promtail: # DaemonSet configuration daemonset: enabled: true # Resources resources: requests: cpu: 50m memory: 128Mi limits: memory: 256Mi # Configuration config: # Loki endpoint clients: - url: http://loki-gateway.logging.svc.cluster.local/loki/api/v1/push tenant_id: "" batchwait: 1s batchsize: 1048576 timeout: 10s # Positions file (persisted) positions: filename: /run/promtail/positions.yaml # Server config server: log_level: info log_format: json http_listen_port: 3101 # Scrape configs scrape_configs: # Kubernetes pods - job_name: kubernetes-pods pipeline_stages: # Extract log level - regex: expression: '(?i)(?Ptrace|debug|info|warn|warning|error|err|fatal|critical|panic)' # Parse JSON logs - json: expressions: level: level timestamp: timestamp message: message # Drop high-cardinality labels - labeldrop: - pod_uid - container_id - image_id - stream # Add log level as label (only keep certain levels) - labels: level: kubernetes_sd_configs: - role: pod relabel_configs: # Only scrape running pods - source_labels: [__meta_kubernetes_pod_phase] action: keep regex: Running # Keep essential labels - source_labels: [__meta_kubernetes_namespace] target_label: namespace - source_labels: [__meta_kubernetes_pod_name] target_label: pod - source_labels: [__meta_kubernetes_pod_label_app] target_label: app - source_labels: [__meta_kubernetes_pod_container_name] target_label: container - source_labels: [__meta_kubernetes_pod_node_name] target_label: node # Add cluster label - replacement: homelab target_label: cluster # Drop pods in kube-system namespace (optional) # - source_labels: [__meta_kubernetes_namespace] # action: drop # regex: kube-system # Container log path - source_labels: [__meta_kubernetes_pod_uid, __meta_kubernetes_pod_container_name] target_label: __path__ separator: / replacement: /var/log/pods/*$1/*.log # Journald logs (systemd) - job_name: systemd-journal journal: path: /var/log/journal max_age: 12h labels: job: systemd-journal cluster: homelab pipeline_stages: # Parse priority to log level - match: selector: '{job="systemd-journal"}' stages: - template: source: level template: '{{ if eq .PRIORITY "0" }}fatal{{ else if eq .PRIORITY "1" }}alert{{ else if eq .PRIORITY "2" }}crit{{ else if eq .PRIORITY "3" }}error{{ else if eq .PRIORITY "4" }}warning{{ else if eq .PRIORITY "5" }}notice{{ else if eq .PRIORITY "6" }}info{{ else }}debug{{ end }}' - labels: level: relabel_configs: - source_labels: [__journal__systemd_unit] target_label: unit - source_labels: [__journal__hostname] target_label: node - source_labels: [__journal_syslog_identifier] target_label: syslog_identifier # Volumes extraVolumes: - name: journal hostPath: path: /var/log/journal extraVolumeMounts: - name: journal mountPath: /var/log/journal readOnly: true # Tolerations to run on all nodes tolerations: - effect: NoSchedule operator: Exists # Service Monitor serviceMonitor: enabled: true # Update strategy updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1