From 272665e838ba57103b7a50766be654c3f154062c Mon Sep 17 00:00:00 2001
From: Varac <varac@varac.net>
Date: Wed, 22 Dec 2021 13:37:04 +0100
Subject: [PATCH] Restart loki once a night to prevent mem leak

Closes: #1094
---
 flux2/apps/monitoring/kustomization.yaml      |  4 +++
 .../apps/monitoring/loki-restart-cronjob.yaml | 25 +++++++++++++++++++
 flux2/apps/monitoring/loki-restart-role.yaml  | 10 ++++++++
 .../monitoring/loki-restart-rolebinding.yaml  | 13 ++++++++++
 .../loki-restart-serviceaccount.yaml          |  5 ++++
 5 files changed, 57 insertions(+)
 create mode 100644 flux2/apps/monitoring/loki-restart-cronjob.yaml
 create mode 100644 flux2/apps/monitoring/loki-restart-role.yaml
 create mode 100644 flux2/apps/monitoring/loki-restart-rolebinding.yaml
 create mode 100644 flux2/apps/monitoring/loki-restart-serviceaccount.yaml

diff --git a/flux2/apps/monitoring/kustomization.yaml b/flux2/apps/monitoring/kustomization.yaml
index d3c8daccb..3d0a9c086 100644
--- a/flux2/apps/monitoring/kustomization.yaml
+++ b/flux2/apps/monitoring/kustomization.yaml
@@ -9,6 +9,10 @@ resources:
   - kube-prometheus-stack-values-configmap.yaml
   - loki-configmap.yaml
   - loki-release.yaml
+  - loki-restart-cronjob.yaml
+  - loki-restart-role.yaml
+  - loki-restart-rolebinding.yaml
+  - loki-restart-serviceaccount.yaml
   - loki-values-configmap.yaml
   - promtail-release.yaml
   - promtail-values-configmap.yaml
diff --git a/flux2/apps/monitoring/loki-restart-cronjob.yaml b/flux2/apps/monitoring/loki-restart-cronjob.yaml
new file mode 100644
index 000000000..6302df656
--- /dev/null
+++ b/flux2/apps/monitoring/loki-restart-cronjob.yaml
@@ -0,0 +1,25 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: loki-restart
+  namespace: stackspin
+spec:
+  concurrencyPolicy: Forbid
+  schedule: '0 4 * * *'
+  jobTemplate:
+    spec:
+      backoffLimit: 2
+      activeDeadlineSeconds: 600
+      template:
+        spec:
+          serviceAccountName: loki-restart
+          restartPolicy: Never
+          containers:
+            - name: kubectl
+              # https://hub.docker.com/r/bitnami/kubectl
+              image: bitnami/kubectl:1.21.8
+              command:
+                - 'kubectl'
+                - 'rollout'
+                - 'restart'
+                - 'statefulset/loki'
diff --git a/flux2/apps/monitoring/loki-restart-role.yaml b/flux2/apps/monitoring/loki-restart-role.yaml
new file mode 100644
index 000000000..4299a61c5
--- /dev/null
+++ b/flux2/apps/monitoring/loki-restart-role.yaml
@@ -0,0 +1,10 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: loki-restart
+  namespace: stackspin
+rules:
+  - apiGroups: ["apps", "extensions"]
+    resources: ["statefulsets"]
+    resourceNames: ["loki"]
+    verbs: ["get", "patch"]
diff --git a/flux2/apps/monitoring/loki-restart-rolebinding.yaml b/flux2/apps/monitoring/loki-restart-rolebinding.yaml
new file mode 100644
index 000000000..6c35b703a
--- /dev/null
+++ b/flux2/apps/monitoring/loki-restart-rolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: loki-restart
+  namespace: stackspin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: loki-restart
+subjects:
+  - kind: ServiceAccount
+    name: loki-restart
+    namespace: stackspin
diff --git a/flux2/apps/monitoring/loki-restart-serviceaccount.yaml b/flux2/apps/monitoring/loki-restart-serviceaccount.yaml
new file mode 100644
index 000000000..71245bba9
--- /dev/null
+++ b/flux2/apps/monitoring/loki-restart-serviceaccount.yaml
@@ -0,0 +1,5 @@
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: loki-restart
+  namespace: stackspin
-- 
GitLab