8154103ac4
DECISION: Disable Loki due to operational overhead vs benefit analysis EVIDENCE FROM NODE2 INCIDENT: - Loki was the root cause of major cluster outage (PVC storage exhaustion) - Centralized logging was unavailable when needed most (Loki was down) - All debugging was accomplished with simpler tools (kubectl logs, events, describe) - Prometheus metrics proved more valuable than centralized logs OPERATIONAL OVERHEAD ELIMINATED: ✅ 50GB iSCSI storage freed up (expensive) ✅ ~3.5GB memory freed up (Loki + Alloy agents across cluster) ✅ ~2+ CPU cores freed up for actual workloads ✅ Reduced complexity - fewer services to maintain and troubleshoot ✅ Eliminated single point of failure that can cascade cluster-wide CONFIGURATION PRESERVED: ✅ All Terraform resources commented out (not deleted) ✅ loki.yaml preserved with 50GB configuration ✅ alloy.yaml preserved with log shipping configuration ✅ Alert rules and Grafana datasource preserved (commented) ✅ Easy re-enabling: just uncomment resources and apply ALTERNATIVE DEBUGGING APPROACH: ✅ kubectl logs (always works, no storage dependency) ✅ kubectl get events (built-in Kubernetes events) ✅ Prometheus metrics (more reliable for monitoring) ✅ Enhanced health check scripts (direct status verification) RE-ENABLING: To restore Loki later, uncomment all /* ... */ blocks in loki.tf and apply via Terraform. All configuration is preserved. [ci skip] - Infrastructure changes applied locally first due to resource cleanup
220 lines
6.1 KiB
HCL
220 lines
6.1 KiB
HCL
variable "nfs_server" { type = string }
|
|
|
|
# LOKI DISABLED - Uncomment to re-enable centralized logging
|
|
# Disabled due to operational overhead vs benefit analysis after node2 incident
|
|
# All configuration preserved in loki.yaml for future re-enabling
|
|
/*
|
|
resource "helm_release" "loki" {
|
|
namespace = kubernetes_namespace.monitoring.metadata[0].name
|
|
create_namespace = true
|
|
name = "loki"
|
|
|
|
repository = "https://grafana.github.io/helm-charts"
|
|
chart = "loki"
|
|
|
|
values = [templatefile("${path.module}/loki.yaml", {})]
|
|
timeout = 600
|
|
|
|
depends_on = [kubernetes_config_map.loki_alert_rules]
|
|
}
|
|
*/
|
|
|
|
# ALLOY DISABLED - Log collection agents (depends on Loki)
|
|
# https://grafana.com/docs/alloy/latest/configure/kubernetes/
|
|
# Configuration preserved in alloy.yaml for future re-enabling
|
|
/*
|
|
resource "helm_release" "alloy" {
|
|
namespace = kubernetes_namespace.monitoring.metadata[0].name
|
|
create_namespace = true
|
|
name = "alloy"
|
|
|
|
repository = "https://grafana.github.io/helm-charts"
|
|
chart = "alloy"
|
|
|
|
values = [file("${path.module}/alloy.yaml")]
|
|
atomic = true
|
|
|
|
depends_on = [helm_release.loki]
|
|
}
|
|
*/
|
|
|
|
# SYSCTL INOTIFY DISABLED - Was specifically for Loki file watching requirements
|
|
# Can be re-enabled when Loki is restored
|
|
/*
|
|
resource "kubernetes_daemon_set_v1" "sysctl-inotify" {
|
|
metadata {
|
|
name = "sysctl-inotify"
|
|
namespace = kubernetes_namespace.monitoring.metadata[0].name
|
|
labels = {
|
|
app = "sysctl-inotify"
|
|
}
|
|
}
|
|
spec {
|
|
selector {
|
|
match_labels = {
|
|
app = "sysctl-inotify"
|
|
}
|
|
}
|
|
template {
|
|
metadata {
|
|
labels = {
|
|
app = "sysctl-inotify"
|
|
}
|
|
}
|
|
spec {
|
|
init_container {
|
|
name = "sysctl"
|
|
image = "busybox:1.37"
|
|
command = [
|
|
"sh", "-c",
|
|
"sysctl -w fs.inotify.max_user_watches=1048576 && sysctl -w fs.inotify.max_user_instances=8192 && sysctl -w fs.inotify.max_queued_events=1048576"
|
|
]
|
|
security_context {
|
|
privileged = true
|
|
}
|
|
}
|
|
container {
|
|
name = "pause"
|
|
image = "registry.k8s.io/pause:3.10"
|
|
resources {
|
|
requests = {
|
|
cpu = "1m"
|
|
memory = "4Mi"
|
|
}
|
|
limits = {
|
|
cpu = "1m"
|
|
memory = "4Mi"
|
|
}
|
|
}
|
|
}
|
|
host_pid = true
|
|
toleration {
|
|
operator = "Exists"
|
|
}
|
|
dns_config {
|
|
option {
|
|
name = "ndots"
|
|
value = "2"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
*/
|
|
|
|
# resource "helm_release" "k8s-monitoring" {
|
|
# namespace = kubernetes_namespace.monitoring.metadata[0].name
|
|
# create_namespace = true
|
|
# name = "k8s-monitoring"
|
|
|
|
# repository = "https://grafana.github.io/helm-charts"
|
|
# chart = "k8s-monitoring"
|
|
|
|
# values = [templatefile("${path.module}/k8s-monitoring-values.yaml", {})]
|
|
# atomic = true
|
|
# }
|
|
|
|
# LOKI ALERT RULES DISABLED - Depend on Loki log queries
|
|
# These alert on kernel events from systemd journal logs via Loki
|
|
# Can be re-enabled when Loki is restored
|
|
/*
|
|
resource "kubernetes_config_map" "loki_alert_rules" {
|
|
metadata {
|
|
name = "loki-alert-rules"
|
|
namespace = kubernetes_namespace.monitoring.metadata[0].name
|
|
}
|
|
data = {
|
|
"rules.yaml" = yamlencode({
|
|
groups = [
|
|
{
|
|
name = "Node Health"
|
|
rules = [
|
|
{
|
|
alert = "KernelOOMKiller"
|
|
expr = "sum by (node) (count_over_time({job=\"node-journal\"} |~ \"(?i)Out of memory.*Killed process\" [5m])) > 0"
|
|
for = "0m"
|
|
labels = {
|
|
severity = "critical"
|
|
}
|
|
annotations = {
|
|
summary = "OOM killer active on {{ $labels.node }}"
|
|
}
|
|
},
|
|
{
|
|
alert = "KernelPanic"
|
|
expr = "sum by (node) (count_over_time({job=\"node-journal\"} |~ \"(?i)Kernel panic\" [5m])) > 0"
|
|
for = "0m"
|
|
labels = {
|
|
severity = "critical"
|
|
}
|
|
annotations = {
|
|
summary = "Kernel panic on {{ $labels.node }}"
|
|
}
|
|
},
|
|
{
|
|
alert = "KernelHungTask"
|
|
expr = "sum by (node) (count_over_time({job=\"node-journal\"} |~ \"blocked for more than\" [5m])) > 0"
|
|
for = "0m"
|
|
labels = {
|
|
severity = "warning"
|
|
}
|
|
annotations = {
|
|
summary = "Hung task detected on {{ $labels.node }}"
|
|
}
|
|
},
|
|
{
|
|
alert = "KernelSoftLockup"
|
|
expr = "sum by (node) (count_over_time({job=\"node-journal\"} |~ \"(?i)soft lockup\" [5m])) > 0"
|
|
for = "0m"
|
|
labels = {
|
|
severity = "critical"
|
|
}
|
|
annotations = {
|
|
summary = "Soft lockup on {{ $labels.node }}"
|
|
}
|
|
},
|
|
{
|
|
alert = "ContainerdDown"
|
|
expr = "sum by (node) (count_over_time({job=\"node-journal\", unit=\"containerd.service\"} |~ \"(?i)(dead|failed|deactivating)\" [5m])) > 0"
|
|
for = "1m"
|
|
labels = {
|
|
severity = "critical"
|
|
}
|
|
annotations = {
|
|
summary = "containerd service unhealthy on {{ $labels.node }}"
|
|
}
|
|
},
|
|
]
|
|
}
|
|
]
|
|
})
|
|
}
|
|
}
|
|
*/
|
|
|
|
# GRAFANA LOKI DATASOURCE DISABLED - Points to non-existent Loki service
|
|
# Can be re-enabled when Loki is restored
|
|
/*
|
|
resource "kubernetes_config_map" "grafana_loki_datasource" {
|
|
metadata {
|
|
name = "grafana-loki-datasource"
|
|
namespace = kubernetes_namespace.monitoring.metadata[0].name
|
|
labels = {
|
|
grafana_datasource = "1"
|
|
}
|
|
}
|
|
data = {
|
|
"loki-datasource.yaml" = yamlencode({
|
|
apiVersion = 1
|
|
datasources = [{
|
|
name = "Loki"
|
|
type = "loki"
|
|
access = "proxy"
|
|
url = "http://loki.monitoring.svc.cluster.local:3100"
|
|
isDefault = false
|
|
}]
|
|
})
|
|
}
|
|
}
|
|
*/
|