Fix: Sidecar configuration for Backend #10603
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
|
|
Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
|
@nlamirault Thanks for this contribution. You forgot to update the |
|
@nlamirault Please change the version to 5.22.2 and merge in main. A 5.22.1 has already been merged. |
Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
MichelHollands
approved these changes
Sep 21, 2023
This was referenced Mar 25, 2024
This was referenced Apr 1, 2024
rhnasc
pushed a commit
to inloco/loki
that referenced
this pull request
Apr 12, 2024
**What this PR does / why we need it**: **Which issue(s) this PR fixes**: Fixes #<issue number> **Special notes for your reviewer**: **Checklist** - [x] Reviewed the [`CONTRIBUTING.md`](https://github.com/grafana/loki/blob/main/CONTRIBUTING.md) guide (**required**) - [ ] Documentation added - [ ] Tests updated - [ ] `CHANGELOG.md` updated - [ ] If the change is worth mentioning in the release notes, add `add-to-release-notes` label - [ ] Changes that require user attention or interaction to upgrade are documented in `docs/sources/setup/upgrade/_index.md` - [x] For Helm chart changes bump the Helm chart version in `production/helm/loki/Chart.yaml` and update `production/helm/loki/CHANGELOG.md` and `production/helm/loki/README.md`. [Example PR](grafana@d10549e) With this values: ```yaml sidecar: image: # -- The Docker registry and image for the k8s sidecar repository: kiwigrid/k8s-sidecar # -- Docker image tag tag: 1.24.3 # -- Docker image sha. If empty, no sha will be used sha: "" # -- Docker image pull policy pullPolicy: IfNotPresent # -- Resource requests and limits for the sidecar resources: #{} limits: cpu: 100m memory: 100Mi requests: cpu: 50m memory: 50Mi # -- The SecurityContext for the sidecar. securityContext: runAsNonRoot: true runAsGroup: 10001 runAsUser: 10001 fsGroup: 10001 # -- Set to true to skip tls verification for kube api calls. skipTlsVerify: false # -- Ensure that rule files aren't conflicting and being overwritten by prefixing their name with the namespace they are defined in. enableUniqueFilenames: false # -- Readiness probe definition. Probe is disabled on the sidecar by default. readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 # -- Liveness probe definition. Probe is disabled on the sidecar by default. livenessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 rules: # -- Whether or not to create a sidecar to ingest rule from specific ConfigMaps and/or Secrets. enabled: true # -- Label that the configmaps/secrets with rules will be marked with. label: loki_rule # -- Label value that the configmaps/secrets with rules will be set to. labelValue: "" # -- Folder into which the rules will be placed. folder: /rules # -- Comma separated list of namespaces. If specified, the sidecar will search for config-maps/secrets inside these namespaces. # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify 'ALL' to search in all namespaces. searchNamespace: null # -- Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH request, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. watchMethod: WATCH # -- Search in configmap, secret, or both. resource: both # -- Absolute path to the shell script to execute after a configmap or secret has been reloaded. script: null # -- WatchServerTimeout: request to the server, asking it to cleanly close the connection after that. # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S. watchServerTimeout: 60 # # -- WatchClientTimeout: is a client-side timeout, configuring your local socket. # If you have a network outage dropping all packets with no RST/FIN, # this is how long your client waits before realizing & dropping the connection. # Defaults to 66sec. watchClientTimeout: 60 # -- Log level of the sidecar container. logLevel: INFO ``` Before the patch: ```yaml --- apiVersion: apps/v1 kind: StatefulSet metadata: name: loki-backend namespace: default labels: helm.sh/chart: loki-5.22.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2.9.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: backend app.kubernetes.io/part-of: memberlist spec: replicas: 3 podManagementPolicy: Parallel updateStrategy: rollingUpdate: partition: 0 serviceName: loki-backend-headless revisionHistoryLimit: 10 persistentVolumeClaimRetentionPolicy: whenDeleted: Delete whenScaled: Delete selector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend template: metadata: annotations: checksum/config: a9f8d008a1b589265e3fa894e3b81ab2a4132bb741d3b6e8db304a1e6b6d3ba5 labels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend app.kubernetes.io/part-of: memberlist spec: serviceAccountName: loki automountServiceAccountToken: true securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 terminationGracePeriodSeconds: 300 containers: - name: loki-sc-rules image: "kiwigrid/k8s-sidecar:1.24.3" imagePullPolicy: IfNotPresent env: - name: METHOD value: WATCH - name: LABEL value: "loki_rule" - name: FOLDER value: "/rules" - name: RESOURCE value: "both" - name: WATCH_SERVER_TIMEOUT value: "60" - name: WATCH_CLIENT_TIMEOUT value: "60" - name: LOG_LEVEL value: "INFO" livenessProbe: null readinessProbe: null resources: limits: cpu: 100m memory: 100Mi requests: cpu: 50m memory: 50Mi securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 volumeMounts: - name: sc-rules-volume mountPath: "/rules" - name: loki image: docker.io/grafana/loki:2.9.1 imagePullPolicy: IfNotPresent args: - -config.file=/etc/loki/config/config.yaml - -target=backend - -legacy-read-mode=false ports: - name: http-metrics containerPort: 3100 protocol: TCP - name: grpc containerPort: 9095 protocol: TCP - name: http-memberlist containerPort: 7946 protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 volumeMounts: - name: config mountPath: /etc/loki/config - name: runtime-config mountPath: /etc/loki/runtime-config - name: tmp mountPath: /tmp - name: data mountPath: /var/loki - name: sc-rules-volume mountPath: "/rules" resources: {} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend topologyKey: kubernetes.io/hostname volumes: - name: tmp emptyDir: {} - name: config configMap: name: loki items: - key: "config.yaml" path: "config.yaml" - name: runtime-config configMap: name: loki-runtime - name: sc-rules-volume emptyDir: {} volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: "10Gi" ``` After the patch: ```yaml --- # Source: loki/templates/backend/statefulset-backend.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: loki-backend namespace: default labels: helm.sh/chart: loki-5.22.1 app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2.9.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: backend app.kubernetes.io/part-of: memberlist spec: replicas: 3 podManagementPolicy: Parallel updateStrategy: rollingUpdate: partition: 0 serviceName: loki-backend-headless revisionHistoryLimit: 10 persistentVolumeClaimRetentionPolicy: whenDeleted: Delete whenScaled: Delete selector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend template: metadata: annotations: checksum/config: f1823dbb8a5e31ab8d2ad66878f6abb71a9e0f49c8768462d873da21192e208b labels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend app.kubernetes.io/part-of: memberlist spec: serviceAccountName: loki automountServiceAccountToken: true securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 terminationGracePeriodSeconds: 300 containers: - name: loki-sc-rules image: "kiwigrid/k8s-sidecar:1.24.3" imagePullPolicy: IfNotPresent env: - name: METHOD value: WATCH - name: LABEL value: "loki_rule" - name: FOLDER value: "/rules" - name: RESOURCE value: "both" - name: WATCH_SERVER_TIMEOUT value: "60" - name: WATCH_CLIENT_TIMEOUT value: "60" - name: LOG_LEVEL value: "INFO" livenessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 resources: limits: cpu: 100m memory: 100Mi requests: cpu: 50m memory: 50Mi securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 volumeMounts: - name: sc-rules-volume mountPath: "/rules" - name: loki image: docker.io/grafana/loki:2.9.1 imagePullPolicy: IfNotPresent args: - -config.file=/etc/loki/config/config.yaml - -target=backend - -legacy-read-mode=false ports: - name: http-metrics containerPort: 3100 protocol: TCP - name: grpc containerPort: 9095 protocol: TCP - name: http-memberlist containerPort: 7946 protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 volumeMounts: - name: config mountPath: /etc/loki/config - name: runtime-config mountPath: /etc/loki/runtime-config - name: tmp mountPath: /tmp - name: data mountPath: /var/loki - name: sc-rules-volume mountPath: "/rules" resources: {} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend topologyKey: kubernetes.io/hostname volumes: - name: tmp emptyDir: {} - name: config configMap: name: loki items: - key: "config.yaml" path: "config.yaml" - name: runtime-config configMap: name: loki-runtime - name: sc-rules-volume emptyDir: {} volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: "10Gi" ``` --------- Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> Co-authored-by: Michel Hollands <42814411+MichelHollands@users.noreply.github.com>
mraboosk
pushed a commit
to mraboosk/loki
that referenced
this pull request
Oct 7, 2024
**What this PR does / why we need it**: **Which issue(s) this PR fixes**: Fixes #<issue number> **Special notes for your reviewer**: **Checklist** - [x] Reviewed the [`CONTRIBUTING.md`](https://github.com/grafana/loki/blob/main/CONTRIBUTING.md) guide (**required**) - [ ] Documentation added - [ ] Tests updated - [ ] `CHANGELOG.md` updated - [ ] If the change is worth mentioning in the release notes, add `add-to-release-notes` label - [ ] Changes that require user attention or interaction to upgrade are documented in `docs/sources/setup/upgrade/_index.md` - [x] For Helm chart changes bump the Helm chart version in `production/helm/loki/Chart.yaml` and update `production/helm/loki/CHANGELOG.md` and `production/helm/loki/README.md`. [Example PR](grafana@2cef71e) With this values: ```yaml sidecar: image: # -- The Docker registry and image for the k8s sidecar repository: kiwigrid/k8s-sidecar # -- Docker image tag tag: 1.24.3 # -- Docker image sha. If empty, no sha will be used sha: "" # -- Docker image pull policy pullPolicy: IfNotPresent # -- Resource requests and limits for the sidecar resources: #{} limits: cpu: 100m memory: 100Mi requests: cpu: 50m memory: 50Mi # -- The SecurityContext for the sidecar. securityContext: runAsNonRoot: true runAsGroup: 10001 runAsUser: 10001 fsGroup: 10001 # -- Set to true to skip tls verification for kube api calls. skipTlsVerify: false # -- Ensure that rule files aren't conflicting and being overwritten by prefixing their name with the namespace they are defined in. enableUniqueFilenames: false # -- Readiness probe definition. Probe is disabled on the sidecar by default. readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 # -- Liveness probe definition. Probe is disabled on the sidecar by default. livenessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 rules: # -- Whether or not to create a sidecar to ingest rule from specific ConfigMaps and/or Secrets. enabled: true # -- Label that the configmaps/secrets with rules will be marked with. label: loki_rule # -- Label value that the configmaps/secrets with rules will be set to. labelValue: "" # -- Folder into which the rules will be placed. folder: /rules # -- Comma separated list of namespaces. If specified, the sidecar will search for config-maps/secrets inside these namespaces. # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify 'ALL' to search in all namespaces. searchNamespace: null # -- Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH request, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. watchMethod: WATCH # -- Search in configmap, secret, or both. resource: both # -- Absolute path to the shell script to execute after a configmap or secret has been reloaded. script: null # -- WatchServerTimeout: request to the server, asking it to cleanly close the connection after that. # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S. watchServerTimeout: 60 # # -- WatchClientTimeout: is a client-side timeout, configuring your local socket. # If you have a network outage dropping all packets with no RST/FIN, # this is how long your client waits before realizing & dropping the connection. # Defaults to 66sec. watchClientTimeout: 60 # -- Log level of the sidecar container. logLevel: INFO ``` Before the patch: ```yaml --- apiVersion: apps/v1 kind: StatefulSet metadata: name: loki-backend namespace: default labels: helm.sh/chart: loki-5.22.0 app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2.9.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: backend app.kubernetes.io/part-of: memberlist spec: replicas: 3 podManagementPolicy: Parallel updateStrategy: rollingUpdate: partition: 0 serviceName: loki-backend-headless revisionHistoryLimit: 10 persistentVolumeClaimRetentionPolicy: whenDeleted: Delete whenScaled: Delete selector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend template: metadata: annotations: checksum/config: a9f8d008a1b589265e3fa894e3b81ab2a4132bb741d3b6e8db304a1e6b6d3ba5 labels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend app.kubernetes.io/part-of: memberlist spec: serviceAccountName: loki automountServiceAccountToken: true securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 terminationGracePeriodSeconds: 300 containers: - name: loki-sc-rules image: "kiwigrid/k8s-sidecar:1.24.3" imagePullPolicy: IfNotPresent env: - name: METHOD value: WATCH - name: LABEL value: "loki_rule" - name: FOLDER value: "/rules" - name: RESOURCE value: "both" - name: WATCH_SERVER_TIMEOUT value: "60" - name: WATCH_CLIENT_TIMEOUT value: "60" - name: LOG_LEVEL value: "INFO" livenessProbe: null readinessProbe: null resources: limits: cpu: 100m memory: 100Mi requests: cpu: 50m memory: 50Mi securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 volumeMounts: - name: sc-rules-volume mountPath: "/rules" - name: loki image: docker.io/grafana/loki:2.9.1 imagePullPolicy: IfNotPresent args: - -config.file=/etc/loki/config/config.yaml - -target=backend - -legacy-read-mode=false ports: - name: http-metrics containerPort: 3100 protocol: TCP - name: grpc containerPort: 9095 protocol: TCP - name: http-memberlist containerPort: 7946 protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 volumeMounts: - name: config mountPath: /etc/loki/config - name: runtime-config mountPath: /etc/loki/runtime-config - name: tmp mountPath: /tmp - name: data mountPath: /var/loki - name: sc-rules-volume mountPath: "/rules" resources: {} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend topologyKey: kubernetes.io/hostname volumes: - name: tmp emptyDir: {} - name: config configMap: name: loki items: - key: "config.yaml" path: "config.yaml" - name: runtime-config configMap: name: loki-runtime - name: sc-rules-volume emptyDir: {} volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: "10Gi" ``` After the patch: ```yaml --- # Source: loki/templates/backend/statefulset-backend.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: loki-backend namespace: default labels: helm.sh/chart: loki-5.22.1 app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2.9.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: backend app.kubernetes.io/part-of: memberlist spec: replicas: 3 podManagementPolicy: Parallel updateStrategy: rollingUpdate: partition: 0 serviceName: loki-backend-headless revisionHistoryLimit: 10 persistentVolumeClaimRetentionPolicy: whenDeleted: Delete whenScaled: Delete selector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend template: metadata: annotations: checksum/config: f1823dbb8a5e31ab8d2ad66878f6abb71a9e0f49c8768462d873da21192e208b labels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend app.kubernetes.io/part-of: memberlist spec: serviceAccountName: loki automountServiceAccountToken: true securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 terminationGracePeriodSeconds: 300 containers: - name: loki-sc-rules image: "kiwigrid/k8s-sidecar:1.24.3" imagePullPolicy: IfNotPresent env: - name: METHOD value: WATCH - name: LABEL value: "loki_rule" - name: FOLDER value: "/rules" - name: RESOURCE value: "both" - name: WATCH_SERVER_TIMEOUT value: "60" - name: WATCH_CLIENT_TIMEOUT value: "60" - name: LOG_LEVEL value: "INFO" livenessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 resources: limits: cpu: 100m memory: 100Mi requests: cpu: 50m memory: 50Mi securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 volumeMounts: - name: sc-rules-volume mountPath: "/rules" - name: loki image: docker.io/grafana/loki:2.9.1 imagePullPolicy: IfNotPresent args: - -config.file=/etc/loki/config/config.yaml - -target=backend - -legacy-read-mode=false ports: - name: http-metrics containerPort: 3100 protocol: TCP - name: grpc containerPort: 9095 protocol: TCP - name: http-memberlist containerPort: 7946 protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true readinessProbe: httpGet: path: /ready port: http-metrics initialDelaySeconds: 30 timeoutSeconds: 1 volumeMounts: - name: config mountPath: /etc/loki/config - name: runtime-config mountPath: /etc/loki/runtime-config - name: tmp mountPath: /tmp - name: data mountPath: /var/loki - name: sc-rules-volume mountPath: "/rules" resources: {} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: loki app.kubernetes.io/instance: release-name app.kubernetes.io/component: backend topologyKey: kubernetes.io/hostname volumes: - name: tmp emptyDir: {} - name: config configMap: name: loki items: - key: "config.yaml" path: "config.yaml" - name: runtime-config configMap: name: loki-runtime - name: sc-rules-volume emptyDir: {} volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: "10Gi" ``` --------- Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> Co-authored-by: Michel Hollands <42814411+MichelHollands@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Checklist
CONTRIBUTING.mdguide (required)CHANGELOG.mdupdatedadd-to-release-noteslabeldocs/sources/setup/upgrade/_index.mdproduction/helm/loki/Chart.yamland updateproduction/helm/loki/CHANGELOG.mdandproduction/helm/loki/README.md. Example PRWith this values:
Before the patch:
After the patch: