Helm/Loki: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
Line 561: Line 561:


| valign="top" |
| valign="top" |
* [https://grafana.com/docs/loki/latest/setup/install/docker/ Loki » Docker » Install]
* [[Security/Password|Security » Password]]
* [[Security/Password|Security » Password]]


Latest revision as of 06:18, 27 July 2025

Helm » Repo » Manage 

helm repo add grafana https://grafana.github.io/helm-charts
helm repo update && helm repo list

Helm » K8s » Config

Helm » K8s » Config 

export KUBECONFIG=${HOME}/.kube/eks-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/gke-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/lke-kubeconfig.yaml

export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ac-kubeconfig.yaml

export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts
kubectl config view

Helm » K8s » MinIO

Helm » K8s » MinIO 

cat << EXE | bash
mc ready      s3_minio_shahed_shahed_biz_admin
mc ping  -c=3 s3_minio_shahed_shahed_biz_admin
mc admin info s3_minio_shahed_shahed_biz_admin
mc mb         s3_minio_shahed_shahed_biz_admin/shahed-ae-loki-admin
mc mb         s3_minio_shahed_shahed_biz_admin/shahed-ae-loki-ruler
mc mb         s3_minio_shahed_shahed_biz_admin/shahed-ae-loki-chunks
mc ls         s3_minio_shahed_shahed_biz_admin --json | jq -r '.key|sub("/$"; "")'
EXE

Helm » K8s » MinIO » Policy 

yq -o=json <<'YML'| \
mc admin policy create s3_minio_shahed_shahed_biz_admin shahed-ae-loki-rw /dev/stdin
---
Version: "2012-10-17"
Statement:
  - Effect: Allow
    Action:
      - s3:*
    Resource:
      - arn:aws:s3:::shahed-ae-loki-admin
      - arn:aws:s3:::shahed-ae-loki-ruler
      - arn:aws:s3:::shahed-ae-loki-chunks
YML

mc admin policy ls   s3_minio_shahed_shahed_biz_admin --json|jq -r '.policy'
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-loki-rw --json|jq -r

Helm » K8s » MinIO » Service Account 

mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-loki-rw --json|jq -r '.policyInfo.Policy'|\
mc admin user svcacct add  s3_minio_shahed_shahed_biz_admin admin \
 --description 'shahed-ae-loki-rw' \
 --name shahed-ae-loki-rw \
 --policy /dev/stdin
:'
Access Key: 9VJLMCIHU5AEUJESOCGZ
Expiration: no-expiry
'

mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-loki-rw --json|jq -r '.policyInfo.Policy'|\
mc admin user svcacct edit s3_minio_shahed_shahed_biz_admin/ '9VJLMCIHU5AEUJESOCGZ' \
 --policy /dev/stdin
:'
Edited service account `9VJLMCIHU5AEUJESOCGZ` successfully.
'

mc admin user svcacct disable s3_minio_shahed_shahed_biz_admin '9VJLMCIHU5AEUJESOCGZ'
mc admin user svcacct enable  s3_minio_shahed_shahed_biz_admin '9VJLMCIHU5AEUJESOCGZ'

mc admin user svcacct ls      s3_minio_shahed_shahed_biz_admin admin
mc admin user svcacct ls      s3_minio_shahed_shahed_biz_admin admin --json|jq -r '.accessKey'

Helm » K8s » MinIO » Service Account » Debug 

echo -n 'SecretKey: ';read -s MC_SECRET_KEY;export MC_SECRET_KEY;echo
# SecretKey: TkbFQXTXZjYquDhzfdFBUyguZF15s0W+OYrb3LXQ

mc alias set shahed_ae_loki_admin https://s3.minio.shahed.shahed.biz '9VJLMCIHU5AEUJESOCGZ' ${MC_SECRET_KEY}
mc ping      shahed_ae_loki_admin -c=3
mc ls        shahed_ae_loki_admin
mc alias rm  shahed_ae_loki_admin

Helm » K8s » Storage

Helm » K8s » Storage 

cat << EXE | sudo bash
mkdir -p             /var/minikube/pvc/logging/data-loki-0/{compactor,tsdb-shipper-{active,cache},wal}
chown -R 10001:10001 /var/minikube/pvc/logging/data-loki-0/{compactor,tsdb-shipper-{active,cache},wal}
chmod -R   750       /var/minikube/pvc/logging/
EXE

cat <<'YML'| kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: logging-data-loki-0
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: hostpath
  hostPath:
    path: /var/hostpath_pv/logging/data-loki-0
    type: DirectoryOrCreate
YML

Helm » Install

Helm » Install 

helm show values grafana/loki --version=6.31.0 |less
helm show values grafana/loki --version=6.32.0|less

kubectl create ns   logging
kubectl get ns|grep logging

cat << ENV | \
kubectl -n logging create secret generic loki-gateway --from-file=.htpasswd=/dev/stdin
$(htpasswd -nbB chorke            'sadaqah!')
$(htpasswd -nbB shahed            'sadaqah!')
$(htpasswd -nbB 'self-monitoring' 'sadaqah!')
ENV

cat << ENV | \
kubectl -n logging create secret generic loki-basic-auth --from-file=auth=/dev/stdin
$(htpasswd -nbB chorke 'sadaqah!')
$(htpasswd -nbB shahed 'sadaqah!')
ENV

cat <<'YML'| kubectl apply -n logging -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: data-loki-0
  namespace: logging
  labels:
    app.kubernetes.io/name: loki
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: loki
    app.kubernetes.io/managed-by: kubectl
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: hostpath
  volumeName: logging-data-loki-0
YML

Find More 👉 Storage » Mount

Find More 👉 Storage » Class » Hostpath

Find More 👉 Storage » Persistent Volume 

cat << YML | \
helm -n logging install    loki grafana/loki --version=6.32.0 -f -
---
loki:
  annotations:
    kubernetes.io/change-cause: 'CKI-1| Initial Deployment'
  schemaConfig:
    configs:
      - from: "2025-01-01"
        object_store: s3
        store: tsdb
        schema: v13
        index:
          prefix: loki_index_
          period: 24h

  limits_config:
    allow_structured_metadata: true
    volume_enabled: true
  pattern_ingester:
      enabled: true
  ruler:
    enable_api: true
  ui:
    enabled: true
    gateway:
      enabled: true

  storage:
    type: s3
    bucketNames:
      admin: shahed-ae-loki-admin
      ruler: shahed-ae-loki-ruler
      chunks: shahed-ae-loki-chunks
    s3:
      region: us-east-1
      s3ForcePathStyle: true
      accessKeyId: 9VJLMCIHU5AEUJESOCGZ
      endpoint: s3.minio.shahed.shahed.biz
      secretAccessKey: q7zUQ80sQ8C0+h8MpwIyhRkcNPP8FxK8X2eFmyvR

  persistence:
    enabled: false
    existingClaim: data-loki-0

  commonConfig:
    replication_factor: 3

deploymentMode: SingleBinary
singleBinary:
  replicas: 1
  autoscaling:
    enabled: true
    minReplicas: 1
    maxReplicas: 3

minio:
  enabled: false
  annotations:
    kubernetes.io/change-cause: 'CKI-1| Initial Deployment'
  replicas: 1
  drivesPerNode: 2
  rootUser: admin
  rootPassword: 'sadaqah!'
  users:
    - accessKey: loki
      policy: readwrite
      secretKey: 'sadaqah!'

lokiCanary:
  annotations:
    kubernetes.io/change-cause: 'CKI-1| Initial Deployment'

gateway:
  enabled: true
  annotations:
    kubernetes.io/change-cause: 'CKI-1| Initial Deployment'
  ingress:
    enabled: true
    ingressClassName: nginx
    hosts:
      - host: loki.shahed.shahed.biz
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: loki-shahed-shahed-biz-tls
        hosts:
          - loki.shahed.shahed.biz
  basicAuth:
    enabled: true
    existingSecret: loki-gateway

resultsCache:
  annotations:
    kubernetes.io/change-cause: 'CKI-1| Initial Deployment'

chunksCache:
  annotations:
    kubernetes.io/change-cause: 'CKI-1| Initial Deployment'
  batchSize: 2
  parallelism: 2
  maxItemMemory: 2
  connectionLimit: 512
  allocatedMemory: 128
  writebackBuffer: 10000
  writebackSizeLimit: 50MB
  writebackParallelism: 1
  resources:
    requests:
      cpu: 50m
      memory: 64Mi
    limits:
      cpu: 100m
      memory: 128Mi

monitoring:
  selfMonitoring:
    enabled: false
    tenant:
      name: self-monitoring
      password: 'sadaqah!'

ingress:
  enabled: false
  ingressClassName: nginx
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: loki-basic-auth
    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
  labels:
    blackbox.monitoring.exclude: 'true'
  hosts:
    - loki.shahed.shahed.biz

backend:
  replicas: 0
read:
  replicas: 0
write:
  replicas: 0

ingester:
  replicas: 0
querier:
  replicas: 0
queryFrontend:
  replicas: 0
queryScheduler:
  replicas: 0
distributor:
  replicas: 0
compactor:
  replicas: 0
indexGateway:
  replicas: 0
bloomCompactor:
  replicas: 0
bloomGateway:
  replicas: 0
YML

kubectl -n logging annotate ds/loki-canary \
 kubernetes.io/change-cause='CKI-1| Initial Deployment'

Helm » K8s » Verify

Helm » K8s » Verify 

cat << YML | \
kubectl -n logging patch ingress loki-gateway --type merge --patch-file=/dev/stdin
---
spec:
  tls: null
YML

kubectl -n logging get secrets loki-gateway    -o yaml|yq -r '.data.".htpasswd"'|base64 -d;echo
kubectl -n logging get secrets loki-basic-auth -o yaml|yq -r '.data.auth'       |base64 -d;echo

xdg-open https://www.cdn77.com/tls-test/result?domain=loki.shahed.shahed.biz
xdg-open https://loki.shahed.shahed.biz/ui/

kubectl -n logging exec -it svc/loki               -c loki          -- ash
kubectl -n logging exec -it svc/loki               -c loki-sc-rules -- ash
kubectl -n logging exec -it svc/loki-memberlist    -c loki          -- ash
kubectl -n logging exec -it svc/loki-memberlist    -c loki-sc-rules -- ash

kubectl -n logging exec -it svc/loki-canary        -c loki-canary   -- ash
kubectl -n logging exec -it svc/loki-canary                         -- ash

kubectl -n logging exec -it svc/loki-chunks-cache  -c memcached     -- ash
kubectl -n logging exec -it svc/loki-chunks-cache  -c exporter      -- ash
kubectl -n logging exec -it svc/loki-headless      -c memcached     -- ash
kubectl -n logging exec -it svc/loki-headless      -c exporter      -- ash
kubectl -n logging exec -it svc/loki-results-cache -c memcached     -- ash
kubectl -n logging exec -it svc/loki-results-cache -c exporter      -- ash

kubectl -n logging logs -f  svc/loki         -c loki-sc-rules
kubectl -n logging logs -f  svc/loki-canary  -c loki-canary
kubectl -n logging logs -f  svc/loki         -c loki
kubectl -n logging logs -f  svc/loki-gateway

kubectl -n logging exec -it svc/loki-gateway -- sh
kubectl -n logging exec -it svc/loki         -- sh
kubectl -n logging exec -it svc/loki         -- id

---
Page: https://loki.shahed.shahed.biz
user: admin
pass: sadaqah!

Helm » Uninstall

Helm » Uninstall 

helm    uninstall  loki       -n logging
kubectl delete pvc --all      -n logging
kubectl delete pv    logging-data-loki-0

kubectl delete deploy --all   -n logging
kubectl delete all    --all   -n logging
kubectl delete ns                logging

Playground

Playground 

helm -n logging install    loki grafana/loki --version=6.31.0
helm -n logging upgrade -i loki grafana/loki --version=6.32.0
helm    show    values          grafana/loki --version=6.32.0|less

kubectl -n logging get secrets loki-gateway    -o yaml|yq -r '.data.".htpasswd"'|base64 -d;echo
kubectl -n logging get secrets loki-basic-auth -o yaml|yq -r '.data.auth'       |base64 -d;echo

kubectl -n logging logs -f  svc/loki         -c loki-sc-rules
kubectl -n logging logs -f  svc/loki-canary  -c loki-canary
kubectl -n logging logs -f  svc/loki         -c loki
kubectl -n logging logs -f  svc/loki-gateway

kubectl -n logging exec -it svc/loki-gateway -- sh
kubectl -n logging exec -it svc/loki         -- sh
kubectl -n logging exec -it svc/loki         -- id

kubectl -n logging delete all --all
kubectl -n logging delete ing --all
kubectl -n logging delete sts --all

kubectl    delete  pv logging-data-loki-0
kubectl -n logging delete svc --all
kubectl -n logging delete pvc --all

kubectl -n logging rollout history deploy/loki-gateway
kubectl -n logging rollout restart deploy/loki-gateway
kubectl -n logging rollout status  deploy/loki-gateway

kubectl -n logging logs -f  svc/loki-gateway
kubectl -n logging logs -f  svc/loki-canary
kubectl -n logging logs -f  svc/loki

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Helm/Loki&oldid=15554"