Severed/Severed-Infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
84b93d5fbd1de67ab9fc765c342be66d91838ac6
Severed-Infra/infra/alloy-setup.yaml
wboughattas 84b93d5fbd first commit
2025-12-27 23:43:14 -05:00

186 lines
4.5 KiB
YAML
Raw Blame History

# --- RBAC configuration ---
# creates a serviceaccount with permissions to discover pods and read logs.
apiVersion: v1
kind: ServiceAccount
metadata:
name: alloy-sa
namespace: monitoring
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: alloy-cluster-role
rules:
# discovery permissions: allows alloy to find targets: Nodes, Pods, Services.
- apiGroups: [ "" ]
resources: [ "nodes", "nodes/proxy", "services", "endpoints", "pods" ]
verbs: [ "get", "list", "watch" ]
# log access: required for 'loki.source.kubernetes' to tail logs.
- apiGroups: [ "" ]
resources: [ "pods/log" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: alloy-cluster-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: alloy-cluster-role
subjects:
- kind: ServiceAccount
name: alloy-sa
namespace: monitoring
---
# --- Alloy pipeline configuration ---
# defines how telemetry data is collected, processed, and exported.
apiVersion: v1
kind: ConfigMap
metadata:
name: alloy-config
namespace: monitoring
data:
config.alloy: |
// 1. discovery (Shared by Logs and Metrics)
discovery.kubernetes "k8s_pods" {
role = "pod"
}
// 2. metrics pipeline
// A. read host hardware stats (CPU/RAM)
prometheus.exporter.unix "host" {
rootfs_path = "/host/root"
sysfs_path = "/host/sys"
procfs_path = "/host/proc"
}
// B. scrape those stats
prometheus.scrape "host_scraper" {
targets = prometheus.exporter.unix.host.targets
forward_to = [prometheus.remote_write.metrics_service.receiver]
}
// C. send to Prometheus
prometheus.remote_write "metrics_service" {
endpoint {
url = sys.env("PROM_URL")
}
}
// 3. logs pipeline (With Relabeling Fix)
// A. relabeling: Promote hidden K8s tags to real labels
discovery.relabel "k8s_labels" {
targets = discovery.kubernetes.k8s_pods.targets
rule {
action = "replace"
source_labels = ["__meta_kubernetes_pod_label_app"]
target_label = "app"
}
rule {
action = "replace"
source_labels = ["__meta_kubernetes_namespace"]
target_label = "namespace"
}
rule {
action = "replace"
source_labels = ["__meta_kubernetes_pod_name"]
target_label = "pod"
}
rule {
action = "replace"
source_labels = ["__meta_kubernetes_pod_container_name"]
target_label = "container"
}
}
// B. tail logs: using the relabeled targets
loki.source.kubernetes "pod_logs" {
targets = discovery.relabel.k8s_labels.output
forward_to = [loki.write.default.receiver]
}
// C. send to Loki
loki.write "default" {
endpoint {
url = sys.env("LOKI_URL")
}
}
---
# --- Agent Deployment (DaemonSet) ---
# deploys one alloy agent per node to monitor the entire cluster.
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: alloy
namespace: monitoring
spec:
selector:
matchLabels:
name: alloy
template:
metadata:
labels:
name: alloy
spec:
serviceAccountName: alloy-sa
hostNetwork: true
hostPID: true
# Forces the pod to use K8s CoreDNS even when running on host network
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: alloy
image: grafana/alloy:latest
args:
- run
- --server.http.listen-addr=0.0.0.0:12345
- /etc/alloy/config.alloy
envFrom:
- configMapRef:
name: monitoring-env
optional: false
volumeMounts:
- name: config
mountPath: /etc/alloy
- name: logs
mountPath: /var/log
- name: proc
mountPath: /host/proc
readOnly: true
- name: sys
mountPath: /host/sys
readOnly: true
- name: root
mountPath: /host/root
readOnly: true
volumes:
- name: config
configMap:
name: alloy-config
- name: logs
hostPath:
path: /var/log
- name: proc
hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
- name: root
hostPath:
path: /
Reference in New Issue View Git Blame Copy Permalink