From b86e377b8ac7316a3e3a5b050caf2efd23db3811 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joan=20L=C3=B3pez=20de=20la=20Franca=20Beltran?= Date: Thu, 28 Apr 2022 10:34:23 +0200 Subject: [PATCH] Contents for lecture 6-2 --- 6-2-grafana-alerts/docker-compose.yml | 30 +++++++++++++++ 6-2-grafana-alerts/loki.yml | 38 +++++++++++++++++++ 6-2-grafana-alerts/promtail.yml | 11 ++++++ .../provisioning/datasources/loki.yml | 8 ++++ 6-2-grafana-alerts/rules.yml | 10 +++++ 5 files changed, 97 insertions(+) create mode 100644 6-2-grafana-alerts/docker-compose.yml create mode 100644 6-2-grafana-alerts/loki.yml create mode 100644 6-2-grafana-alerts/promtail.yml create mode 100644 6-2-grafana-alerts/provisioning/datasources/loki.yml create mode 100644 6-2-grafana-alerts/rules.yml diff --git a/6-2-grafana-alerts/docker-compose.yml b/6-2-grafana-alerts/docker-compose.yml new file mode 100644 index 0000000..fd94e7c --- /dev/null +++ b/6-2-grafana-alerts/docker-compose.yml @@ -0,0 +1,30 @@ +version: "3.9" + +services: + grafana: + image: "grafana/grafana:8.4.2" + ports: + - "3000:3000" + volumes: + - ./provisioning:/etc/grafana/provisioning + environment: + - GF_SMTP_ENABLED=true + - GF_SMTP_HOST=mail:1025 + + loki: + image: "grafana/loki:2.4.2" + command: --config.file=/mnt/config/loki.yml + ports: + - "3100:3100" + volumes: + - ./loki.yml:/mnt/config/loki.yml + - ./rules.yml:/etc/loki/rules/fake/rules.yml + + mail: + image: "dockage/mailcatcher:0.7.1" + ports: + - "1080:1080" + - "1025:1025" + +volumes: + logs_dir: \ No newline at end of file diff --git a/6-2-grafana-alerts/loki.yml b/6-2-grafana-alerts/loki.yml new file mode 100644 index 0000000..b9ecdc9 --- /dev/null +++ b/6-2-grafana-alerts/loki.yml @@ -0,0 +1,38 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + http_listen_address: 0.0.0.0 + +ruler: + evaluation_interval: 10s + poll_interval: 10s + storage: + type: local + local: + directory: /etc/loki/rules + rule_path: /tmp/loki/rules-temp + enable_api: true + enable_alertmanager_v2: true + +schema_config: + configs: + - from: 2020-08-01 + store: boltdb-shipper + object_store: filesystem + schema: v11 + index: + prefix: index_ + period: 24h + +common: + path_prefix: /tmp/loki + storage: + filesystem: + chunks_directory: /tmp/loki/chunks + rules_directory: /tmp/loki/rules + replication_factor: 1 + ring: + instance_addr: 127.0.0.1 + kvstore: + store: inmemory \ No newline at end of file diff --git a/6-2-grafana-alerts/promtail.yml b/6-2-grafana-alerts/promtail.yml new file mode 100644 index 0000000..b237340 --- /dev/null +++ b/6-2-grafana-alerts/promtail.yml @@ -0,0 +1,11 @@ +clients: + - url: http://loki:3100/loki/api/v1/push + +scrape_configs: + - job_name: flog + static_configs: + - targets: + - localhost + labels: + job: flogs + __path__: /tmp/log/*.log \ No newline at end of file diff --git a/6-2-grafana-alerts/provisioning/datasources/loki.yml b/6-2-grafana-alerts/provisioning/datasources/loki.yml new file mode 100644 index 0000000..fd2fc24 --- /dev/null +++ b/6-2-grafana-alerts/provisioning/datasources/loki.yml @@ -0,0 +1,8 @@ +apiVersion: 1 + +datasources: + - name: Loki + type: loki + url: http://loki:3100 + isDefault: true + editable: true diff --git a/6-2-grafana-alerts/rules.yml b/6-2-grafana-alerts/rules.yml new file mode 100644 index 0000000..c1272ed --- /dev/null +++ b/6-2-grafana-alerts/rules.yml @@ -0,0 +1,10 @@ +groups: + - name: credentials_leak + rules: + - alert: http-credentials-leaked + annotations: + message: "{{ $labels.job }} is leaking http basic auth credentials." + expr: 'sum by (job) (count_over_time({job="myservice"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)' + for: 10s + labels: + severity: critical \ No newline at end of file