apiVersion: v1 kind: Service metadata: name: api-logger-loki namespace: egommerce labels: app: api-logger-loki spec: type: NodePort selector: app: api-logger-loki ports: - protocol: TCP port: 3100 nodePort: 31401 --- apiVersion: apps/v1 kind: Deployment metadata: name: api-logger-loki namespace: egommerce labels: app: api-logger-loki spec: replicas: 1 selector: matchLabels: app: api-logger-loki template: metadata: labels: app: api-logger-loki spec: containers: - name: api-logger-loki image: git.ego.freeddns.org/egommerce/api-logger-loki:dev imagePullPolicy: Always args: - "-config.file=/etc/loki/loki.yaml" ports: - containerPort: 3100 --- apiVersion: v1 kind: ServiceAccount metadata: name: api-logger-promtail-ac namespace: egommerce labels: app: api-logger-promtail-ac annotations: {} --- apiVersion: apps/v1 kind: DaemonSet metadata: name: api-logger-promtail namespace: egommerce labels: app: api-logger-promtail spec: revisionHistoryLimit: 1 selector: matchLabels: app: api-logger-promtail # updateStrategy: # type: RollingUpdate template: metadata: labels: app: api-logger-promtail annotations: prometheus.io/port: http-metrics prometheus.io/scrape: "true" spec: serviceAccountName: api-logger-promtail-ac automountServiceAccountToken: true containers: - name: api-logger-promtail image: git.ego.freeddns.org/egommerce/api-logger-promtail:dev imagePullPolicy: Always env: - name: HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: '1' resource: limits.memory ports: - name: promtail-http containerPort: 3101 resources: limits: cpu: 100m memory: 512Mi requests: cpu: 50m memory: 128Mi livenessProbe: httpGet: path: /ready port: promtail-http initialDelaySeconds: 45 readinessProbe: httpGet: path: /ready port: promtail-http initialDelaySeconds: 45 volumeMounts: # - name: api-logger-promtail-config # mountPath: /etc/promtail - name: api-logger-promtail-run mountPath: /run/promtail - name: api-logger-promtail-varlog mountPath: /var/log readOnly: true - name: api-logger-promtail-docker mountPath: /var/lib/docker/containers readOnly: true - name: api-logger-promtail-tmp mountPath: /tmp subPath: tmp readOnly: false securityContext: privileged: true readOnlyRootFilesystem: true runAsUser: 0 seccompProfile: type: RuntimeDefault capabilities: drop: - ALL terminationGracePeriodSeconds: 60 volumes: - name: api-logger-promtail-run hostPath: path: /run/promtail - name: api-logger-promtail-varlog hostPath: path: /var/log - name: api-logger-promtail-docker hostPath: path: /var/lib/docker/containers - name: api-logger-promtail-tmp emptyDir: sizeLimit: 1Gi --- apiVersion: v1 kind: PersistentVolume metadata: name: api-logger-prometheus-pv namespace: egommerce spec: capacity: storage: 5Gi accessModes: - ReadWriteOnce storageClassName: api-logger-prometheus-pv hostPath: path: "/home/keedosn/.egommerce/prometheus" # Ensure this path exists on the node --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: api-logger-prometheus-pvc namespace: egommerce spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi #storageClassName: api-logger-prometheus-pv --- apiVersion: v1 kind: ServiceAccount metadata: name: api-logger-prometheus namespace: egommerce labels: name: api-logger-prometheus annotations: {} --- apiVersion: v1 kind: Service metadata: name: api-logger-prometheus namespace: egommerce labels: app: api-logger-prometheus spec: type: NodePort selector: app: api-logger-prometheus ports: - name: api-logger-prometheus protocol: TCP port: 9090 nodePort: 31402 --- apiVersion: apps/v1 kind: Deployment metadata: name: api-logger-prometheus namespace: egommerce labels: app: api-logger-prometheus spec: # revisionHistoryLimit: 1 # replicas: 1 selector: matchLabels: app: api-logger-prometheus template: metadata: labels: app: api-logger-prometheus annotations: prometheus.io/scrape: "true" prometheus.io/port: prometheus-http spec: serviceAccountName: api-logger-prometheus automountServiceAccountToken: true securityContext: runAsGroup: 10001 runAsUser: 10001 runAsNonRoot: true containers: - name: api-logger-prometheus image: git.ego.freeddns.org/egommerce/api-logger-prometheus:dev imagePullPolicy: Always env: - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: '1' resource: limits.memory args: # - '--storage.tsdb.retention.time=15d' - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus/data/' # - '--web.console.libraries=/etc/prometheus/console_libraries' # - '--web.console.templates=/etc/prometheus/consoles' # - '--enable-feature=concurrent-rule-eval,promql-experimental-functions,exemplar-storage,promql-per-step-stats,native-histograms' # - '--web.enable-remote-write-receiver' # - '--web.enable-otlp-receiver' # - '--web.enable-lifecycle' - '--log.level=info' # - '--log.format=json' ports: - name: prometheus-http containerPort: 9090 # livenessProbe: # httpGet: # path: /-/healthy # port: prometheus-http # readinessProbe: # httpGet: # path: /-/ready # port: prometheus-http resources: limits: cpu: 150m memory: 894Mi requests: cpu: 100m memory: 512Mi volumeMounts: # - name: config-volume # mountPath: /etc/prometheus # - name: config-volume # mountPath: /etc/config/alerting_rules.yml # subPath: alerting_rules.yml - name: api-logger-prometheus-storage mountPath: /prometheus/data securityContext: allowPrivilegeEscalation: false privileged: false readOnlyRootFilesystem: false #true DEFAULT !!! seccompProfile: type: RuntimeDefault capabilities: drop: - ALL volumes: - name: api-logger-prometheus-storage persistentVolumeClaim: claimName: api-logger-prometheus-pvc --- apiVersion: v1 kind: Service metadata: name: api-logger-grafana namespace: egommerce labels: app: api-logger-grafana spec: type: NodePort selector: app: api-logger-grafana ports: - name: api-logger-grafana-api protocol: TCP port: 3000 nodePort: 31400 --- apiVersion: v1 kind: PersistentVolume metadata: name: api-logger-grafana-pv namespace: egommerce spec: capacity: storage: 5Gi accessModes: - ReadWriteOnce storageClassName: api-logger-grafana-pv hostPath: path: "/home/keedosn/.egommerce/grafana" # Ensure this path exists on the node --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: api-logger-grafana-pvc namespace: egommerce spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi #storageClassName: api-logger-grafana-pv --- apiVersion: apps/v1 kind: Deployment metadata: name: api-logger-grafana namespace: egommerce labels: app: api-logger-grafana spec: revisionHistoryLimit: 1 replicas: 1 selector: matchLabels: app: api-logger-grafana template: metadata: labels: app: api-logger-grafana annotations: prometheus.io/scrape: "true" prometheus.io/port: "3000" filter.by.port.name: "true" spec: automountServiceAccountToken: false securityContext: runAsNonRoot: true runAsGroup: 65534 runAsUser: 65534 initContainers: - name: curl image: curlimages/curl:latest imagePullPolicy: IfNotPresent command: - /bin/sh args: - -c - | which curl volumeMounts: - name: api-logger-grafana-storage mountPath: /var/lib/grafana subPath: grafana containers: - name: api-logger-grafana image: git.ego.freeddns.org/egommerce/api-logger-grafana:dev imagePullPolicy: Always env: - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: '1' resource: limits.memory ports: - containerPort: 3000 resources: limits: cpu: 100m memory: 768Mi requests: cpu: 50m memory: 512Mi volumeMounts: - name: api-logger-grafana-storage mountPath: /var/lib/grafana subPath: grafana - name: api-logger-grafana-storage mountPath: /var/lib/grafana/dashboards subPath: dashboards - name: api-logger-grafana-storage mountPath: /tmp subPath: tmp securityContext: allowPrivilegeEscalation: false privileged: false readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault capabilities: drop: - ALL volumes: - name: api-logger-grafana-storage persistentVolumeClaim: claimName: api-logger-grafana-pvc