apiVersion: apps/v1 kind: DaemonSet metadata: name: promtail namespace: monitoring labels: app: promtail spec: selector: matchLabels: app: promtail template: metadata: labels: app: promtail spec: serviceAccountName: promtail tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule containers: - name: promtail image: grafana/promtail:2.9.2 args: - "-config.file=/etc/promtail/promtail.yaml" env: - name: HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName ports: - name: http containerPort: 3101 protocol: TCP resources: requests: memory: "50Mi" cpu: "50m" limits: memory: "128Mi" cpu: "100m" securityContext: readOnlyRootFilesystem: true runAsUser: 0 runAsGroup: 0 volumeMounts: - name: config mountPath: /etc/promtail - name: run mountPath: /run/promtail # Mount pod logs - name: pods mountPath: /var/log/pods readOnly: true # Mount container logs (for CRI-O / containerd) - name: containers mountPath: /var/log/containers readOnly: true # Machine-id for consistent instance identification - name: machine-id mountPath: /etc/machine-id readOnly: true readinessProbe: httpGet: path: /ready port: http initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: httpGet: path: /ready port: http initialDelaySeconds: 10 periodSeconds: 10 volumes: - name: config configMap: name: promtail-config - name: run emptyDir: {} - name: pods hostPath: path: /var/log/pods - name: containers hostPath: path: /var/log/containers - name: machine-id hostPath: path: /etc/machine-id