git
8c5a902613
modified: default-environment.env modified: monitoring/portainer/docker-compose.yml modified: monitoring/prometheus/docker-compose.yml modified: update-containers.log
300 lines
9.8 KiB
YAML
300 lines
9.8 KiB
YAML
#version: "3.8"
|
|
|
|
services:
|
|
docker-socket-proxy:
|
|
profiles: ["monitoring","all","prometheus","prometheus-exporters"]
|
|
image: tecnativa/docker-socket-proxy:latest
|
|
container_name: docker-socket-proxy
|
|
hostname: docker-socket-proxy
|
|
restart: unless-stopped
|
|
environment:
|
|
LOG_LEVEL: ${DOCKER_SOCKET_PROXY_LOG_LEVEL}
|
|
DISTRIBUTION: 1
|
|
CONTAINERS: 1
|
|
EVENTS: 1
|
|
IMAGES: 1
|
|
INFO: 1
|
|
NETWORKS: 1
|
|
PING: 1
|
|
POST: 1
|
|
AUTH: 1
|
|
EXEC: 1
|
|
SYSTEM: 1
|
|
SERVICES: 1
|
|
SWARM: 1
|
|
NODES: 1
|
|
SECRETS: 1
|
|
TASKS: 1
|
|
VERSION: 1
|
|
VOLUMES: 1
|
|
ALLOW_START: 1 # for better security, set to 0
|
|
ALLOW_STOP: 1 # for better security, set to 0
|
|
ALLOW_RESTARTS: 1 # for better security, set to 0
|
|
BUILD: 0
|
|
COMMIT: 0
|
|
CONFIGS: 0
|
|
DELETE: 1
|
|
DISABLE_IPV6: 0
|
|
PLUGINS: 0
|
|
SESSION: 0
|
|
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
cap_drop:
|
|
- ALL
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
networks:
|
|
- monitor
|
|
- traefik
|
|
|
|
prometheus:
|
|
profiles: ["monitoring","all","prometheus"]
|
|
image: prom/prometheus:latest
|
|
# env_file:
|
|
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
|
container_name: prometheus
|
|
depends_on:
|
|
# - alertmanager
|
|
- telegraf
|
|
- influxdb
|
|
- node-exporter
|
|
- docker-update-exporter
|
|
- pihole-exporter
|
|
command:
|
|
- "--config.file=/etc/prometheus/prometheus.yml"
|
|
- "--storage.tsdb.path=/prometheus"
|
|
- "--storage.tsdb.retention.time=15d"
|
|
# build:
|
|
# context: ${PROJECT_ROOT}/monitoring/prometheus
|
|
volumes:
|
|
- ${PROJECT_ROOT}/monitoring/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
|
|
- ${PROJECT_ROOT}/monitoring/prometheus/data:/prometheus
|
|
- ${PROJECT_ROOT}/monitoring/prometheus/rules:/etc/prometheus/rules:ro
|
|
- ${PROJECT_ROOT}/secrets/prometheus_kuma_basic_auth_password.txt:/run/secrets/prometheus_kuma_basic_auth_password:ro
|
|
|
|
restart: unless-stopped
|
|
labels:
|
|
- "traefik.http.routers.prometheus.rule=Host(`prometheus.lan.ddnsgeek.com`)"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.prometheus.entrypoints=websecure"
|
|
- "traefik.http.routers.prometheus.tls.certresolver=myresolver"
|
|
- "io.portainer.accesscontrol.public"
|
|
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
|
|
- "traefik.http.routers.prometheus.middlewares=authelia"
|
|
- "traefik.docker.network=core_traefik"
|
|
networks:
|
|
# - edge
|
|
# - traefik_reverse_proxy
|
|
- traefik
|
|
- monitor
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:9090/-/healthy"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 30s
|
|
|
|
# alertmanager:
|
|
# image: prom/alertmanager:latest
|
|
# container_name: alertmanager
|
|
# command:
|
|
# - "--config.file=/etc/alertmanager/alertmanager.yml"
|
|
# volumes:
|
|
# - ./alertmanager/alertmanager.yml:/etc/alertmanager/alertmanager.yml:ro
|
|
# restart: unless-stopped
|
|
# secrets:
|
|
# - edge
|
|
# - traefik_reverse_proxy
|
|
# healthcheck:
|
|
# test: ["CMD", "wget", "--spider", "-q", "http://localhost:9093/-/healthy"]
|
|
# interval: 30s
|
|
# timeout: 10s
|
|
# retries: 3
|
|
# start_period: 20s
|
|
# labels:
|
|
# - "traefik.http.routers.alertmanager.rule=Host(`alertmanager.lan.ddnsgeek.com`)"
|
|
# - "traefik.enable=true"
|
|
# - "traefik.http.routers.alertmanager.entrypoints=websecure"
|
|
# - "traefik.http.routers.alertmanager.tls.certresolver=myresolver"
|
|
# - "io.portainer.accesscontrol.public"
|
|
# - "traefik.http.services.alertmanager.loadbalancer.server.port=9093"
|
|
# - "traefik.http.routers.alertmanager.middlewares=authelia"
|
|
# - "traefik.docker.network=traefik_reverse_proxy"
|
|
|
|
node-exporter:
|
|
profiles: ["monitoring","all","prometheus-exporters"]
|
|
image: prom/node-exporter:latest
|
|
container_name: node-exporter
|
|
pid: host
|
|
volumes:
|
|
- /proc:/host/proc:ro
|
|
- /sys:/host/sys:ro
|
|
- /:/rootfs:ro
|
|
command:
|
|
- "--path.procfs=/host/proc"
|
|
- "--path.sysfs=/host/sys"
|
|
- "--path.rootfs=/rootfs"
|
|
restart: unless-stopped
|
|
networks:
|
|
# - edge
|
|
- monitor
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:9100/metrics"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
|
|
influxdb:
|
|
profiles: ["monitoring","all","prometheus"]
|
|
image: influxdb:2.7
|
|
container_name: influxdb
|
|
restart: unless-stopped
|
|
# env_file:
|
|
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
|
volumes:
|
|
- ${PROJECT_ROOT}/monitoring/influxdb:/var/lib/influxdb2
|
|
environment:
|
|
DOCKER_INFLUXDB_INIT_MODE: ${INFLUXDB_INIT_MODE}
|
|
DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_INIT_USERNAME}
|
|
DOCKER_INFLUXDB_INIT_PASSWORD_FILE: /run/secrets/influxdb_init_password
|
|
DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_INIT_ORG}
|
|
DOCKER_INFLUXDB_INIT_BUCKET: ${INFLUXDB_INIT_BUCKET}
|
|
secrets:
|
|
- influxdb_init_password
|
|
networks:
|
|
# - edge
|
|
# - traefik_reverse_proxy
|
|
- traefik
|
|
- monitor
|
|
labels:
|
|
- "traefik.http.routers.influxdb.rule=Host(`influxdb.lan.ddnsgeek.com`)"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.influxdb.entrypoints=websecure"
|
|
- "traefik.http.routers.influxdb.tls.certresolver=myresolver"
|
|
- "io.portainer.accesscontrol.public"
|
|
- "traefik.http.services.influxdb.loadbalancer.server.port=8086"
|
|
- "traefik.http.routers.influxdb.middlewares=authelia"
|
|
- "traefik.docker.network=core_traefik"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -f http://localhost:8086/health || exit 1"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
telegraf:
|
|
profiles: ["monitoring","all","prometheus"]
|
|
image: telegraf:latest
|
|
container_name: telegraf
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- docker-socket-proxy
|
|
# cap_drop:
|
|
# - ALL
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
volumes:
|
|
- ${PROJECT_ROOT}/monitoring/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro
|
|
networks:
|
|
# - edge
|
|
- monitor
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -f http://localhost:9273/metrics || exit 1"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
|
|
docker-update-exporter:
|
|
profiles: ["monitoring","all","prometheus-exporters"]
|
|
build:
|
|
context: ${PROJECT_ROOT}/monitoring/docker-exporter
|
|
container_name: docker-update-exporter
|
|
# volumes:
|
|
# - /var/run/docker.sock:/var/run/docker.sock
|
|
# - ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw
|
|
# - ${PROJECT_ROOT}/services-up.sh:/app/services-up.sh:ro
|
|
environment:
|
|
LOG_LEVEL: ${DOCKER_EXPORTER_LOG_LEVEL}
|
|
DOCKER_HOST: ${DOCKER_SOCKET_PROXY_HOST}
|
|
depends_on:
|
|
- docker-socket-proxy
|
|
|
|
volumes:
|
|
- ~/.docker/config.json:/root/.docker/config.json:ro
|
|
- ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw
|
|
- ${PROJECT_ROOT}:/compose:ro
|
|
# - ${PROJECT_ROOT}/default-environment.env:/compose/default-environment.env:ro
|
|
# - ${PROJECT_ROOT}/default-network.yml:/compose/default-network.yml:ro
|
|
# - ${PROJECT_ROOT}/core/docker-compose.yml:/compose/core/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/monitoring/prometheus/docker-compose.yml:/compose/monitoring/prometheus/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/monitoring/gotify/docker-compose.yml:/compose/monitoring/gotify/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/monitoring/grafana/docker-compose.yml:/compose/monitoring/grafana/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/monitoring/portainer/docker-compose.yml:/compose/monitoring/portainer/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/monitoring/uptime-kuma/docker-compose.yml:/compose/monitoring/uptime-kuma/docker-compose.yml:>
|
|
# - ${PROJECT_ROOT}/apps/gitea/docker-compose.yml:/compose/apps/gitea/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/apps/gramps/docker-compose.yml:/compose/apps/gramps/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/apps/nextcloud/docker-compose.yml:/compose/apps/nextcloud/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/apps/passbolt/docker-compose.yml:/compose/apps/passbolt/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/apps/searxng/docker-compose.yml:/compose/apps/searxng/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/apps/shift-recorder/docker-compose.yml:/compose/apps/shift-recorder/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/apps/stockfill/docker-compose.yml:/compose/apps/stockfill/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/monitoring/node-red/docker-compose.yml:/compose/monitoring/node-red/docker-compose.yml:ro
|
|
# - ${PROJECT_ROOT}/core/test/docker-compose.yml:/compose/core/test/docker-compose.yml:ro
|
|
|
|
|
|
# ports:
|
|
# - "9105:9105"
|
|
restart: unless-stopped
|
|
cap_drop:
|
|
- ALL
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
networks:
|
|
# - edge
|
|
- monitor
|
|
healthcheck:
|
|
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:9105/metrics')"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
pihole-exporter:
|
|
profiles: ["monitoring","all","prometheus-exporters"]
|
|
image: ekofr/pihole-exporter:latest
|
|
container_name: pihole-exporter
|
|
# env_file:
|
|
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
|
environment:
|
|
PIHOLE_HOSTNAME: ${PIHOLE_HOSTNAME}
|
|
PIHOLE_PASSWORD: ${PIHOLE_PASSWORD}
|
|
PORT: ${PIHOLE_EXPORTER_PORT}
|
|
ports:
|
|
- "${PIHOLE_EXPORTER_PORT}:${PIHOLE_EXPORTER_PORT}"
|
|
restart: unless-stopped
|
|
networks:
|
|
# - edge
|
|
- monitor
|
|
|
|
|
|
|
|
#networks:
|
|
# internal:
|
|
# internal: true
|
|
# edge:
|
|
# internal: false
|
|
|
|
# traefik_reverse_proxy:
|
|
# external: true
|
|
|
|
|
|
|
|
|
|
secrets:
|
|
influxdb_init_password:
|
|
file: ${PROJECT_ROOT}/secrets/influxdb_init_password.txt
|