From a2b6f79977c3792630e4c40dc9cb222247a0ec37 Mon Sep 17 00:00:00 2001 From: Xavier Bauquet Date: Mon, 15 Jun 2020 14:08:12 +0200 Subject: [PATCH] tests(kumactl) tests for kumactl install logging --- .../cmd/completion/testdata/bash.golden | 31 + .../cmd/completion/testdata/zsh.golden | 12 + .../cmd/install/install_logging_test.go | 89 +++ .../install-logging.defaults.golden.yaml | 690 ++++++++++++++++++ .../install-logging.overrides.golden.yaml | 690 ++++++++++++++++++ .../install-metrics.defaults.golden.yaml | 2 +- .../install-metrics.overrides.golden.yaml | 2 +- docs/cmd/kumactl/HELP.md | 1 + 8 files changed, 1515 insertions(+), 2 deletions(-) create mode 100644 app/kumactl/cmd/install/install_logging_test.go create mode 100644 app/kumactl/cmd/install/testdata/install-logging.defaults.golden.yaml create mode 100644 app/kumactl/cmd/install/testdata/install-logging.overrides.golden.yaml diff --git a/app/kumactl/cmd/completion/testdata/bash.golden b/app/kumactl/cmd/completion/testdata/bash.golden index c77731e02a66..41116f528f8e 100644 --- a/app/kumactl/cmd/completion/testdata/bash.golden +++ b/app/kumactl/cmd/completion/testdata/bash.golden @@ -1733,6 +1733,36 @@ _kumactl_install_dns() noun_aliases=() } +_kumactl_install_logging() +{ + last_command="kumactl_install_logging" + + command_aliases=() + + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--namespace=") + two_word_flags+=("--namespace") + local_nonpersistent_flags+=("--namespace=") + flags+=("--config-file=") + two_word_flags+=("--config-file") + flags+=("--log-level=") + two_word_flags+=("--log-level") + flags+=("--mesh=") + two_word_flags+=("--mesh") + two_word_flags+=("-m") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _kumactl_install_metrics() { last_command="kumactl_install_metrics" @@ -1811,6 +1841,7 @@ _kumactl_install() commands=() commands+=("control-plane") commands+=("dns") + commands+=("logging") commands+=("metrics") commands+=("tracing") diff --git a/app/kumactl/cmd/completion/testdata/zsh.golden b/app/kumactl/cmd/completion/testdata/zsh.golden index 4b47d6845a93..05d218ea2442 100644 --- a/app/kumactl/cmd/completion/testdata/zsh.golden +++ b/app/kumactl/cmd/completion/testdata/zsh.golden @@ -668,6 +668,7 @@ function _kumactl_install { commands=( "control-plane:Install Kuma Control Plane on Kubernetes" "dns:Install DNS to Kubernetes" + "logging:Install Logging backend in Kubernetes cluster (Loki)" "metrics:Install Metrics backend in Kubernetes cluster (Prometheus + Grafana)" "tracing:Install Tracing backend in Kubernetes cluster (Jaeger)" ) @@ -682,6 +683,9 @@ function _kumactl_install { dns) _kumactl_install_dns ;; + logging) + _kumactl_install_logging + ;; metrics) _kumactl_install_metrics ;; @@ -721,6 +725,14 @@ function _kumactl_install_dns { '(-m --mesh)'{-m,--mesh}'[mesh to use]:' } +function _kumactl_install_logging { + _arguments \ + '--namespace[namespace to install logging to]:' \ + '--config-file[path to the configuration file to use]:' \ + '--log-level[log level: one of off|info|debug]:' \ + '(-m --mesh)'{-m,--mesh}'[mesh to use]:' +} + function _kumactl_install_metrics { _arguments \ '--kuma-cp-address[the address of Kuma CP]:' \ diff --git a/app/kumactl/cmd/install/install_logging_test.go b/app/kumactl/cmd/install/install_logging_test.go new file mode 100644 index 000000000000..584a2dab0f23 --- /dev/null +++ b/app/kumactl/cmd/install/install_logging_test.go @@ -0,0 +1,89 @@ +package install_test + +import ( + "bytes" + "io/ioutil" + "path/filepath" + + kuma_version "github.com/Kong/kuma/pkg/version" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/ginkgo/extensions/table" + . "github.com/onsi/gomega" + + "github.com/Kong/kuma/app/kumactl/cmd" + "github.com/Kong/kuma/app/kumactl/pkg/install/data" +) + +var _ = Describe("kumactl install logging", func() { + + var stdout *bytes.Buffer + var stderr *bytes.Buffer + + BeforeEach(func() { + stdout = &bytes.Buffer{} + stderr = &bytes.Buffer{} + }) + + type testCase struct { + extraArgs []string + goldenFile string + } + + BeforeEach(func() { + kuma_version.Build = kuma_version.BuildInfo{ + Version: "0.0.1", + GitTag: "v0.0.1", + GitCommit: "91ce236824a9d875601679aa80c63783fb0e8725", + BuildDate: "2019-08-07T11:26:06Z", + } + }) + + DescribeTable("should generate Kubernetes resources", + func(given testCase) { + // given + rootCmd := cmd.DefaultRootCmd() + rootCmd.SetArgs(append([]string{"install", "logging"}, given.extraArgs...)) + rootCmd.SetOut(stdout) + rootCmd.SetErr(stderr) + + // when + err := rootCmd.Execute() + // then + Expect(err).ToNot(HaveOccurred()) + // and + Expect(stderr.Bytes()).To(BeNil()) + + // when + expected, err := ioutil.ReadFile(filepath.Join("testdata", given.goldenFile)) + // then + Expect(err).ToNot(HaveOccurred()) + // and + expectedManifests := data.SplitYAML(data.File{Data: expected}) + + // when + actual := stdout.Bytes() + // then + Expect(actual).To(MatchYAML(expected)) + // and + actualManifests := data.SplitYAML(data.File{Data: actual}) + + // and + Expect(len(actualManifests)).To(Equal(len(expectedManifests))) + // and + for i := range expectedManifests { + Expect(actualManifests[i]).To(MatchYAML(expectedManifests[i])) + } + }, + Entry("should generate Kubernetes resources with default settings", testCase{ + extraArgs: nil, + goldenFile: "install-logging.defaults.golden.yaml", + }), + Entry("should generate Kubernetes resources with custom settings", testCase{ + extraArgs: []string{ + "--namespace", "kuma", + }, + goldenFile: "install-logging.overrides.golden.yaml", + }), + ) +}) diff --git a/app/kumactl/cmd/install/testdata/install-logging.defaults.golden.yaml b/app/kumactl/cmd/install/testdata/install-logging.defaults.golden.yaml new file mode 100644 index 000000000000..708fc6efe36e --- /dev/null +++ b/app/kumactl/cmd/install/testdata/install-logging.defaults.golden.yaml @@ -0,0 +1,690 @@ + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: kuma-logging +--- +apiVersion: v1 +kind: Namespace +metadata: + name: kuma-logging +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: loki + namespace: kuma-logging + labels: + app: loki + release: loki +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'configMap' + - 'emptyDir' + - 'persistentVolumeClaim' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: loki-promtail + namespace: kuma-logging + labels: + app: promtail + release: loki +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'secret' + - 'configMap' + - 'hostPath' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL +--- +apiVersion: v1 +kind: Secret +metadata: + name: loki + namespace: kuma-logging + labels: + app: loki + release: loki +data: + loki.yaml: YXV0aF9lbmFibGVkOiBmYWxzZQpjaHVua19zdG9yZV9jb25maWc6CiAgbWF4X2xvb2tfYmFja19wZXJpb2Q6IDBzCmluZ2VzdGVyOgogIGNodW5rX2Jsb2NrX3NpemU6IDI2MjE0NAogIGNodW5rX2lkbGVfcGVyaW9kOiAzbQogIGNodW5rX3JldGFpbl9wZXJpb2Q6IDFtCiAgbGlmZWN5Y2xlcjoKICAgIHJpbmc6CiAgICAgIGt2c3RvcmU6CiAgICAgICAgc3RvcmU6IGlubWVtb3J5CiAgICAgIHJlcGxpY2F0aW9uX2ZhY3RvcjogMQogIG1heF90cmFuc2Zlcl9yZXRyaWVzOiAwCmxpbWl0c19jb25maWc6CiAgZW5mb3JjZV9tZXRyaWNfbmFtZTogZmFsc2UKICByZWplY3Rfb2xkX3NhbXBsZXM6IHRydWUKICByZWplY3Rfb2xkX3NhbXBsZXNfbWF4X2FnZTogMTY4aApzY2hlbWFfY29uZmlnOgogIGNvbmZpZ3M6CiAgLSBmcm9tOiAiMjAxOC0wNC0xNSIKICAgIGluZGV4OgogICAgICBwZXJpb2Q6IDE2OGgKICAgICAgcHJlZml4OiBpbmRleF8KICAgIG9iamVjdF9zdG9yZTogZmlsZXN5c3RlbQogICAgc2NoZW1hOiB2OQogICAgc3RvcmU6IGJvbHRkYgpzZXJ2ZXI6CiAgaHR0cF9saXN0ZW5fcG9ydDogMzEwMApzdG9yYWdlX2NvbmZpZzoKICBib2x0ZGI6CiAgICBkaXJlY3Rvcnk6IC9kYXRhL2xva2kvaW5kZXgKICBmaWxlc3lzdGVtOgogICAgZGlyZWN0b3J5OiAvZGF0YS9sb2tpL2NodW5rcwp0YWJsZV9tYW5hZ2VyOgogIHJldGVudGlvbl9kZWxldGVzX2VuYWJsZWQ6IGZhbHNlCiAgcmV0ZW50aW9uX3BlcmlvZDogMHM= +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: loki-promtail + namespace: kuma-logging + labels: + app: promtail + release: loki +data: + promtail.yaml: | + client: + backoff_config: + max_period: 5s + max_retries: 20 + min_period: 100ms + batchsize: 102400 + batchwait: 1s + external_labels: {} + timeout: 10s + positions: + filename: /run/promtail/positions.yaml + server: + http_listen_port: 3101 + target_config: + sync_period: 10s + scrape_configs: + - job_name: kubernetes-pods-name + pipeline_stages: + - docker: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: + - __meta_kubernetes_pod_label_name + target_label: __service__ + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: '' + source_labels: + - __service__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __service__ + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ + - job_name: kubernetes-pods-app + pipeline_stages: + - docker: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: drop + regex: .+ + source_labels: + - __meta_kubernetes_pod_label_name + - source_labels: + - __meta_kubernetes_pod_label_app + target_label: __service__ + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: '' + source_labels: + - __service__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __service__ + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ + - job_name: kubernetes-pods-direct-controllers + pipeline_stages: + - docker: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: drop + regex: .+ + separator: '' + source_labels: + - __meta_kubernetes_pod_label_name + - __meta_kubernetes_pod_label_app + - action: drop + regex: '[0-9a-z-.]+-[0-9a-f]{8,10}' + source_labels: + - __meta_kubernetes_pod_controller_name + - source_labels: + - __meta_kubernetes_pod_controller_name + target_label: __service__ + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: '' + source_labels: + - __service__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __service__ + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ + - job_name: kubernetes-pods-indirect-controller + pipeline_stages: + - docker: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: drop + regex: .+ + separator: '' + source_labels: + - __meta_kubernetes_pod_label_name + - __meta_kubernetes_pod_label_app + - action: keep + regex: '[0-9a-z-.]+-[0-9a-f]{8,10}' + source_labels: + - __meta_kubernetes_pod_controller_name + - action: replace + regex: '([0-9a-z-.]+)-[0-9a-f]{8,10}' + source_labels: + - __meta_kubernetes_pod_controller_name + target_label: __service__ + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: '' + source_labels: + - __service__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __service__ + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ + - job_name: kubernetes-pods-static + pipeline_stages: + - docker: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: drop + regex: '' + source_labels: + - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror + - action: replace + source_labels: + - __meta_kubernetes_pod_label_component + target_label: __service__ + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: '' + source_labels: + - __service__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __service__ + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror + - __meta_kubernetes_pod_container_name + target_label: __path__ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: loki + release: loki + annotations: + {} + name: loki + namespace: kuma-logging +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: promtail + release: loki + name: loki-promtail + namespace: kuma-logging +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: promtail + release: loki + name: loki-promtail-clusterrole + namespace: kuma-logging +rules: + - apiGroups: [""] # "" indicates the core API group + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: ["get", "watch", "list"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: loki-promtail-clusterrolebinding + labels: + app: promtail + release: loki +subjects: + - kind: ServiceAccount + name: loki-promtail + namespace: kuma-logging +roleRef: + kind: ClusterRole + name: loki-promtail-clusterrole + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: loki-promtail + namespace: kuma-logging + labels: + app: promtail + release: loki +rules: + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [loki-promtail] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: loki + namespace: kuma-logging + labels: + app: loki + release: loki +rules: + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [loki] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: loki + namespace: kuma-logging + labels: + app: loki + release: loki +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: loki +subjects: + - kind: ServiceAccount + name: loki +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: loki-promtail + namespace: kuma-logging + labels: + app: promtail + release: loki +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: loki-promtail +subjects: + - kind: ServiceAccount + name: loki-promtail +--- +apiVersion: v1 +kind: Service +metadata: + name: loki-headless + namespace: kuma-logging + labels: + app: loki + release: loki + variant: headless +spec: + clusterIP: None + ports: + - port: 3100 + protocol: TCP + name: http-metrics + targetPort: http-metrics + selector: + app: loki + release: loki +--- +apiVersion: v1 +kind: Service +metadata: + name: loki + namespace: kuma-logging + labels: + app: loki + release: loki + annotations: + {} +spec: + type: ClusterIP + ports: + - port: 3100 + protocol: TCP + name: http-metrics + targetPort: http-metrics + selector: + app: loki + release: loki +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: loki-promtail + namespace: kuma-logging + labels: + app: promtail + release: loki + annotations: + {} +spec: + selector: + matchLabels: + app: promtail + release: loki + updateStrategy: + {} + template: + metadata: + labels: + app: promtail + release: loki + annotations: + checksum/config: bce7daf9d5acc773342c4f42e700668ef8bdc8f34fa1499c766263fa0c1944e0 + prometheus.io/port: http-metrics + prometheus.io/scrape: "true" + spec: + serviceAccountName: loki-promtail + containers: + - name: promtail + image: "grafana/promtail:1.5.0" + imagePullPolicy: IfNotPresent + args: + - "-config.file=/etc/promtail/promtail.yaml" + - "-client.url=http://loki.kuma-logging:3100/loki/api/v1/push" + volumeMounts: + - name: config + mountPath: /etc/promtail + - name: run + mountPath: /run/promtail + - mountPath: /var/lib/docker/containers + name: docker + readOnly: true + - mountPath: /var/log/pods + name: pods + readOnly: true + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + ports: + - containerPort: 3101 + name: http-metrics + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsUser: 0 + readinessProbe: + failureThreshold: 5 + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + {} + nodeSelector: + {} + affinity: + {} + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + volumes: + - name: config + configMap: + name: loki-promtail + - name: run + hostPath: + path: /run/promtail + - hostPath: + path: /var/lib/docker/containers + name: docker + - hostPath: + path: /var/log/pods + name: pods +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: loki + namespace: kuma-logging + labels: + app: loki + release: loki + annotations: + {} +spec: + podManagementPolicy: OrderedReady + replicas: 1 + selector: + matchLabels: + app: loki + release: loki + serviceName: loki-headless + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app: loki + name: loki + release: loki + annotations: + checksum/config: d4c94f4c6a73353362c10d2f844340cec8999b291ca88481ac162fbb5942617d + prometheus.io/port: http-metrics + prometheus.io/scrape: "true" + spec: + serviceAccountName: loki + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + initContainers: + [] + containers: + - name: loki + image: "grafana/loki:1.5.0" + imagePullPolicy: IfNotPresent + args: + - "-config.file=/etc/loki/loki.yaml" + volumeMounts: + - name: config + mountPath: /etc/loki + - name: storage + mountPath: "/data" + ports: + - name: http-metrics + containerPort: 3100 + protocol: TCP + livenessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 45 + readinessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 45 + resources: + {} + securityContext: + readOnlyRootFilesystem: true + nodeSelector: + {} + affinity: + {} + tolerations: + [] + terminationGracePeriodSeconds: 4800 + volumes: + - name: config + secret: + secretName: loki + - name: storage + emptyDir: {} diff --git a/app/kumactl/cmd/install/testdata/install-logging.overrides.golden.yaml b/app/kumactl/cmd/install/testdata/install-logging.overrides.golden.yaml new file mode 100644 index 000000000000..f369ade4cb81 --- /dev/null +++ b/app/kumactl/cmd/install/testdata/install-logging.overrides.golden.yaml @@ -0,0 +1,690 @@ + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: kuma +--- +apiVersion: v1 +kind: Namespace +metadata: + name: kuma +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: loki + namespace: kuma + labels: + app: loki + release: loki +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'configMap' + - 'emptyDir' + - 'persistentVolumeClaim' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: loki-promtail + namespace: kuma + labels: + app: promtail + release: loki +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'secret' + - 'configMap' + - 'hostPath' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL +--- +apiVersion: v1 +kind: Secret +metadata: + name: loki + namespace: kuma + labels: + app: loki + release: loki +data: + loki.yaml: YXV0aF9lbmFibGVkOiBmYWxzZQpjaHVua19zdG9yZV9jb25maWc6CiAgbWF4X2xvb2tfYmFja19wZXJpb2Q6IDBzCmluZ2VzdGVyOgogIGNodW5rX2Jsb2NrX3NpemU6IDI2MjE0NAogIGNodW5rX2lkbGVfcGVyaW9kOiAzbQogIGNodW5rX3JldGFpbl9wZXJpb2Q6IDFtCiAgbGlmZWN5Y2xlcjoKICAgIHJpbmc6CiAgICAgIGt2c3RvcmU6CiAgICAgICAgc3RvcmU6IGlubWVtb3J5CiAgICAgIHJlcGxpY2F0aW9uX2ZhY3RvcjogMQogIG1heF90cmFuc2Zlcl9yZXRyaWVzOiAwCmxpbWl0c19jb25maWc6CiAgZW5mb3JjZV9tZXRyaWNfbmFtZTogZmFsc2UKICByZWplY3Rfb2xkX3NhbXBsZXM6IHRydWUKICByZWplY3Rfb2xkX3NhbXBsZXNfbWF4X2FnZTogMTY4aApzY2hlbWFfY29uZmlnOgogIGNvbmZpZ3M6CiAgLSBmcm9tOiAiMjAxOC0wNC0xNSIKICAgIGluZGV4OgogICAgICBwZXJpb2Q6IDE2OGgKICAgICAgcHJlZml4OiBpbmRleF8KICAgIG9iamVjdF9zdG9yZTogZmlsZXN5c3RlbQogICAgc2NoZW1hOiB2OQogICAgc3RvcmU6IGJvbHRkYgpzZXJ2ZXI6CiAgaHR0cF9saXN0ZW5fcG9ydDogMzEwMApzdG9yYWdlX2NvbmZpZzoKICBib2x0ZGI6CiAgICBkaXJlY3Rvcnk6IC9kYXRhL2xva2kvaW5kZXgKICBmaWxlc3lzdGVtOgogICAgZGlyZWN0b3J5OiAvZGF0YS9sb2tpL2NodW5rcwp0YWJsZV9tYW5hZ2VyOgogIHJldGVudGlvbl9kZWxldGVzX2VuYWJsZWQ6IGZhbHNlCiAgcmV0ZW50aW9uX3BlcmlvZDogMHM= +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: loki-promtail + namespace: kuma + labels: + app: promtail + release: loki +data: + promtail.yaml: | + client: + backoff_config: + max_period: 5s + max_retries: 20 + min_period: 100ms + batchsize: 102400 + batchwait: 1s + external_labels: {} + timeout: 10s + positions: + filename: /run/promtail/positions.yaml + server: + http_listen_port: 3101 + target_config: + sync_period: 10s + scrape_configs: + - job_name: kubernetes-pods-name + pipeline_stages: + - docker: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: + - __meta_kubernetes_pod_label_name + target_label: __service__ + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: '' + source_labels: + - __service__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __service__ + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ + - job_name: kubernetes-pods-app + pipeline_stages: + - docker: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: drop + regex: .+ + source_labels: + - __meta_kubernetes_pod_label_name + - source_labels: + - __meta_kubernetes_pod_label_app + target_label: __service__ + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: '' + source_labels: + - __service__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __service__ + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ + - job_name: kubernetes-pods-direct-controllers + pipeline_stages: + - docker: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: drop + regex: .+ + separator: '' + source_labels: + - __meta_kubernetes_pod_label_name + - __meta_kubernetes_pod_label_app + - action: drop + regex: '[0-9a-z-.]+-[0-9a-f]{8,10}' + source_labels: + - __meta_kubernetes_pod_controller_name + - source_labels: + - __meta_kubernetes_pod_controller_name + target_label: __service__ + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: '' + source_labels: + - __service__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __service__ + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ + - job_name: kubernetes-pods-indirect-controller + pipeline_stages: + - docker: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: drop + regex: .+ + separator: '' + source_labels: + - __meta_kubernetes_pod_label_name + - __meta_kubernetes_pod_label_app + - action: keep + regex: '[0-9a-z-.]+-[0-9a-f]{8,10}' + source_labels: + - __meta_kubernetes_pod_controller_name + - action: replace + regex: '([0-9a-z-.]+)-[0-9a-f]{8,10}' + source_labels: + - __meta_kubernetes_pod_controller_name + target_label: __service__ + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: '' + source_labels: + - __service__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __service__ + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ + - job_name: kubernetes-pods-static + pipeline_stages: + - docker: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: drop + regex: '' + source_labels: + - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror + - action: replace + source_labels: + - __meta_kubernetes_pod_label_component + target_label: __service__ + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: __host__ + - action: drop + regex: '' + source_labels: + - __service__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + - __service__ + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror + - __meta_kubernetes_pod_container_name + target_label: __path__ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: loki + release: loki + annotations: + {} + name: loki + namespace: kuma +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: promtail + release: loki + name: loki-promtail + namespace: kuma +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: promtail + release: loki + name: loki-promtail-clusterrole + namespace: kuma +rules: + - apiGroups: [""] # "" indicates the core API group + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: ["get", "watch", "list"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: loki-promtail-clusterrolebinding + labels: + app: promtail + release: loki +subjects: + - kind: ServiceAccount + name: loki-promtail + namespace: kuma +roleRef: + kind: ClusterRole + name: loki-promtail-clusterrole + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: loki-promtail + namespace: kuma + labels: + app: promtail + release: loki +rules: + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [loki-promtail] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: loki + namespace: kuma + labels: + app: loki + release: loki +rules: + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [loki] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: loki + namespace: kuma + labels: + app: loki + release: loki +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: loki +subjects: + - kind: ServiceAccount + name: loki +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: loki-promtail + namespace: kuma + labels: + app: promtail + release: loki +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: loki-promtail +subjects: + - kind: ServiceAccount + name: loki-promtail +--- +apiVersion: v1 +kind: Service +metadata: + name: loki-headless + namespace: kuma + labels: + app: loki + release: loki + variant: headless +spec: + clusterIP: None + ports: + - port: 3100 + protocol: TCP + name: http-metrics + targetPort: http-metrics + selector: + app: loki + release: loki +--- +apiVersion: v1 +kind: Service +metadata: + name: loki + namespace: kuma + labels: + app: loki + release: loki + annotations: + {} +spec: + type: ClusterIP + ports: + - port: 3100 + protocol: TCP + name: http-metrics + targetPort: http-metrics + selector: + app: loki + release: loki +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: loki-promtail + namespace: kuma + labels: + app: promtail + release: loki + annotations: + {} +spec: + selector: + matchLabels: + app: promtail + release: loki + updateStrategy: + {} + template: + metadata: + labels: + app: promtail + release: loki + annotations: + checksum/config: bce7daf9d5acc773342c4f42e700668ef8bdc8f34fa1499c766263fa0c1944e0 + prometheus.io/port: http-metrics + prometheus.io/scrape: "true" + spec: + serviceAccountName: loki-promtail + containers: + - name: promtail + image: "grafana/promtail:1.5.0" + imagePullPolicy: IfNotPresent + args: + - "-config.file=/etc/promtail/promtail.yaml" + - "-client.url=http://loki.kuma:3100/loki/api/v1/push" + volumeMounts: + - name: config + mountPath: /etc/promtail + - name: run + mountPath: /run/promtail + - mountPath: /var/lib/docker/containers + name: docker + readOnly: true + - mountPath: /var/log/pods + name: pods + readOnly: true + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + ports: + - containerPort: 3101 + name: http-metrics + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsUser: 0 + readinessProbe: + failureThreshold: 5 + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + {} + nodeSelector: + {} + affinity: + {} + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + volumes: + - name: config + configMap: + name: loki-promtail + - name: run + hostPath: + path: /run/promtail + - hostPath: + path: /var/lib/docker/containers + name: docker + - hostPath: + path: /var/log/pods + name: pods +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: loki + namespace: kuma + labels: + app: loki + release: loki + annotations: + {} +spec: + podManagementPolicy: OrderedReady + replicas: 1 + selector: + matchLabels: + app: loki + release: loki + serviceName: loki-headless + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app: loki + name: loki + release: loki + annotations: + checksum/config: d4c94f4c6a73353362c10d2f844340cec8999b291ca88481ac162fbb5942617d + prometheus.io/port: http-metrics + prometheus.io/scrape: "true" + spec: + serviceAccountName: loki + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + initContainers: + [] + containers: + - name: loki + image: "grafana/loki:1.5.0" + imagePullPolicy: IfNotPresent + args: + - "-config.file=/etc/loki/loki.yaml" + volumeMounts: + - name: config + mountPath: /etc/loki + - name: storage + mountPath: "/data" + ports: + - name: http-metrics + containerPort: 3100 + protocol: TCP + livenessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 45 + readinessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 45 + resources: + {} + securityContext: + readOnlyRootFilesystem: true + nodeSelector: + {} + affinity: + {} + tolerations: + [] + terminationGracePeriodSeconds: 4800 + volumes: + - name: config + secret: + secretName: loki + - name: storage + emptyDir: {} diff --git a/app/kumactl/cmd/install/testdata/install-metrics.defaults.golden.yaml b/app/kumactl/cmd/install/testdata/install-metrics.defaults.golden.yaml index aebbd902a4af..535b77f0e814 100644 --- a/app/kumactl/cmd/install/testdata/install-metrics.defaults.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-metrics.defaults.golden.yaml @@ -4913,7 +4913,7 @@ spec: runAsUser: 472 containers: - name: grafana - image: "grafana/grafana:6.6.0" + image: "grafana/grafana:7.0.3" imagePullPolicy: IfNotPresent volumeMounts: - name: config diff --git a/app/kumactl/cmd/install/testdata/install-metrics.overrides.golden.yaml b/app/kumactl/cmd/install/testdata/install-metrics.overrides.golden.yaml index 2460e760a9af..7afe07e52296 100644 --- a/app/kumactl/cmd/install/testdata/install-metrics.overrides.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-metrics.overrides.golden.yaml @@ -4913,7 +4913,7 @@ spec: runAsUser: 472 containers: - name: grafana - image: "grafana/grafana:6.6.0" + image: "grafana/grafana:7.0.3" imagePullPolicy: IfNotPresent volumeMounts: - name: config diff --git a/docs/cmd/kumactl/HELP.md b/docs/cmd/kumactl/HELP.md index c002d5235895..2ea968b293b5 100644 --- a/docs/cmd/kumactl/HELP.md +++ b/docs/cmd/kumactl/HELP.md @@ -198,6 +198,7 @@ Usage: Available Commands: control-plane Install Kuma Control Plane on Kubernetes dns Install DNS to Kubernetes + logging Install Logging backend in Kubernetes cluster (Loki) metrics Install Metrics backend in Kubernetes cluster (Prometheus + Grafana) tracing Install Tracing backend in Kubernetes cluster (Jaeger)