2023-04-16 16:10:44 +02:00
|
|
|
version: "3.4"
|
|
|
|
services:
|
|
|
|
prometheus:
|
|
|
|
image: prom/prometheus:latest
|
|
|
|
restart: unless-stopped
|
|
|
|
command:
|
|
|
|
- '--config.file=/etc/prometheus/prometheus.yml'
|
2023-04-17 22:01:31 +02:00
|
|
|
- '--web.external-url=https://prometheus.tobiasmanske.de'
|
2023-04-16 16:10:44 +02:00
|
|
|
volumes:
|
|
|
|
- ./prometheus.yml:/etc/prometheus/prometheus.yml:ro,Z
|
|
|
|
- prom_data:/prometheus
|
|
|
|
- label_discovery:/label_discovery:ro
|
2023-04-17 11:36:06 +02:00
|
|
|
- ./rules:/rules:ro,Z
|
2023-04-16 16:10:44 +02:00
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.prometheus.rule=Host(`prometheus.tobiasmanske.de`)"
|
|
|
|
- "traefik.http.routers.prometheus.entryPoints=websecure"
|
|
|
|
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
|
|
|
|
- "traefik.http.routers.prometheus.middlewares=oauth@file"
|
|
|
|
depends_on:
|
|
|
|
- prometheus-docker-sd
|
|
|
|
- cadvisor
|
|
|
|
- node-exporter
|
|
|
|
networks:
|
|
|
|
- gateway
|
|
|
|
- backend
|
2023-04-17 17:14:33 +02:00
|
|
|
- alertmanager
|
2023-04-16 16:10:44 +02:00
|
|
|
|
|
|
|
prometheus-docker-sd:
|
|
|
|
image: registry.tobiasmanske.de/prometheus-docker-sd:latest
|
|
|
|
restart: unless-stopped
|
|
|
|
privileged: true
|
|
|
|
networks:
|
|
|
|
- backend
|
|
|
|
volumes:
|
|
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro,Z
|
|
|
|
- label_discovery:/prometheus-docker-sd:rw
|
2023-04-17 19:01:21 +02:00
|
|
|
logging: # this service generates a HUGE amout of logs.
|
|
|
|
driver: "none"
|
2023-04-16 16:10:44 +02:00
|
|
|
|
2023-04-17 10:58:00 +02:00
|
|
|
alertmanager:
|
|
|
|
image: prom/alertmanager:latest
|
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.alertmanager.rule=Host(`alertmanager.tobiasmanske.de`)"
|
|
|
|
- "traefik.http.routers.alertmanager.entryPoints=websecure"
|
|
|
|
- "traefik.http.services.alertmanager.loadbalancer.server.port=9093"
|
|
|
|
- "traefik.http.routers.alertmanager.middlewares=oauth@file"
|
|
|
|
volumes:
|
|
|
|
- ./alertmanager.yml:/etc/alertmanager/config.yml:ro,Z
|
|
|
|
- alertmanager_data:/data
|
|
|
|
networks:
|
2023-04-17 17:14:33 +02:00
|
|
|
- alertmanager
|
2023-04-17 10:58:00 +02:00
|
|
|
- gateway
|
2023-04-17 17:14:33 +02:00
|
|
|
restart: unless-stopped
|
2023-04-17 10:58:00 +02:00
|
|
|
command:
|
|
|
|
- '--config.file=/etc/alertmanager/config.yml'
|
2023-04-17 22:01:31 +02:00
|
|
|
- '--web.external-url=https://alertmanager.tobiasmanske.de'
|
2023-04-17 10:58:00 +02:00
|
|
|
- '--storage.path=/data'
|
|
|
|
|
2023-04-17 17:14:33 +02:00
|
|
|
alertmanager-matrix:
|
|
|
|
image: jaywink/matrix-alertmanager:latest
|
|
|
|
restart: unless-stopped
|
2023-04-17 18:01:09 +02:00
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.alertmanager-matrix.rule=Host(`alertmanager.tobiasmanske.de`) && PathPrefix(`/matrix/`)"
|
|
|
|
- "traefik.http.routers.alertmanager-matrix.middlewares=matrix-strip"
|
|
|
|
- "traefik.http.middlewares.matrix-strip.stripprefix.prefixes=/matrix"
|
|
|
|
- "traefik.http.middlewares.matrix-strip.stripprefix.forceslash=false"
|
|
|
|
- "traefik.http.routers.alertmanager-matrix.entryPoints=websecure"
|
|
|
|
- "traefik.http.services.alertmanager-matrix.loadbalancer.server.port=3000"
|
2023-04-17 17:14:33 +02:00
|
|
|
environment:
|
|
|
|
- APP_PORT=3000
|
|
|
|
- APP_ALERTMANAGER_SECRET={{ prometheus.alertmanager.matrix.alertmanager_token }}
|
|
|
|
- MATRIX_HOMESERVER_URL=http://pantalaimon:8008
|
|
|
|
- MATRIX_ROOMS={{ prometheus.alertmanager.matrix.rooms | join('|') }}
|
|
|
|
- MATRIX_TOKEN={{ prometheus.alertmanager.matrix.matrix_token }}
|
|
|
|
- MATRIX_USER=@alertmanager:{{ matrix.baseurl }}
|
|
|
|
- MENTION_ROOM=1
|
|
|
|
networks:
|
|
|
|
- alertmanager
|
|
|
|
- pantalaimon
|
2023-04-17 18:01:09 +02:00
|
|
|
- gateway
|
2023-04-17 17:14:33 +02:00
|
|
|
|
|
|
|
|
2023-04-16 16:10:44 +02:00
|
|
|
grafana:
|
|
|
|
image: grafana/grafana:latest
|
|
|
|
restart: unless-stopped
|
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.grafana.rule=Host(`grafana.tobiasmanske.de`)"
|
|
|
|
- "traefik.http.routers.grafana.entryPoints=websecure"
|
|
|
|
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
|
|
|
networks:
|
|
|
|
- gateway
|
|
|
|
- backend
|
|
|
|
environment:
|
2023-07-27 00:44:45 +02:00
|
|
|
- "GF_SERVER_ROOT_URL=https://grafana.tobiasmanske.de"
|
2023-04-16 16:10:44 +02:00
|
|
|
- "GF_SECURITY_ADMIN_USER={{ grafana.admin.user }}"
|
|
|
|
- "GF_SECURITY_ADMIN_PASSWORD={{ grafana.admin.password }}"
|
2023-07-27 00:44:45 +02:00
|
|
|
- "GF_AUTH_GENERIC_OAUTH_NAME=Keycloak"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_ENABLED=true"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_CLIENT_ID={{ grafana.oidc.client_id }}"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET={{ grafana.oidc.client_secret }}"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_GROUP_ATTRIBUTE_PATH=groups"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/auth"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/token"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_API_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/userinfo"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(resource_access.grafana.roles[*], 'serveradmin') && 'GrafanaAdmin' || contains(resource_access.grafana.roles[*], 'admin') && 'Admin' || contains(resource_access.grafana.roles[*], 'editor') && 'Editor' || 'Viewer'"
|
|
|
|
- "GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN=true"
|
2023-04-16 16:10:44 +02:00
|
|
|
volumes:
|
2023-04-17 22:15:59 +02:00
|
|
|
- grafana_data:/var/lib/grafana
|
2023-04-16 16:10:44 +02:00
|
|
|
- ./grafana-ds.yml:/etc/grafana/provisioning/datasources/datasource.yml:ro,Z
|
|
|
|
|
|
|
|
node-exporter:
|
|
|
|
image: quay.io/prometheus/node-exporter:latest
|
2023-04-17 20:19:32 +02:00
|
|
|
container_name: host-nc-chaoswg-org-node-exporter
|
2023-04-16 16:10:44 +02:00
|
|
|
privileged: true
|
|
|
|
labels:
|
|
|
|
- "prometheus-scrape.enabled=true"
|
|
|
|
- "prometheus-scrape.port=9100"
|
|
|
|
volumes:
|
|
|
|
- /proc:/host/proc:ro
|
|
|
|
- /sys:/host/sys:ro
|
|
|
|
- /:/rootfs:ro
|
|
|
|
- /:/host:ro,rslave
|
2023-04-17 20:19:32 +02:00
|
|
|
- /run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro
|
2023-04-16 16:10:44 +02:00
|
|
|
command:
|
|
|
|
- '--path.rootfs=/host'
|
|
|
|
- '--path.procfs=/host/proc'
|
|
|
|
- '--path.sysfs=/host/sys'
|
|
|
|
- '--collector.filesystem.ignored-mount-points'
|
|
|
|
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
|
2023-04-17 20:19:32 +02:00
|
|
|
- '--collector.systemd'
|
2023-04-16 16:10:44 +02:00
|
|
|
networks:
|
|
|
|
- backend
|
2023-04-17 17:14:33 +02:00
|
|
|
restart: unless-stopped
|
2023-04-16 16:10:44 +02:00
|
|
|
|
|
|
|
cadvisor:
|
|
|
|
image: gcr.io/cadvisor/cadvisor:latest
|
|
|
|
privileged: true
|
|
|
|
labels:
|
|
|
|
- "prometheus-scrape.enabled=true"
|
|
|
|
- "prometheus-scrape.port=8080"
|
2023-04-18 22:04:31 +02:00
|
|
|
command:
|
|
|
|
- "-docker_only=true"
|
|
|
|
- "-housekeeping_interval=10s"
|
2023-04-16 16:10:44 +02:00
|
|
|
volumes:
|
|
|
|
- /:/rootfs:ro
|
|
|
|
- /var/run:/var/run:rw
|
|
|
|
- /sys:/sys:ro
|
|
|
|
- /var/lib/docker/:/var/lib/docker:ro
|
|
|
|
networks:
|
|
|
|
- backend
|
2023-04-17 17:14:33 +02:00
|
|
|
restart: unless-stopped
|
2023-04-16 16:10:44 +02:00
|
|
|
|
2023-07-27 01:43:46 +02:00
|
|
|
loki:
|
|
|
|
image: grafana/loki:2.8.0
|
|
|
|
restart: unless-stopped
|
|
|
|
command: -config.file=/etc/loki/local-config.yaml
|
|
|
|
networks:
|
|
|
|
- backend
|
|
|
|
|
|
|
|
promtail:
|
|
|
|
image: grafana/promtail:2.8.0
|
|
|
|
security_opt:
|
|
|
|
- label:disable
|
|
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
|
|
- ./promtail.yml:/etc/promtail/docker-config.yaml:ro
|
|
|
|
- /var/log:/var/log:ro
|
|
|
|
- /var/lib/docker/containers:/var/lib/docker/containers:ro
|
|
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
command: -config.file=/etc/promtail/config.yml
|
|
|
|
networks:
|
|
|
|
- backend
|
|
|
|
|
2023-04-16 16:10:44 +02:00
|
|
|
|
|
|
|
volumes:
|
|
|
|
prom_data:
|
2023-04-17 20:19:32 +02:00
|
|
|
grafana_data:
|
2023-04-16 16:10:44 +02:00
|
|
|
label_discovery:
|
2023-04-17 10:58:00 +02:00
|
|
|
alertmanager_data:
|
2023-04-16 16:10:44 +02:00
|
|
|
networks:
|
|
|
|
gateway:
|
|
|
|
external: true
|
2023-04-17 17:14:33 +02:00
|
|
|
pantalaimon:
|
|
|
|
external: true
|
2023-04-16 16:10:44 +02:00
|
|
|
backend:
|
|
|
|
internal: true
|
2023-04-17 17:14:33 +02:00
|
|
|
alertmanager:
|
|
|
|
internal: true
|