Grafana Loki の simple scalable deployment mode が READ と WRITE と BACKEND の3つになったので試してみた (Loki 3.0.0)

Loki 2.8.0 で simple scalable deployment mode に backend が追加されたのと Loki 3.0.0 がリリースされたので試してみました。パフォーマンス的にはクエリが 504 Gateway Time-out になる事が少なくなったと感じているので simple scalable deployment mode の Read, Write, Backend で運用するメリットはあると感じています。

Loki 2.8.0 以前の simple scalable deployment mode では Read と Wirte の 2つで構成されていて Read には ruler のコンポーネントがあり、Grafana から アラートの状態が確認できたのですが、Loki 2.8.0 以降では ruler のコンポーネントが Backend に移動したので、 Grafana から Alert rules の状態が見えなくなりました。(Datasource を追加する際は Read を登録するため)
個人的には Grafana から ログ監視の状態が見えるのはありがたかったので Read に ruler を追加して運用しています。

Loki 3.0.0 での注意点は BoltDB store やいくつか廃止された設定があるので以前の設定を流用する場合は確認しておく必要があります。


BoltDB の設定については以前から tsdb に変更していたため影響はありませんでしたが、Loki 3.0.0 にアップデートするにあたって以下の設定を削除しました。


@@ -40,7 +40,6 @@ storage_config:
   tsdb_shipper:
     active_index_directory: /data/tsdb-index
     cache_location: /data/tsdb-cache
-    shared_store: s3
 
 schema_config:
   configs:
@@ -52,9 +51,6 @@ schema_config:
       prefix: index_
       period: 24h
 
-chunk_store_config:
-  max_look_back_period: 336h
-
 limits_config:
   max_cache_freshness_per_query: '10m'
   reject_old_samples: true

Simple Scalable Deploymode Component

Read targetQuery Frontend, Querier
Write targetDistributer, Ingester
Backend targetCompactor, Index Gateway, Query Scheduler, Ruler

Configure

auth_enabled: false

server:
  http_listen_address: 0.0.0.0
  grpc_listen_address: 0.0.0.0
  http_listen_port: 3100
  grpc_listen_port: 9095
  http_server_read_timeout: 600s
  http_server_write_timeout: 600s
  grpc_server_max_recv_msg_size: 33554432
  grpc_server_max_send_msg_size: 33554432
  log_level: info

memberlist:
  join_members: 
    - ${NAMESPACE}-frontend-loki-memberlist01-headless-001.${NAMESPACE}.svc.cluster.local:7946
  dead_node_reclaim_time: 30s
  gossip_to_dead_nodes_time: 15s
  left_ingesters_timeout: 30s
  bind_addr: ['0.0.0.0']
  bind_port: 7946
  gossip_interval: 2s

common:
  path_prefix: /data
  compactor_address: http://${NAMESPACE}-frontend-loki-write01-headless-001.${NAMESPACE}.svc.cluster.local:3100
  storage:
    s3:
      endpoint: ${NAMESPACE}-minio-loki-01-001.${NAMESPACE}.svc.cluster.local:9000
      insecure: true
      bucketnames: loki-data
      access_key_id: ${MINIO_ROOT_USER}
      secret_access_key: ${MINIO_ROOT_PASSWORD}
      s3forcepathstyle: true
  ring:
    kvstore:
      store: memberlist

storage_config:
  tsdb_shipper:
    active_index_directory: /data/tsdb-index
    cache_location: /data/tsdb-cache
    shared_store: s3

schema_config:
  configs:
  - from: 2023-07-11
    store: tsdb
    object_store: s3
    schema: v13
    index:
      prefix: index_
      period: 24h

chunk_store_config:
  max_look_back_period: 336h

limits_config:
  max_cache_freshness_per_query: '10m'
  reject_old_samples: true
  reject_old_samples_max_age: 30m
  ingestion_rate_mb: 10
  ingestion_burst_size_mb: 20
  split_queries_by_interval: 15m
  volume_enabled: true

table_manager:
  retention_deletes_enabled: true
  retention_period: 336h

frontend:
  log_queries_longer_than: 5s
  compress_responses: true
  max_outstanding_per_tenant: 2048

querier:
  query_ingesters_within: 2h

query_range:
  align_queries_with_step: true
  max_retries: 5
  parallelise_shardable_queries: true
  cache_results: true

query_scheduler:
  max_outstanding_requests_per_tenant: 4096

compactor:
  working_directory: /data/compactor

ingester:
  lifecycler:
    join_after: 10s
    observe_period: 5s
    ring:
      replication_factor: 3
      kvstore:
        store: memberlist
    final_sleep: 0s
  chunk_idle_period: 1m
  wal:
    enabled: true
    dir: /data/wal
  max_chunk_age: 1m
  chunk_retain_period: 30s
  chunk_encoding: snappy
  chunk_target_size: 1.572864e+06
  chunk_block_size: 262144
  flush_op_timeout: 10s

ruler:
  alertmanager_url: "http://${NAMESPACE}-backend-alertmanager01-001.${NAMESPACE}.svc.cluster.local:9093"
  enable_alertmanager_v2: true
  enable_api: true
  enable_sharding: true
  wal:
    dir: /data/ruler-wal
  storage:
    type: local
    local:
      directory: /data/rules
  rule_path: /data/rules-temp
  remote_write:
    enabled: true
    clients:
      local:
         url: http://${NAMESPACE}-backend-prometheus-db01-001.${NAMESPACE}.svc.cluster.local:9090/api/v1/write
         queue_config:
           capacity: 1
           batch_send_deadline: 0s

Manifest


apiVersion: v1
kind: Service
metadata:
  name: frontend-loki-read01-headless
  labels:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-read
spec:
  ports:
  - name: tcp01
    port: 3100
    protocol: TCP
    targetPort: 3100
  - name: tcp02
    port: 9095
    protocol: TCP
    targetPort: 9095
  selector:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-read
  sessionAffinity: None
  clusterIP: None
  type: ClusterIP
  publishNotReadyAddresses: true
---
apiVersion: v1
kind: Service
metadata:
  name: frontend-loki-write01-headless
  labels:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-write
spec:
  ports:
  - name: tcp01
    port: 3100
    protocol: TCP
    targetPort: 3100
  - name: tcp02
    port: 9095
    protocol: TCP
    targetPort: 9095
  selector:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-write
  sessionAffinity: None
  clusterIP: None
  type: ClusterIP
  publishNotReadyAddresses: true
---
apiVersion: v1
kind: Service
metadata:
  name: frontend-loki-backend01-headless
  labels:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-backend
spec:
  ports:
  - name: tcp01
    port: 3100
    protocol: TCP
    targetPort: 3100
  - name: tcp02
    port: 9095
    protocol: TCP
    targetPort: 9095
  selector:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-backend
  sessionAffinity: None
  clusterIP: None
  type: ClusterIP
  publishNotReadyAddresses: true
---
apiVersion: v1
kind: Service
metadata:
  name: frontend-loki-memberlist01-headless
  labels:
    app.kubernetes.io/component: loki
spec:
  ports:
  - name: tcp03
    port: 7946
    protocol: TCP
    targetPort: 7946
  selector:
    app.kubernetes.io/name: loki
  sessionAffinity: None
  clusterIP: None
  type: ClusterIP
  publishNotReadyAddresses: true

read については ruler を追加して args を設定しています。


apiVersion: v1
kind: Service
metadata:
  name: frontend-loki-read01
  labels:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-read
spec:
  ports:
  - name: tcp01
    port: 3100
    protocol: TCP
    targetPort: 3100
  - name: tcp02
    port: 9095
    protocol: TCP
    targetPort: 9095
  selector:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-read
  type: ClusterIP
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: frontend-loki-read01
  labels:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-read
spec:
  serviceName: "frontend-loki-read01"
  replicas: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: loki
      app.kubernetes.io/component: loki-read
  template:
    metadata:
      labels:
        app.kubernetes.io/name: loki
        app.kubernetes.io/component: loki-read
    spec:
      containers:
      - args:
        - -config.file=/etc/loki/config-loki.yaml
        - -config.expand-env
        - -target=read,ruler
        - -legacy-read-mode=false
        name: frontend-loki-read01
        image: frontend-loki-app01
        imagePullPolicy: Always
        resources:
          requests:
            memory: "200Mi"
            cpu: "200m"
          limits:
            memory: "1Gi"
            cpu: "1000m"
        ports:
        - containerPort: 3100
          name: tcp01
          protocol: TCP
        - containerPort: 9095
          name: tcp02
          protocol: TCP
        - containerPort: 7946
          name: tcp03
          protocol: TCP
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: MINIO_ROOT_USER
          valueFrom:
            secretKeyRef: 
              name: kustomize-secret-minio
              key: minio_root_user
        - name: MINIO_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: kustomize-secret-minio
              key: minio_root_password
        volumeMounts:
        - mountPath: /etc/loki
          name: configmap-loki-config01
        - mountPath: /data/rules/fake
          name: configmap-loki-config04
        - mountPath: /data
          name: loki-read
      securityContext:
        fsGroup: 10001
        runAsGroup: 10001
        runAsNonRoot: true
        runAsUser: 10001
      restartPolicy: Always
      terminationGracePeriodSeconds: 4800
      volumes:
      - name: configmap-loki-config01
        configMap:
          name: configmap-loki-config01
          defaultMode: 420
      - name: configmap-loki-config04
        configMap:
          name: configmap-loki-config04
          defaultMode: 420
  volumeClaimTemplates:
  - metadata:
      name: loki-read
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 1Gi
      storageClassName: longhorn

apiVersion: v1
kind: Service
metadata:
  name: frontend-loki-write01
  labels:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-write
spec:
  ports:
  - name: tcp01
    port: 3100
    protocol: TCP
    targetPort: 3100
  - name: tcp02
    port: 9095
    protocol: TCP
    targetPort: 9095
  selector:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-write
  type: ClusterIP
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: frontend-loki-write01
  labels:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-write
spec:
  serviceName: "frontend-loki-write01"
  replicas: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: loki
      app.kubernetes.io/component: loki-write
  template:
    metadata:
      labels:
        app.kubernetes.io/name: loki
        app.kubernetes.io/component: loki-write
    spec:
      containers:
      - args:
        - -config.file=/etc/loki/config-loki.yaml
        - -config.expand-env
        - -target=write
        - -legacy-read-mode=false
        name: frontend-loki-write01
        image: frontend-loki-app01
        imagePullPolicy: Always
        resources:
          requests:
            memory: "200Mi"
            cpu: "200m"
          limits:
            memory: "1Gi"
            cpu: "1000m"
        ports:
        - containerPort: 3100
          name: tcp01
          protocol: TCP
        - containerPort: 9095
          name: tcp02
          protocol: TCP
        - containerPort: 7946
          name: tcp03
          protocol: TCP
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: MINIO_ROOT_USER
          valueFrom:
            secretKeyRef: 
              name: kustomize-secret-minio
              key: minio_root_user
        - name: MINIO_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: kustomize-secret-minio
              key: minio_root_password
        volumeMounts:
        - mountPath: /etc/loki
          name: configmap-loki-config01
        - mountPath: /data
          name: loki-write
      securityContext:
        fsGroup: 10001
        runAsGroup: 10001
        runAsNonRoot: true
        runAsUser: 10001
      restartPolicy: Always
      terminationGracePeriodSeconds: 4800
      volumes:
      - name: configmap-loki-config01
        configMap:
          name: configmap-loki-config01
          defaultMode: 420
  volumeClaimTemplates:
  - metadata:
      name: loki-write
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 5Gi
      storageClassName: longhorn


apiVersion: v1
kind: Service
metadata:
  name: frontend-loki-backend01
  labels:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-backend
spec:
  ports:
  - name: tcp01
    port: 3100
    protocol: TCP
    targetPort: 3100
  - name: tcp02
    port: 9095
    protocol: TCP
    targetPort: 9095
  selector:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-backend
  type: ClusterIP
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: frontend-loki-backend01
  labels:
    app.kubernetes.io/name: loki
    app.kubernetes.io/component: loki-backend
spec:
  serviceName: "frontend-loki-backend01"
  replicas: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: loki
      app.kubernetes.io/component: loki-backend
  template:
    metadata:
      labels:
        app.kubernetes.io/name: loki
        app.kubernetes.io/component: loki-backend
    spec:
      containers:
      - args:
        - -config.file=/etc/loki/config-loki.yaml
        - -config.expand-env
        - -target=backend
        - -legacy-read-mode=false
        name: frontend-loki-backend01
        image: frontend-loki-app01
        imagePullPolicy: Always
        resources:
          requests:
            memory: "200Mi"
            cpu: "200m"
          limits:
            memory: "1Gi"
            cpu: "1000m"
        ports:
        - containerPort: 3100
          name: tcp01
          protocol: TCP
        - containerPort: 9095
          name: tcp02
          protocol: TCP
        - containerPort: 7946
          name: tcp03
          protocol: TCP
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: MINIO_ROOT_USER
          valueFrom:
            secretKeyRef: 
              name: kustomize-secret-minio
              key: minio_root_user
        - name: MINIO_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: kustomize-secret-minio
              key: minio_root_password
        volumeMounts:
        - mountPath: /etc/loki
          name: configmap-loki-config01
        - mountPath: /data/rules/fake
          name: configmap-loki-config04
        - mountPath: /data
          name: loki-backend
      securityContext:
        fsGroup: 10001
        runAsGroup: 10001
        runAsNonRoot: true
        runAsUser: 10001
      restartPolicy: Always
      terminationGracePeriodSeconds: 4800
      volumes:
      - name: configmap-loki-config01
        configMap:
          name: configmap-loki-config01
          defaultMode: 420
      - name: configmap-loki-config04
        configMap:
          name: configmap-loki-config04
          defaultMode: 420
  volumeClaimTemplates:
  - metadata:
      name: loki-backend
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 1Gi
      storageClassName: longhorn

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です