diff --git a/monitoring/node-red/docker-compose.yml b/monitoring/node-red/docker-compose.yml index 5f6343d..4f21cb5 100644 --- a/monitoring/node-red/docker-compose.yml +++ b/monitoring/node-red/docker-compose.yml @@ -6,12 +6,18 @@ services: container_name: node-red profiles: ["monitoring","all"] restart: unless-stopped - privileged: true + depends_on: + - docker-socket-proxy + environment: + DOCKER_HOST: tcp://docker-socket-proxy:2375 + cap_drop: + - ALL + security_opt: + - no-new-privileges:true # ports: # - "1880:1880" volumes: - ${PROJECT_ROOT}/monitoring/node-red/data:/data - - /var/run/docker.sock:/var/run/docker.sock:rw - ${PROJECT_ROOT}:/compose - ${PROJECT_ROOT}/default-environment.env:/usr/src/node-red/default-environment.env:ro - ${PROJECT_ROOT}/default-network.yml:/usr/src/node-red/default-network.yml:ro diff --git a/monitoring/prometheus/docker-compose.yml b/monitoring/prometheus/docker-compose.yml index dbcfc88..3838b76 100644 --- a/monitoring/prometheus/docker-compose.yml +++ b/monitoring/prometheus/docker-compose.yml @@ -1,6 +1,33 @@ #version: "3.8" services: + docker-socket-proxy: + profiles: ["monitoring","all","prometheus","prometheus-exporters"] + image: tecnativa/docker-socket-proxy:latest + container_name: prometheus-docker-socket-proxy + restart: unless-stopped + environment: + LOG_LEVEL: warning + CONTAINERS: 1 + EVENTS: 1 + IMAGES: 1 + INFO: 1 + NETWORKS: 1 + PING: 1 + POST: 1 + SERVICES: 1 + TASKS: 1 + VERSION: 1 + VOLUMES: 1 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + networks: + - monitor + prometheus: profiles: ["monitoring","all","prometheus"] image: prom/prometheus:latest @@ -133,13 +160,15 @@ services: telegraf: profiles: ["monitoring","all","prometheus"] image: telegraf:latest - group_add: - - "131" - privileged: true container_name: telegraf restart: unless-stopped + depends_on: + - docker-socket-proxy + cap_drop: + - ALL + security_opt: + - no-new-privileges:true volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - ${PROJECT_ROOT}/monitoring/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro networks: # - edge @@ -163,10 +192,12 @@ services: # - ${PROJECT_ROOT}/services-up.sh:/app/services-up.sh:ro environment: LOG_LEVEL: DEBUG + DOCKER_HOST: tcp://docker-socket-proxy:2375 + depends_on: + - docker-socket-proxy volumes: - ~/.docker/config.json:/root/.docker/config.json:ro - - /var/run/docker.sock:/var/run/docker.sock - ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw - ${PROJECT_ROOT}:/compose - ${PROJECT_ROOT}/default-environment.env:/compose/default-environment.env:ro @@ -191,6 +222,10 @@ services: # ports: # - "9105:9105" restart: unless-stopped + cap_drop: + - ALL + security_opt: + - no-new-privileges:true networks: # - edge - monitor @@ -227,4 +262,3 @@ services: # traefik_reverse_proxy: # external: true - diff --git a/monitoring/telegraf/telegraf.conf b/monitoring/telegraf/telegraf.conf index 7a97b1f..9063a7e 100644 --- a/monitoring/telegraf/telegraf.conf +++ b/monitoring/telegraf/telegraf.conf @@ -2,7 +2,7 @@ interval = "10s" [[inputs.docker]] - endpoint = "unix:///var/run/docker.sock" + endpoint = "tcp://docker-socket-proxy:2375" gather_services = false [[outputs.prometheus_client]]