promtail: Deploy as DaemonSet

Running Promtail in a pod controlled by a DaemonSet allows it to access the Kubernetes API via a ServiceAccount token. Since it needs the API in order to discover the Pods running on the current node in order to find their log files, this makes the authentication process a lot simpler.
2024-02-21 07:58:56 -06:00
parent 5e4ab1d988
commit 815eefdcf9
4 changed files with 295 additions and 0 deletions
--- a/promtail/kustomization.yaml
+++ b/promtail/kustomization.yaml
@@ -0,0 +1,41 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: promtail
+
+labels:
+- pairs:
+    app.kubernetes.io/instance: promtail
+    app.kubernetes.io/part-of: promtail
+  includeSelectors: false
+
+resources:
+- namespace.yaml
+- promtail.yaml
+- ../dch-root-ca
+
+configMapGenerator:
+- name: promtail
+  files:
+  - config.yml
+
+patches:
+- patch: |
+    apiVersion: apps/v1
+    kind: DaemonSet
+    metadata:
+      name: promtail
+    spec:
+      template:
+        spec:
+          containers:
+          - name: promtail
+            volumeMounts:
+            - mountPath: /run/dch-ca
+              name: dch-ca
+              readOnly: true
+          volumes:
+          - name: dch-ca
+            configMap:
+              name: dch-root-ca
+              optional: true