brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(loki): run on fargate on ecs with config in an efs volume

Browse Source
This commit is contained in:
Michele Cereda
2025-01-20 01:53:43 +01:00
parent d8425ed03b
commit bb5f6a88a1
5 changed files with 379 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

272
snippets/pulumi/aws/run loki in monolithic mode on ecs fargate with config file in efs.ts Normal file
View File

@@ -0,0 +1,272 @@
import * as aws from "@pulumi/aws";
// requirements - start
const vpc_output = aws.ec2.getVpcOutput({
filters: [{
name: "tag:Name",
values: "Default",
}],
});
const privateSubnets_output = aws.ec2.getSubnetOutput({
filters: [{
name: "tag:Type",
values: [ "Private" ],
}],
});
const ecsCluster_output = aws.ecs.getClusterOutput({ clusterName: "someCluster" });
const dnsZone_output = aws.route53.getZoneOutput({ name: "example.org." });
// requirements - end
// resources - start
/**
* The ECS service *will* fail and continuously restart until an acceptable configuration file for Loki named
* 'local-config.yaml' is uploaded to the EFS volume.
**/
const securityGroup = new aws.ec2.SecurityGroup(
"loki",
{
vpcId: vpc_output.apply((vpc: aws.ec2.Vpc) => vpc.id),
name: "Loki",
description: "Manage access to and from Loki",
tags: {
Name: "Loki",
Application: "Loki",
},
ingress: [
{
description: "NFS access to EFS",
self: true,
protocol: "tcp",
fromPort: 2049,
toPort: 2049,
},
{
description: "HTTP server",
cidrBlocks: [ "0.0.0.0/0" ],
ipv6CidrBlocks: [ "::/0" ],
protocol: "tcp",
fromPort: 3100,
toPort: 3100,
},
{
description: "gRPC server",
cidrBlocks: [ "0.0.0.0/0" ],
ipv6CidrBlocks: [ "::/0" ],
protocol: "tcp",
fromPort: 9095,
toPort: 9095,
},
],
egress: [{
description: "Allow all",
cidrBlocks: [ "0.0.0.0/0" ],
ipv6CidrBlocks: [ "::/0" ],
protocol: "-1",
fromPort: 0,
toPort: 0,
}],
},
);
const efsVolume_config = new aws.efs.FileSystem(
"loki-config",
{
creationToken: "loki-config",
tags: {
Name: "loki-config",
Application: "Loki",
},
},
);
privateSubnets_output.apply(
(subnets: aws.ec2.Subnet[]) => subnets.forEach(
subnet => new aws.efs.MountTarget(
`loki-config-${subnet.availabilityZone}`,
{
fileSystemId: efsVolume_config.id,
subnetId: subnet.id,
securityGroups: [ securityGroup.id ],
},
),
),
);
const taskDefinition = new aws.ecs.TaskDefinition(
"loki",
{
family: "Loki",
tags: { Application: "Loki" },
networkMode: "awsvpc",
requiresCompatibilities: [ "FARGATE" ],
cpu: "256", // Fargate requirement
memory: "512", // Fargate requirement
executionRoleArn: "arn:aws:iam::012345678901:role/ecsTaskExecutionRole", // logging requirement
volumes: [{
name: "config",
efsVolumeConfiguration: { fileSystemId: efsVolume_config.id },
}],
containerDefinitions: JSON.stringify([{
name: "loki",
image: "grafana/loki:3.3.2",
essential: true,
environment: [], // specified to avoid showing changes on every run
systemControls: [], // specified to avoid showing changes on every run
volumesFrom: [], // specified to avoid showing changes on every run
mountPoints: [{
sourceVolume: "config",
containerPath: "/etc/loki",
readOnly: true,
}],
healthCheck: {
command: [
"CMD-SHELL",
"wget -qO- localhost:3100/ready || exit 1",
],
startPeriod: 15,
},
portMappings: [
{
name: "http-server",
appProtocol: "http",
containerPort: 3100,
},
{
name: "grpc-server",
appProtocol: "grpc",
containerPort: 9095,
},
],
logConfiguration: {
logDriver: "awslogs",
options: {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/loki",
"awslogs-region": "eu-west-1",
"awslogs-stream-prefix": "ecs",
},
},
}]),
},
);
const targetGroup_http = new aws.alb.TargetGroup(
"loki-http",
{
vpcId: vpc_output.apply((vpc: aws.ec2.Vpc) => vpc.id),
name: "loki-http",
tags: { Application: "Loki" },
targetType: "ip",
ipAddressType: "ipv4",
protocol: "HTTP",
port: 3100,
healthCheck: { path: "/ready" },
},
);
const targetGroup_grpc = new aws.alb.TargetGroup(
"loki-grpc",
{
vpcId: vpc_output.apply((vpc: aws.ec2.Vpc) => vpc.id),
name: "loki-grpc",
tags: { Application: "Loki" },
targetType: "ip",
ipAddressType: "ipv4",
protocol: "HTTP",
protocolVersion: "GRPC",
port: 9095,
},
);
const loadBalancer = new aws.alb.LoadBalancer(
"loki",
{
name: "Loki",
tags: { Application: "Loki" },
internal: true,
ipAddressType: "ipv4",
subnets: privateSubnets_output.apply((subnets: aws.ec2.Subnet[]) => subnets.map(subnet => subnet.id)),
securityGroups: [ securityGroup.id ],
accessLogs: { bucket: "" },
},
);
new aws.route53.Record(
"loki",
{
zoneId: dnsZone_output.apply((zone: aws.route53.Zone) => zone.zoneId),
name: "loki.example.org",
type: "A",
aliases: [{
name: loadBalancer.dnsName,
zoneId: loadBalancer.zoneId,
evaluateTargetHealth: true,
}],
},
);
new aws.alb.Listener(
"loki-http",
{
tags: { Application: "Loki" },
loadBalancerArn: loadBalancer.arn,
port: 3100,
protocol: "HTTP",
defaultActions: [{
order: 1,
targetGroupArn: targetGroup_http.arn,
type: "forward",
}],
},
);
// new aws.alb.Listener(
// // FIXME: Listener protocol 'HTTP' is not supported with a target group with the protocol-version 'GRPC'
// "loki-grpc",
// {
// tags: { Application: "Loki" },
// loadBalancerArn: loadBalancer.arn,
// port: 9095,
// protocol: "HTTP",
// defaultActions: [{
// order: 1,
// targetGroupArn: targetGroup_grpc.arn,
// type: "forward",
// }],
// },
// );
new aws.ecs.Service(
"loki",
{
name: "Loki",
tags: { Application: "Loki" },
cluster: ecsCluster_output.arn,
taskDefinition: taskDefinition.arn,
desiredCount: 1,
launchType: "FARGATE",
networkConfiguration: {
subnets: privateSubnets_output.apply((subnets: aws.ec2.Subnet[]) => subnets.map(subnet => subnet.id)),
securityGroups: [ securityGroup.id ],
},
loadBalancers: [
{
containerName: "loki",
containerPort: 3100,
targetGroupArn: targetGroup_http.arn,
},
// {
// containerName: "loki",
// containerPort: 9095,
// targetGroupArn: targetGroup_grpc.arn,
// },
],
},
);
// resources - end

36
snippets/pulumi/aws/run loki in monolithic mode on ecs.ts → snippets/pulumi/aws/run loki in monolithic mode on ecs fargate.ts
View File

@@ -1,15 +1,27 @@
import * as aws from "@pulumi/aws";
// requirements - start
const vpc_output = aws.ec2.getVpcOutput({
filters: [{
name: "tag:Name",
values: "Default",
}],
});
const privateSubnets_output = aws.ec2.getSubnetOutput({
filters: [{
name: "tag:Type",
values: [ "Private" ],
}],
});
const ecsCluster_output = aws.ecs.getClusterOutput({ clusterName: "someCluster" });
const dnsZone_output = aws.route53.getZoneOutput({ name: "example.org." });
const ecsCluster_output = aws.ecs.getClusterOutput({ clusterName: "someCluster" });
// requirements - end
// resources - start
const securityGroup = new aws.ec2.SecurityGroup(
"loki",
@@ -67,9 +79,9 @@ const taskDefinition = new aws.ecs.TaskDefinition(
image: "grafana/loki:3.3.2",
essential: true,
environment: [], // specified to avoid showing changes on every run
systemControls: [], // specified to avoid showing changes on every run
volumesFrom: [], // specified to avoid showing changes on every run
mountPoints: [], // specified to avoid showing changes on every run
systemControls: [], // specified to avoid showing changes on every run
healthCheck: {
command: [
"CMD-SHELL",
@@ -102,12 +114,6 @@ const taskDefinition = new aws.ecs.TaskDefinition(
},
);
const privateSubnets_output = aws.ec2.getSubnetOutput({
filters: [{
name: "tag:Type",
values: [ "Private" ],
}],
});
const targetGroup_http = new aws.alb.TargetGroup(
"loki-http",
{
@@ -119,9 +125,7 @@ const targetGroup_http = new aws.alb.TargetGroup(
ipAddressType: "ipv4",
protocol: "HTTP",
port: 3100,
healthCheck: {
path: "/ready",
},
healthCheck: { path: "/ready" },
},
);
const targetGroup_grpc = new aws.alb.TargetGroup(
@@ -148,9 +152,7 @@ const loadBalancer = new aws.alb.LoadBalancer(
ipAddressType: "ipv4",
subnets: privateSubnets_output.apply((subnets: aws.ec2.Subnet[]) => subnets.map(subnet => subnet.id)),
securityGroups: [ securityGroup.id ],
accessLogs: {
bucket: "",
},
accessLogs: { bucket: "" },
},
);
new aws.route53.Record(
@@ -181,7 +183,7 @@ new aws.alb.Listener(
},
);
// new aws.alb.Listener(
// FIXME: Listener protocol 'HTTP' is not supported with a target group with the protocol-version 'GRPC'
// // FIXME: Listener protocol 'HTTP' is not supported with a target group with the protocol-version 'GRPC'
// "loki-grpc",
// {
// tags: { Application: "Loki" },
@@ -223,3 +225,5 @@ new aws.ecs.Service(
],
},
);
// resources - end