feat: helm global values updates #16062
Open
+196
−201
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
area/helm
type/docs
|
💻 Deploy preview available: https://deploy-preview-loki-16062-zb444pucvq-vp.a.run.app/docs/loki/latest/ |
JStickler
reviewed
Feb 3, 2025
7 tasks
Helm Diff Output - SummarySingle Binary Scenariodefault, loki-release-compactor, StatefulSet (apps) has changed:
# Source: loki/templates/compactor/statefulset-compactor.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-release-compactor
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: compactor
app.kubernetes.io/part-of: memberlist
spec:
replicas: 1
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: loki-release-compactor-headless
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: compactor
template:
metadata:
annotations:
checksum/config: 81a6a3510946cd46826a1c342bb0d9614996484c0cf91fe5f208a0cf11aa5ad6
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: compactor
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 30
containers:
- name: compactor
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=compactor
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: temp
mountPath: /tmp
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: compactor
topologyKey: kubernetes.io/hostname
volumes:
- name: temp
emptyDir: {}
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: data
emptyDir: {}
default, loki-release-distributor, Deployment (apps) has changed:
# Source: loki/templates/distributor/deployment-distributor.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: loki-release-distributor
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: distributor
app.kubernetes.io/part-of: memberlist
spec:
replicas: 3
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: distributor
template:
metadata:
annotations:
checksum/config: 81a6a3510946cd46826a1c342bb0d9614996484c0cf91fe5f208a0cf11aa5ad6
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: distributor
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 30
containers:
- name: distributor
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=distributor
- -distributor.zone-awareness-enabled=true
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
livenessProbe:
null
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: distributor
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
default, loki-release-index-gateway, StatefulSet (apps) has changed:
# Source: loki/templates/index-gateway/statefulset-index-gateway.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-release-index-gateway
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: index-gateway
spec:
replicas: 2
updateStrategy:
type: RollingUpdate
serviceName: loki-release-index-gateway-headless
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: index-gateway
template:
metadata:
annotations:
checksum/config: 81a6a3510946cd46826a1c342bb0d9614996484c0cf91fe5f208a0cf11aa5ad6
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: index-gateway
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 300
containers:
- name: index-gateway
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=index-gateway
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
livenessProbe:
null
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: index-gateway
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: data
emptyDir: {}
default, loki-release-ingester-zone-a, StatefulSet (apps) has changed:
# Source: loki/templates/ingester/statefulset-ingester-zone-a.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-release-ingester-zone-a
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: ingester
app.kubernetes.io/part-of: memberlist
name: ingester-zone-a
rollout-group: ingester
annotations:
rollout-max-unavailable: "1"
spec:
replicas: 1
podManagementPolicy: Parallel
serviceName: loki-release-ingester-zone-a
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: ingester
name: ingester-zone-a
rollout-group: ingester
updateStrategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 81a6a3510946cd46826a1c342bb0d9614996484c0cf91fe5f208a0cf11aa5ad6
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: ingester
app.kubernetes.io/part-of: memberlist
name: ingester-zone-a
rollout-group: ingester
spec:
topologySpreadConstraints:
- labelSelector:
matchLabels:
app.kubernetes.io/component: ingester
maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
serviceAccountName: loki
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 300
containers:
- name: ingester
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -ingester.availability-zone=zone-a
- -ingester.unregister-on-shutdown=false
- -ingester.tokens-file-path=/var/loki/ring-tokens
- -target=ingester
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: rollout-group
operator: In
values:
- ingester
- key: name
operator: NotIn
values:
- ingester-zone-a
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: data
emptyDir: {}
default, loki-release-ingester-zone-b, StatefulSet (apps) has changed:
# Source: loki/templates/ingester/statefulset-ingester-zone-b.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-release-ingester-zone-b
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: ingester
app.kubernetes.io/part-of: memberlist
name: ingester-zone-b
rollout-group: ingester
annotations:
rollout-max-unavailable: "1"
spec:
replicas: 1
podManagementPolicy: Parallel
serviceName: loki-release-ingester-zone-b
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: ingester
name: ingester-zone-b
rollout-group: ingester
updateStrategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 81a6a3510946cd46826a1c342bb0d9614996484c0cf91fe5f208a0cf11aa5ad6
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: ingester
app.kubernetes.io/part-of: memberlist
name: ingester-zone-b
rollout-group: ingester
spec:
topologySpreadConstraints:
- labelSelector:
matchLabels:
app.kubernetes.io/component: ingester
maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
serviceAccountName: loki
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 300
containers:
- name: ingester
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -ingester.availability-zone=zone-b
- -ingester.unregister-on-shutdown=false
- -ingester.tokens-file-path=/var/loki/ring-tokens
- -target=ingester
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: rollout-group
operator: In
values:
- ingester
- key: name
operator: NotIn
values:
- ingester-zone-b
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: data
emptyDir: {}
default, loki-release-ingester-zone-c, StatefulSet (apps) has changed:
# Source: loki/templates/ingester/statefulset-ingester-zone-c.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-release-ingester-zone-c
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: ingester
app.kubernetes.io/part-of: memberlist
name: ingester-zone-c
rollout-group: ingester
annotations:
rollout-max-unavailable: "1"
spec:
replicas: 1
podManagementPolicy: Parallel
serviceName: loki-release-ingester-zone-c
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: ingester
name: ingester-zone-c
rollout-group: ingester
updateStrategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 81a6a3510946cd46826a1c342bb0d9614996484c0cf91fe5f208a0cf11aa5ad6
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: ingester
app.kubernetes.io/part-of: memberlist
name: ingester-zone-c
rollout-group: ingester
spec:
topologySpreadConstraints:
- labelSelector:
matchLabels:
app.kubernetes.io/component: ingester
maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
serviceAccountName: loki
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 300
containers:
- name: ingester
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -ingester.availability-zone=zone-c
- -ingester.unregister-on-shutdown=false
- -ingester.tokens-file-path=/var/loki/ring-tokens
- -target=ingester
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: rollout-group
operator: In
values:
- ingester
- key: name
operator: NotIn
values:
- ingester-zone-c
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: data
emptyDir: {}
default, loki-release-minio, ConfigMap (v1) has changed:
# Source: loki/charts/minio/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: loki-release-minio
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
data:
initialize: |-
#!/bin/sh
set -e # Have script exit in the event of a failed command.
MC_CONFIG_DIR="/etc/minio/mc/"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0
LIMIT=29 # Allow 30 attempts
set -e # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser)
SECRET=$(cat /config/rootPassword)
set +e # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT"
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET"
$MC_COMMAND
STATUS=$?
until [ $STATUS = 0 ]; do
ATTEMPTS=$(expr $ATTEMPTS + 1)
echo \"Failed attempts: $ATTEMPTS\"
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1
fi
sleep 2 # 1 second intervals between attempts
$MC_COMMAND
STATUS=$?
done
set -e # reset `e` as active
return 0
}
# checkBucketExists ($bucket)
# Check if the bucket exists, by using the exit code of `mc ls`
checkBucketExists() {
BUCKET=$1
CMD=$(${MC} stat myminio/$BUCKET >/dev/null 2>&1)
return $?
}
# createBucket ($bucket, $policy, $purge)
# Ensure bucket exists, purging if asked to
createBucket() {
BUCKET=$1
POLICY=$2
PURGE=$3
VERSIONING=$4
OBJECTLOCKING=$5
# Purge the bucket, if set & exists
# Since PURGE is user input, check explicitly for `true`
if [ $PURGE = true ]; then
if checkBucketExists $BUCKET; then
echo "Purging bucket '$BUCKET'."
set +e # don't exit if this fails
${MC} rm -r --force myminio/$BUCKET
set -e # reset `e` as active
else
echo "Bucket '$BUCKET' does not exist, skipping purge."
fi
fi
# Create the bucket if it does not exist and set objectlocking if enabled (NOTE: versioning will be not changed if OBJECTLOCKING is set because it enables versioning to the Buckets created)
if ! checkBucketExists $BUCKET; then
if [ ! -z $OBJECTLOCKING ]; then
if [ $OBJECTLOCKING = true ]; then
echo "Creating bucket with OBJECTLOCKING '$BUCKET'"
${MC} mb --with-lock myminio/$BUCKET
elif [ $OBJECTLOCKING = false ]; then
echo "Creating bucket '$BUCKET'"
${MC} mb myminio/$BUCKET
fi
elif [ -z $OBJECTLOCKING ]; then
echo "Creating bucket '$BUCKET'"
${MC} mb myminio/$BUCKET
else
echo "Bucket '$BUCKET' already exists."
fi
fi
# set versioning for bucket if objectlocking is disabled or not set
if [ $OBJECTLOCKING = false ]; then
if [ ! -z $VERSIONING ]; then
if [ $VERSIONING = true ]; then
echo "Enabling versioning for '$BUCKET'"
${MC} version enable myminio/$BUCKET
elif [ $VERSIONING = false ]; then
echo "Suspending versioning for '$BUCKET'"
${MC} version suspend myminio/$BUCKET
fi
fi
else
echo "Bucket '$BUCKET' versioning unchanged."
fi
# At this point, the bucket should exist, skip checking for existence
# Set policy on the bucket
echo "Setting policy of bucket '$BUCKET' to '$POLICY'."
${MC} anonymous set $POLICY myminio/$BUCKET
}
# Try connecting to MinIO instance
scheme=http
connectToMinio $scheme
# Create the buckets
createBucket chunks "none" false false false
createBucket ruler "none" false false false
createBucket admin "none" false false false
add-user: |-
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
MC_CONFIG_DIR="/etc/minio/mc/"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
# AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters.
# Special characters for example : ',",<,>,{,}
MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_tmp"
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkUserExists ()
# Check if the user exists, by using the exit code of `mc admin user info`
checkUserExists() {
CMD=$(${MC} admin user info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1)
return $?
}
# createUser ($policy)
createUser() {
POLICY=$1
#check accessKey_and_secretKey_tmp file
if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then
echo "credentials file does not exist"
return 1
fi
if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then
echo "credentials file is invalid"
rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP
return 1
fi
USER=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP)
# Create the user if it does not exist
if ! checkUserExists ; then
echo "Creating user '$USER'"
cat $MINIO_ACCESSKEY_SECRETKEY_TMP | ${MC} admin user add myminio
else
echo "User '$USER' already exists."
fi
#clean up credentials files.
rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP
# set policy for user
if [ ! -z $POLICY -a $POLICY != " " ] ; then
echo "Adding policy '$POLICY' for '$USER'"
set +e ; # policy already attach errors out, allow it.
${MC} admin policy attach myminio $POLICY --user=$USER
set -e
else
echo "User '$USER' has no policy attached."
fi
}
# Try connecting to MinIO instance
scheme=http
connectToMinio $scheme
# Create the users
echo logs-user > $MINIO_ACCESSKEY_SECRETKEY_TMP
echo supersecretpassword >> $MINIO_ACCESSKEY_SECRETKEY_TMP
createUser readwrite
add-policy: |-
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
MC_CONFIG_DIR="/etc/minio/mc/"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkPolicyExists ($policy)
# Check if the policy exists, by using the exit code of `mc admin policy info`
checkPolicyExists() {
POLICY=$1
CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1)
return $?
}
# createPolicy($name, $filename)
createPolicy () {
NAME=$1
FILENAME=$2
# Create the name if it does not exist
echo "Checking policy: $NAME (in /config/$FILENAME.json)"
if ! checkPolicyExists $NAME ; then
echo "Creating policy '$NAME'"
else
echo "Policy '$NAME' already exists."
fi
${MC} admin policy create myminio $NAME /config/$FILENAME.json
}
# Try connecting to MinIO instance
scheme=http
connectToMinio $scheme
add-svcacct: |-
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
MC_CONFIG_DIR="/etc/minio/mc/"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
# AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters.
# Special characters for example : ',",<,>,{,}
MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_svcacct_tmp"
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 2 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkSvcacctExists ()
# Check if the svcacct exists, by using the exit code of `mc admin user svcacct info`
checkSvcacctExists() {
CMD=$(${MC} admin user svcacct info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1)
return $?
}
# createSvcacct ($user)
createSvcacct () {
USER=$1
FILENAME=$2
#check accessKey_and_secretKey_tmp file
if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then
echo "credentials file does not exist"
return 1
fi
if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then
echo "credentials file is invalid"
rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP
return 1
fi
SVCACCT=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP)
# Create the svcacct if it does not exist
if ! checkSvcacctExists ; then
echo "Creating svcacct '$SVCACCT'"
# Check if policy file is define
if [ -z $FILENAME ]; then
${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) myminio $USER
else
${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --policy /config/$FILENAME.json myminio $USER
fi
else
echo "Svcacct '$SVCACCT' already exists."
fi
#clean up credentials files.
rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP
}
# Try connecting to MinIO instance
scheme=http
connectToMinio $scheme
custom-command: |-
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
MC_CONFIG_DIR="/etc/minio/mc/"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# runCommand ($@)
# Run custom mc command
runCommand() {
${MC} "$@"
return $?
}
# Try connecting to MinIO instance
scheme=http
connectToMinio $scheme
default, loki-release-minio, Secret (v1) has changed:
# Source: loki/charts/minio/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
heritage: Helm
release: loki-release
name: loki-release-minio
data:
rootPassword: 'REDACTED # (19 bytes)'
rootUser: 'REDACTED # (9 bytes)'
type: Opaque
default, loki-release-minio, Service (v1) has changed:
# Source: loki/charts/minio/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: loki-release-minio
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
monitoring: "true"
spec:
type: ClusterIP
ports:
- name: http
port: 9000
protocol: TCP
targetPort: 9000
selector:
app: minio
release: loki-release
default, loki-release-minio, StatefulSet (apps) has changed:
# Source: loki/charts/minio/templates/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-release-minio
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
spec:
updateStrategy:
type: RollingUpdate
podManagementPolicy: "Parallel"
serviceName: loki-release-minio-svc
replicas: 1
selector:
matchLabels:
app: minio
release: loki-release
template:
metadata:
name: loki-release-minio
labels:
app: minio
release: loki-release
annotations:
- checksum/secrets: 16571eb39ff756fb0bff3f375543d10d85c265fa64d5607ab3f4ce5ff711ecb9
- checksum/config: 04fbedc80c3e09ca79e0fd27207574c80fda612b301de3c4f6a52997205fb398
+ checksum/secrets: 83e00c080f13dd0c967e16625b3c5ce88fe138fb6e903ac49c54cd16f5f5b659
+ checksum/config: 9e7d1b7d05afafdf1f4dd11b625c985b7bbaceea2255647f6c3c2dde5e257978
spec:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsUser: 1000
serviceAccountName: minio-sa
containers:
- name: minio
- image: quay.io/minio/minio:RELEASE.2024-04-18T19-09-19Z
+ image: quay.io/minio/minio:RELEASE.2024-12-18T13-15-44Z
imagePullPolicy: IfNotPresent
command: [
"/bin/sh",
"-ce",
"/usr/bin/docker-entrypoint.sh minio server http://loki-release-minio-{0...0}.loki-release-minio-svc.default.svc/export-{0...1} -S /etc/minio/certs/ --address :9000 --console-address :9001"
]
volumeMounts:
- name: export-0
mountPath: /export-0
- name: export-1
mountPath: /export-1
ports:
- name: http
containerPort: 9000
- name: http-console
containerPort: 9001
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: loki-release-minio
key: rootUser
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: loki-release-minio
key: rootPassword
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
resources:
requests:
cpu: 100m
memory: 128Mi
securityContext:
readOnlyRootFilesystem: false
volumes:
- name: minio-user
secret:
secretName: loki-release-minio
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: export-0
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 5Gi
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: export-1
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 5Gi
default, loki-release-minio-console, Service (v1) has changed:
# Source: loki/charts/minio/templates/console-service.yaml
apiVersion: v1
kind: Service
metadata:
name: loki-release-minio-console
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
spec:
type: ClusterIP
ports:
- name: http
port: 9001
protocol: TCP
targetPort: 9001
selector:
app: minio
release: loki-release
default, loki-release-minio-post-job, Job (batch) has changed:
# Source: loki/charts/minio/templates/post-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: loki-release-minio-post-job
labels:
app: minio-post-job
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
spec:
template:
metadata:
labels:
app: minio-job
release: loki-release
spec:
restartPolicy: OnFailure
volumes:
- name: etc-path
emptyDir: {}
- name: tmp
emptyDir: {}
- name: minio-configuration
projected:
sources:
- configMap:
name: loki-release-minio
- secret:
name: loki-release-minio
serviceAccountName: minio-sa
containers:
- name: minio-make-bucket
- image: "quay.io/minio/mc:RELEASE.2024-04-18T16-45-29Z"
+ image: "quay.io/minio/mc:RELEASE.2024-11-21T17-21-54Z"
imagePullPolicy: IfNotPresent
command: [ "/bin/sh", "/config/initialize" ]
env:
- name: MINIO_ENDPOINT
value: loki-release-minio
- name: MINIO_PORT
value: "9000"
volumeMounts:
- name: etc-path
mountPath: /etc/minio/mc
- name: tmp
mountPath: /tmp
- name: minio-configuration
mountPath: /config
resources:
requests:
memory: 128Mi
- name: minio-make-user
- image: "quay.io/minio/mc:RELEASE.2024-04-18T16-45-29Z"
+ image: "quay.io/minio/mc:RELEASE.2024-11-21T17-21-54Z"
imagePullPolicy: IfNotPresent
command: [ "/bin/sh", "/config/add-user" ]
env:
- name: MINIO_ENDPOINT
value: loki-release-minio
- name: MINIO_PORT
value: "9000"
volumeMounts:
- name: etc-path
mountPath: /etc/minio/mc
- name: tmp
mountPath: /tmp
- name: minio-configuration
mountPath: /config
resources:
requests:
memory: 128Mi
default, loki-release-minio-svc, Service (v1) has changed:
# Source: loki/charts/minio/templates/statefulset.yaml
apiVersion: v1
kind: Service
metadata:
name: loki-release-minio-svc
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
spec:
publishNotReadyAddresses: true
clusterIP: None
ports:
- name: http
port: 9000
protocol: TCP
targetPort: 9000
selector:
app: minio
release: loki-release
default, loki-release-querier, Deployment (apps) has changed:
# Source: loki/templates/querier/deployment-querier.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: loki-release-querier
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: querier
app.kubernetes.io/part-of: memberlist
spec:
replicas: 3
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: querier
template:
metadata:
annotations:
checksum/config: 81a6a3510946cd46826a1c342bb0d9614996484c0cf91fe5f208a0cf11aa5ad6
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: querier
app.kubernetes.io/part-of: memberlist
spec:
topologySpreadConstraints:
- labelSelector:
matchLabels:
app.kubernetes.io/component: querier
maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
serviceAccountName: loki
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 30
containers:
- name: querier
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=querier
- -distributor.zone-awareness-enabled=true
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
livenessProbe:
null
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: querier
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: data
emptyDir: {}
default, loki-release-query-frontend, Deployment (apps) has changed:
# Source: loki/templates/query-frontend/deployment-query-frontend.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: loki-release-query-frontend
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: query-frontend
spec:
replicas: 2
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: query-frontend
template:
metadata:
annotations:
checksum/config: 81a6a3510946cd46826a1c342bb0d9614996484c0cf91fe5f208a0cf11aa5ad6
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: query-frontend
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 30
containers:
- name: query-frontend
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=query-frontend
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: query-frontend
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
default, loki-release-query-scheduler, Deployment (apps) has changed:
# Source: loki/templates/query-scheduler/deployment-query-scheduler.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: loki-release-query-scheduler
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: query-scheduler
spec:
replicas: 2
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: query-scheduler
template:
metadata:
annotations:
checksum/config: 81a6a3510946cd46826a1c342bb0d9614996484c0cf91fe5f208a0cf11aa5ad6
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: query-scheduler
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 30
containers:
- name: query-scheduler
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=query-scheduler
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
livenessProbe:
null
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: query-scheduler
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
default, loki-release-ruler, StatefulSet (apps) has changed:
# Source: loki/templates/ruler/statefulset-ruler.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-release-ruler
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: ruler
app.kubernetes.io/part-of: memberlist
spec:
replicas: 0
revisionHistoryLimit: 10
serviceName: loki-release-ruler
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: ruler
template:
metadata:
annotations:
checksum/config: 81a6a3510946cd46826a1c342bb0d9614996484c0cf91fe5f208a0cf11aa5ad6
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: ruler
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 300
containers:
- name: ruler
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=ruler
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
- name: tmp
mountPath: /tmp/loki
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: ruler
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: tmp
emptyDir: {}
- name: data
emptyDir: {}Default Values Scenariodefault, loki-backend, StatefulSet (apps) has changed:
# Source: loki/templates/backend/statefulset-backend.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-backend
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: backend
app.kubernetes.io/part-of: memberlist
spec:
replicas: 1
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: loki-backend-headless
revisionHistoryLimit: 10
persistentVolumeClaimRetentionPolicy:
whenDeleted: Delete
whenScaled: Delete
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: backend
template:
metadata:
annotations:
checksum/config: 6074dc4b0d60af4991bb01fbda4550e5e2da5dd9c203362200c280b3e43407ea
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: backend
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
automountServiceAccountToken: true
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 300
containers:
- name: loki-sc-rules
- image: "kiwigrid/k8s-sidecar:1.29.0"
+ image: "kiwigrid/k8s-sidecar:1.29.1"
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "loki_rule"
- name: FOLDER
value: "/rules"
- name: RESOURCE
value: "both"
- name: WATCH_SERVER_TIMEOUT
value: "60"
- name: WATCH_CLIENT_TIMEOUT
value: "60"
- name: LOG_LEVEL
value: "INFO"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- name: sc-rules-volume
mountPath: "/rules"
- name: loki
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=backend
- -legacy-read-mode=false
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: tmp
mountPath: /tmp
- name: data
mountPath: /var/loki
- name: sc-rules-volume
mountPath: "/rules"
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: backend
topologyKey: kubernetes.io/hostname
volumes:
- name: tmp
emptyDir: {}
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: sc-rules-volume
emptyDir: {}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "10Gi"
default, loki-write, StatefulSet (apps) has changed:
# Source: loki/templates/write/statefulset-write.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-write
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: write
app.kubernetes.io/part-of: memberlist
spec:
replicas: 1
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: loki-write-headless
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: write
template:
metadata:
annotations:
checksum/config: 6074dc4b0d60af4991bb01fbda4550e5e2da5dd9c203362200c280b3e43407ea
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: write
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
automountServiceAccountToken: true
enableServiceLinks: true
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 300
containers:
- name: loki
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=write
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: write
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "10Gi"Ingress Values Scenariodefault, loki-backend, StatefulSet (apps) has changed:
# Source: loki/templates/backend/statefulset-backend.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-backend
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: backend
app.kubernetes.io/part-of: memberlist
spec:
replicas: 1
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: loki-backend-headless
revisionHistoryLimit: 10
persistentVolumeClaimRetentionPolicy:
whenDeleted: Delete
whenScaled: Delete
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: backend
template:
metadata:
annotations:
checksum/config: 6074dc4b0d60af4991bb01fbda4550e5e2da5dd9c203362200c280b3e43407ea
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: backend
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
automountServiceAccountToken: true
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 300
containers:
- name: loki-sc-rules
- image: "kiwigrid/k8s-sidecar:1.29.0"
+ image: "kiwigrid/k8s-sidecar:1.29.1"
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "loki_rule"
- name: FOLDER
value: "/rules"
- name: RESOURCE
value: "both"
- name: WATCH_SERVER_TIMEOUT
value: "60"
- name: WATCH_CLIENT_TIMEOUT
value: "60"
- name: LOG_LEVEL
value: "INFO"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- name: sc-rules-volume
mountPath: "/rules"
- name: loki
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=backend
- -legacy-read-mode=false
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: tmp
mountPath: /tmp
- name: data
mountPath: /var/loki
- name: sc-rules-volume
mountPath: "/rules"
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: backend
topologyKey: kubernetes.io/hostname
volumes:
- name: tmp
emptyDir: {}
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: sc-rules-volume
emptyDir: {}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "10Gi"
default, loki-write, StatefulSet (apps) has changed:
# Source: loki/templates/write/statefulset-write.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-write
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: write
app.kubernetes.io/part-of: memberlist
spec:
replicas: 1
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: loki-write-headless
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: write
template:
metadata:
annotations:
checksum/config: 6074dc4b0d60af4991bb01fbda4550e5e2da5dd9c203362200c280b3e43407ea
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: write
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
automountServiceAccountToken: true
enableServiceLinks: true
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 300
containers:
- name: loki
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=write
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: write
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "10Gi"Legacy Monitoring Scenariodefault, loki-backend, StatefulSet (apps) has changed:
# Source: loki/templates/backend/statefulset-backend.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-backend
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: backend
app.kubernetes.io/part-of: memberlist
spec:
replicas: 1
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: loki-backend-headless
revisionHistoryLimit: 10
persistentVolumeClaimRetentionPolicy:
whenDeleted: Delete
whenScaled: Delete
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: backend
template:
metadata:
annotations:
checksum/config: 6074dc4b0d60af4991bb01fbda4550e5e2da5dd9c203362200c280b3e43407ea
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: backend
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
automountServiceAccountToken: true
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 300
containers:
- name: loki-sc-rules
- image: "kiwigrid/k8s-sidecar:1.29.0"
+ image: "kiwigrid/k8s-sidecar:1.29.1"
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "loki_rule"
- name: FOLDER
value: "/rules"
- name: RESOURCE
value: "both"
- name: WATCH_SERVER_TIMEOUT
value: "60"
- name: WATCH_CLIENT_TIMEOUT
value: "60"
- name: LOG_LEVEL
value: "INFO"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- name: sc-rules-volume
mountPath: "/rules"
- name: loki
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=backend
- -legacy-read-mode=false
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: tmp
mountPath: /tmp
- name: data
mountPath: /var/loki
- name: sc-rules-volume
mountPath: "/rules"
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: backend
topologyKey: kubernetes.io/hostname
volumes:
- name: tmp
emptyDir: {}
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
- name: sc-rules-volume
emptyDir: {}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "10Gi"
default, loki-release-grafana-agent-operator, ClusterRole (rbac.authorization.k8s.io) has changed:
# Source: loki/charts/grafana-agent-operator/templates/operator-clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: loki-release-grafana-agent-operator
labels:
app.kubernetes.io/name: grafana-agent-operator
app.kubernetes.io/instance: loki-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: operator
- helm.sh/chart: grafana-agent-operator-0.5.0
- app.kubernetes.io/version: "0.43.3"
+ helm.sh/chart: grafana-agent-operator-0.5.1
+ app.kubernetes.io/version: "0.44.2"
rules:
- apiGroups: [monitoring.grafana.com]
resources:
- grafanaagents
- metricsinstances
- logsinstances
- podlogs
- integrations
verbs: [get, list, watch]
- apiGroups: [monitoring.grafana.com]
resources:
- grafanaagents/finalizers
- metricsinstances/finalizers
- logsinstances/finalizers
- podlogs/finalizers
- integrations/finalizers
verbs: [get, list, watch, update]
- apiGroups: [monitoring.coreos.com]
resources:
- podmonitors
- probes
- servicemonitors
verbs: [get, list, watch]
- apiGroups: [monitoring.coreos.com]
resources:
- podmonitors/finalizers
- probes/finalizers
- servicemonitors/finalizers
verbs: [get, list, watch, update]
- apiGroups: [""]
resources:
- namespaces
- nodes
verbs: [get, list, watch]
- apiGroups: [""]
resources:
- secrets
- services
- configmaps
- endpoints
verbs: [get, list, watch, create, update, patch, delete]
- apiGroups: ["apps"]
resources:
- statefulsets
- daemonsets
- deployments
verbs: [get, list, watch, create, update, patch, delete]
default, loki-release-grafana-agent-operator, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
# Source: loki/charts/grafana-agent-operator/templates/operator-clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: loki-release-grafana-agent-operator
labels:
app.kubernetes.io/name: grafana-agent-operator
app.kubernetes.io/instance: loki-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: operator
- helm.sh/chart: grafana-agent-operator-0.5.0
- app.kubernetes.io/version: "0.43.3"
+ helm.sh/chart: grafana-agent-operator-0.5.1
+ app.kubernetes.io/version: "0.44.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: loki-release-grafana-agent-operator
subjects:
- kind: ServiceAccount
name: loki-release-grafana-agent-operator
namespace: default
default, loki-release-grafana-agent-operator, Deployment (apps) has changed:
# Source: loki/charts/grafana-agent-operator/templates/operator-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: loki-release-grafana-agent-operator
namespace: default
labels:
app.kubernetes.io/name: grafana-agent-operator
app.kubernetes.io/instance: loki-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: operator
- helm.sh/chart: grafana-agent-operator-0.5.0
- app.kubernetes.io/version: "0.43.3"
+ helm.sh/chart: grafana-agent-operator-0.5.1
+ app.kubernetes.io/version: "0.44.2"
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: grafana-agent-operator
app.kubernetes.io/instance: loki-release
template:
metadata:
labels:
app.kubernetes.io/name: grafana-agent-operator
app.kubernetes.io/instance: loki-release
spec:
serviceAccountName: loki-release-grafana-agent-operator
containers:
- name: grafana-agent-operator
- image: "docker.io/grafana/agent-operator:v0.43.3"
+ image: "docker.io/grafana/agent-operator:v0.44.2"
imagePullPolicy: IfNotPresent
args:
- --kubelet-service=default/kubelet
default, loki-release-grafana-agent-operator, ServiceAccount (v1) has changed:
# Source: loki/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: loki-release-grafana-agent-operator
namespace: default
labels:
app.kubernetes.io/name: grafana-agent-operator
app.kubernetes.io/instance: loki-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: operator
- helm.sh/chart: grafana-agent-operator-0.5.0
- app.kubernetes.io/version: "0.43.3"
+ helm.sh/chart: grafana-agent-operator-0.5.1
+ app.kubernetes.io/version: "0.44.2"
default, loki-write, StatefulSet (apps) has changed:
# Source: loki/templates/write/statefulset-write.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-write
namespace: default
labels:
helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: write
app.kubernetes.io/part-of: memberlist
spec:
replicas: 1
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: loki-write-headless
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
app.kubernetes.io/component: write
template:
metadata:
annotations:
checksum/config: 6074dc4b0d60af4991bb01fbda4550e5e2da5dd9c203362200c280b3e43407ea
labels:
+ helm.sh/chart: loki-6.25.0
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki-release
+ app.kubernetes.io/version: "3.3.2"
app.kubernetes.io/component: write
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
automountServiceAccountToken: true
enableServiceLinks: true
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 300
containers:
- name: loki
image: docker.io/grafana/loki:3.3.2
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=write
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: data
mountPath: /var/loki
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: write
topologyKey: kubernetes.io/hostname
volumes:
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "10Gi"Simple Scalable AWS Kube IRSA Scenario809d808
< helm.sh/chart: loki-6.25.0
812d810
< app.kubernetes.io/version: "3.3.2"
1128d1125
< helm.sh/chart: loki-6.25.0
1131d1127
< app.kubernetes.io/version: "3.3.2"
1146c1142
< image: "kiwigrid/k8s-sidecar:1.29.1"
---
> image: "kiwigrid/k8s-sidecar:1.29.0"
1488d1483
< helm.sh/chart: loki-6.25.0
1491d1485
< app.kubernetes.io/version: "3.3.2" |
|
Nice solution, but it's in very poor taste to not give any credit to the work done in #12652 I doubt I can justify working on Grafana projects again. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Adds support for the following global variables in the helm chart:
global.extraArgsglobal.extraEnvglobal.extraEnvFromglobal.extraVolumesglobal.extraVolumeMountsFixes #11391
Special notes for your reviewer:
Checklist
CONTRIBUTING.mdguide (required)