Renovate Bot
28a182c0d8
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
154 lines
4.6 KiB
YAML
154 lines
4.6 KiB
YAML
version: '3.8'
|
|
|
|
networks:
|
|
monitoring:
|
|
driver: bridge
|
|
traefik:
|
|
external: true
|
|
|
|
services:
|
|
grafana:
|
|
image: grafana/grafana:11.1.4
|
|
container_name: grafana
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ./data/grafana:/var/lib/grafana
|
|
- ./conf/grafana/provisioning:/etc/grafana/provisioning
|
|
ports:
|
|
- 3000:3000
|
|
environment:
|
|
- GF_SECURITY_ADMIN_USER=admin
|
|
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
|
|
- GF_USERS_ALLOW_SIGN_UP=false
|
|
- GF_SERVER_ROOT_URL=https://grafana.${PUBLIC_HOST}
|
|
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
|
- GF_AUTH_GENERIC_OAUTH_NAME=SSO
|
|
- GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
|
|
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
|
|
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_CLIENT_SECRET}
|
|
- GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles
|
|
- GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email
|
|
- GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
|
|
- GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name
|
|
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=${OPENID_URL}/protocol/openid-connect/auth
|
|
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=${OPENID_URL}/protocol/openid-connect/token
|
|
- GF_AUTH_GENERIC_OAUTH_API_URL=${OPENID_URL}/protocol/openid-connect/userinfo
|
|
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
|
|
networks:
|
|
- monitoring
|
|
- traefik
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.grafana.rule=Host(`grafana.${HOST_SUFFIX}`)"
|
|
- "traefik.http.routers.grafana.entrypoints=web"
|
|
prometheus:
|
|
image: prom/prometheus:v2.54.0
|
|
container_name: prometheus
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ./conf/prometheus:/etc/prometheus
|
|
- ./data/prometheus:/prometheus
|
|
ports:
|
|
- 9090:9090
|
|
command:
|
|
- '--config.file=/etc/prometheus/prometheus.yml'
|
|
- '--storage.tsdb.path=/prometheus'
|
|
- '--storage.tsdb.retention.time=180d'
|
|
- '--web.console.libraries=/etc/prometheus/console_libraries'
|
|
- '--web.console.templates=/etc/prometheus/consoles'
|
|
- '--web.enable-lifecycle'
|
|
- "--web.external-url=http://prometheus.${HOST_SUFFIX}"
|
|
expose:
|
|
- 9090
|
|
networks:
|
|
- monitoring
|
|
- traefik
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.prometheus.rule=Host(`prometheus.${HOST_SUFFIX}`)"
|
|
- "traefik.http.routers.prometheus.entrypoints=web"
|
|
alertmanager:
|
|
image: prom/alertmanager:v0.27.0
|
|
container_name: alertmanager
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ./conf/alertmanager:/etc/alertmanager
|
|
- ./data/alertmanager:/alertmanager
|
|
environment:
|
|
- TZ=${TZ}
|
|
ports:
|
|
- 9093:9093
|
|
command:
|
|
- '--config.file=/etc/alertmanager/alertmanager.yml'
|
|
- '--storage.path=/alertmanager'
|
|
- "--web.external-url=http://alertmanager.${HOST_SUFFIX}"
|
|
expose:
|
|
- 9093
|
|
networks:
|
|
- monitoring
|
|
- traefik
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.alertmanager.rule=Host(`alertmanager.${HOST_SUFFIX}`)"
|
|
- "traefik.http.routers.alertmanager.entrypoints=web"
|
|
node-exporter:
|
|
image: prom/node-exporter:v1.8.2
|
|
container_name: node-exporter
|
|
restart: unless-stopped
|
|
volumes:
|
|
- /proc:/host/proc:ro
|
|
- /sys:/host/sys:ro
|
|
- /:/rootfs:ro
|
|
command:
|
|
- '--path.procfs=/host/proc'
|
|
- '--path.rootfs=/rootfs'
|
|
- '--path.sysfs=/host/sys'
|
|
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
|
|
expose:
|
|
- 9100
|
|
networks:
|
|
- monitoring
|
|
blackbox_exporter:
|
|
image: prom/blackbox-exporter:v0.25.0
|
|
container_name: blackbox
|
|
restart: unless-stopped
|
|
expose:
|
|
- 9115
|
|
networks:
|
|
- monitoring
|
|
# smokeping:
|
|
# image: quay.io/superq/smokeping-prober
|
|
# container_name: smokeping
|
|
# restart: unless-stopped
|
|
# command: nyyu.dev
|
|
# privileged: true
|
|
# expose:
|
|
# - 9374
|
|
# networks:
|
|
# - monitoring
|
|
cadvisor:
|
|
# ARM image
|
|
image: gcr.io/cadvisor/cadvisor:v0.50.0
|
|
container_name: cadvisor
|
|
restart: unless-stopped
|
|
command:
|
|
- '--housekeeping_interval=10s'
|
|
- '--raw_cgroup_prefix_whitelist=/docker/'
|
|
- '--disable_metrics=cpu_topology,hugetlb'
|
|
privileged: true
|
|
pid: 'host'
|
|
ports:
|
|
- '8040:8080'
|
|
volumes:
|
|
- '/:/rootfs:ro'
|
|
- '/var/run:/var/run:ro'
|
|
- '/sys:/sys:ro'
|
|
- '/var/lib/docker/:/var/lib/docker:ro'
|
|
- '/dev/disk/:/dev/disk:ro'
|
|
devices:
|
|
- '/dev/kmsg:/dev/kmsg'
|
|
expose:
|
|
- 8080
|
|
networks:
|
|
- monitoring
|