Task/set centralized logging for minikube #54
Conversation
| @@ -2,7 +2,6 @@ apiVersion: v1 | |||
| kind: Service | |||
| metadata: | |||
| name: camera-onboarding-service | |||
| namespace: default | |||
There was a problem hiding this comment.
did you change the namespace of your app deployment?
There was a problem hiding this comment.
yes it was default namespace back before, then i changed into app namespace is it wrong. Aslo I need to ask, is defining namespace.yaml the way did is wrong? @ozgen
There was a problem hiding this comment.
there is no wrong or right answer in this condition, you can predefine the namespaces before running kustomization command or you can also add namespace.yaml in the kustomization both of them are welcomed @SelahattinSert
| @@ -1,4 +0,0 @@ | |||
| # k8s/kustomization.yaml | |||
| resources: | |||
There was a problem hiding this comment.
Did you intentionally remove the separate kustomization.yaml files for each component?
Consider organizing your manifests into structured subfolders like the example:
k8s/
app/
deployment.yaml
service.yaml
kustomization.yaml
logging/
deployment.yaml
configmap.yaml
kustomization.yaml
kustomization.yaml # top-level, referencing both app/ and logging/
This way, the top-level kustomization.yaml can aggregate both the app and logging configurations. You can also define shared settings like namespaces and image overrides centrally.
| - role: pod | ||
| relabel_configs: | ||
| - source_labels: [ __meta_kubernetes_pod_label_app ] | ||
| action: keep |
There was a problem hiding this comment.
add filter to get logs ın specific namespace that your app installed.
| - source_labels: [ __meta_kubernetes_pod_label_app ] | ||
| action: keep | ||
| regex: .+ | ||
| - source_labels: [ __meta_kubernetes_namespace ] |
There was a problem hiding this comment.
Can you also include example logs from your application as they appear in Loki? It would help to verify the log structure and ensure compatibility with the current Loki configuration.
| labels: | ||
| app: loki | ||
| spec: | ||
| containers: |
There was a problem hiding this comment.
Do we need to define a ServiceAccount for Loki or Grafana in this setup?
It might not be strictly necessary unless they need to interact with the Kubernetes API or access cluster resources via RBAC. If so, we should include minimal-permission ServiceAccounts to follow best practices. Let me know if this deployment assumes any special permissions.
There was a problem hiding this comment.
In our logging stack only Promtail interacts with the Kubernetes API. So do you want me to configure ServiceAccount for promtail. I think there is no ServiceAccount configured for loki and grafana. @ozgen
There was a problem hiding this comment.
If only Promtail interacts with the Kubernetes API, then yes, let’s configure a minimal-permission ServiceAccount for Promtail to follow least privilege principles. No need to define one for Loki or Grafana unless they require special permissions in the future. @SelahattinSert
| apiVersion: kustomize.config.k8s.io/v1beta1 | ||
| kind: Kustomization | ||
| resources: | ||
| - configmap.yaml |
There was a problem hiding this comment.
why did you need this kustomization file?
| - name: config | ||
| configMap: | ||
| name: loki-config | ||
| - name: loki-storage |
There was a problem hiding this comment.
you did not use persistentVolumeClaim, if yhe pod restarts, could we get the previous logs?
|
|
||
| [security] | ||
| admin_user = admin | ||
| admin_password = admin |
There was a problem hiding this comment.
please do not use plain text for passwords, this should be defined in the secret @SelahattinSert
No description provided.