deploying promtail

docs/k3s/k3s-config.yaml → docs/k3s/k3s-cp-config.yaml

@@ -7,18 +7,17 @@ token: 95e2850a0e0b505b8b677661885509a2
 # TLS Configuration
 tls-san: 192.168.5.200
 
+data-dir: /var/lib/rancher/k3s
+
 # ETCD configuration
 etcd-snapshot-schedule-cron: "0 */6 * * *" #Schedule ETCD snapshots every 6 hours
 etcd-snapshot-retention: 7 # Retain the last 7 snapshots
 etcd-snapshot-dir: "/var/lib/rancher/k3s/etcd/snapshots" # Directory to store ETCD snapshots
 
-# Security Configuration
-# List of features to disable
 disable:
   - "traefik"
   - "servicelb"
 
-# Node taints
 node-taint:
   - "node-role.kubernetes.io/control-plane=true:NoSchedule"
   - "node.kubernetes.io/unreachable=true:NoExecute"

docs/k3s/k3s-wk-config.yaml

@@ -0,0 +1,10 @@
+# Worker node configuration file
+
+node-name: "k3s-wk-1"
+node-ip: 192.168.5.4
+token: 95e2850xxx
+
+server: 192.168.5.200
+
+node-taint:
+  - "node.kubernetes.io/unreachable=true:NoExecute"

kubernetes/apps/homepage-dashboard/cluster-role-binding.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: homepage
+  name: homepage-cluster-role-binding
   labels:
     app.kubernetes.io/name: homepage
 roleRef:

kubernetes/apps/homepage-dashboard/cluster-role.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: homepage
+  name: homepage-cluster-role
   labels:
     app.kubernetes.io/name: homepage
 rules:

kubernetes/apps/homepage-dashboard/config-map.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: homepage
+  name: homepage-configmap
   namespace: homepage-dashboard
   labels:
     app.kubernetes.io/name: homepage

kubernetes/apps/homepage-dashboard/deployment.yaml

@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: homepage
+  name: homepage-deployment
   namespace: homepage-dashboard
   labels:
     app.kubernetes.io/name: homepage

kubernetes/apps/homepage-dashboard/ingress.yaml

@@ -14,6 +14,6 @@ spec:
             pathType: Prefix
             backend:
               service:
-                name: homepage
+                name: homepage-svc
                 port:
                   number: 80

kubernetes/apps/homepage-dashboard/secret.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 type: kubernetes.io/service-account-token
 metadata:
-  name: homepage
+  name: homepage-secret
   namespace: homepage-dashboard
   labels:
     app.kubernetes.io/name: homepage

kubernetes/apps/homepage-dashboard/service-account.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: homepage
+  name: homepage-serviceaccount
   namespace: homepage-dashboard
   labels:
     app.kubernetes.io/name: homepage

kubernetes/apps/homepage-dashboard/service.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: homepage
+  name: homepage-svc
   namespace: homepage-dashboard
   labels:
     app.kubernetes.io/name: homepage

kubernetes/apps/monitoring/prometheus/cluster-role-binding.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: prometheus
+  name: prometheus-cluster-role-binding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

kubernetes/apps/monitoring/prometheus/cluster-role.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: prometheus
+  name: prometheus-clusterrole
 rules:
   - apiGroups: [""]
     resources: ["pods", "services", "endpoints", "nodes", "namespaces"]

kubernetes/apps/monitoring/prometheus/config-map.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: prometheus-server-conf
+  name: prometheus-configmap
   namespace: monitoring
 data:
   prometheus.yml: |

kubernetes/apps/monitoring/prometheus/deployment.yaml

@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: prometheus-server
+  name: prometheus-deployment
   namespace: monitoring
 spec:
   replicas: 1

kubernetes/apps/monitoring/promtail/cluster-role-binding.yaml

@@ -1,12 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: promtail
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: promtail
+  name: promtail-clusterrolebinding
 subjects:
   - kind: ServiceAccount
-    name: promtail
+    name: promtail-serviceaccount
     namespace: monitoring
+roleRef:
+  kind: ClusterRole
+  name: promtail-clusterrole
+  apiGroup: rbac.authorization.k8s.io

kubernetes/apps/monitoring/promtail/cluster-role.yaml

@@ -1,11 +1,15 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: promtail
+  name: promtail-clusterrole
+  namespace: monitoring
 rules:
   - apiGroups: [""]
-    resources: ["pods", "nodes", "endpoints"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["namespaces"]
-    verbs: ["get", "list", "watch"]
+    resources:
+      - nodes
+      - services
+      - pods
+    verbs:
+      - get
+      - watch
+      - list

kubernetes/apps/monitoring/promtail/config-map.yaml

@@ -4,20 +4,52 @@ metadata:
   name: promtail-config
   namespace: monitoring
 data:
-  promtail.yaml: |-
+  promtail.yaml: |
     server:
       http_listen_port: 9080
       grpc_listen_port: 0
+
+    clients:
+    - url: https://loki-svc:3100/loki/api/v1/push
+
     positions:
       filename: /tmp/positions.yaml
-    clients:
-      - url: http://loki:3100/loki/api/v1/push
+    target_config:
+      sync_period: 10s
     scrape_configs:
-      - job_name: kubernetes-pods
-        kubernetes_sd_configs:
-          - role: pod
-        pipeline_stages:
-          - cri: {}
-        relabel_configs:
-          - source_labels: [__meta_kubernetes_pod_label_name]
-            target_label: job
+    - job_name: pod-logs
+      kubernetes_sd_configs:
+        - role: pod
+      pipeline_stages:
+        - docker: {}
+      relabel_configs:
+        - source_labels:
+            - __meta_kubernetes_pod_node_name
+          target_label: __host__
+        - action: labelmap
+          regex: __meta_kubernetes_pod_label_(.+)
+        - action: replace
+          replacement: $1
+          separator: /
+          source_labels:
+            - __meta_kubernetes_namespace
+            - __meta_kubernetes_pod_name
+          target_label: job
+        - action: replace
+          source_labels:
+            - __meta_kubernetes_namespace
+          target_label: namespace
+        - action: replace
+          source_labels:
+            - __meta_kubernetes_pod_name
+          target_label: pod
+        - action: replace
+          source_labels:
+            - __meta_kubernetes_pod_container_name
+          target_label: container
+        - replacement: /var/log/pods/*$1/*.log
+          separator: /
+          source_labels:
+            - __meta_kubernetes_pod_uid
+            - __meta_kubernetes_pod_container_name
+          target_label: __path__

kubernetes/apps/monitoring/promtail/daemonet.yaml

@@ -0,0 +1,44 @@
+--- # Daemonset.yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: promtail-daemonset
+  namespace: monitoring
+spec:
+  selector:
+    matchLabels:
+      name: promtail
+  template:
+    metadata:
+      labels:
+        name: promtail
+    spec:
+      serviceAccount: promtail-serviceaccount
+      containers:
+        - name: promtail-container
+          image: grafana/promtail
+          args:
+            - -config.file=/etc/promtail/promtail.yaml
+          env:
+            - name: "HOSTNAME" # needed when using kubernetes_sd_configs
+              valueFrom:
+                fieldRef:
+                  fieldPath: "spec.nodeName"
+          volumeMounts:
+            - name: logs
+              mountPath: /var/log
+            - name: promtail-config
+              mountPath: /etc/promtail
+            - mountPath: /var/lib/docker/containers
+              name: varlibdockercontainers
+              readOnly: true
+      volumes:
+        - name: logs
+          hostPath:
+            path: /var/log
+        - name: varlibdockercontainers
+          hostPath:
+            path: /var/lib/docker/containers
+        - name: promtail-config
+          configMap:
+            name: promtail-config

kubernetes/apps/monitoring/promtail/service-account.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: promtail
+  name: promtail-serviceaccount
   namespace: monitoring

kubernetes/apps/postgres-db/config-map.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: postgres-secret
+  name: postgres-configmap
   labels:
     app: postgres
 data:

kubernetes/apps/postgres-db/deployment.yaml

@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: postgres
+  name: postgres-deployment
 spec:
   replicas: 1
   selector:
@@ -20,7 +20,7 @@ spec:
             - containerPort: 5432
           envFrom:
             - configMapRef:
-                name: postgres-secret
+                name: postgres-configmap
           env:
             - name: PGDATA
               value: /var/lib/postgresql/data/pgdata

kubernetes/apps/redis-db/deployment.yaml

@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: redis
+  name: redis-deployment
   namespace: redis-db
 spec:
   replicas: 1

kubernetes/apps/redis-db/service.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: redis
+  name: redis-svc
   namespace: redis-db
 spec:
   type: LoadBalancer