Assumptions (5/5/2022)📜
- Running using BigBang branch https://repo1.dso.mil/platform-one/big-bang/bigbang/-/tree/loki-enterprise
- Running using Loki branch https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki/-/tree/feature/adjustable-service-ports
Setup📜
Installation📜
- Install BigBang with values.yaml
GEL Configuration in Grafana📜
- Navigate to https://grafana.bigbang.dev/plugins/grafana-enterprise-logs-app
- Populate fields with:
- Access token: Admin token from
kubectl get secret/gel-admin-token -n logging -o json | jq -r '.data.token' | base64 --decode
- Grafana Enterprise Logs URL: http://logging-loki-gel-gateway.logging.svc.cluster.local
- Click “Enable”
- Navigate to https://grafana.bigbang.dev/a/grafana-enterprise-logs-app?path=tenants
- Click Create Tenant, and create a new Tenant
Create Policy/Token for Promtail📜
- Navigate to https://grafana.bigbang.dev/a/grafana-enterprise-logs-app?path=access-policies and create an access policy with the
logs:write
scope, ensure you’ve selected the tenant you just created. - Now create a token for that access policy by clicking ‘Add Token’ on the policy name. Copy the token and save it for the next step.
Promtail Configuration📜
- Uncomment the promtail section in the Values
- Set
basic_auth.password
to the token created above and use the tenant name as the username. - Upgrade the BigBang Helm installation to enable promtail
For example:
promtail:
enabled: true
values:
config:
snippets:
extraClientConfigs: |
basic_auth:
username: borg
password: cHJvbXRhaWwtcHJvbXRhaWw6ODVzfiM6KkAvOjleMjNWNjNyODRZOFxf
tenant_id: borg
external_labels:
environment: dev
Create Grafana Datasource📜
- Navigate to https://grafana.bigbang.dev/a/grafana-enterprise-logs-app?path=access-policies and create an access policy, ensuring to tick the box that you intend to create a data source with this policy. It should auto populate the required scopes.
- Click ‘Add Token’, and then click ‘Create’, and then click ‘Create a datasource’ which will create a new datasource pre-configured to use the token.
Future Considerations📜
- Grafana Enterprise plugin should be configured automatically, which is possible, but enterprise plugin properites are undocumented and the admin token is not known until a
post-install
job is run. This job is calledtokengen
in thelogging
namespace, once complete this token is stored in secretlogging-loki-admin-token
. - Promtail configuration to set auth and tenant info should be automatic, but this depends on the addition of a job to bootstrap a tenant and create a policy plus token.
- Loki VirtualService for external cluster access.
- Memberlist seems to be finicky in AWS with atypical internal subnets. See Here
Values📜
monitoring:
enabled: true
grafana:
enterprise:
enabled: true
licenseContents: <GEX License>
loki:
# -- Toggle deployment of Loki.
enabled: true
# -- Loki architecture. Options are monolith and scalable
strategy: scalable
values:
enterprise:
enabled: true
license:
contents: <GEL LICENSE>
# Must match cluster name in GEL license
cluster_name: <LICENSE CLUSTER NAME>
gateway:
enabled: true
service:
port: 3101
minio:
tenants:
buckets:
- name: loki-logs
- name: loki-admin
- name: loki-deletion
read:
replicas: 1
write:
replicas: 1
loki:
storage:
endpoint: minio.logging.svc.cluster.local
bucketNames:
chunks: loki-logs
admin: loki-admin
deletion: loki-deletion
access_key_id: minio
secret_access_key: minio123
# Get value of `logging-loki-admin-token` secret once loki with `enterprise.enabled=true` rolls out and `tokengen` job completes.
# promtail:
# enabled: true
# values:
# config:
# snippets:
# extraClientConfigs: |
# basic_auth:
# username: <TENANT_NAME>
# password: <TOKEN>
# tenant_id: <TENANT_NAME>
# external_labels:
# environment: dev
addons:
minioOperator:
enabled: true