infrastructure/coreos-config/plays/services/prometheus/docker-compose.yaml

version: "3.4"
services:
  prometheus:
    image: prom/prometheus:latest
    restart: unless-stopped
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--web.external-url=https://prometheus.tobiasmanske.de'
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro,Z
      - prom_data:/prometheus
      - label_discovery:/label_discovery:ro
      - ./rules:/rules:ro,Z
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.prometheus.rule=Host(`prometheus.tobiasmanske.de`)"
      - "traefik.http.routers.prometheus.entryPoints=websecure"
      - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
      - "traefik.http.routers.prometheus.middlewares=oauth@file"
    depends_on:
      - prometheus-docker-sd
      - cadvisor
      - node-exporter
    networks:
      - gateway
      - backend
      - alertmanager

  prometheus-docker-sd:
    image: registry.tobiasmanske.de/prometheus-docker-sd:latest
    restart: unless-stopped
    privileged: true
    networks:
      - backend
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro,Z
      - label_discovery:/prometheus-docker-sd:rw
    logging: # this service generates a HUGE amout of logs.
      driver: "none"

  alertmanager:
    image: prom/alertmanager:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.alertmanager.rule=Host(`alertmanager.tobiasmanske.de`)"
      - "traefik.http.routers.alertmanager.entryPoints=websecure"
      - "traefik.http.services.alertmanager.loadbalancer.server.port=9093"
      - "traefik.http.routers.alertmanager.middlewares=oauth@file"
    volumes:
      - ./alertmanager.yml:/etc/alertmanager/config.yml:ro,Z
      - alertmanager_data:/data
    networks:
      - alertmanager
      - gateway
    restart: unless-stopped
    command:
      - '--config.file=/etc/alertmanager/config.yml'
      - '--web.external-url=https://alertmanager.tobiasmanske.de'
      - '--storage.path=/data'

  alertmanager-matrix:
    image: jaywink/matrix-alertmanager:latest
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.alertmanager-matrix.rule=Host(`alertmanager.tobiasmanske.de`) && PathPrefix(`/matrix/`)"
      - "traefik.http.routers.alertmanager-matrix.middlewares=matrix-strip"
      - "traefik.http.middlewares.matrix-strip.stripprefix.prefixes=/matrix"
      - "traefik.http.middlewares.matrix-strip.stripprefix.forceslash=false"
      - "traefik.http.routers.alertmanager-matrix.entryPoints=websecure"
      - "traefik.http.services.alertmanager-matrix.loadbalancer.server.port=3000"
    environment:
      - APP_PORT=3000
      - APP_ALERTMANAGER_SECRET={{ prometheus.alertmanager.matrix.alertmanager_token }}
      - MATRIX_HOMESERVER_URL=http://pantalaimon:8008
      - MATRIX_ROOMS={{ prometheus.alertmanager.matrix.rooms | join('|') }}
      - MATRIX_TOKEN={{ prometheus.alertmanager.matrix.matrix_token }}
      - MATRIX_USER=@alertmanager:{{ matrix.baseurl }}
      - MENTION_ROOM=1
    networks:
      - alertmanager
      - pantalaimon
      - gateway


  grafana:
    image: grafana/grafana:latest
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grafana.rule=Host(`grafana.tobiasmanske.de`)"
      - "traefik.http.routers.grafana.entryPoints=websecure"
      - "traefik.http.services.grafana.loadbalancer.server.port=3000"
      - "traefik.http.routers.grafana.middlewares=oauth@file"
    networks:
      - gateway
      - backend
    environment:
      - "GF_SECURITY_ADMIN_USER={{ grafana.admin.user }}"
      - "GF_SECURITY_ADMIN_PASSWORD={{ grafana.admin.password }}"
    volumes:
      - grafana_data:/var/lib/grafana
      - ./grafana-ds.yml:/etc/grafana/provisioning/datasources/datasource.yml:ro,Z

  node-exporter:
    image: quay.io/prometheus/node-exporter:latest
    container_name: host-nc-chaoswg-org-node-exporter
    privileged: true
    labels:
      - "prometheus-scrape.enabled=true"
      - "prometheus-scrape.port=9100"
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /:/rootfs:ro
      - /:/host:ro,rslave
      - /run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro
    command:
      - '--path.rootfs=/host'
      - '--path.procfs=/host/proc'
      - '--path.sysfs=/host/sys'
      - '--collector.filesystem.ignored-mount-points'
      - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
      - '--collector.systemd'
    networks:
      - backend
    restart: unless-stopped

  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    privileged: true
    labels:
      - "prometheus-scrape.enabled=true"
      - "prometheus-scrape.port=8080"
    command:
      - "-docker_only=true"
      - "-housekeeping_interval=10s"
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:rw
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
    networks:
      - backend
    restart: unless-stopped


volumes:
  prom_data:
  grafana_data:
  label_discovery:
  alertmanager_data:
networks:
  gateway:
    external: true
  pantalaimon:
    external: true
  backend:
    internal: true
  alertmanager:
    internal: true