---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: promtail
  name: default-promtail
  namespace: onecloud
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app: promtail
  name: default-promtail
  namespace: onecloud
rules:
- apiGroups: [""]
  resources:
  - nodes
  - nodes/proxy
  - services
  - endpoints
  - pods
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app: promtail
  name: default-promtail
  namespace: onecloud
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: default-promtail
subjects:
- kind: ServiceAccount
  name: default-promtail
  namespace: onecloud
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: default-promtail
  namespace: onecloud
  labels:
    app: promtail
spec:
  selector:
    matchLabels:
      app: promtail
  template:
    metadata:
      annotations:
        prometheus.io/port: http-metrics
        prometheus.io/scrape: "true"
      labels:
        app: promtail
    spec:
      serviceAccountName: default-promtail
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
        operator: Exists
      volumes:
      - name: config
        configMap:
          name: default-promtail
      - name: run
        hostPath:
          path: /run/promtail
      - name: docker
        hostPath:
          path: /opt/docker/containers
      - name: pods
        hostPath:
          path: /var/log/pods
      containers:
      - name: promtail
        image: grafana/promtail:v1.2.0
        imagePullPolicy: IfNotPresent
        env:
        - name: HOSTNAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
        args:
        - "-config.file=/etc/promtail/promtail.yaml"
        - "-client.url=http://default-loki:3100/loki/api/v1/push"
        ports:
        - containerPort: 3101
          name: http-metrics
        readinessProbe:
          failureThreshold: 5
          httpGet:
            path: /ready
            port: http-metrics
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        securityContext:
          procMount: Default
          readOnlyRootFilesystem: true
          runAsGroup: 0
          runAsUser: 0
        volumeMounts:
        - mountPath: /etc/promtail
          name: config
        - mountPath: /run/promtail
          name: run
        - mountPath: /opt/docker/containers
          name: docker
          readOnly: true
        - mountPath: /var/log/pods
          name: pods
          readOnly: true