From 76b38a8598fa3ef47443e70b215c3b31349aafc1 Mon Sep 17 00:00:00 2001 From: Sebastian Date: Fri, 7 Jun 2024 08:26:17 +0200 Subject: [PATCH] remove loki, not needed --- deploy/bootstrap/loki.yaml | 19 - deploy/bootstrap/promtail.yaml | 19 - .../base/grafana-dashboards/k8saudit.yaml | 1214 ----------------- .../base/grafana-datasource/loki.yaml | 17 - .../base/kustomization.yaml | 1 - deploy/loki/base/kustomization.yaml | 16 - deploy/loki/base/loki-s3-secret.yaml | 15 - deploy/loki/base/namespace.yaml | 7 - deploy/loki/base/values.yaml | 136 -- deploy/minio/base/values-tenant.yaml | 3 - deploy/promtail/base/kustomization.yaml | 21 - deploy/promtail/base/namespace.yaml | 7 - deploy/promtail/base/values-controlplane.yaml | 33 - deploy/promtail/base/values-worker.yaml | 14 - docs/applications.md | 13 - 15 files changed, 1535 deletions(-) delete mode 100644 deploy/bootstrap/loki.yaml delete mode 100644 deploy/bootstrap/promtail.yaml delete mode 100644 deploy/kube-prometheus-stack/base/grafana-dashboards/k8saudit.yaml delete mode 100644 deploy/kube-prometheus-stack/base/grafana-datasource/loki.yaml delete mode 100644 deploy/loki/base/kustomization.yaml delete mode 100644 deploy/loki/base/loki-s3-secret.yaml delete mode 100644 deploy/loki/base/namespace.yaml delete mode 100644 deploy/loki/base/values.yaml delete mode 100644 deploy/promtail/base/kustomization.yaml delete mode 100644 deploy/promtail/base/namespace.yaml delete mode 100644 deploy/promtail/base/values-controlplane.yaml delete mode 100644 deploy/promtail/base/values-worker.yaml diff --git a/deploy/bootstrap/loki.yaml b/deploy/bootstrap/loki.yaml deleted file mode 100644 index 53e1fbe3..00000000 --- a/deploy/bootstrap/loki.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: loki - namespace: argocd -spec: - destination: - namespace: kube-system - server: https://kubernetes.default.svc - project: default - source: - path: deploy/loki/base - repoURL: https://github.com/acend/infrastructure.git - targetRevision: HEAD - syncPolicy: - automated: - prune: true - selfHeal: true \ No newline at end of file diff --git a/deploy/bootstrap/promtail.yaml b/deploy/bootstrap/promtail.yaml deleted file mode 100644 index d41a9866..00000000 --- a/deploy/bootstrap/promtail.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: promtail - namespace: argocd -spec: - destination: - namespace: kube-system - server: https://kubernetes.default.svc - project: default - source: - path: deploy/promtail/base - repoURL: https://github.com/acend/infrastructure.git - targetRevision: HEAD - syncPolicy: - automated: - prune: true - selfHeal: true \ No newline at end of file diff --git a/deploy/kube-prometheus-stack/base/grafana-dashboards/k8saudit.yaml b/deploy/kube-prometheus-stack/base/grafana-dashboards/k8saudit.yaml deleted file mode 100644 index ef937f6e..00000000 --- a/deploy/kube-prometheus-stack/base/grafana-dashboards/k8saudit.yaml +++ /dev/null @@ -1,1214 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - grafana_dashboard: "1" - name: k8saudit - namespace: monitoring -data: - k8saudit.json: | - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": 2538, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "cellOptions": { - "type": "auto" - }, - "filterable": false, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Requests" - }, - "properties": [ - { - "id": "custom.width", - "value": 300 - }, - { - "id": "custom.cellOptions", - "value": { - "mode": "gradient", - "type": "gauge" - } - }, - { - "id": "color", - "value": { - "mode": "continuous-BlPu" - } - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 34, - "maxDataPoints": 1, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true, - "sortBy": [ - { - "desc": false, - "displayName": "Requests" - } - ] - }, - "pluginVersion": "10.1.5", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "expr": "topk(100, sum by (userAgent) (count_over_time({filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"} | json | __error__=\"\" [$__interval])))", - "instant": true, - "legendFormat": "{{http_user_agent}}", - "range": false, - "refId": "A" - } - ], - "title": "Cluster Activated Top User Agents", - "transformations": [ - { - "id": "organize", - "options": { - "excludeByName": { - "Field": false, - "Time": true - }, - "indexByName": {}, - "renameByName": { - "Field": "Agent", - "Total": "Requests", - "Value #A": "Requests", - "http_user_agent": "User agent" - } - } - } - ], - "type": "table" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 12, - "y": 0 - }, - "id": 24, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "center", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": { - "titleSize": 1 - }, - "textMode": "value" - }, - "pluginVersion": "10.1.5", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(count_over_time({filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"}|json|objectRef_subresource=\"exec\"[5m]))", - "legendFormat": "curl/requests", - "refId": "A" - } - ], - "title": "ExecAttemption", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 4, - "w": 7, - "x": 15, - "y": 0 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(count_over_time({filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"}|json|verb=\"watch\"[5m]))", - "legendFormat": "watch-events", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "WatchObjectCalls", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 2, - "x": 22, - "y": 0 - }, - "id": 17, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "center", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": { - "titleSize": 1 - }, - "textMode": "value" - }, - "pluginVersion": "10.1.5", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(count_over_time({filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"}|json|~ \"curl|requests\"[5m]))", - "legendFormat": "curl/requests", - "refId": "A" - } - ], - "title": "NonKubectlAccess", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 4, - "x": 12, - "y": 4 - }, - "id": 16, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "center", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": { - "titleSize": 1 - }, - "textMode": "value" - }, - "pluginVersion": "10.1.5", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(count_over_time({filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"}|json|annotations_authorization_k8s_io_decision=\"forbid\"[5m]))", - "legendFormat": "curl/requests", - "refId": "A" - } - ], - "title": "ForbiddenAccessAttemption", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 16, - "y": 4 - }, - "id": 19, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "center", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": { - "titleSize": 1 - }, - "textMode": "value" - }, - "pluginVersion": "10.1.5", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(count_over_time({filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"}|json|=\"/api/v1/secrets\"[5m]))", - "legendFormat": "curl/requests", - "refId": "A" - } - ], - "title": "SecretsAccessCount", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 5, - "x": 19, - "y": 4 - }, - "id": 18, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "center", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": { - "titleSize": 1 - }, - "textMode": "value" - }, - "pluginVersion": "10.1.5", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(count_over_time({filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"}|json|=\"/api/v1/configmaps\"[5m]))", - "legendFormat": "curl/requests", - "refId": "A" - } - ], - "title": "ConfigmapAccessCount", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 6, - "x": 0, - "y": 8 - }, - "hiddenSeries": false, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(count_over_time({filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"}|json|annotations_authorization_k8s_io_decision=\"forbid\"|=\"/api/v1/\"|=\"/pods\"[5m]))", - "legendFormat": "pods-unauthenticated", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "UnAuthenticatedPodAttemptions", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 7, - "x": 6, - "y": 8 - }, - "hiddenSeries": false, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(count_over_time({filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"}|json|annotations_authorization_k8s_io_decision=\"forbid\"|=\"/api/v1/\"|=\"/deployments\"[5m]))", - "legendFormat": "deployments-unauthenticated", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Deployments", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 6, - "x": 13, - "y": 8 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(count_over_time({filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"}|json|annotations_authorization_k8s_io_decision=\"forbid\"|=\"/api/v1/\"|=\"/secrets\"[5m]))", - "legendFormat": "secrets-unauthenticated", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "SecretsUnAuthenticated", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 5, - "x": 19, - "y": 8 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(count_over_time({filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"}|json|annotations_authorization_k8s_io_decision=\"forbid\"|=\"/api/v1/\"|=\"/configmaps\"[5m]))", - "legendFormat": "configmap-unauthenticated", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "ConfigmapUnAuthenticated", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 10, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 30, - "options": { - "dedupStrategy": "numbers", - "enableLogDetails": true, - "prettifyLogMessage": false, - "showCommonLabels": false, - "showLabels": false, - "showTime": true, - "sortOrder": "Descending", - "wrapLogMessage": true - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "expr": "{filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"} | json |annotations_authorization_k8s_io_decision=\"forbid\"| line_format \"User Agent: {{.userAgent}} UserName: {{.user}}\"", - "instant": false, - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "ForbiddenUserActivity", - "type": "logs" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 16 - }, - "id": 28, - "options": { - "dedupStrategy": "numbers", - "enableLogDetails": true, - "prettifyLogMessage": false, - "showCommonLabels": false, - "showLabels": false, - "showTime": true, - "sortOrder": "Descending", - "wrapLogMessage": true - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "expr": "{filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"} | json |objectRef_subresource=\"exec\"| line_format \"request for {{.requestURI}} with HTTP status: {{.responseStatus_code}} \"", - "instant": false, - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "ExecAttemptions", - "type": "logs" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 29, - "options": { - "dedupStrategy": "numbers", - "enableLogDetails": true, - "prettifyLogMessage": false, - "showCommonLabels": false, - "showLabels": false, - "showTime": true, - "sortOrder": "Descending", - "wrapLogMessage": true - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "expr": "{filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"}|json|=\"securityContext\\\":{\\\"privileged\\\":true}\"|line_format \"Privileged Pods : {{.responseObject_metadata_name}} \"", - "instant": false, - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Privileged ", - "type": "logs" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 22 - }, - "id": 27, - "options": { - "dedupStrategy": "numbers", - "enableLogDetails": true, - "prettifyLogMessage": false, - "showCommonLabels": false, - "showLabels": false, - "showTime": true, - "sortOrder": "Descending", - "wrapLogMessage": true - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "expr": "{filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"} | json |objectRef_subresource=\"exec\"| line_format \"User who executed something on pods {{.user_username}} \"", - "instant": false, - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "UsersExecAttemption", - "type": "logs" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 25 - }, - "id": 26, - "options": { - "dedupStrategy": "numbers", - "enableLogDetails": true, - "prettifyLogMessage": false, - "showCommonLabels": false, - "showLabels": false, - "showTime": true, - "sortOrder": "Descending", - "wrapLogMessage": true - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "expr": "{filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"} | json |verb=\"delete\"| line_format \"request for {{.requestURI}} with HTTP status: {{.responseStatus_code}} \"", - "instant": false, - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "DeleteActions", - "type": "logs" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 28 - }, - "id": 25, - "options": { - "dedupStrategy": "numbers", - "enableLogDetails": true, - "prettifyLogMessage": false, - "showCommonLabels": false, - "showLabels": false, - "showTime": true, - "sortOrder": "Descending", - "wrapLogMessage": true - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "expr": "{filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"} | json |responseStatus_code=403| line_format \"request for {{.requestURI}} with HTTP status: {{.responseStatus_code}} \"", - "instant": false, - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "NonAuthenticatedAccess", - "type": "logs" - }, - { - "collapsed": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 7, - "panels": [], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "refId": "A" - } - ], - "title": "Row title", - "type": "row" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 22, - "options": { - "dedupStrategy": "none", - "enableLogDetails": true, - "prettifyLogMessage": false, - "showCommonLabels": false, - "showLabels": false, - "showTime": false, - "sortOrder": "Descending", - "wrapLogMessage": false - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "expr": "{filename=\"/var/lib/rancher/rke2/server/logs/audit.log\"} | json | line_format \"request for {{.requestURI}} with HTTP status: {{.responseStatus_code}} \"", - "legendFormat": "", - "refId": "A" - } - ], - "title": "APIServerActivities", - "type": "logs" - } - ], - "refresh": "10s", - "schemaVersion": 38, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Kubernetes Audit Dashboard", - "uid": "lTSnDBuMz", - "version": 1, - "weekStart": "" - } \ No newline at end of file diff --git a/deploy/kube-prometheus-stack/base/grafana-datasource/loki.yaml b/deploy/kube-prometheus-stack/base/grafana-datasource/loki.yaml deleted file mode 100644 index 9bc8a9ef..00000000 --- a/deploy/kube-prometheus-stack/base/grafana-datasource/loki.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: loki - namespace: monitoring - labels: - grafana_datasource: "1" -data: - datasource.yaml: |- - apiVersion: 1 - datasources: - - name: Loki - type: loki - url: http://loki-gateway.loki.svc.cluster.local - access: proxy - jsonData: - maxLines: 1000 diff --git a/deploy/kube-prometheus-stack/base/kustomization.yaml b/deploy/kube-prometheus-stack/base/kustomization.yaml index 6e4e25aa..9d07b881 100644 --- a/deploy/kube-prometheus-stack/base/kustomization.yaml +++ b/deploy/kube-prometheus-stack/base/kustomization.yaml @@ -16,7 +16,6 @@ resources: - grafana-dashboards/nginx.yaml - grafana-dashboards/node-exporter.yaml - grafana-dashboards/k8saudit.yaml -- grafana-datasource/loki.yaml #- grafana-datasource/alertmanager.yaml - prometheus-rules/argocd.yaml - hcloud-exporter/ diff --git a/deploy/loki/base/kustomization.yaml b/deploy/loki/base/kustomization.yaml deleted file mode 100644 index 5c30b6fb..00000000 --- a/deploy/loki/base/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: loki - -resources: -- namespace.yaml -- loki-s3-secret.yaml - -helmCharts: - - name: loki - releaseName: loki - namespace: loki - version: 6.6.3 - valuesFile: values.yaml - #includeCRDs: true - repo: https://grafana.github.io/helm-charts diff --git a/deploy/loki/base/loki-s3-secret.yaml b/deploy/loki/base/loki-s3-secret.yaml deleted file mode 100644 index 89b0282d..00000000 --- a/deploy/loki/base/loki-s3-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: loki-s3-secret - namespace: loki -spec: - encryptedData: - S3_ACCESS_KEY: AgBth0mU/LY2igNEz9nm8M9h+OO1YFFy2/ZIMU5EArrjh6DDLiRbmBy6OozTmYl8bhg+PKdxhK1t27c2u2gQHDpE0tyLaJCeDxpixr4oUQOt78AFfaTrRzRVl6c8Aj/vpwLeN+jVMLkzEoDTEffW+7+iwQEWE2kjC+TZpvRBQx47we8g6DhroJQIG8HrR7DyYqluUwovnl9mFFJAF1bRP+JOHNdUasvixsLxxWYJBnBYtGIEdR4W6yM7XLpt6+Q8p0Ymj0SPR9Isf2HTZx7oaA0bxffuFNBhzFrzN1q1PWQyvUeWBDUr8Tiqu1KrRL776zXmfpdo1YXNBN1NTB8grzua//UFiOBboRw/LZx4d4BjgvACcvUzKJ2GuO7AWZ+NpKGew6uTPVuk1L4xMv0I+bLvKh2QD62Ed2gAQHwFtFwGwKD3TTtIwWLkoggc8vvx0GJcR5/R3WCGiAEJyhPpgDT1Iy/fLD9gIwShzDR54gWwuUdwnifHkbYItRxj7bd/svxN1BTqubUgvXpKONeMGqUNNOq6XiRyi0RSTHmMVHIWYI3J/6ddBoUiodtSLwyqoEtP531ajXlW0AMVXWDGITszS8nvUN6awVXQG8jZAGf8O46HaR7gWe7IM4DV7g3UMkxKGsXqasaSbC50fMAVk5SPWUT721BG9mWnFbKhnknOPlGVwLaQzCERgZnfxAstlATYyLzYVjzxmcWkLbvviUyA - S3_SECRET_KEY: AgC4Dy8k+GkLi9Et6ya+xjAFwni9kpzgafQQ2jCje1maxIPFn/spV9EY5mxI3UFlx8wFOR432GYoOTluJJUPjbFa9vjQqXeRWVxYaOeAWnRyqmghtHB9lLdQZkTzV0AhZmnXP3HmaF55DmegHcgXRbtsCWU5pK1huw9LcQXneHz3wiyslSzi53r1DWJqOTIJmzRURVeulFauHY85aHNIwpkwu2L2+7ZGO0UVCPXfeYK+tL6sd6jumXHmn5fDkIC8IH6DpiJ30YBHUOkM4ep6hVetX8SBlDcu7FMcbRrmFXWwFrokerOCckCktudrW4LDjGePVKyXhfkrXj3C4bFIHReZvCOgIDsDsOsudViFzuYxLEU9PNDECR/RHkOj3RSk2H5eq3fU1xeOhGWkygx4PG1vtx0C/QX/WKSkzLbv6L2sund/VN0BGxQ36KdWPN5eYsedKhfVvXJiJSNvsxKvk3xidHASQvaipRkAL9ihdfdDaYxNehVJOgDg1tRDGw+iETGoZIwHIloQ1RgJ992RN7ivqMquZ3+OjIqGSD5TRZmZszlbtWAtbinoiqPPihr/kgnQfnWL047GHcBUk7sqIjhmVR3uGQnRDk1MjcX6rObazW6N1XZAM0VqRlMJaYjsGKOLM5CFXcKxnlj1ZiEa8tJFWA88wH+mxIm9T3TXrj6zu/bnWH2KJ1RCs3dQfThrSo3EjCVMgV1+bY/G2bcQOWRhPrmu2GMuaNCnhMkkOdzu1w== - template: - metadata: - creationTimestamp: null - name: loki-s3-secret - namespace: loki - diff --git a/deploy/loki/base/namespace.yaml b/deploy/loki/base/namespace.yaml deleted file mode 100644 index a6ef6fab..00000000 --- a/deploy/loki/base/namespace.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: loki - labels: - app: loki \ No newline at end of file diff --git a/deploy/loki/base/values.yaml b/deploy/loki/base/values.yaml deleted file mode 100644 index fe477b8d..00000000 --- a/deploy/loki/base/values.yaml +++ /dev/null @@ -1,136 +0,0 @@ -global: - dnsService: rke2-coredns-rke2-coredns - -loki: - auth_enabled: false - - schemaConfig: - configs: - - from: 2024-04-01 - store: tsdb - object_store: s3 - schema: v13 - index: - period: 24h - - structuredConfig: - limits_config: - retention_period: 360h #15 days - - compactor: - retention_enabled: true - delete_request_store: s3 - - storage: - bucketNames: - chunks: loki-chunks - ruler: loki-ruler - admin: loki-admin - type: s3 - s3: - endpoint: minio.acend-s3.svc.cluster.local - insecure_skip_verify: true - secretAccessKey: ${S3_SECRET_KEY} - accessKeyId: ${S3_ACCESS_KEY} - s3ForcePathStyle: true - http_config: - insecure_skip_verify: true - -monitoring: - dashboards: - enabled: true - namespace: monitoring - lokiCanary: - enabled: false - serviceMonitor: - enabled: true - -gateway: - nodeSelector: - node-role.kubernetes.io/control-plane: "true" - tolerations: - - key: "node-role.kubernetes.io/control-plane" - operator: "Exists" - effect: "NoSchedule" - podAnnotations: - "cluster-autoscaler.kubernetes.io/safe-to-evict": "true" - -test: - enabled: false - -memberlist: - service: - publishNotReadyAddresses: true - -write: - replicas: 1 - persistence: - enableStatefulSetAutoDeletePVC: false - size: 5Gi - resources: - requests: - cpu: 20m - memory: 320Mi - extraArgs: - - -config.expand-env - extraEnvFrom: - - secretRef: - name: loki-s3-secret - nodeSelector: - node-role.kubernetes.io/control-plane: "true" - tolerations: - - key: "node-role.kubernetes.io/control-plane" - operator: "Exists" - effect: "NoSchedule" - -tableManager: - extraArgs: - - -config.expand-env - extraEnvFrom: - - secretRef: - name: loki-s3-secret - -read: - replicas: 1 - persistence: - enableStatefulSetAutoDeletePVC: false - size: 5Gi - podAnnotations: - "cluster-autoscaler.kubernetes.io/safe-to-evict": "true" - extraArgs: - - -config.expand-env - resources: - requests: - cpu: 10m - memory: 70Mi - extraEnvFrom: - - secretRef: - name: loki-s3-secret - nodeSelector: - node-role.kubernetes.io/control-plane: "true" - tolerations: - - key: "node-role.kubernetes.io/control-plane" - operator: "Exists" - effect: "NoSchedule" - -backend: - replicas: 1 - podAnnotations: - "cluster-autoscaler.kubernetes.io/safe-to-evict": "true" - persistence: - enableStatefulSetAutoDeletePVC: false - extraArgs: - - -config.expand-env - resources: - requests: - cpu: 10m - memory: 130Mi - extraEnvFrom: - - secretRef: - name: loki-s3-secret - nodeSelector: - node-role.kubernetes.io/control-plane: "true" - tolerations: - - key: "node-role.kubernetes.io/control-plane" - operator: "Exists" - effect: "NoSchedule" diff --git a/deploy/minio/base/values-tenant.yaml b/deploy/minio/base/values-tenant.yaml index 4f592eac..504f9952 100644 --- a/deploy/minio/base/values-tenant.yaml +++ b/deploy/minio/base/values-tenant.yaml @@ -8,9 +8,6 @@ tenant: buckets: - name: velero-backup - - name: loki-chunks - - name: loki-ruler - - name: loki-admin features: domains: diff --git a/deploy/promtail/base/kustomization.yaml b/deploy/promtail/base/kustomization.yaml deleted file mode 100644 index 46c5a71e..00000000 --- a/deploy/promtail/base/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: promtail - -resources: -- namespace.yaml - -helmCharts: - - name: promtail - releaseName: promtail - namespace: promtail - version: 6.15.5 - valuesFile: values-controlplane.yaml - includeCRDs: true - repo: https://grafana.github.io/helm-charts - - name: promtail - releaseName: promtail-worker - namespace: promtail - version: 6.15.5 - valuesFile: values-worker.yaml - repo: https://grafana.github.io/helm-charts diff --git a/deploy/promtail/base/namespace.yaml b/deploy/promtail/base/namespace.yaml deleted file mode 100644 index a4b3f6da..00000000 --- a/deploy/promtail/base/namespace.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: promtail - labels: - app: promtail \ No newline at end of file diff --git a/deploy/promtail/base/values-controlplane.yaml b/deploy/promtail/base/values-controlplane.yaml deleted file mode 100644 index 7466a4fb..00000000 --- a/deploy/promtail/base/values-controlplane.yaml +++ /dev/null @@ -1,33 +0,0 @@ -serviceMonitor: - enabled: true - -nodeSelector: - node-role.kubernetes.io/control-plane: "true" - -config: - clients: - - url: http://loki-gateway.loki.svc.cluster.local/loki/api/v1/push - snippets: - extraScrapeConfigs: | - - job_name: k8saudit - static_configs: - - targets: - - localhost - labels: - job: k8saudit - __path__: /var/lib/rancher/rke2/server/logs/audit.log -resources: - requests: - cpu: 30m - memory: 80Mi - -extraVolumes: -- name: k8saudit - hostPath: - path: /var/lib/rancher/rke2/server/logs/audit.log - type: FileOrCreate - -extraVolumeMounts: -- name: k8saudit - mountPath: /var/lib/rancher/rke2/server/logs/audit.log - readOnly: true \ No newline at end of file diff --git a/deploy/promtail/base/values-worker.yaml b/deploy/promtail/base/values-worker.yaml deleted file mode 100644 index a06ecdd3..00000000 --- a/deploy/promtail/base/values-worker.yaml +++ /dev/null @@ -1,14 +0,0 @@ -serviceMonitor: - enabled: true - - -tolerations: [] - -config: - clients: - - url: http://loki-gateway.loki.svc.cluster.local/loki/api/v1/push - -resources: - requests: - cpu: 30m - memory: 80Mi \ No newline at end of file diff --git a/docs/applications.md b/docs/applications.md index 0f445075..5f24b3b8 100644 --- a/docs/applications.md +++ b/docs/applications.md @@ -13,7 +13,6 @@ - [Monitoring](#monitoring) - [kubernetes-replicator](#kubernetes-replicator) - [kured](#kured) - - [Logging](#logging) - [Minio S3](#minio-s3) - [acend-s3 Tenant](#acend-s3-tenant) - [kyverno](#kyverno) @@ -208,18 +207,6 @@ For safe automated node reboots we use [kured](https://kured.dev/) When a reboot of a node is requered, `/var/run/reboot-required` is created by `unattended-upgrade`. Kured detects this and will safly reboot the node. Reboots are done everyday between 21:00 and 23:59:59 Europe/Zurich timezone. Befor rebooting, the node gets cordoned and drained and after the reboot uncordoned again. Only one node at the same time is rebooted. -## Logging - -Folder: `deploy/loki` & `deploy/promtail` - -[Loki](https://grafana.com/oss/loki/) and [Promtail](https://grafana.com/docs/loki/latest/clients/promtail/) are in use for Container Logs. - -Logs are kept 31 days. - -Within Grafana / Explore you have access to the container logs. - -The storage backend is set to the local Minio S3 installation. - ## Minio S3 Folder: `deploy/minio`