138 lines
3.0 KiB
YAML
138 lines
3.0 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: promtail
|
|
labels:
|
|
app.kubernetes.io/name: promtail
|
|
app.kubernetes.io/component: promtail
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: promtail
|
|
labels:
|
|
app.kubernetes.io/name: promtail
|
|
app.kubernetes.io/component: promtail
|
|
rules:
|
|
- apiGroups:
|
|
- ''
|
|
resources:
|
|
- pods
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: promtail
|
|
labels:
|
|
app.kubernetes.io/name: promtail
|
|
app.kubernetes.io/component: promtail
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: promtail
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: promtail
|
|
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: promtail
|
|
labels:
|
|
app.kubernetes.io/name: promtail
|
|
app.kubernetes.io/component: promtail
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: promtail
|
|
app.kubernetes.io/component: promtail
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: promtail
|
|
app.kubernetes.io/component: promtail
|
|
spec:
|
|
containers:
|
|
- name: promtail
|
|
image: docker.io/grafana/promtail:2.9.4
|
|
args:
|
|
- -config.file=/etc/promtail/config.yml
|
|
env:
|
|
- name: HOSTNAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
ports:
|
|
- containerPort: 9080
|
|
name: http
|
|
readinessProbe: &probe
|
|
httpGet:
|
|
port: http
|
|
path: /ready
|
|
periodSeconds: 60
|
|
startupProbe:
|
|
<<: *probe
|
|
periodSeconds: 1
|
|
successThreshold: 1
|
|
failureThreshold: 30
|
|
timeoutSeconds: 1
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
volumeMounts:
|
|
- mountPath: /etc/machine-id
|
|
name: machine-id
|
|
readOnly: true
|
|
- mountPath: /etc/promtail
|
|
name: config
|
|
readOnly: true
|
|
- mountPath: /run/log
|
|
name: run-log
|
|
readOnly: true
|
|
- mountPath: /tmp
|
|
name: tmp
|
|
subPath: tmp
|
|
- mountPath: /var/lib/promtail
|
|
name: promtail
|
|
- mountPath: /var/log
|
|
name: var-log
|
|
readOnly: true
|
|
securityContext:
|
|
seLinuxOptions:
|
|
# confined containers do not have access to /var/log
|
|
type: spc_t
|
|
serviceAccountName: promtail
|
|
tolerations:
|
|
- effect: NoExecute
|
|
operator: Exists
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: promtail
|
|
- name: machine-id
|
|
hostPath:
|
|
path: /etc/machine-id
|
|
type: File
|
|
- name: promtail
|
|
hostPath:
|
|
path: /var/lib/promtail
|
|
type: DirectoryOrCreate
|
|
- name: run-log
|
|
hostPath:
|
|
path: /run/log
|
|
type: Directory
|
|
- name: tmp
|
|
emptyDir: {}
|
|
- name: var-log
|
|
hostPath:
|
|
path: /var/log
|
|
type: Directory
|