feat(loki): 日志搜集完善
这个提交包含在:
@@ -15,7 +15,6 @@ spec:
|
|||||||
lokiCanary:
|
lokiCanary:
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
svccontroller.k3s.cattle.io/enablelb: "true"
|
svccontroller.k3s.cattle.io/enablelb: "true"
|
||||||
labelname: name
|
|
||||||
extraArgs:
|
extraArgs:
|
||||||
# 降低测试日志生成条数
|
# 降低测试日志生成条数
|
||||||
- -interval=30s
|
- -interval=30s
|
||||||
@@ -34,8 +33,6 @@ spec:
|
|||||||
auth_enabled: false
|
auth_enabled: false
|
||||||
commonConfig:
|
commonConfig:
|
||||||
replication_factor: 1
|
replication_factor: 1
|
||||||
limits_config:
|
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
type: 'filesystem'
|
type: 'filesystem'
|
||||||
schemaConfig:
|
schemaConfig:
|
||||||
@@ -0,0 +1,24 @@
|
|||||||
|
apiVersion: helm.cattle.io/v1
|
||||||
|
kind: HelmChart
|
||||||
|
metadata:
|
||||||
|
name: loki-promtail
|
||||||
|
namespace: infra-monitor
|
||||||
|
spec:
|
||||||
|
repo: https://grafana.github.io/helm-charts
|
||||||
|
chart: promtail
|
||||||
|
targetNamespace: infra-monitor
|
||||||
|
version: 6.7.1
|
||||||
|
valuesContent: |-
|
||||||
|
nodeSelector:
|
||||||
|
svccontroller.k3s.cattle.io/enablelb: "true"
|
||||||
|
configmap:
|
||||||
|
enabled: true
|
||||||
|
config:
|
||||||
|
clients:
|
||||||
|
- url: http://loki.infra-monitor:3100/loki/api/v1/push
|
||||||
|
tenant_id: 1
|
||||||
|
snippets:
|
||||||
|
extraRelabelConfigs:
|
||||||
|
- source_labels: [__meta_kubernetes_pod_label_log_collecting_enabled]
|
||||||
|
action: keep
|
||||||
|
regex: true
|
||||||
@@ -17,6 +17,8 @@ spec:
|
|||||||
- key: "node-role.kubernetes.io/master"
|
- key: "node-role.kubernetes.io/master"
|
||||||
operator: "Exists"
|
operator: "Exists"
|
||||||
effect: "NoSchedule"
|
effect: "NoSchedule"
|
||||||
|
labels:
|
||||||
|
log-collecting/enabled: "true"
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPort:
|
hostPort:
|
||||||
@@ -28,16 +30,65 @@ spec:
|
|||||||
config:
|
config:
|
||||||
use-forwarded-headers: "true"
|
use-forwarded-headers: "true"
|
||||||
allow-snippet-annotations: "true"
|
allow-snippet-annotations: "true"
|
||||||
|
# 缓存配置
|
||||||
http-snippet: |
|
http-snippet: |
|
||||||
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=cache:2m max_size=100m inactive=7d use_temp_path=off;
|
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=cache:2m max_size=100m inactive=7d use_temp_path=off;
|
||||||
proxy_cache_key $scheme$proxy_host$request_uri;
|
proxy_cache_key $scheme$proxy_host$request_uri;
|
||||||
proxy_cache_lock on;
|
proxy_cache_lock on;
|
||||||
proxy_cache_use_stale updating;
|
proxy_cache_use_stale updating;
|
||||||
|
# dns配置
|
||||||
server-snippet : |
|
server-snippet : |
|
||||||
resolver 169.254.20.10 10.43.0.10 ipv6=off;
|
resolver 169.254.20.10 10.43.0.10 ipv6=off;
|
||||||
|
# 启用geoip2模块
|
||||||
|
use-geoip: "false"
|
||||||
|
use-geoip2: "true"
|
||||||
|
# 日志配置
|
||||||
|
log-format-escape-json: "true"
|
||||||
|
log-format-upstream: '{
|
||||||
|
"msec": "$msec",
|
||||||
|
"connection": "$connection",
|
||||||
|
"connection_requests": "$connection_requests",
|
||||||
|
"pid": "$pid",
|
||||||
|
"request_id": "$request_id",
|
||||||
|
"request_length": "$request_length",
|
||||||
|
"remote_addr": "$remote_addr",
|
||||||
|
"remote_user": "$remote_user",
|
||||||
|
"remote_port": "$remote_port",
|
||||||
|
"time_local": "$time_local",
|
||||||
|
"time_iso8601": "$time_iso8601",
|
||||||
|
"request": "$request",
|
||||||
|
"request_uri": "$request_uri",
|
||||||
|
"args": "$args",
|
||||||
|
"status": "$status",
|
||||||
|
"body_bytes_sent": "$body_bytes_sent",
|
||||||
|
"bytes_sent": "$bytes_sent",
|
||||||
|
"http_referer": "$http_referer",
|
||||||
|
"http_user_agent": "$http_user_agent",
|
||||||
|
"http_x_forwarded_for": "$http_x_forwarded_for",
|
||||||
|
"http_host": "$http_host",
|
||||||
|
"server_name": "$server_name",
|
||||||
|
"request_time": "$request_time",
|
||||||
|
"upstream": "$upstream_addr",
|
||||||
|
"upstream_connect_time": "$upstream_connect_time",
|
||||||
|
"upstream_header_time": "$upstream_header_time",
|
||||||
|
"upstream_response_time": "$upstream_response_time",
|
||||||
|
"upstream_response_length": "$upstream_response_length",
|
||||||
|
"upstream_cache_status": "$upstream_cache_status",
|
||||||
|
"ssl_protocol": "$ssl_protocol",
|
||||||
|
"ssl_cipher": "$ssl_cipher",
|
||||||
|
"scheme": "$scheme",
|
||||||
|
"request_method": "$request_method",
|
||||||
|
"server_protocol": "$server_protocol",
|
||||||
|
"pipe": "$pipe",
|
||||||
|
"gzip_ratio": "$gzip_ratio",
|
||||||
|
"http_cf_ray": "$http_cf_ray",
|
||||||
|
"geoip_country_code": "$geoip2_city_country_code"
|
||||||
|
}'
|
||||||
# crowdsec插件配置
|
# crowdsec插件配置
|
||||||
plugins: "crowdsec"
|
plugins: "crowdsec"
|
||||||
lua-shared-dicts: "crowdsec_cache: 50m"
|
lua-shared-dicts: "crowdsec_cache: 50m"
|
||||||
|
# 启用geoip2模块
|
||||||
|
maxmindLicenseKey: "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"
|
||||||
extraArgs:
|
extraArgs:
|
||||||
default-ssl-certificate: "infra-net/dev-cm-crt"
|
default-ssl-certificate: "infra-net/dev-cm-crt"
|
||||||
# crowdsec插件配置
|
# crowdsec插件配置
|
||||||
@@ -62,4 +113,4 @@ spec:
|
|||||||
extraVolumeMounts:
|
extraVolumeMounts:
|
||||||
- name: crowdsec-bouncer-plugin
|
- name: crowdsec-bouncer-plugin
|
||||||
mountPath: /etc/nginx/lua/plugins/crowdsec
|
mountPath: /etc/nginx/lua/plugins/crowdsec
|
||||||
subPath: crowdsec
|
subPath: crowdsec
|
||||||
|
|||||||
在新议题中引用
屏蔽一个用户