322 lines
8.0 KiB
Markdown
322 lines
8.0 KiB
Markdown
# Loki Architecture Diagram
|
|
|
|
## Архитектура решения
|
|
|
|
```mermaid
|
|
graph TB
|
|
subgraph "External Access"
|
|
Browser[🌐 Browser]
|
|
DNS[🔍 DNS: loki.thedevops.dev]
|
|
end
|
|
|
|
subgraph "Traefik Ingress Controller"
|
|
Traefik[⚡ Traefik<br/>Port 80/443]
|
|
LE[🔐 Let's Encrypt<br/>TLS Certificate]
|
|
end
|
|
|
|
subgraph "Loki Namespace"
|
|
Ingress[📥 Ingress<br/>loki.thedevops.dev]
|
|
Middleware[🔒 Basic Auth<br/>Middleware]
|
|
Secret[🗝️ Secret<br/>loki-basic-auth]
|
|
Service[🔌 Service<br/>loki:3100]
|
|
StatefulSet[💾 StatefulSet<br/>loki-0]
|
|
PVC[📀 PVC<br/>loki-data]
|
|
Promtail[📡 DaemonSet<br/>Promtail]
|
|
end
|
|
|
|
subgraph "Monitoring Namespace"
|
|
Grafana[📊 Grafana]
|
|
Prometheus[📈 Prometheus]
|
|
end
|
|
|
|
subgraph "ArgoCD"
|
|
ArgoCD[🔄 ArgoCD<br/>Auto-Sync]
|
|
GitRepo[📚 Gitea<br/>k3s-gitops]
|
|
end
|
|
|
|
subgraph "Storage"
|
|
Longhorn[💿 Longhorn<br/>Distributed Storage]
|
|
end
|
|
|
|
Browser -->|HTTPS| DNS
|
|
DNS -->|Resolve| Traefik
|
|
Traefik -->|TLS Termination| LE
|
|
Traefik -->|Route| Ingress
|
|
Ingress -->|Apply| Middleware
|
|
Middleware -->|Validate| Secret
|
|
Middleware -->|Forward| Service
|
|
Service -->|Load Balance| StatefulSet
|
|
StatefulSet -->|Store Logs| PVC
|
|
PVC -->|Backend| Longhorn
|
|
|
|
Promtail -.->|Push Logs| Service
|
|
Grafana -.->|Query LogQL| Service
|
|
Prometheus -.->|Scrape Metrics| StatefulSet
|
|
|
|
GitRepo -->|Watch| ArgoCD
|
|
ArgoCD -->|Deploy| Ingress
|
|
ArgoCD -->|Deploy| Middleware
|
|
ArgoCD -->|Deploy| Secret
|
|
ArgoCD -->|Deploy| StatefulSet
|
|
|
|
style Browser fill:#e1f5ff
|
|
style DNS fill:#e1f5ff
|
|
style Traefik fill:#ffe1e1
|
|
style LE fill:#ffe1e1
|
|
style Ingress fill:#fff4e1
|
|
style Middleware fill:#fff4e1
|
|
style Secret fill:#fff4e1
|
|
style Service fill:#e1ffe1
|
|
style StatefulSet fill:#e1ffe1
|
|
style PVC fill:#f0e1ff
|
|
style Promtail fill:#e1ffe1
|
|
style Grafana fill:#ffe1f5
|
|
style Prometheus fill:#ffe1f5
|
|
style ArgoCD fill:#e1f0ff
|
|
style GitRepo fill:#e1f0ff
|
|
style Longhorn fill:#f0e1ff
|
|
```
|
|
|
|
## Data Flow - Логи
|
|
|
|
```mermaid
|
|
sequenceDiagram
|
|
participant Apps as Kubernetes Pods
|
|
participant Promtail as Promtail DaemonSet
|
|
participant Loki as Loki StatefulSet
|
|
participant Storage as Longhorn PVC
|
|
participant Grafana as Grafana
|
|
|
|
Apps->>Promtail: Write logs to stdout/stderr
|
|
Note over Promtail: Parse & Label logs
|
|
Promtail->>Loki: HTTP POST /loki/api/v1/push
|
|
Note over Loki: Index labels<br/>Compress chunks
|
|
Loki->>Storage: Write compressed chunks
|
|
|
|
Grafana->>Loki: LogQL Query
|
|
Loki->>Storage: Read chunks
|
|
Loki->>Grafana: Return log lines
|
|
Note over Grafana: Display in UI
|
|
```
|
|
|
|
## Access Flow - External User
|
|
|
|
```mermaid
|
|
sequenceDiagram
|
|
participant User as Browser
|
|
participant DNS as DNS Server
|
|
participant Traefik as Traefik
|
|
participant Ingress as Ingress
|
|
participant Middleware as Middleware
|
|
participant Secret as Secret
|
|
participant Loki as Loki Service
|
|
|
|
User->>DNS: Resolve loki.thedevops.dev
|
|
DNS->>User: Return IPs
|
|
User->>Traefik: HTTPS Request
|
|
Note over Traefik: TLS Termination<br/>(Let's Encrypt)
|
|
Traefik->>Ingress: Route to loki namespace
|
|
Ingress->>Middleware: Apply loki-auth
|
|
Middleware->>Secret: Get credentials
|
|
Middleware->>Middleware: Validate Basic Auth
|
|
alt Valid Credentials
|
|
Middleware->>Loki: Forward request
|
|
Loki->>Middleware: Response
|
|
Middleware->>Traefik: Response
|
|
Traefik->>User: HTTPS Response
|
|
else Invalid Credentials
|
|
Middleware->>User: 401 Unauthorized
|
|
end
|
|
```
|
|
|
|
## ArgoCD GitOps Flow
|
|
|
|
```mermaid
|
|
graph LR
|
|
subgraph "Developer"
|
|
Dev[👨💻 Developer]
|
|
Local[💻 Local Git]
|
|
end
|
|
|
|
subgraph "Gitea"
|
|
Repo[📚 k3s-gitops<br/>Repository]
|
|
end
|
|
|
|
subgraph "ArgoCD"
|
|
Sync[🔄 ArgoCD<br/>Controller]
|
|
App[📦 Application<br/>loki]
|
|
end
|
|
|
|
subgraph "Kubernetes"
|
|
Resources[☸️ K8s Resources<br/>Ingress, Secret, etc]
|
|
end
|
|
|
|
Dev -->|1. Edit YAML| Local
|
|
Local -->|2. Git Push| Repo
|
|
Repo -->|3. Webhook/Poll| Sync
|
|
Sync -->|4. Detect Changes| App
|
|
App -->|5. kubectl apply| Resources
|
|
Resources -.->|6. Status| App
|
|
App -.->|7. Sync Status| Dev
|
|
|
|
style Dev fill:#e1f5ff
|
|
style Local fill:#e1f5ff
|
|
style Repo fill:#e1f0ff
|
|
style Sync fill:#e1ffe1
|
|
style App fill:#e1ffe1
|
|
style Resources fill:#ffe1e1
|
|
```
|
|
|
|
## Component Relationships
|
|
|
|
```mermaid
|
|
graph TB
|
|
subgraph "Core Components"
|
|
Loki[Loki StatefulSet<br/>Port 3100]
|
|
Promtail[Promtail DaemonSet<br/>Port 3101]
|
|
end
|
|
|
|
subgraph "Access Control"
|
|
Ingress[Ingress]
|
|
Middleware[Middleware]
|
|
Secret[Secret]
|
|
end
|
|
|
|
subgraph "Monitoring"
|
|
ServiceMonitor[ServiceMonitor]
|
|
Prometheus[Prometheus]
|
|
Grafana[Grafana]
|
|
end
|
|
|
|
subgraph "Storage"
|
|
PVC[PersistentVolumeClaim<br/>loki-data]
|
|
Longhorn[Longhorn]
|
|
end
|
|
|
|
subgraph "GitOps"
|
|
Git[Git Repository]
|
|
ArgoCD[ArgoCD]
|
|
end
|
|
|
|
Ingress --> Middleware
|
|
Middleware --> Secret
|
|
Middleware --> Loki
|
|
Promtail --> Loki
|
|
Loki --> PVC
|
|
PVC --> Longhorn
|
|
ServiceMonitor --> Loki
|
|
ServiceMonitor --> Prometheus
|
|
Grafana --> Loki
|
|
Git --> ArgoCD
|
|
ArgoCD --> Ingress
|
|
ArgoCD --> Middleware
|
|
ArgoCD --> Secret
|
|
ArgoCD --> Loki
|
|
ArgoCD --> Promtail
|
|
|
|
style Loki fill:#4CAF50
|
|
style Promtail fill:#8BC34A
|
|
style Ingress fill:#FFC107
|
|
style Middleware fill:#FF9800
|
|
style Secret fill:#FF5722
|
|
style Grafana fill:#E91E63
|
|
style Prometheus fill:#9C27B0
|
|
style ArgoCD fill:#2196F3
|
|
style Longhorn fill:#00BCD4
|
|
```
|
|
|
|
## Deployment States
|
|
|
|
```mermaid
|
|
stateDiagram-v2
|
|
[*] --> GitPush: Developer commits
|
|
GitPush --> ArgoCD_Detect: ArgoCD polls repo
|
|
ArgoCD_Detect --> Syncing: Changes detected
|
|
Syncing --> Deploying: Apply manifests
|
|
|
|
state Deploying {
|
|
[*] --> CreateSecret
|
|
CreateSecret --> CreateMiddleware
|
|
CreateMiddleware --> CreateIngress
|
|
CreateIngress --> RequestCert
|
|
RequestCert --> ValidateCert
|
|
ValidateCert --> [*]
|
|
}
|
|
|
|
Deploying --> Healthy: All resources ready
|
|
Healthy --> [*]: Deployment complete
|
|
|
|
Deploying --> Failed: Error occurred
|
|
Failed --> Syncing: Retry
|
|
|
|
Healthy --> GitPush: New changes
|
|
```
|
|
|
|
## Network Topology
|
|
|
|
```mermaid
|
|
graph TB
|
|
subgraph "Internet"
|
|
Client[Client Browser]
|
|
end
|
|
|
|
subgraph "Public IPs"
|
|
IP1[5.182.17.194]
|
|
IP2[62.169.30.194]
|
|
IP3[62.169.30.206]
|
|
end
|
|
|
|
subgraph "k3s Cluster"
|
|
subgraph "kube-system"
|
|
Traefik[Traefik LoadBalancer<br/>80/443]
|
|
end
|
|
|
|
subgraph "loki namespace"
|
|
Ingress[Ingress<br/>loki.thedevops.dev]
|
|
Service[ClusterIP Service<br/>10.43.x.x:3100]
|
|
Pod[Loki Pod<br/>10.42.x.x:3100]
|
|
end
|
|
|
|
subgraph "cert-manager"
|
|
CertManager[Cert Manager]
|
|
Certificate[Certificate<br/>loki-tls]
|
|
end
|
|
end
|
|
|
|
Client -->|DNS| IP1
|
|
Client -->|DNS| IP2
|
|
Client -->|DNS| IP3
|
|
IP1 --> Traefik
|
|
IP2 --> Traefik
|
|
IP3 --> Traefik
|
|
Traefik -->|Route by Host| Ingress
|
|
Ingress -->|ClusterIP| Service
|
|
Service -->|Pod IP| Pod
|
|
CertManager -.->|Provision| Certificate
|
|
Certificate -.->|Use| Ingress
|
|
|
|
style Client fill:#e1f5ff
|
|
style IP1 fill:#ffe1e1
|
|
style IP2 fill:#ffe1e1
|
|
style IP3 fill:#ffe1e1
|
|
style Traefik fill:#fff4e1
|
|
style Ingress fill:#e1ffe1
|
|
style Service fill:#e1f0ff
|
|
style Pod fill:#f0e1ff
|
|
```
|
|
|
|
---
|
|
|
|
## Legend
|
|
|
|
- 🌐 External Access Point
|
|
- ⚡ Load Balancer / Proxy
|
|
- 📥 Ingress / API Gateway
|
|
- 🔒 Authentication / Security
|
|
- 💾 Stateful Storage
|
|
- 📡 Log Collection
|
|
- 📊 Visualization
|
|
- 🔄 Automation / GitOps
|
|
- 💿 Persistent Storage
|
|
- ☸️ Kubernetes Resources
|