-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathconfig.alloy
109 lines (93 loc) · 3.64 KB
/
config.alloy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
///////////////////////////////////////////////////////////
// You can use a solution like this for quick debugging.
//
// For example, you could sanity check that
// you are passing in your vars correctly.
// declare "debugger" {
// argument "something_to_test" {
// comment = ""
// }
// }
// debugger "my_debugger" {
// something_to_test = env("MASK_MODULE_REPOSITORY")
// }
// With that in place, you can then bring up the Alloy
// Graph UI, and see what Alloy sees as the value of
// "something_to_test".
///////////////////////////////////////////////////////////
// this configures logging of Alloy itself
logging {
level = "debug"
format = "logfmt"
}
// Import our customized logs processor module...
import.git "logs_module" {
repository = env("LOGS_MODULE_REPOSITORY")
revision = env("LOGS_MODULE_REVISION")
path = env("LOGS_MODULE_PATH")
pull_frequency = env("LOGS_MODULE_PULL_FREQUENCY")
}
// ...then configure it
logs_module.my_log_processor "default" {
targets = [{__path__ = "/tmp/alloy-logs/*.log"}]
forward_to = [mask_module.mask_credit_card.mask_cc.receiver]
}
/*
Note: "logs_module.my_log_processor" is a very simplified version of:
https://github.com/grafana/alloy-modules/blob/main/modules/kubernetes/core/logs.alloy
The goal of this part of the demo is to start introducing you to how things will look
in a more "real" K8s environment. The file linked above shows how we an Alloy module
would be used in such an environment.
In this simplified version, the components have comments that discuss what our module
is doing, and then points you to the specific part of the Alloy Module file linked above,
so you can see the more complex example.
*/
/*
In the next section we bring in the masking module. And like above with my-logs-processor, we are
now demoing how to pull a module from a git repo.
Even so, we are still using our own copy, not the original which is at:
https://github.com/grafana/alloy-modules/blob/main/modules/kubernetes/annotations/logs/mask.alloy
In demo03-kubernetes we will migrate to using that actual alloy-modules repo, at a tagged version so
we can expect it to remain stable as the modules project continues to be developed. With the
alloy-modules project imported, we will be able to use the masking module it contains; as well
as any other module contained in that repo.
(Another option would be for you to fork the Alloy Modules git repo into a private repository of
your choice, and then have Alloy import it from there. This would give you greater control over
exactly what code you are importing into your own runtime environment.)
*/
// Import the Masking module...
import.git "mask_module" {
repository = env("MASK_MODULE_REPOSITORY")
revision = env("MASK_MODULE_REVISION")
path = env("MASK_MODULE_PATH")
pull_frequency = env("MASK_MODULE_PULL_FREQUENCY")
}
// ...then configure the masking chain
mask_module.mask_credit_card "mask_cc" {
forward_to = [mask_module.mask_email.mask_em.receiver]
}
mask_module.mask_email "mask_em" {
forward_to = [mask_module.mask_ipv4.mask_i4.receiver]
}
mask_module.mask_ipv4 "mask_i4" {
forward_to = [mask_module.mask_ipv6.mask_i6.receiver]
}
mask_module.mask_ipv6 "mask_i6" {
forward_to = [mask_module.mask_phone.mask_ph.receiver]
}
mask_module.mask_phone "mask_ph" {
forward_to = [mask_module.mask_ssn.mask_sn.receiver]
}
mask_module.mask_ssn "mask_sn" {
forward_to = [loki.write.default.receiver] // note the forward here
}
// final step - write to cloud logs
loki.write "default" {
endpoint {
url = env("LOKI_URL")
basic_auth {
username = env("MY_CLOUD_LOGS_TENANT_ID")
password = env("MY_CLOUD_LOGS_WRITE_TOKEN")
}
}
}