feat: deploy grafana alloy

fr3fou · fr3fou · commit 9850b7fc13d5 · 2024-08-17T01:35:34.000+03:00
diff --git a/apps/alloy/alloy.yaml b/apps/alloy/alloy.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: alloy
+spec:
+  interval: 5m
+  timeout: 15m
+  chart:
+    spec:
+      chart: alloy
+      version: '0.6.0'
+      sourceRef:
+        kind: HelmRepository
+        name: grafana-charts
+        namespace: apps
+  maxHistory: 5
+  install:
+    crds: CreateReplace
+    remediation:
+      retries: 4
+  upgrade:
+    crds: CreateReplace
+    timeout: 15m
+    remediation:
+      remediateLastFailure: true
+  uninstall:
+    keepHistory: false
+  values:
+    alloy:
+      extraEnv:
+        - name: GRAFANA_CLOUD_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: grafana-cloud-secrets
+              key: API_KEY
+        - name: GRAFANA_CLOUD_LOGS_USER
+          value: '967489'
+      configMap:
+        create: false
+        name: alloy-config
+        key: config.alloy
diff --git a/apps/alloy/kustomization.yaml b/apps/alloy/kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: apps
+resources:
+  - ./alloy.yaml
+  - ./secret.yaml
+configMapGenerator:
+  - name: alloy-config
+    files:
+      - config.alloy=./resources/config.alloy
+generatorOptions:
+  disableNameSuffixHash: true
diff --git a/apps/alloy/resources/config.alloy b/apps/alloy/resources/config.alloy
@@ -0,0 +1,122 @@
+// discovery.kubernetes allows you to find scrape targets from Kubernetes resources.
+// It watches cluster state and ensures targets are continually synced with what is currently running in your cluster.
+discovery.kubernetes "pod" {
+  role = "pod"
+}
+
+// discovery.relabel rewrites the label set of the input targets by applying one or more relabeling rules.
+// If no rules are defined, then the input targets are exported as-is.
+discovery.relabel "pod_logs" {
+  targets = discovery.kubernetes.pod.targets
+
+  // Label creation - "namespace" field from "__meta_kubernetes_namespace"
+  rule {
+    source_labels = ["__meta_kubernetes_namespace"]
+    action = "replace"
+    target_label = "namespace"
+  }
+
+  // Label creation - "pod" field from "__meta_kubernetes_pod_name"
+  rule {
+    source_labels = ["__meta_kubernetes_pod_name"]
+    action = "replace"
+    target_label = "pod"
+  }
+
+  // Label creation - "container" field from "__meta_kubernetes_pod_container_name"
+  rule {
+    source_labels = ["__meta_kubernetes_pod_container_name"]
+    action = "replace"
+    target_label = "container"
+  }
+
+  // Label creation -  "app" field from "__meta_kubernetes_pod_label_app_kubernetes_io_name"
+  rule {
+    source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"]
+    action = "replace"
+    target_label = "app"
+  }
+
+  // Label creation -  "job" field from "__meta_kubernetes_namespace" and "__meta_kubernetes_pod_container_name"
+  // Concatenate values __meta_kubernetes_namespace/__meta_kubernetes_pod_container_name
+  rule {
+    source_labels = ["__meta_kubernetes_namespace", "__meta_kubernetes_pod_container_name"]
+    action = "replace"
+    target_label = "job"
+    separator = "/"
+    replacement = "$1"
+  }
+
+  // Label creation - "container" field from "__meta_kubernetes_pod_uid" and "__meta_kubernetes_pod_container_name"
+  // Concatenate values __meta_kubernetes_pod_uid/__meta_kubernetes_pod_container_name.log
+  rule {
+    source_labels = ["__meta_kubernetes_pod_uid", "__meta_kubernetes_pod_container_name"]
+    action = "replace"
+    target_label = "__path__"
+    separator = "/"
+    replacement = "/var/log/pods/*$1/*.log"
+  }
+
+  // Label creation -  "container_runtime" field from "__meta_kubernetes_pod_container_id"
+  rule {
+    source_labels = ["__meta_kubernetes_pod_container_id"]
+    action = "replace"
+    target_label = "container_runtime"
+    regex = "^(\\S+):\\/\\/.+$"
+    replacement = "$1"
+  }
+}
+
+// loki.source.kubernetes tails logs from Kubernetes containers using the Kubernetes API.
+loki.source.kubernetes "pod_logs" {
+  targets    = discovery.relabel.pod_logs.output
+  forward_to = [loki.process.pod_logs.receiver]
+}
+
+// loki.process receives log entries from other Loki components, applies one or more processing stages,
+// and forwards the results to the list of receivers in the component’s arguments.
+loki.process "pod_logs" {
+  stage.static_labels {
+      values = {
+        cluster = "anton",
+      }
+  }
+
+  forward_to = [loki.write.grafana_cloud.receiver]
+}
+
+// loki.source.kubernetes_events tails events from the Kubernetes API and converts them
+// into log lines to forward to other Loki components.
+loki.source.kubernetes_events "cluster_events" {
+  job_name   = "integrations/kubernetes/eventhandler"
+  log_format = "logfmt"
+  forward_to = [
+    loki.process.cluster_events.receiver,
+  ]
+}
+
+loki.process "cluster_events" {
+  forward_to = [loki.write.grafana_cloud.receiver]
+
+  stage.static_labels {
+    values = {
+      cluster = "anton",
+    }
+  }
+
+  stage.labels {
+    values = {
+      kubernetes_cluster_events = "job",
+    }
+  }
+}
+
+loki.write "grafana_cloud" {
+    endpoint {
+        url = "https://logs-prod-012.grafana.net/loki/api/v1/push"
+        basic_auth {
+            username = env("GRAFANA_CLOUD_LOGS_USER")
+            password = env("GRAFANA_CLOUD_API_KEY")
+        }
+    }
+}
diff --git a/apps/alloy/secret.yaml b/apps/alloy/secret.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: grafana-cloud-secrets
+    namespace: apps
+stringData:
+    API_KEY: ENC[AES256_GCM,data:+ypERtzqL2ZUTh/r2Iw5QncgMoMB1TCDunWHTQmd057xdSRUJlXpplzX+K/kSedRVGnvin17q2YZdMqMX6nbXAqZoho2SUMbtm+pC8fK/ZSGB9DGNqMfDaObuDBKpaDNGqdjDIFjeZd0J+j3nmPSVvtBLJRNFb0v5DOcTWioCFaDUYSm0qUJSd2N6AKvoGOcRDgx2ZCIPzdUa8nOgGZMfw==,iv:59JBsXIf0P3oHKaUGaNXYtUuazfcGR5Lxy2G1y+rIT4=,tag:r+2GZ9MO+zIumZ2h0KSM/w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age194r4u78jlkcg3waxh5ddpwe6y0pwenuhk9avnkmc3huzcpf26d0spa3ggf
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5RXo1K2RXcU5CRXprLys3
+            OVB2TXVnbi92ZEVsRzVQV0Z6WnRTbU5rbm5ZCjREdVdmLy8xZTZlWkFLWWJvcVpQ
+            OHcvN2FKaEN1VWRoaUtrTmJ4MWY3aTgKLS0tIDlWSEdqd0JzeVp6SXFXek1nckdI
+            U25MMXJudFMxbithTnZhT3MrYzJiT3MKUHZft0byZa+HiQygo351g6jngg4YIaK0
+            UowhOtDmxVRskpML+4jemYBhA8I0Ek39EDBhfzj0vI67qAH4IeUM/g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-08-16T19:06:36Z"
+    mac: ENC[AES256_GCM,data:/iub7WT94FmlVN2OBJ+CAxVtGJ26h51tzTSAY0ktkRgGkkkDIWbk0UbiHdZzP/ic++/p8pW7yBCkmybIhO6Z/fgGcLtxvq7IsH0nu77Y2C7qUJM3qBmGng8Lc/LacGVFE0ppUFTTvENaC1tCDZePCilNAOfN/krmMp1bb1ehlIk=,iv:VeL3jzD1ZO722y2NjTJdyprFgzrY1udonYGQcEzfc7E=,tag:xyf5HjIJLHOqi2xjw2hquw==,type:str]
+    pgp: []
+    encrypted_regex: ((?i)(pass($|word)|claim|secret($|[^N])|key|token|^data$|^stringData|^databaseUrl))
+    version: 3.9.0
diff --git a/clusters/anton/apps/alloy.yaml b/clusters/anton/apps/alloy.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: alloy
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./apps/alloy
+  prune: true
+  dependsOn:
+    - name: apps-base
diff --git a/clusters/anton/apps/kustomization.yaml b/clusters/anton/apps/kustomization.yaml
@@ -27,3 +27,4 @@ resources:
   - ./homepage.yaml
   - ./unpackerr.yaml
   - ./windmill.yaml
+  - ./alloy.yaml
