version: '3.8' networks: monitoring: driver: bridge traefik: external: true services: grafana: image: grafana/grafana:11.0.0 container_name: grafana restart: unless-stopped volumes: - ./data/grafana:/var/lib/grafana - ./conf/grafana/provisioning:/etc/grafana/provisioning ports: - 3000:3000 environment: - GF_SECURITY_ADMIN_USER=admin - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD} - GF_USERS_ALLOW_SIGN_UP=false - GF_SERVER_ROOT_URL=https://grafana.${PUBLIC_HOST} - GF_AUTH_GENERIC_OAUTH_ENABLED=true - GF_AUTH_GENERIC_OAUTH_NAME=SSO - GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true - GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_CLIENT_SECRET} - GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles - GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email - GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username - GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name - GF_AUTH_GENERIC_OAUTH_AUTH_URL=${OPENID_URL}/protocol/openid-connect/auth - GF_AUTH_GENERIC_OAUTH_TOKEN_URL=${OPENID_URL}/protocol/openid-connect/token - GF_AUTH_GENERIC_OAUTH_API_URL=${OPENID_URL}/protocol/openid-connect/userinfo - GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer' networks: - monitoring - traefik labels: - "traefik.enable=true" - "traefik.http.routers.grafana.rule=Host(`grafana.${HOST_SUFFIX}`)" - "traefik.http.routers.grafana.entrypoints=web" prometheus: image: prom/prometheus:v2.52.0 container_name: prometheus restart: unless-stopped volumes: - ./conf/prometheus:/etc/prometheus - ./data/prometheus:/prometheus ports: - 9090:9090 command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--storage.tsdb.retention.time=180d' - '--web.console.libraries=/etc/prometheus/console_libraries' - '--web.console.templates=/etc/prometheus/consoles' - '--web.enable-lifecycle' - "--web.external-url=http://prometheus.${HOST_SUFFIX}" expose: - 9090 networks: - monitoring - traefik labels: - "traefik.enable=true" - "traefik.http.routers.prometheus.rule=Host(`prometheus.${HOST_SUFFIX}`)" - "traefik.http.routers.prometheus.entrypoints=web" alertmanager: image: prom/alertmanager:v0.27.0 container_name: alertmanager restart: unless-stopped volumes: - ./conf/alertmanager:/etc/alertmanager - ./data/alertmanager:/alertmanager environment: - TZ=${TZ} ports: - 9093:9093 command: - '--config.file=/etc/alertmanager/alertmanager.yml' - '--storage.path=/alertmanager' - "--web.external-url=http://alertmanager.${HOST_SUFFIX}" expose: - 9093 networks: - monitoring - traefik labels: - "traefik.enable=true" - "traefik.http.routers.alertmanager.rule=Host(`alertmanager.${HOST_SUFFIX}`)" - "traefik.http.routers.alertmanager.entrypoints=web" node-exporter: image: prom/node-exporter:v1.8.0 container_name: node-exporter restart: unless-stopped volumes: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro command: - '--path.procfs=/host/proc' - '--path.rootfs=/rootfs' - '--path.sysfs=/host/sys' - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' expose: - 9100 networks: - monitoring blackbox_exporter: image: prom/blackbox-exporter:v0.25.0 container_name: blackbox restart: unless-stopped expose: - 9115 networks: - monitoring # smokeping: # image: quay.io/superq/smokeping-prober # container_name: smokeping # restart: unless-stopped # command: nyyu.dev # privileged: true # expose: # - 9374 # networks: # - monitoring cadvisor: # ARM image image: gcr.io/cadvisor/cadvisor:v0.49.1 container_name: cadvisor restart: unless-stopped command: - '--housekeeping_interval=10s' - '--raw_cgroup_prefix_whitelist=/docker/' - '--disable_metrics=cpu_topology,hugetlb' privileged: true pid: 'host' ports: - '8040:8080' volumes: - '/:/rootfs:ro' - '/var/run:/var/run:ro' - '/sys:/sys:ro' - '/var/lib/docker/:/var/lib/docker:ro' - '/dev/disk/:/dev/disk:ro' devices: - '/dev/kmsg:/dev/kmsg' expose: - 8080 networks: - monitoring