k8s/apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix namespace names

Browse Source
This commit is contained in:
Philip Haupt
2025-11-14 23:04:42 +01:00
parent c3f7df57f2
commit 695630b8c8
4 changed files with 480 additions and 374 deletions
Download Patch File Download Diff File Expand all files Collapse all files

706
grafana-alloy/main.yaml
View File

@@ -1,361 +1,467 @@
apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana
namespace: grafana
---
apiVersion: v1
kind: ServiceAccount
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/hook: test
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana-test
namespace: grafana
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: podlogs.monitoring.grafana.com
spec:
group: monitoring.grafana.com
names:
categories:
- grafana-alloy
- alloy
kind: PodLogs
listKind: PodLogsList
plural: podlogs
singular: podlogs
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: PodLogs defines how to collect logs for a Pod.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PodLogsSpec defines how to collect logs for a Pod.
properties:
namespaceSelector:
description: Selector to select which namespaces the Pod objects are
discovered from.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
relabelings:
description: RelabelConfigs to apply to logs before delivering.
items:
description: 'RelabelConfig allows dynamic rewriting of the label
set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section
of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
default: replace
description: Action to perform based on regex matching. Default
is 'replace'. uppercase and lowercase actions require Prometheus
>= 2.36.
enum:
- replace
- Replace
- keep
- Keep
- drop
- Drop
- hashmod
- HashMod
- labelmap
- LabelMap
- labeldrop
- LabelDrop
- labelkeep
- LabelKeep
- lowercase
- Lowercase
- uppercase
- Uppercase
type: string
modulus:
description: Modulus to take of the hash of the source label
values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex capture
groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source label
values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing labels.
Their content is concatenated using the configured separator
and matched against the configured regular expression for
the replace, keep, and drop actions.
items:
description: LabelName is a valid Prometheus label name which
may only contain ASCII letters, numbers, as well as underscores.
pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
type: array
targetLabel:
description: Label to which the resulting value is written in
a replace action. It is mandatory for replace actions. Regex
capture groups are available.
type: string
type: object
type: array
selector:
description: Selector to select Pod objects. Required.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
required:
- selector
type: object
type: object
served: true
storage: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana
namespace: grafana
rules: []
app.kubernetes.io/component: rbac
app.kubernetes.io/instance: alloy
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: alloy
app.kubernetes.io/part-of: alloy
app.kubernetes.io/version: v1.11.3
helm.sh/chart: alloy-1.4.0
name: alloy
namespace: grafana-alloy
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana-clusterrole
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana
namespace: grafana
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: grafana
subjects:
- kind: ServiceAccount
name: grafana
namespace: grafana
app.kubernetes.io/component: rbac
app.kubernetes.io/instance: alloy
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: alloy
app.kubernetes.io/part-of: alloy
app.kubernetes.io/version: v1.11.3
helm.sh/chart: alloy-1.4.0
name: alloy
rules:
- apiGroups:
- ""
- discovery.k8s.io
- networking.k8s.io
resources:
- endpoints
- endpointslices
- ingresses
- pods
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
- pods/log
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.grafana.com
resources:
- podlogs
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- prometheusrules
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- podmonitors
- servicemonitors
- probes
- scrapeconfigs
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- nodes/metrics
verbs:
- get
- list
- watch
- nonResourceURLs:
- /metrics
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana-clusterrolebinding
app.kubernetes.io/component: rbac
app.kubernetes.io/instance: alloy
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: alloy
app.kubernetes.io/part-of: alloy
app.kubernetes.io/version: v1.11.3
helm.sh/chart: alloy-1.4.0
name: alloy
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: grafana-clusterrole
name: alloy
subjects:
- kind: ServiceAccount
name: grafana
namespace: grafana
name: alloy
namespace: grafana-alloy
---
apiVersion: v1
data:
grafana.ini: |
[analytics]
check_for_updates = true
[grafana_net]
url = https://grafana.net
[log]
mode = console
[paths]
data = /var/lib/grafana/
logs = /var/log/grafana
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning
[server]
domain = ''
root_url = https://grafana.home
config.alloy: |-
loki.write "local" {
endpoint {
url = "http://loki-gateway.monitoring.svc/loki/api/v1/push"
tenant_id = "dev"
}
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana
namespace: grafana
---
apiVersion: v1
data:
run.sh: |-
@test "Test Health" {
url="http://grafana/api/health"
code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^ HTTP/{print $2}')
[ "$code" == "200" ]
}
kind: ConfigMap
metadata:
annotations:
helm.sh/hook: test
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana-test
namespace: grafana
---
apiVersion: v1
data:
admin-password: UGxqZk51VEJWVkdPckF5ejJhYkZITTd2R1VEdmZJWjdVa0tCZnRObw==
admin-user: YWRtaW4=
ldap-toml: ""
kind: Secret
metadata:
labels:
app.kubernetes.io/component: admin-secret
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana
namespace: grafana
type: Opaque
app.kubernetes.io/component: config
app.kubernetes.io/instance: alloy
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: alloy
app.kubernetes.io/part-of: alloy
app.kubernetes.io/version: v1.11.3
helm.sh/chart: alloy-1.4.0
name: alloy
namespace: grafana-alloy
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana
namespace: grafana
app.kubernetes.io/component: networking
app.kubernetes.io/instance: alloy
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: alloy
app.kubernetes.io/part-of: alloy
app.kubernetes.io/version: v1.11.3
helm.sh/chart: alloy-1.4.0
name: alloy
namespace: grafana-alloy
spec:
internalTrafficPolicy: Cluster
ports:
- name: service
port: 80
- name: http-metrics
port: 12345
protocol: TCP
targetPort: grafana
targetPort: 12345
selector:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: alloy
app.kubernetes.io/name: alloy
type: ClusterIP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
finalizers:
- kubernetes.io/pvc-protection
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana
namespace: grafana
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: openebs-3-replicas
---
apiVersion: apps/v1
kind: Deployment
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana
namespace: grafana
app.kubernetes.io/instance: alloy
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: alloy
app.kubernetes.io/part-of: alloy
app.kubernetes.io/version: v1.11.3
helm.sh/chart: alloy-1.4.0
name: alloy
namespace: grafana-alloy
spec:
replicas: 1
revisionHistoryLimit: 10
minReadySeconds: 10
selector:
matchLabels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
strategy:
type: RollingUpdate
app.kubernetes.io/instance: alloy
app.kubernetes.io/name: alloy
template:
metadata:
annotations:
checksum/config: 865352f890d817b19919dbaaab368249b89392713a14c874d30b59e35e91516c
checksum/sc-dashboard-provider-config: e70bf6a851099d385178a76de9757bb0bef8299da6d8443602590e44f05fdf24
checksum/secret: 72a35d7651c7ae487c86c90133ffd2add1ad6281cd42e1f21c428a169c6f0f9c
kubectl.kubernetes.io/default-container: grafana
kubectl.kubernetes.io/default-container: alloy
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
app.kubernetes.io/instance: alloy
app.kubernetes.io/name: alloy
spec:
automountServiceAccountToken: true
containers:
- env:
- name: POD_IP
- args:
- run
- /etc/alloy/config.alloy
- --storage.path=/tmp/alloy
- --server.http.listen-addr=0.0.0.0:12345
- --server.http.ui-path-prefix=/
- --stability.level=generally-available
env:
- name: ALLOY_DEPLOY_MODE
value: helm
- name: HOSTNAME
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
key: admin-user
name: grafana
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: admin-password
name: grafana
- name: GF_PATHS_DATA
value: /var/lib/grafana/
- name: GF_PATHS_LOGS
value: /var/log/grafana
- name: GF_PATHS_PLUGINS
value: /var/lib/grafana/plugins
- name: GF_PATHS_PROVISIONING
value: /etc/grafana/provisioning
image: docker.io/grafana/grafana:12.2.1
fieldPath: spec.nodeName
image: docker.io/grafana/alloy:v1.11.3
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 10
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 60
timeoutSeconds: 30
name: grafana
name: alloy
ports:
- containerPort: 3000
name: grafana
protocol: TCP
- containerPort: 9094
name: gossip-tcp
protocol: TCP
- containerPort: 9094
name: gossip-udp
protocol: UDP
- containerPort: 6060
name: profiling
protocol: TCP
- containerPort: 12345
name: http-metrics
readinessProbe:
httpGet:
path: /api/health
port: 3000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
path: /-/ready
port: 12345
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/grafana/grafana.ini
- mountPath: /etc/alloy
name: config
subPath: grafana.ini
- mountPath: /var/lib/grafana
name: storage
enableServiceLinks: true
initContainers:
- command:
- chown
- -R
- 472:472
- /var/lib/grafana
image: docker.io/library/busybox:1.31.1
imagePullPolicy: IfNotPresent
name: init-chown-data
securityContext:
capabilities:
add:
- CHOWN
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault
- args:
- --watched-dir=/etc/alloy
- --reload-url=http://localhost:12345/-/reload
image: quay.io/prometheus-operator/prometheus-config-reloader:v0.81.0
name: config-reloader
resources:
requests:
cpu: 10m
memory: 50Mi
volumeMounts:
- mountPath: /var/lib/grafana
name: storage
securityContext:
fsGroup: 472
runAsGroup: 472
runAsNonRoot: true
runAsUser: 472
serviceAccountName: grafana
shareProcessNamespace: false
- mountPath: /etc/alloy
name: config
dnsPolicy: ClusterFirst
serviceAccountName: alloy
volumes:
- configMap:
name: grafana
name: alloy
name: config
- name: storage
persistentVolumeClaim:
claimName: grafana
---
apiVersion: v1
kind: Pod
metadata:
annotations:
helm.sh/hook: test
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.2.1
helm.sh/chart: grafana-10.1.4
name: grafana-test
namespace: grafana
spec:
containers:
- command:
- /opt/bats/bin/bats
- -t
- /tests/run.sh
image: docker.io/bats/bats:v1.4.1
imagePullPolicy: IfNotPresent
name: grafana-test
volumeMounts:
- mountPath: /tests
name: tests
readOnly: true
restartPolicy: Never
serviceAccountName: grafana-test
volumes:
- configMap:
name: grafana-test
name: tests

2
grafana-alloy/src/kustomization.yaml
View File

@@ -8,5 +8,5 @@ helmCharts:
version: 1.4.0
releaseName: alloy
includeCRDs: true
namespace: alloy
namespace: grafana-alloy
valuesFile: values.yaml