admin/k3s-gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a1d83ee24c151f1cfaca2ba9863849dc32da7fd
k3s-gitops/loki-ingress-argocd-setup/CHEATSHEET.md

181 lines
4.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Loki Ingress - Шпаргалка
## Быстрый старт
```bash
# 1. Клонируй репозиторий
git clone http://gitea-http.gitea.svc.cluster.local:3000/admin/k3s-gitops.git
cd k3s-gitops
# 2. Скопируй файлы в apps/loki/
cp secret-basic-auth.yaml apps/loki/
cp middleware-auth.yaml apps/loki/
cp ingress-loki.yaml apps/loki/
# 3. Commit и Push
git add apps/loki/*.yaml
git commit -m "feat(loki): Add Ingress with HTTPS and Basic Auth"
git push origin main
# 4. Синхронизация ArgoCD (или жди 3 минуты)
argocd app sync loki
```
## Проверка статуса
```bash
# Ingress
kubectl get ingress loki -n loki -o wide
# Certificate
kubectl get certificate loki-tls -n loki
# Все ресурсы
kubectl get all,ingress,secret,middleware,certificate -n loki
```
## Тестирование
```bash
# Health check
curl -u admin:lokipass123 https://loki.thedevops.dev/ready
# Metrics
curl -u admin:lokipass123 https://loki.thedevops.dev/metrics
# Labels
curl -u admin:lokipass123 https://loki.thedevops.dev/loki/api/v1/labels
```
## Credentials по умолчанию
- **URL:** https://loki.thedevops.dev
- **Username:** admin
- **Password:** lokipass123
## Изменить пароль
```bash
# Генерация нового пароля
htpasswd -nb admin your-new-password
# Обновить secret-basic-auth.yaml
# Замени строку в stringData.users
```
## DNS настройка
```
Type: A
Name: loki.thedevops.dev
Value: 5.182.17.194
TTL: 300
```
## Troubleshooting
### Ingress нет IP
```bash
kubectl get svc -n kube-system traefik
kubectl logs -n kube-system deployment/traefik --tail=50
```
### Сертификат не создается
```bash
kubectl describe certificate loki-tls -n loki
kubectl logs -n cert-manager deployment/cert-manager --tail=50
kubectl get challenge -n loki
```
### 401 Unauthorized
```bash
kubectl get secret loki-basic-auth -n loki
kubectl get middleware loki-auth -n loki -o yaml
```
### ArgoCD не синхронизирует
```bash
argocd app get loki
argocd app sync loki --force
kubectl logs -n argocd deployment/argocd-application-controller --tail=50
```
## Полезные команды
```bash
# Логи Loki
kubectl logs -n loki loki-0 -f
# Логи cert-manager
kubectl logs -n cert-manager deployment/cert-manager -f
# События
kubectl get events -n loki --sort-by='.lastTimestamp'
# ArgoCD sync
argocd app sync loki
argocd app get loki
argocd app diff loki
# Принудительная пересинхронизация
argocd app sync loki --prune --force
```
## Grafana интеграция
1. Скопируй `grafana-datasource-loki.yaml` в `apps/monitoring/`
2. Commit & Push
3. Sync ArgoCD приложение monitoring
4. Перезапусти Grafana (если нужно):
```bash
kubectl rollout restart deployment k8s-monitoring-grafana -n monitoring
```
## Endpoints
- `/ready` - health check
- `/metrics` - Prometheus metrics
- `/loki/api/v1/query` - LogQL queries
- `/loki/api/v1/labels` - available labels
- `/loki/api/v1/label/<name>/values` - label values
## LogQL примеры в Grafana
```logql
# Все логи из loki namespace
{namespace="loki"}
# Логи с ошибками
{namespace="loki"} |= "error"
# Rate за 5 минут
rate({namespace="loki"}[5m])
# Логи конкретного pod
{namespace="loki", pod="loki-0"}
```
## Безопасность
1. ✅ HTTPS включен (Let's Encrypt)
2. ✅ Basic Auth включен
3. 🔲 TODO: Изменить пароль по умолчанию
4. 🔲 TODO: Добавить Network Policy
5. 🔲 TODO: Настроить Rate Limiting
## Структура файлов
```
apps/loki/
├── secret-basic-auth.yaml ← Новый
├── middleware-auth.yaml ← Новый
├── ingress-loki.yaml ← Новый
├── namespace.yaml
├── configmap-loki.yaml
├── configmap-promtail.yaml
├── service.yaml
├── statefulset.yaml
├── daemonset-promtail.yaml
└── ...
```
Reference in New Issue View Git Blame Copy Permalink