---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: loki-stack
  namespace: monitoring
spec:
  interval: 5m
  chart:
    spec:
      # renovate: registryUrl=https://grafana.github.io/helm-charts
      chart: loki-stack
      version: 2.6.5
      sourceRef:
        kind: HelmRepository
        name: grafana-loki-charts
        namespace: flux-system
      interval: 5m
  values:
    loki:
      image:
        repository: grafana/loki
        tag: 2.6.1
        pullPolicy: IfNotPresent
      replicas: 3
      persistence:
        enabled: false
      config:
        auth_enabled: false
        server:
          http_listen_port: 3100
        distributor:
          ring:
            kvstore:
              store: memberlist
        ingester:
          lifecycler:
            ring:
              kvstore:
                store: memberlist
              replication_factor: 1
            final_sleep: 0s
          chunk_idle_period: 5m
          chunk_retain_period: 30s
        memberlist:
          abort_if_cluster_join_fails: false
          # Expose this port on all distributor, ingester
          # and querier replicas.
          bind_port: 7946
          # You can use a headless k8s service for all distributor,
          # ingester and querier components.
          join_members:
            - loki-stack-headless.monitoring.svc.cluster.local:7946
              # max_join_backoff: 1m
              # max_join_retries: 10
              # min_join_backoff: 1s
        schema_config:
          configs:
            - from: "2020-10-24"
              store: boltdb-shipper
              object_store: s3
              schema: v11
              index:
                prefix: index_
                period: 24h
        storage_config:
          aws:
            insecure: false
            s3: https://${SECRET_MINIO_ACCESS_KEY}:${SECRET_MINIO_SECRET_KEY}@${SECRET_MINIO_ENDPOINT}/loki
            s3forcepathstyle: true
          boltdb_shipper:
            active_index_directory: /data/loki/index
            cache_location: /data/loki/index_cache
            resync_interval: 5s
            shared_store: s3
        limits_config:
          enforce_metric_name: false
          reject_old_samples: true
          reject_old_samples_max_age: 168h
      extraPorts:
        - port: 7956
          protocol: TCP
          name: loki-gossip-ring
          targetPort: 7946
      serviceMonitor:
        enabled: true
      podAnnotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "http-metrics"
    promtail:
      image:
        registry: docker.io
        repository: grafana/promtail
        tag: latest
        pullPolicy: Always
      serviceMonitor:
        enabled: true
      extraScrapeConfigs:
        - job_name: syslog
          syslog:
            listen_address: 0.0.0.0:1514
            label_structured_data: true
            labels:
              job: "syslog"
          relabel_configs:
            - source_labels: ['__syslog_connection_ip_address']
              target_label: 'ip_address'
            - source_labels: ['__syslog_message_severity']
              target_label: 'severity'
            - source_labels: ['__syslog_message_facility']
              target_label: 'facility'
            - source_labels: ['__syslog_message_hostname']
              target_label: 'host'
            - source_labels: ['__syslog_message_app_name']
              target_label: 'app'
            - source_labels: ['__syslog_message_SRC']
              target_label: 'source_ip'
            - source_labels: ['__syslog_message_SPT']
              target_label: 'source_port'
            - source_labels: ['__syslog_message_DPT']
              target_label: 'destination_port'
            - source_labels: ['__syslog_message_DST']
              target_label: 'destination_ip'
      pipeline_stages:
      #   - job_name: pfsense
      #     syslog:
      #       listen_address: 0.0.0.0:1514
      #       idle_timeout: 60s
      #       label_structured_data: false
      #       labels:
      #         job: "syslog"
      #         host: pfsense
      #     relabel_configs:
      #       - source_labels: ["__syslog_message_severity"]
      #         target_label: "severity"
      #       #- source_labels: ['__syslog_message_facility']
      #       #  target_label: 'facility'
      #       - source_labels: ["__syslog_message_app_name"]
      #         target_label: "app_name"
      #     pipeline_stages:
      #       - match:
      #           selector: '{app_name="filterlog"}'
      #           stages:
      #             - regex:
      #                 expression: '(?P<pfsense_fw_rule>\d*?),(?P<pfsense_fw_subrule>\d*?),(?P<pfsense_fw_anchor>\d*?),(?P<pfsense_fw_tracker>\d*?),(?P<pfsense_fw_interface>igb.{1,5}?),(?P<pfsense_fw_reason>\w*?),(?P<pfsense_fw_action>\w*?),(?P<pfsense_fw_direction>\w*?),(?P<pfsense_fw_ip_version>4{1}?),(?P<pfsense_fw_tos>\w*?),(?P<pfsense_fw_ecn>\w*?),(?P<pfsense_fw_ttl>\w*?),(?P<pfsense_fw_id>\w*?),(?P<pfsense_fw_offset>\w*?),(?P<pfsense_fw_flag>\w*?),(?P<pfsense_fw_protocol_id>\d*?),(?P<pfsense_fw_protocol_text>\w*?),(?P<pfsense_fw_length>\d*?),(?P<pfsense_fw_source_address>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}?),(?P<pfsense_fw_destination_address>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}?),(?P<pfsense_fw_source_port>\d+?),(?P<pfsense_fw_destination_port>\d+?),(?P<pfsense_fw_data_length>\d+?)'
      #                 # ipv6 // ,(?P<pfsense_fw_ip_version>6{1}?),(?P<pfsense_fw_lass>\w*?),(?P<pfsense_fw_flow_label>\w*?),(?P<pfsense_fw_hop_limit>\w*?),(?P<pfsense_fw_protocol_text>\w*?),(?P<pfsense_fw_protocol_id>\d*?),
      #             - labels:
      #                 pfsense_fw_rule: ""
      #                 #pfsense_fw_subrule: ''
      #                 #pfsense_fw_anchor: ''
      #                 pfsense_fw_tracker: ""
      #                 pfsense_fw_interface: ""
      #                 pfsense_fw_reason: ""
      #                 pfsense_fw_action: ""
      #                 pfsense_fw_direction: ""
      #                 #pfsense_fw_ip_version: ''
      #                 #pfsense_fw_tos: ''
      #                 #pfsense_fw_ecn: ''
      #                 #pfsense_fw_ttl: ''
      #                 #pfsense_fw_id: ''
      #                 #pfsense_fw_offset: ''
      #                 #pfsense_fw_flag: ''
      #                 pfsense_fw_protocol_id: ""
      #                 pfsense_fw_protocol_text: ""
      #                 #pfsense_fw_length: ''
      #                 pfsense_fw_source_address: ""
      #                 pfsense_fw_destination_address: ""
      #                 pfsense_fw_source_port: ""
      #                 pfsense_fw_destination_port: ""
      #                 #pfsense_fw_data_length: ''
      # #              - metrics:
      # #                  lines_total:
      # #                    type: Counter
      # #                    description: "pfsense firewall : total number of log lines"
      # #                    prefix: pfsense_firewall_
      # #                    match_all: true
      # #                    count_entry_bytes: true
      # #                    config:
      # #                      action: add
      syslogService:
        enabled: true
        type: LoadBalancer
        port: 1514
        externalIPs:
          - ${CLUSTER_LB_LOKI_SYSLOG}
        externalTrafficPolicy: Local