules-temp - mountPath: /rules name: sc-rules-volume + enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 300 volumes: - emptyDir: {} - name: tmp + name: temp - configMap: items: - key: config.yaml @@ -147,6 +197,8 @@ spec: name: runtime-config - emptyDir: {} name: sc-rules-volume + - emptyDir: {} + name: sc-rules-temp updateStrategy: rollingUpdate: partition: 0 diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml similarity index 89% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml index 9f10ad2..f73a2ac 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/chunks-cache/service-chunks-cache-headless.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/service.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-chunks-cache namespace: syn-loki spec: diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml similarity index 88% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml index d6ce8f7..84f23f1 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset-chunks-cache.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/chunks-cache/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-chunks-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: memcached-chunks-cache name: loki-chunks-cache namespace: syn-loki @@ -44,7 +44,7 @@ spec: envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/library/memcached:1.6.39-alpine + image: docker.io/library/memcached:1.6.41-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -76,10 +76,13 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - --memcached.address=localhost:11211 - --web.listen-address=0.0.0.0:9150 - image: docker.io/prom/memcached-exporter:v0.15.4 + image: docker.io/prom/memcached-exporter:v0.16.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -110,10 +113,13 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault initContainers: [] nodeSelector: {} securityContext: null - serviceAccountName: loki + serviceAccountName: loki-memcached terminationGracePeriodSeconds: 60 tolerations: [] topologySpreadConstraints: [] diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/config.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/config.yaml index d572030..d60675c 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/config.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/config.yaml @@ -53,6 +53,8 @@ data: mode: simple ingester: chunk_encoding: snappy + wal: + flush_on_shutdown: true limits_config: ingestion_burst_size_mb: 32 ingestion_rate_mb: 15 @@ -64,8 +66,16 @@ data: split_queries_by_interval: 15m volume_enabled: true memberlist: + abort_if_cluster_join_fails: true + advertise_addr: ${HASH_RING_INSTANCE_ADDR} + advertise_port: 7946 + bind_port: 7946 join_members: - loki-memberlist.syn-loki.svc.cluster.local + max_join_backoff: 1m + max_join_retries: 10 + min_join_backoff: 1s + rejoin_interval: 90s pattern_ingester: enabled: false querier: @@ -108,10 +118,18 @@ data: schema: v13 store: tsdb server: + graceful_shutdown_timeout: 5s grpc_listen_port: 9095 + grpc_server_max_concurrent_streams: 1000 + grpc_server_max_recv_msg_size: 104857600 + grpc_server_max_send_msg_size: 104857600 + grpc_server_min_time_between_pings: 10s + grpc_server_ping_without_stream_allowed: true http_listen_port: 3100 - http_server_read_timeout: 600s - http_server_write_timeout: 600s + http_server_idle_timeout: 30s + http_server_read_timeout: 10m0s + http_server_write_timeout: 10m0s + log_level: info storage_config: bloom_shipper: working_directory: /var/loki/data/bloomshipper @@ -133,7 +151,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki namespace: syn-loki diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml deleted file mode 100644 index 113c483..0000000 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/configmap-gateway.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: v1 -data: - nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid \ - \ /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections\ - \ 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n\ - \ proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n\ - \ uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\ - \n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n\ - \ proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version\ - \ 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr\ - \ - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent\ - \ \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"\ - ';\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush on;\n\ - \ resolver dns-default.openshift-dns.svc.cluster.local.;\n\n # if the X-Query-Tags\ - \ header is empty, set a noop= without a value as empty values are not logged\n\ - \ map $http_x_query_tags $query_tags {\n \"\" \"noop=\"; \ - \ # When header is empty, set noop=\n default $http_x_query_tags; # Otherwise,\ - \ preserve the original value\n }\n\n server {\n listen 8080;\n\ - \ listen [::]:8080;\n auth_basic \"Loki\";\n auth_basic_user_file\ - \ /etc/nginx/secrets/.htpasswd;\n\n location = / {\n \n return 200\ - \ 'OK';\n auth_basic off;\n }\n\n ########################################################\n\ - \ # Configure backend targets\n location ^~ /ui {\n \n proxy_pass\ - \ http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Distributor\n location = /api/prom/push {\n \n proxy_pass\ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \ location = /loki/api/v1/push {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /distributor/ring {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /otlp/v1/logs {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # Ingester\n location = /flush {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \ location ^~ /ingester/ {\n \n proxy_pass http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /ingester {\n \n internal; # to suppress\ - \ 301\n }\n\n # Ring\n location = /ring {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # MemberListKV\n location = /memberlist {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Ruler\n location = /ruler/ring {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /api/prom/rules {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location ^~ /api/prom/rules/ {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/rules {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location ^~ /loki/api/v1/rules/ {\n \n proxy_pass \ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n }\n \ - \ location = /prometheus/api/v1/alerts {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /prometheus/api/v1/rules {\n \n proxy_pass \ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\ - \n # Compactor\n location = /compactor/ring {\n \n proxy_pass\ - \ http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n \ - \ }\n location = /loki/api/v1/delete {\n \n proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/cache/generation_numbers {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # IndexGateway\n location = /indexgateway/ring {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # QueryScheduler\n location = /scheduler/ring {\n \n \ - \ proxy_pass http://loki-backend.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n\n # Config\n location = /config {\n \n proxy_pass \ - \ http://loki-write.syn-loki.svc.cluster.local:3100$request_uri;\n }\n\n\ - \n # QueryFrontend, Querier\n location = /api/prom/tail {\n proxy_set_header\ - \ Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n \ - \ \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1/tail {\n proxy_set_header Upgrade $http_upgrade;\n\ - \ proxy_set_header Connection \"upgrade\";\n \n proxy_pass \ - \ http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n }\n \ - \ location ^~ /api/prom/ {\n \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /api/prom {\n \n internal; # to suppress\ - \ 301\n }\n location ^~ /loki/api/v1/ {\n # pass custom headers set\ - \ by Grafana as X-Query-Tags which are logged as key/value pairs in metrics.go\ - \ log messages\n proxy_set_header X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\"\ - ;\n \n proxy_pass http://loki-read.syn-loki.svc.cluster.local:3100$request_uri;\n\ - \ }\n location = /loki/api/v1 {\n \n internal; # to suppress\ - \ 301\n }\n }\n}\n" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-gateway - namespace: syn-loki diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml new file mode 100644 index 0000000..7a85af2 --- /dev/null +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/configmap.yaml @@ -0,0 +1,289 @@ +apiVersion: v1 +data: + access-log-exporter.yaml: | + presets: + loki: + metrics: + - name: "http_requests_total" + type: "counter" + help: "The total number of client requests." + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_requests_completed_total" + type: "counter" + help: "The total number of completed requests." + valueIndex: 3 + replacements: + - string: "OK" + replacement: "1" + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_request_size_bytes" + type: "histogram" + buckets: [ 10,1000,100000,1000000,5000000,50000000,200000000 ] + help: "The request length (including request line, header, and request body)" + valueIndex: 5 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_response_size_bytes" + type: "histogram" + buckets: [ 10,1000,100000,1000000,5000000,50000000,200000000 ] + help: "The response length (including request line, header, and request body)" + valueIndex: 6 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_request_duration_seconds" + type: "histogram" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + help: "The time spent on receiving and response the response to the client" + valueIndex: 4 + math: + enabled: true + div: 1000 + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_connect_duration_seconds" + type: "histogram" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + help: "The time spent on establishing a connection with the upstream server" + valueIndex: 8 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_header_duration_seconds" + type: "histogram" + help: "The time spent on receiving the response header from the upstream server" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + valueIndex: 9 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + + - name: "http_upstream_request_duration_seconds" + type: "histogram" + help: "The time spent on receiving the response from the upstream server" + buckets: [ .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10 ] + valueIndex: 10 + math: + enabled: true + div: 1000 + upstream: + enabled: true + addrLineIndex: 7 + excludes: [] + labels: + - name: "host" + lineIndex: 0 + - name: "method" + lineIndex: 1 + - name: "status" + lineIndex: 2 + - name: "path" + lineIndex: 11 + replacements: + - regexp: "^$" + replacement: "/" + - regexp: "^(.+)\\?.+" + replacement: "$1" + nginx.conf: "worker_processes 5; ## Default: 1\nerror_log /dev/stderr;\npid \ + \ /tmp/nginx.pid;\nworker_rlimit_nofile 8192;\n\nevents {\n worker_connections\ + \ 4096; ## Default: 1024\n}\n\nhttp {\n client_body_temp_path /tmp/client_temp;\n\ + \ proxy_temp_path /tmp/proxy_temp_path;\n fastcgi_temp_path /tmp/fastcgi_temp;\n\ + \ uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n\ + \n client_max_body_size 4M;\n\n proxy_read_timeout 600; ## 10 minutes\n\ + \ proxy_send_timeout 600;\n proxy_connect_timeout 600;\n\n proxy_http_version\ + \ 1.1;\n\n default_type application/octet-stream;\n log_format main '$remote_addr\ + \ - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent\ + \ \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"\ + ';\n # Exclude specific requests from logging\n map $request_uri $track {\n\ + \ default 1;\n ~^/$ 0;\n ~^/health 0;\n ~^/metrics 0;\n }\n\n #\ + \ simple_upstream preset\n log_format access_log_exporter '$http_host\\t$request_method\\\ + t$status\\t$request_completion\\t$request_time\\t$request_length\\t$bytes_sent\\\ + t$upstream_addr\\t$upstream_connect_time\\t$upstream_header_time\\t$upstream_response_time\\\ + t$request_uri';\n access_log syslog:server=127.0.0.1:8514,nohostname access_log_exporter\ + \ if=$track;\n access_log /dev/stderr main;\n\n sendfile on;\n tcp_nopush\ + \ on;\n resolver dns-default.openshift-dns.svc.cluster.local.;\n\n # if the\ + \ X-Query-Tags header is empty, set a noop= without a value as empty values are\ + \ not logged\n map $http_x_query_tags $query_tags {\n \"\" \"noop=\"\ + ; # When header is empty, set noop=\n default $http_x_query_tags;\ + \ # Otherwise, preserve the original value\n }\n\n server {\n listen \ + \ 8080;\n listen [::]:8080;\n auth_basic \"\ + Loki\";\n auth_basic_user_file /etc/nginx/secrets/.htpasswd;\n\n location\ + \ = / {\n \n return 200 'OK';\n auth_basic off;\n }\n\n location\ + \ = /stub_status {\n stub_status on;\n satisfy any;\n access_log\ + \ off;\n allow 127.0.0.1;\n deny all;\n server_tokens on; # expose\ + \ nginx version\n }\n\n ########################################################\n\ + \ # Configure backend targets\n location ^~ /ui {\n \n set $backend\ + \ \"http://loki-read.syn-loki.svc.cluster.local:3100\";\n proxy_pass\ + \ $backend$request_uri;\n }\n\n # Distributor\n location = /api/prom/push\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/push\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /distributor/ring\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /otlp/v1/logs\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Ingester\n \ + \ location = /flush {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /ingester/\ + \ {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /ingester\ + \ {\n \n internal; # to suppress 301\n }\n\n # Ring\n \ + \ location = /ring {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # MemberListKV\n\ + \ location = /memberlist {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Ruler\n location\ + \ = /ruler/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /api/prom/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /api/prom/rules/\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /loki/api/v1/rules/\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /prometheus/api/v1/alerts\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /prometheus/api/v1/rules\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Compactor\n \ + \ location = /compactor/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/delete\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1/cache/generation_numbers\ + \ {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # IndexGateway\n\ + \ location = /indexgateway/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # QueryScheduler\n\ + \ location = /scheduler/ring {\n \n set $backend \"http://loki-backend.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # Config\n location\ + \ = /config {\n \n set $backend \"http://loki-write.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n\n # QueryFrontend,\ + \ Querier\n location = /api/prom/tail {\n proxy_set_header Upgrade $http_upgrade;\n\ + \ proxy_set_header Connection \"upgrade\";\n \n set $backend \ + \ \"http://loki-read.syn-loki.svc.cluster.local:3100\";\n proxy_pass \ + \ $backend$request_uri;\n }\n location = /loki/api/v1/tail {\n \ + \ proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"\ + upgrade\";\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location ^~ /api/prom/\ + \ {\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /api/prom\ + \ {\n \n internal; # to suppress 301\n }\n location ^~\ + \ /loki/api/v1/ {\n # pass custom headers set by Grafana as X-Query-Tags\ + \ which are logged as key/value pairs in metrics.go log messages\n proxy_set_header\ + \ X-Query-Tags \"${query_tags},user=${http_x_grafana_user},dashboard_id=${http_x_dashboard_uid},dashboard_title=${http_x_dashboard_title},panel_id=${http_x_panel_id},panel_title=${http_x_panel_title},source_rule_uid=${http_x_rule_uid},rule_name=${http_x_rule_name},rule_folder=${http_x_rule_folder},rule_version=${http_x_rule_version},rule_source=${http_x_rule_source},rule_type=${http_x_rule_type}\"\ + ;\n \n set $backend \"http://loki-read.syn-loki.svc.cluster.local:3100\"\ + ;\n proxy_pass $backend$request_uri;\n }\n location = /loki/api/v1\ + \ {\n \n internal; # to suppress 301\n }\n }\n}\n" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway + namespace: syn-loki diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml similarity index 54% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml index a331b24..8513ada 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/deployment-gateway-nginx.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/deployment.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-gateway namespace: syn-loki spec: @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/config: 819f4204fcf125952466b2bef9b29077479ea3365f5608cc465659c6a3941d07 + checksum/config: b8faea8335969e02cf432dccb4a9ceccc57121893d0a38a66ed36ff1cad128da labels: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki @@ -37,27 +37,29 @@ spec: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false containers: - - image: docker.io/nginxinc/nginx-unprivileged:1.29-alpine + - image: docker.io/nginxinc/nginx-unprivileged:1.30-alpine imagePullPolicy: IfNotPresent name: nginx ports: - containerPort: 8080 - name: http-metrics + name: http protocol: TCP readinessProbe: httpGet: path: / - port: http-metrics + port: http initialDelaySeconds: 15 timeoutSeconds: 1 - resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/nginx name: config @@ -67,10 +69,60 @@ spec: name: tmp - mountPath: /docker-entrypoint.d name: docker-entrypoint-d-override + - args: + - --nginx.scrape-url + - http://127.0.0.1:8080/stub_status + - --preset + - loki + image: ghcr.io/jkroepke/access-log-exporter:0.3.11 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http-metrics + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + name: exporter + ports: + - containerPort: 4040 + name: http-metrics + - containerPort: 8514 + name: syslog + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http-metrics + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + resources: + limits: {} + requests: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /config.yaml + name: config + subPath: access-log-exporter.yaml enableServiceLinks: true securityContext: runAsNonRoot: true - serviceAccountName: loki + seccompProfile: + type: RuntimeDefault + serviceAccountName: loki-gateway terminationGracePeriodSeconds: 30 volumes: - configMap: diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/ingress-gateway.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/ingress.yaml similarity index 92% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/ingress-gateway.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/ingress.yaml index 6e0b58e..23f262d 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/ingress-gateway.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/ingress.yaml @@ -7,8 +7,8 @@ metadata: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-gateway namespace: syn-loki spec: diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml deleted file mode 100644 index b83e157..0000000 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/poddisruptionbudget-gateway.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-gateway - namespace: syn-loki -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: gateway - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml new file mode 100644 index 0000000..59455a9 --- /dev/null +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/service-exporter.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway-exporter + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 4040 + protocol: TCP + targetPort: http-metrics + selector: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml similarity index 78% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml index 8335d30..7be5b4a 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/service-gateway.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/service.yaml @@ -6,17 +6,17 @@ metadata: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 prometheus.io/service-monitor: 'false' name: loki-gateway namespace: syn-loki spec: ports: - - name: http-metrics + - name: http port: 80 protocol: TCP - targetPort: http-metrics + targetPort: http selector: app.kubernetes.io/component: gateway app.kubernetes.io/instance: loki diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml new file mode 100644 index 0000000..e1da5a7 --- /dev/null +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/gateway/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: gateway + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-gateway + namespace: syn-loki diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml new file mode 100644 index 0000000..e397742 --- /dev/null +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/memcached/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: memcached + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-memcached + namespace: syn-loki diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/monitoring/loki-alerts.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/monitoring/loki-alerts.yaml deleted file mode 100644 index 1709462..0000000 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/monitoring/loki-alerts.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - labels: - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-loki-alerts - namespace: syn-loki -spec: - groups: - - name: loki_alerts - rules: - - alert: SYN_LokiRequestErrors - annotations: - message: | - {{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}% errors. - expr: | - 100 * sum(rate(loki_request_duration_seconds_count{status_code=~"5.."}[2m])) by (namespace, job, route) - / - sum(rate(loki_request_duration_seconds_count[2m])) by (namespace, job, route) - > 10 - for: 15m - labels: - severity: critical - syn: 'true' - syn_component: loki - - alert: SYN_LokiRequestPanics - annotations: - message: | - {{ $labels.job }} is experiencing {{ printf "%.2f" $value }}% increase of panics. - expr: | - sum(increase(loki_panic_total[10m])) by (namespace, job) > 0 - labels: - severity: critical - syn: 'true' - syn_component: loki - - alert: SYN_LokiRequestLatency - annotations: - message: | - {{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}s 99th percentile latency. - expr: | - namespace_job_route:loki_request_duration_seconds:99quantile{route!~"(?i).*tail.*"} > 1 - for: 15m - labels: - severity: critical - syn: 'true' - syn_component: loki - - alert: SYN_LokiTooManyCompactorsRunning - annotations: - message: | - {{ $labels.cluster }} {{ $labels.namespace }} has had {{ printf "%.0f" $value }} compactors running for more than 5m. Only one compactor should run at a time. - expr: | - sum(loki_boltdb_shipper_compactor_running) by (cluster, namespace) > 1 - for: 5m - labels: - severity: warning - syn: 'true' - syn_component: loki - - name: loki_canaries_alerts - rules: - - alert: SYN_LokiCanaryLatency - annotations: - message: | - {{ $labels.job }} is experiencing {{ printf "%.2f" $value }}s 99th percentile latency. - expr: | - histogram_quantile(0.99, sum(rate(loki_canary_response_latency_seconds_bucket[5m])) by (le, namespace, job)) > 5 - for: 15m - labels: - severity: warning - syn: 'true' - syn_component: loki diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/monitoring/loki-rules.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/monitoring/loki-rules.yaml index 0dfdd95..a9cea0f 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/monitoring/loki-rules.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/monitoring/loki-rules.yaml @@ -4,8 +4,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-loki-rules namespace: syn-loki spec: diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/monitoring/servicemonitor.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/monitoring/servicemonitor.yaml index 09f5f16..6779e3b 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/monitoring/servicemonitor.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/monitoring/servicemonitor.yaml @@ -4,8 +4,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki namespace: syn-loki spec: diff --git a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml similarity index 74% rename from tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml index f060cb0..689149e 100644 --- a/tests/golden/extra-config/loki/loki/10_helm_loki/loki/templates/read/deployment-read.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/deployment.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-read namespace: syn-loki spec: @@ -25,12 +25,15 @@ spec: template: metadata: annotations: - checksum/config: ed99deaf97964980cf5ebbfc682c7cd41d9f2930725cc8c3f283f800d30afc0c + checksum/config: 7759465199f16fe29d4910000b47f1f071b2b11fdb92aa64ffb9868618ffd1f0 + kubectl.kubernetes.io/default-container: read labels: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -45,16 +48,31 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml - - -target=read - - -legacy-read-mode=false - - -common.compactor-grpc-address=loki-backend.syn-loki.svc.cluster.local:9095 - -config.expand-env=true + - -target=read + env: + - name: GOMEMLIMIT + value: 3481MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: docker.io/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: read ports: - containerPort: 3100 name: http-metrics @@ -86,25 +104,28 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config - mountPath: /etc/loki/runtime-config name: runtime-config - - mountPath: /tmp - name: tmp - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp + enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} - name: tmp - - emptyDir: {} - name: data + name: temp - configMap: items: - key: config.yaml @@ -114,3 +135,5 @@ spec: - configMap: name: loki-runtime name: runtime-config + - emptyDir: {} + name: data diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml similarity index 84% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml index 5130c5b..e2c9c39 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/poddisruptionbudget-read.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: read app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-read namespace: syn-loki spec: diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml deleted file mode 100644 index 14f15df..0000000 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/service-read-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-read-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml deleted file mode 100644 index 9d8a4e3..0000000 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/service-read.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-read - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: read - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/service.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/service.yaml new file mode 100644 index 0000000..87025ce --- /dev/null +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/read/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-read + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-read-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: read + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml similarity index 89% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml index 954f5a9..b89a7fd 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/service-results-cache-headless.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/service.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-results-cache namespace: syn-loki spec: diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml similarity index 88% rename from tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml index 5e171fe..a190fcc 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset-results-cache.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/results-cache/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/component: memcached-results-cache app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: memcached-results-cache name: loki-results-cache namespace: syn-loki @@ -44,7 +44,7 @@ spec: envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/library/memcached:1.6.39-alpine + image: docker.io/library/memcached:1.6.41-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -76,10 +76,13 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - --memcached.address=localhost:11211 - --web.listen-address=0.0.0.0:9150 - image: docker.io/prom/memcached-exporter:v0.15.4 + image: docker.io/prom/memcached-exporter:v0.16.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -110,10 +113,13 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault initContainers: [] nodeSelector: {} securityContext: null - serviceAccountName: loki + serviceAccountName: loki-memcached terminationGracePeriodSeconds: 60 tolerations: [] topologySpreadConstraints: [] diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml index 27ffcc1..b99235f 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/runtime-configmap.yaml @@ -7,7 +7,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-runtime namespace: syn-loki diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml index d5419cf..c5a5c17 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/service-memberlist.yaml @@ -5,8 +5,8 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-memberlist namespace: syn-loki spec: diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml index 617bc0f..57b736f 100644 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki namespace: syn-loki diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml similarity index 85% rename from tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml index 63a7ac6..3081ba4 100644 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/write/poddisruptionbudget-write.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/pdb.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-write namespace: syn-loki spec: diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml deleted file mode 100644 index 4cdcaa8..0000000 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/service-write-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - prometheus.io/service-monitor: 'false' - variant: headless - name: loki-write-headless - namespace: syn-loki -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - appProtocol: tcp - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml deleted file mode 100644 index 0f21c73..0000000 --- a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/service-write.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: null - labels: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 - name: loki-write - namespace: syn-loki -spec: - ports: - - name: http-metrics - port: 3100 - protocol: TCP - targetPort: http-metrics - - name: grpc - port: 9095 - protocol: TCP - targetPort: grpc - selector: - app.kubernetes.io/component: write - app.kubernetes.io/instance: loki - app.kubernetes.io/name: loki - type: ClusterIP diff --git a/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/service.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/service.yaml new file mode 100644 index 0000000..1ce1e25 --- /dev/null +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + name: loki-write + namespace: syn-loki +spec: + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 + prometheus.io/service-monitor: 'false' + variant: headless + name: loki-write-headless + namespace: syn-loki +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + protocol: TCP + targetPort: http-metrics + - name: grpc + port: 9095 + protocol: TCP + targetPort: grpc + - name: grpclb + port: 9096 + protocol: TCP + targetPort: grpc + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: write + app.kubernetes.io/instance: loki + app.kubernetes.io/name: loki + type: ClusterIP diff --git a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml similarity index 75% rename from tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml rename to tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml index 775a6b9..13afb08 100644 --- a/tests/golden/legacy/loki/loki/10_helm_loki/loki/templates/write/statefulset-write.yaml +++ b/tests/golden/openshift/loki/loki/10_helm_loki/loki/templates/write/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 name: loki-write namespace: syn-loki spec: @@ -23,14 +23,15 @@ spec: template: metadata: annotations: - checksum/config: 97913dbb9b85bb7a6df56d0176b64e94b3c339ab1700f212b9d56139f92b3d90 + checksum/config: 7759465199f16fe29d4910000b47f1f071b2b11fdb92aa64ffb9868618ffd1f0 + kubectl.kubernetes.io/default-container: write labels: app.kubernetes.io/component: write app.kubernetes.io/instance: loki app.kubernetes.io/name: loki app.kubernetes.io/part-of: memberlist - app.kubernetes.io/version: 3.6.5 - helm.sh/chart: loki-6.53.0 + app.kubernetes.io/version: 3.7.1 + helm.sh/chart: loki-13.5.0 spec: affinity: podAntiAffinity: @@ -45,14 +46,31 @@ spec: containers: - args: - -config.file=/etc/loki/config/config.yaml - - -target=write - -config.expand-env=true + - -target=write + env: + - name: GOMEMLIMIT + value: 6963MiB + - name: GOGC + value: '80' + - name: HASH_RING_INSTANCE_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP envFrom: - secretRef: name: loki-bucket-secret - image: docker.io/grafana/loki:3.6.5 + image: docker.io/grafana/loki:3.7.1 imagePullPolicy: IfNotPresent - name: loki + livenessProbe: + failureThreshold: 10 + httpGet: + path: /loki/api/v1/status/buildinfo + port: http-metrics + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: write ports: - containerPort: 3100 name: http-metrics @@ -85,6 +103,8 @@ spec: drop: - ALL readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/loki/config name: config @@ -92,13 +112,19 @@ spec: name: runtime-config - mountPath: /var/loki name: data + - mountPath: /tmp + name: temp enableServiceLinks: true securityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: loki terminationGracePeriodSeconds: 300 volumes: + - emptyDir: {} + name: temp - configMap: items: - key: config.yaml