monitoring/docker-compose.yml

154 lines
4.6 KiB
YAML

version: '3.8'
networks:
monitoring:
driver: bridge
traefik:
external: true
services:
grafana:
image: grafana/grafana:10.3.3
container_name: grafana
restart: unless-stopped
volumes:
- ./data/grafana:/var/lib/grafana
- ./conf/grafana/provisioning:/etc/grafana/provisioning
ports:
- 3000:3000
environment:
- GF_SECURITY_ADMIN_USER=admin
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
- GF_USERS_ALLOW_SIGN_UP=false
- GF_SERVER_ROOT_URL=https://grafana.${PUBLIC_HOST}
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
- GF_AUTH_GENERIC_OAUTH_NAME=SSO
- GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_CLIENT_SECRET}
- GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles
- GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email
- GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
- GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=${OPENID_URL}/protocol/openid-connect/auth
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=${OPENID_URL}/protocol/openid-connect/token
- GF_AUTH_GENERIC_OAUTH_API_URL=${OPENID_URL}/protocol/openid-connect/userinfo
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
networks:
- monitoring
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.rule=Host(`grafana.${HOST_SUFFIX}`)"
- "traefik.http.routers.grafana.entrypoints=web"
prometheus:
image: prom/prometheus:v2.50.0
container_name: prometheus
restart: unless-stopped
volumes:
- ./conf/prometheus:/etc/prometheus
- ./data/prometheus:/prometheus
ports:
- 9090:9090
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--storage.tsdb.retention.time=1y'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--web.enable-lifecycle'
- "--web.external-url=http://prometheus.${HOST_SUFFIX}"
expose:
- 9090
networks:
- monitoring
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.prometheus.rule=Host(`prometheus.${HOST_SUFFIX}`)"
- "traefik.http.routers.prometheus.entrypoints=web"
alertmanager:
image: prom/alertmanager:v0.26.0
container_name: alertmanager
restart: unless-stopped
volumes:
- ./conf/alertmanager:/etc/alertmanager
- ./data/alertmanager:/alertmanager
environment:
- TZ=${TZ}
ports:
- 9093:9093
command:
- '--config.file=/etc/alertmanager/alertmanager.yml'
- '--storage.path=/alertmanager'
- "--web.external-url=http://alertmanager.${HOST_SUFFIX}"
expose:
- 9093
networks:
- monitoring
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.alertmanager.rule=Host(`alertmanager.${HOST_SUFFIX}`)"
- "traefik.http.routers.alertmanager.entrypoints=web"
node-exporter:
image: prom/node-exporter:v1.7.0
container_name: node-exporter
restart: unless-stopped
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
command:
- '--path.procfs=/host/proc'
- '--path.rootfs=/rootfs'
- '--path.sysfs=/host/sys'
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
expose:
- 9100
networks:
- monitoring
blackbox_exporter:
image: prom/blackbox-exporter:v0.24.0
container_name: blackbox
restart: unless-stopped
expose:
- 9115
networks:
- monitoring
# smokeping:
# image: quay.io/superq/smokeping-prober
# container_name: smokeping
# restart: unless-stopped
# command: nyyu.dev
# privileged: true
# expose:
# - 9374
# networks:
# - monitoring
cadvisor:
# ARM image
image: gcr.io/cadvisor/cadvisor:v0.47.2
container_name: cadvisor
restart: unless-stopped
command:
- '--housekeeping_interval=10s'
- '--raw_cgroup_prefix_whitelist=/docker/'
- '--disable_metrics=cpu_topology,hugetlb'
privileged: true
pid: 'host'
ports:
- '8040:8080'
volumes:
- '/:/rootfs:ro'
- '/var/run:/var/run:ro'
- '/sys:/sys:ro'
- '/var/lib/docker/:/var/lib/docker:ro'
- '/dev/disk/:/dev/disk:ro'
devices:
- '/dev/kmsg:/dev/kmsg'
expose:
- 8080
networks:
- monitoring