infrastructure/ansible/plays/services/prometheus/docker-compose.yaml

225 lines
7.9 KiB
YAML
Raw Normal View History

2023-04-16 16:10:44 +02:00
version: "3.4"
services:
prometheus:
image: prom/prometheus:latest
restart: unless-stopped
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--web.external-url=https://prometheus.tobiasmanske.de'
2023-04-16 16:10:44 +02:00
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml:ro,Z
- prom_data:/prometheus
- label_discovery:/label_discovery:ro
2023-04-17 11:36:06 +02:00
- ./rules:/rules:ro,Z
2023-04-16 16:10:44 +02:00
labels:
- "traefik.enable=true"
- "traefik.http.routers.prometheus.rule=Host(`prometheus.tobiasmanske.de`)"
- "traefik.http.routers.prometheus.entryPoints=websecure"
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
- "traefik.http.routers.prometheus.middlewares=oauth@file"
depends_on:
- prometheus-docker-sd
- cadvisor
- node-exporter
networks:
- backend
2023-04-17 17:14:33 +02:00
- alertmanager
2023-08-10 16:29:52 +02:00
- metrics
2023-04-16 16:10:44 +02:00
prometheus-docker-sd:
image: registry.tobiasmanske.de/prometheus-docker-sd:latest
restart: unless-stopped
privileged: true
networks:
- backend
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro,Z
- label_discovery:/prometheus-docker-sd:rw
2023-04-17 19:01:21 +02:00
logging: # this service generates a HUGE amout of logs.
driver: "none"
2023-04-16 16:10:44 +02:00
2023-04-17 10:58:00 +02:00
alertmanager:
image: prom/alertmanager:latest
labels:
- "traefik.enable=true"
- "traefik.http.routers.alertmanager.rule=Host(`alertmanager.tobiasmanske.de`)"
- "traefik.http.routers.alertmanager.entryPoints=websecure"
- "traefik.http.services.alertmanager.loadbalancer.server.port=9093"
- "traefik.http.routers.alertmanager.middlewares=oauth@file"
volumes:
- ./alertmanager.yml:/etc/alertmanager/config.yml:ro,Z
- alertmanager_data:/data
networks:
2023-04-17 17:14:33 +02:00
- alertmanager
restart: unless-stopped
2023-04-17 10:58:00 +02:00
command:
- '--config.file=/etc/alertmanager/config.yml'
- '--web.external-url=https://alertmanager.tobiasmanske.de'
2023-04-17 10:58:00 +02:00
- '--storage.path=/data'
2023-04-17 17:14:33 +02:00
alertmanager-matrix:
image: jaywink/matrix-alertmanager:latest
restart: unless-stopped
2023-04-17 18:01:09 +02:00
labels:
- "traefik.enable=true"
- "traefik.http.routers.alertmanager-matrix.rule=Host(`alertmanager.tobiasmanske.de`) && PathPrefix(`/matrix/`)"
- "traefik.http.routers.alertmanager-matrix.middlewares=matrix-strip"
- "traefik.http.middlewares.matrix-strip.stripprefix.prefixes=/matrix"
- "traefik.http.middlewares.matrix-strip.stripprefix.forceslash=false"
- "traefik.http.routers.alertmanager-matrix.entryPoints=websecure"
- "traefik.http.services.alertmanager-matrix.loadbalancer.server.port=3000"
2023-04-17 17:14:33 +02:00
environment:
- APP_PORT=3000
- APP_ALERTMANAGER_SECRET={{ prometheus.alertmanager.matrix.alertmanager_token }}
- MATRIX_HOMESERVER_URL=http://pantalaimon:8008
- MATRIX_ROOMS={{ prometheus.alertmanager.matrix.rooms | join('|') }}
- MATRIX_TOKEN={{ prometheus.alertmanager.matrix.matrix_token }}
- MATRIX_USER=@alertmanager:{{ matrix.baseurl }}
- MENTION_ROOM=1
networks:
- alertmanager
- pantalaimon
2023-04-16 16:10:44 +02:00
grafana:
image: grafana/grafana:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.rule=Host(`grafana.tobiasmanske.de`)"
- "traefik.http.routers.grafana.entryPoints=websecure"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
networks:
- backend
2023-11-10 18:50:22 +01:00
- default
2023-04-16 16:10:44 +02:00
environment:
2023-07-27 00:44:45 +02:00
- "GF_SERVER_ROOT_URL=https://grafana.tobiasmanske.de"
2023-04-16 16:10:44 +02:00
- "GF_SECURITY_ADMIN_USER={{ grafana.admin.user }}"
- "GF_SECURITY_ADMIN_PASSWORD={{ grafana.admin.password }}"
2023-07-27 00:44:45 +02:00
- "GF_AUTH_GENERIC_OAUTH_NAME=Keycloak"
- "GF_AUTH_GENERIC_OAUTH_ENABLED=true"
- "GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true"
- "GF_AUTH_GENERIC_OAUTH_CLIENT_ID={{ grafana.oidc.client_id }}"
- "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET={{ grafana.oidc.client_secret }}"
- "GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles"
- "GF_AUTH_GENERIC_OAUTH_GROUP_ATTRIBUTE_PATH=groups"
- "GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email"
- "GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username"
- "GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name"
- "GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/auth"
- "GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/token"
- "GF_AUTH_GENERIC_OAUTH_API_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/userinfo"
- "GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(resource_access.grafana.roles[*], 'serveradmin') && 'GrafanaAdmin' || contains(resource_access.grafana.roles[*], 'admin') && 'Admin' || contains(resource_access.grafana.roles[*], 'editor') && 'Editor' || 'Viewer'"
- "GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN=true"
2023-04-16 16:10:44 +02:00
volumes:
- grafana_data:/var/lib/grafana
2023-04-16 16:10:44 +02:00
- ./grafana-ds.yml:/etc/grafana/provisioning/datasources/datasource.yml:ro,Z
- ./grafana-db.yml:/etc/grafana/provisioning/dashboards/datasource.yml:ro,Z
- ./grafana-dashboards:/var/lib/grafana/dashboards:ro,Z
2023-04-16 16:10:44 +02:00
node-exporter:
image: quay.io/prometheus/node-exporter:latest
container_name: host-nc-chaoswg-org-node-exporter
2023-04-16 16:10:44 +02:00
privileged: true
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9100"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
- /:/host:ro,rslave
- /run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro
2023-04-16 16:10:44 +02:00
command:
- '--path.rootfs=/host'
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- '--collector.filesystem.ignored-mount-points'
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
- '--collector.systemd'
2023-04-16 16:10:44 +02:00
networks:
2023-08-10 16:29:52 +02:00
- metrics
2023-04-17 17:14:33 +02:00
restart: unless-stopped
2023-04-16 16:10:44 +02:00
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
privileged: true
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
2023-04-18 22:04:31 +02:00
command:
- "-docker_only=true"
- "-housekeeping_interval=10s"
2023-04-16 16:10:44 +02:00
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
networks:
2023-08-10 16:29:52 +02:00
- metrics
2023-04-17 17:14:33 +02:00
restart: unless-stopped
2023-04-16 16:10:44 +02:00
2023-07-27 01:43:46 +02:00
loki:
2023-08-07 01:01:39 +02:00
image: grafana/loki:latest
2023-07-27 01:43:46 +02:00
restart: unless-stopped
2023-08-07 01:58:17 +02:00
command: -config.file=/etc/loki/loki.yaml
2023-07-27 04:37:23 +02:00
volumes:
2023-08-07 01:58:17 +02:00
- ./loki.yml:/etc/loki/loki.yaml:ro,Z
- loki_data:/loki
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=3100"
2023-07-27 01:43:46 +02:00
networks:
- backend
promtail:
2023-08-07 01:01:39 +02:00
image: grafana/promtail:latest
2023-07-27 01:43:46 +02:00
security_opt:
- label:disable
restart: unless-stopped
volumes:
2023-07-27 04:44:37 +02:00
- ./promtail.yml:/etc/promtail/config.yml:ro
2023-07-27 01:43:46 +02:00
- /var/log:/var/log:ro
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /var/run/docker.sock:/var/run/docker.sock
command: -config.file=/etc/promtail/config.yml
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
2023-07-27 01:43:46 +02:00
networks:
- backend
2023-08-10 16:29:52 +02:00
- metrics
2023-07-27 01:43:46 +02:00
2023-08-07 01:01:39 +02:00
mimir:
image: grafana/mimir:latest
restart: unless-stopped
volumes:
- mimir_data:/mimir
2023-08-07 01:01:39 +02:00
- ./mimir.yml:/etc/mimir-config/mimir.yaml:ro,Z
entrypoint:
- /bin/mimir
- -config.file=/etc/mimir-config/mimir.yaml
- -validation.max-label-names-per-series=60
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
2023-08-07 01:01:39 +02:00
networks:
- backend
2023-08-10 16:29:52 +02:00
- metrics
2023-04-16 16:10:44 +02:00
volumes:
prom_data:
grafana_data:
2023-07-27 04:37:23 +02:00
loki_data:
2023-04-16 16:10:44 +02:00
label_discovery:
2023-04-17 10:58:00 +02:00
alertmanager_data:
mimir_data:
2023-04-16 16:10:44 +02:00
networks:
2023-04-17 17:14:33 +02:00
pantalaimon:
external: true
2023-04-16 16:10:44 +02:00
backend:
internal: true
2023-04-17 17:14:33 +02:00
alertmanager:
2023-08-10 16:29:52 +02:00
metrics:
external: true