k8s-apps/loki/alloy-external-syslog.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: alloy-syslog-config
  namespace: loki
data:
  config.alloy: |
    logging {
      level  = "info"
      format = "logfmt"
    }

    loki.source.syslog "external_tcp" {
      listener {
        address  = "0.0.0.0:1514"
        protocol = "tcp"
        labels = {
          job    = "syslog",
          source = "external",
        }
      }

      forward_to = [loki.relabel.syslog_labels.receiver]
    }

    loki.source.syslog "external_udp" {
      listener {
        address  = "0.0.0.0:1514"
        protocol = "udp"
        labels = {
          job    = "syslog",
          source = "external",
        }
      }

      forward_to = [loki.relabel.syslog_labels.receiver]
    }

    loki.relabel "syslog_labels" {
      rule {
        action = "replace"
        source_labels = ["__syslog_message_hostname"]
        target_label = "hostname"
      }

      rule {
        action = "replace"
        source_labels = ["__syslog_message_app_name"]
        target_label = "app"
      }

      rule {
        action = "replace"
        source_labels = ["__syslog_message_severity"]
        target_label = "severity"
      }

      rule {
        action = "replace"
        source_labels = ["__syslog_message_facility"]
        target_label = "facility"
      }

      rule {
        action = "replace"
        source_labels = ["__syslog_connection_ip_address"]
        target_label = "sender_ip"
      }

      forward_to = [loki.write.default.receiver]
    }

    loki.write "default" {
      endpoint {
        url = "http://loki.loki.svc.k8s.undercloud.local:3100/loki/api/v1/push"
      }
    }
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: alloy-syslog
  namespace: loki
spec:
  replicas: 1
  selector:
    matchLabels:
      app: alloy-syslog
  template:
    metadata:
      labels:
        app: alloy-syslog
    spec:
      containers:
        - name: alloy
          image: grafana/alloy:latest
          args:
            - run
            - /etc/alloy/config.alloy
          ports:
            - name: http
              containerPort: 12345
            - name: syslog-tcp
              containerPort: 1514
              protocol: TCP
            - name: syslog-udp
              containerPort: 1514
              protocol: UDP
          volumeMounts:
            - name: config
              mountPath: /etc/alloy
          #readinessProbe:
          #  httpGet:
          #    path: /-/ready
          #    port: 12345
          #  initialDelaySeconds: 5
          #  periodSeconds: 10
          #livenessProbe:
          #  httpGet:
          #    path: /-/ready
          #    port: 12345
          #  initialDelaySeconds: 15
          #  periodSeconds: 20
      volumes:
        - name: config
          configMap:
            name: alloy-syslog-config
---
apiVersion: v1
kind: Service
metadata:
  name: alloy-syslog
  namespace: loki
spec:
  type: ClusterIP
  clusterIP: 2001:470:7116:f:1::140
  clusterIPs:
    - 2001:470:7116:f:1::140
    - 10.0.91.140
  selector:
    app: alloy-syslog
  ipFamilyPolicy: PreferDualStack
  ipFamilies:
    - IPv6
    - IPv4
  ports:
    - name: syslog-tcp
      port: 1514
      targetPort: 1514
      protocol: TCP
    - name: syslog-udp
      port: 1514
      targetPort: 1514
      protocol: UDP
    - name: http
      port: 12345
      targetPort: 12345
      protocol: TCP