wip

.env.sample

@@ -1,38 +1,50 @@
-TYPE=monitoring
-STACK_NAME=gp_monitoring
+TYPE=monitoring-ng
+STACK_NAME=monitoring-ng
 LETS_ENCRYPT_ENV=production
+COMPOSE_FILE=compose.yml
+DOMAIN=monitoring.example.com
 
-GRAFANA_DOMAIN=g.monitor.autonomic.zone
-GRAFANA_CUSTOM_INI_VERSION=v3
-GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}
-SECRET_GRAFANA_ADMIN_PASSWORD_VERSION=v1
-SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION=v1
+# Gathering Metrics (Node Exporter, Cadvisor)
+COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml"
 
-PROMETHEUS_DOMAIN=p.monitor.autonomic.zone
-PROMETHEUS_YML_VERSION=v10
-PROMETHEUS_WEB_YML_VERSION=v2
-SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION=v1
-SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION=v1
+# Gathering Logs (Promtail)
+# COMPOSE_FILE="$COMPOSE_FILE:compose.promtail.yml"
+# LOKI_PUSH_URL=https://l.monitor.autonomic.zone/loki/api/v1/push
 
-LOKI_DOMAIN=l.monitor.autonomic.zone
-LOKI_AWS_ENDPOINT=https://minio.autonomic.zone
-LOKI_AWS_REGION=eu-west-1
-LOKI_ACCESS_KEY_ID=bush-debrief-approval-robust-scraggly-molecule
-LOKI_BUCKET_NAMES=loki
-LOKI_YML_VERSION=v7
-SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION=v1
-SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION=v1
+# Grafana
+#
+# COMPOSE_FILE="$COMPOSE_FILE:compose.grafana.yml"
+# GRAFANA_DOMAIN=grafana.example.com
+# GRAFANA_CUSTOM_INI_VERSION=v3
+# GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}
+# SECRET_GRAFANA_ADMIN_PASSWORD_VERSION=v1
+# SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION=v1
+# KEYCLOAK_AUTH_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/auth"
+# KEYCLOAK_API_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/userinfo"
+# KEYCLOAK_TOKEN_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/token"
 
-ALERTMANAGER_CONFIG_VERSION=v2
+# Prometheus, Alertmanager
+#
+# COMPOSE_FILE="$COMPOSE_FILE:compose.prometheus.yml"
+# PROMETHEUS_DOMAIN=prometheus.example.com
+# PROMETHEUS_YML_VERSION=v1
+# PROMETHEUS_WEB_YML_VERSION=v
+# SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION=v1
+# SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION=v1
+# ALERTMANAGER_CONFIG_VERSION=v1
+# ALERTMANAGER_SMTP_FROM=noreply@autonomic.zone
+# ALERTMANAGER_SMTP_HOST=mail.gandi.net:587
+# ALERTMANAGER_SMTP_TO=kaboom@autonomic.zone
+# SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION=v1
 
-NGINX_CONFIG_VERSION=v5
-HTPASSWD_CONFIG_VERSION=v1
-
-KEYCLOAK_AUTH_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/auth"
-KEYCLOAK_API_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/userinfo"
-KEYCLOAK_TOKEN_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/token"
-
-ALERTMANAGER_SMTP_FROM=noreply@autonomic.zone
-ALERTMANAGER_SMTP_HOST=mail.gandi.net:587
-ALERTMANAGER_SMTP_TO=kaboom@autonomic.zone
-SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION=v1
+# Loki Server
+#
+# COMPOSE_FILE="$COMPOSE_FILE:compose.loki.yml"
+# LOKI_DOMAIN=loki.example.com
+# LOKI_AWS_ENDPOINT=https://minio.autonomic.zone
+# LOKI_AWS_REGION=eu-west-1
+# LOKI_ACCESS_KEY_ID=bush-debrief-approval-robust-scraggly-molecule
+# LOKI_BUCKET_NAMES=loki
+# LOKI_YML_VERSION=v7
+# SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION=v1
+# SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION=v1

abra.sh

@@ -0,0 +1,4 @@
+export PROMTAIL_YML_VERSION=v1
+export NODE_EXPORTER_ENTRYPOINT_VERSION=v1
+export NGINX_CONFIG_VERSION=v1
+export HTPASSWD_CONFIG_VERSION=v1

compose.grafana.yml

@@ -0,0 +1,54 @@
+version: '3.8'
+
+services:
+  grafana:
+    image: grafana/grafana:8.4.4
+    volumes:
+      - grafana-data:/var/lib/grafana:rw
+    secrets:
+      - grafana_admin_password
+      - grafana_oauth_client_secret
+    configs:
+      - source: grafana_custom_ini
+        target: /etc/grafana/grafana.ini
+    networks:
+      - proxy
+      - internal
+    environment:
+      - GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}
+      - GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana_admin_password
+      - KEYCLOAK_API_URL
+      - KEYCLOAK_AUTH_URL
+      - KEYCLOAK_TOKEN_URL
+    deploy:
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}-grafana.loadbalancer.server.port=3000"
+        - "traefik.http.routers.${STACK_NAME}-grafana.rule=Host(`${GRAFANA_DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}-grafana.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}-grafana.tls=true"
+        - "traefik.http.routers.${STACK_NAME}-grafana.tls.certresolver=${LETS_ENCRYPT_ENV}"
+    healthcheck:
+      test: "wget -q http://localhost:3000/ -O/dev/null"
+      interval: 5s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+configs:
+  grafana_custom_ini:
+    template_driver: golang
+    name: ${STACK_NAME}_grafana_custom_ini_${GRAFANA_CUSTOM_INI_VERSION}
+    file: grafana_custom.ini
+
+
+volumes:
+  grafana-data:
+
+secrets:
+  grafana_admin_password:
+    external: true
+    name: ${STACK_NAME}_grafana_admin_password_${SECRET_GRAFANA_ADMIN_PASSWORD_VERSION}
+  grafana_oauth_client_secret:
+    external: true
+    name: ${STACK_NAME}_grafana_oauth_client_secret_${SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION}

compose.loki.yml

@@ -0,0 +1,39 @@
+version: '3.8'
+
+services:
+  loki:
+    image: grafana/loki:2.0.0
+    command: -config.file=/etc/loki/local-config.yaml
+    networks:
+      - internal
+    configs:
+      - source: loki_yml
+        target: /etc/loki/local-config.yaml
+    volumes:
+      - loki-data:/loki
+    secrets:
+      - loki_aws_secret_access_key
+    environment:
+      - LOKI_ACCESS_KEY_ID
+      - LOKI_AWS_ENDPOINT
+      - LOKI_AWS_REGION
+      - LOKI_BUCKET_NAMES
+      - STACK_NAME
+
+configs:
+  loki_yml:
+    template_driver: golang
+    name: ${STACK_NAME}_loki_yml_${LOKI_YML_VERSION}
+    file: loki.yml.tmpl
+
+
+volumes:
+  loki-data:
+
+secrets:
+  loki_aws_secret_access_key:
+    external: true
+    name: ${STACK_NAME}_loki_aws_secret_access_key_${SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION}
+  loki_admin_password_hashed:
+    external: true
+    name: ${STACK_NAME}_loki_admin_password_hashed_${SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION}

compose.metrics.yml

@@ -0,0 +1,67 @@
+version: '3.8'
+
+services:
+  node_exporter:
+    image: prom/node-exporter:v1.0.1
+    user: root
+    environment:
+      - NODE_ID={{.Node.ID}}
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+      - /etc/hostname:/etc/nodename:ro
+    command:
+      - "--path.sysfs=/host/sys"
+      - "--path.procfs=/host/proc"
+      - "--path.rootfs=/rootfs"
+      - "--collector.textfile.directory=/etc/node-exporter/"
+      - "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|host|etc)($$|/)"
+      - "--no-collector.ipvs"
+    configs:
+      - source: node_exporter_entrypoint_sh
+        target: /entrypoint.sh
+    networks:
+      - internal
+      - proxy
+    entrypoint: [ "/bin/sh", "-e", "/entrypoint.sh" ]
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}-node.loadbalancer.server.port=9100"
+        - "traefik.http.routers.${STACK_NAME}-node.rule=Host(`node.${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}-node.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}-node.tls=true"
+        - "traefik.http.routers.${STACK_NAME}-node.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}-node.middlewares=basicauth@file"
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.47.0
+    command: -logtostderr -docker_only
+    volumes:
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /dev/disk/:/dev/disk:ro
+      - /sys:/sys:ro
+      - /var/run:/var/run:ro
+      - /:/rootfs:ro
+    networks:
+      - internal
+      - proxy
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}-cadvisor.loadbalancer.server.port=8080"
+        - "traefik.http.routers.${STACK_NAME}-cadvisor.rule=Host(`cadvisor.${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}-cadvisor.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}-cadvisor.tls=true"
+        - "traefik.http.routers.${STACK_NAME}-cadvisor.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}-cadvisor.middlewares=basicauth@file"
+
+configs:
+  node_exporter_entrypoint_sh:
+    name: ${STACK_NAME}_node_exporter_entrypoint_${NODE_EXPORTER_ENTRYPOINT_VERSION}
+    file: node-exporter-entrypoint.sh

compose.prometheus.yml

@@ -0,0 +1,83 @@
+version: '3.8'
+
+services:
+  prometheus:
+    image: prom/prometheus:v2.34.0
+    secrets:
+      - prometheus_admin_password
+      - prometheus_admin_password_hashed
+    volumes:
+      - prometheus-data:/prometheus:rw
+    configs:
+      - source: prometheus_yml
+        target: /etc/prometheus/prometheus.yml
+      - source: prometheus_web_yml
+        target: /etc/prometheus/prometheus_web.yml
+    command:
+      - "--config.file=/etc/prometheus/prometheus.yml"
+      - "--web.config.file=/etc/prometheus/prometheus_web.yml"
+      - "--storage.tsdb.path=/prometheus"
+      - "--web.console.libraries=/usr/share/prometheus/console_libraries"
+      - "--web.console.templates=/usr/share/prometheus/consoles"
+    networks:
+      - proxy
+      - internal
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}_prometheus.loadbalancer.server.port=9090"
+        - "traefik.http.routers.${STACK_NAME}-prometheus.rule=Host(`${PROMETHEUS_DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}-prometheus.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}-prometheus.tls=true"
+        - "traefik.http.routers.${STACK_NAME}-prometheus.tls.certresolver=${LETS_ENCRYPT_ENV}"
+
+  alertmanager:
+    image: prom/alertmanager:v0.23.0
+    volumes:
+      - alertmanager-data:/etc/alertmanager
+    command:
+      - "--config.file=/etc/alertmanager/config.yml"
+      - "--storage.path=/alertmanager"
+    networks:
+      - internal
+    secrets:
+      - alertmanager_smtp_password
+    configs:
+      - source: alertmanager_config
+        target: /etc/alertmanager/config.yml
+    environment:
+      - ALERTMANAGER_SMTP_FROM
+      - ALERTMANAGER_SMTP_HOST
+      - ALERTMANAGER_SMTP_TO
+
+configs:
+  prometheus_yml:
+    template_driver: golang
+    name: ${STACK_NAME}_prometheus_yml_${PROMETHEUS_YML_VERSION}
+    file: prometheus.yml.tmpl
+  prometheus_web_yml:
+    template_driver: golang
+    name: ${STACK_NAME}_prometheus_web_yml_${PROMETHEUS_WEB_YML_VERSION}
+    file: prometheus_web.yml.tmpl
+  alertmanager_config:
+    template_driver: golang
+    name: ${STACK_NAME}_alertmanager_config_${ALERTMANAGER_CONFIG_VERSION}
+    file: ./alertmanager.yml.tmpl
+
+
+volumes:
+  prometheus-data:
+  alertmanager-data:
+
+secrets:
+  prometheus_admin_password_hashed:
+    external: true
+    name: ${STACK_NAME}_prometheus_admin_password_hashed_${SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION}
+  prometheus_admin_password:
+    external: true
+    name: ${STACK_NAME}_prometheus_admin_password_${SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION}
+  alertmanager_smtp_password:
+    external: true
+    name: ${STACK_NAME}_alertmanager_smtp_password_${SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION}

compose.promtail.yml

@@ -0,0 +1,29 @@
+version: "3.8"
+
+services:
+  promtail:
+    image: grafana/promtail:2.0.0
+    volumes:
+      - /var/log:/var/log:ro
+      - /var/lib/docker/containers:/var/lib/docker/containers:ro
+    command: -config.file=/etc/promtail/config.yml
+    configs:
+      - source: promtail_yml
+        target: /etc/promtail/config.yml
+    networks:
+      - internal
+    secrets:
+      - loki_admin_password
+
+configs:
+  promtail_yml:
+    name: ${STACK_NAME}_promtail_yml_${PROMTAIL_YML_VERSION}
+    file: promtail.yml.tmpl
+    template_driver: golang
+
+secrets:
+  loki_admin_password:
+    external: true
+    name: ${STACK_NAME}_loki_admin_password_${SECRET_LOKI_ADMIN_PASSWORD_VERSION}
+
+

compose.yml

@@ -3,194 +3,10 @@ version: "3.8"
 
 services:
   app:
-    image: grafana/grafana:8.4.4
-    volumes:
-      - grafana-data:/var/lib/grafana:rw
-    secrets:
-      - grafana_admin_password
-      - grafana_oauth_client_secret
-    configs:
-      - source: grafana_custom_ini
-        target: /etc/grafana/grafana.ini
-    networks:
-      - proxy
-      - internal
-    environment:
-      - GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}
-      - GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana_admin_password
-      - KEYCLOAK_API_URL
-      - KEYCLOAK_AUTH_URL
-      - KEYCLOAK_TOKEN_URL
-    deploy:
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}-grafana.loadbalancer.server.port=3000"
-        - "traefik.http.routers.${STACK_NAME}-grafana.rule=Host(`${GRAFANA_DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}-grafana.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}-grafana.tls=true"
-        - "traefik.http.routers.${STACK_NAME}-grafana.tls.certresolver=${LETS_ENCRYPT_ENV}"
-    healthcheck:
-      test: "wget -q http://localhost:3000/ -O/dev/null"
-      interval: 5s
-      timeout: 10s
-      retries: 3
-      start_period: 10s
-
-  prometheus:
-    image: prom/prometheus:v2.34.0
-    secrets:
-      - prometheus_admin_password
-      - prometheus_admin_password_hashed
-    volumes:
-      - prometheus-data:/prometheus:rw
-    configs:
-      - source: prometheus_yml
-        target: /etc/prometheus/prometheus.yml
-      - source: prometheus_web_yml
-        target: /etc/prometheus/prometheus_web.yml
-    command:
-      - "--config.file=/etc/prometheus/prometheus.yml"
-      - "--web.config.file=/etc/prometheus/prometheus_web.yml"
-      - "--storage.tsdb.path=/prometheus"
-      - "--web.console.libraries=/usr/share/prometheus/console_libraries"
-      - "--web.console.templates=/usr/share/prometheus/consoles"
-    networks:
-      - proxy
-      - internal
-    deploy:
-      restart_policy:
-        condition: on-failure
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}_prometheus.loadbalancer.server.port=9090"
-        - "traefik.http.routers.${STACK_NAME}-prometheus.rule=Host(`${PROMETHEUS_DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}-prometheus.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}-prometheus.tls=true"
-        - "traefik.http.routers.${STACK_NAME}-prometheus.tls.certresolver=${LETS_ENCRYPT_ENV}"
-
-  alertmanager:
-    image: prom/alertmanager:v0.23.0
-    volumes:
-      - alertmanager-data:/etc/alertmanager
-    command:
-      - "--config.file=/etc/alertmanager/config.yml"
-      - "--storage.path=/alertmanager"
-    networks:
-      - internal
-    secrets:
-      - alertmanager_smtp_password
-    configs:
-      - source: alertmanager_config
-        target: /etc/alertmanager/config.yml
-    environment:
-      - ALERTMANAGER_SMTP_FROM
-      - ALERTMANAGER_SMTP_HOST
-      - ALERTMANAGER_SMTP_TO
-
-  web:
-    image: nginx:1.20.0
-    networks:
-      - proxy
-      - internal
-    environment:
-      - LOKI_DOMAIN
-      - STACK_NAME
-    configs:
-      - source: nginx_config
-        target: /etc/nginx/nginx.conf
-      - source: htpasswd_conf
-        target: /etc/nginx/conf.d/loki.htpasswd
-    secrets:
-      - loki_admin_password_hashed
-    deploy:
-      restart_policy:
-        condition: on-failure
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}-web.loadbalancer.server.port=80"
-        - "traefik.http.routers.${STACK_NAME}-web.rule=Host(`${LOKI_DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}-web.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}-web.tls.certresolver=${LETS_ENCRYPT_ENV}"
-
-  loki:
-    image: grafana/loki:2.0.0
-    command: -config.file=/etc/loki/local-config.yaml
-    networks:
-      - internal
-    configs:
-      - source: loki_yml
-        target: /etc/loki/local-config.yaml
-    volumes:
-      - loki-data:/loki
-    secrets:
-      - loki_aws_secret_access_key
-    environment:
-      - LOKI_ACCESS_KEY_ID
-      - LOKI_AWS_ENDPOINT
-      - LOKI_AWS_REGION
-      - LOKI_BUCKET_NAMES
-      - STACK_NAME
-
-configs:
-  grafana_custom_ini:
-    template_driver: golang
-    name: ${STACK_NAME}_grafana_custom_ini_${GRAFANA_CUSTOM_INI_VERSION}
-    file: grafana_custom.ini
-  prometheus_yml:
-    template_driver: golang
-    name: ${STACK_NAME}_prometheus_yml_${PROMETHEUS_YML_VERSION}
-    file: prometheus.yml.tmpl
-  prometheus_web_yml:
-    template_driver: golang
-    name: ${STACK_NAME}_prometheus_web_yml_${PROMETHEUS_WEB_YML_VERSION}
-    file: prometheus_web.yml.tmpl
-  loki_yml:
-    template_driver: golang
-    name: ${STACK_NAME}_loki_yml_${LOKI_YML_VERSION}
-    file: loki.yml.tmpl
-  alertmanager_config:
-    template_driver: golang
-    name: ${STACK_NAME}_alertmanager_config_${ALERTMANAGER_CONFIG_VERSION}
-    file: ./alertmanager.yml.tmpl
-  nginx_config:
-    template_driver: golang
-    name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION}
-    file: nginx.conf.tmpl
-  htpasswd_conf:
-    template_driver: golang
-    name: ${STACK_NAME}_htpasswd_${HTPASSWD_CONFIG_VERSION}
-    file: loki.htpasswd.tmpl
-
-volumes:
-  prometheus-data:
-  grafana-data:
-  loki-data:
-  alertmanager-data:
+    image: debian:stable-slim
+    entrypoint: "/bin/tail -f /dev/null"
 
 networks:
   proxy:
     external: true
-  internal:
-
-secrets:
-  loki_aws_secret_access_key:
-    external: true
-    name: ${STACK_NAME}_loki_aws_secret_access_key_${SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION}
-  grafana_admin_password:
-    external: true
-    name: ${STACK_NAME}_grafana_admin_password_${SECRET_GRAFANA_ADMIN_PASSWORD_VERSION}
-  grafana_oauth_client_secret:
-    external: true
-    name: ${STACK_NAME}_grafana_oauth_client_secret_${SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION}
-  prometheus_admin_password_hashed:
-    external: true
-    name: ${STACK_NAME}_prometheus_admin_password_hashed_${SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION}
-  prometheus_admin_password:
-    external: true
-    name: ${STACK_NAME}_prometheus_admin_password_${SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION}
-  alertmanager_smtp_password:
-    external: true
-    name: ${STACK_NAME}_alertmanager_smtp_password_${SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION}
-  loki_admin_password_hashed:
-    external: true
-    name: ${STACK_NAME}_loki_admin_password_hashed_${SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION}
+  internal:

loki.htpasswd.tmpl

@@ -1 +0,0 @@
-loki:{{ secret "loki_admin_password_hashed" }}

nginx.conf.tmpl

@@ -1,43 +0,0 @@
-user www-data;
-
-events {
-  worker_connections 768;
-}
-
-http {
-  include /etc/nginx/mime.types;
-
-  map $http_upgrade $connection_upgrade {
-    default upgrade;
-    '' close;
-  }
-
-  server {
-    listen 80;
-    server_name {{ env "LOKI_DOMAIN" }};
-
-    auth_basic "loki";
-    auth_basic_user_file /etc/nginx/conf.d/loki.htpasswd;
-
-    location / {
-      proxy_read_timeout 1800s;
-      proxy_connect_timeout 1600s;
-      proxy_pass http://{{ env "STACK_NAME" }}_loki:3100;
-      proxy_http_version 1.1;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection $connection_upgrade;
-      proxy_set_header Connection "Keep-Alive";
-      proxy_set_header Proxy-Connection "Keep-Alive";
-      proxy_redirect off;
-    }
-
-    location /ready {
-      proxy_pass http://{{ env "STACK_NAME" }}_loki:3100;
-      proxy_http_version 1.1;
-      proxy_set_header Connection "Keep-Alive";
-      proxy_set_header Proxy-Connection "Keep-Alive";
-      proxy_redirect off;
-      auth_basic "off";
-    }
-  }
-}

node-exporter-entrypoint.sh

@@ -0,0 +1,11 @@
+#!/bin/sh -e
+
+NODE_NAME=$(cat /etc/nodename)
+
+mkdir -p /etc/node-exporter
+
+echo "node_meta{node_id=\"$NODE_ID\", container_label_com_docker_swarm_node_id=\"$NODE_ID\", node_name=\"$NODE_NAME\"} 1" > /etc/node-exporter/node-meta.prom
+
+set -- /bin/node_exporter "$@"
+
+exec "$@"

promtail.yml.tmpl

@@ -0,0 +1,29 @@
+server:
+  http_listen_port: 9080
+  grpc_listen_port: 0
+
+positions:
+  filename: /tmp/positions.yaml
+
+clients:
+  - url: {{ env "LOKI_PUSH_URL" }}
+    basic_auth:
+      username: loki
+      password: {{ secret "loki_admin_password" }}
+
+scrape_configs:
+- job_name: system
+  static_configs:
+  - targets:
+      - localhost
+    labels:
+      job: varlogs
+      __path__: /var/log/*log
+
+- job_name: containers
+  static_configs:
+  - targets:
+      - localhost
+    labels:
+      job: containers
+      __path__: /var/lib/docker/containers/*/*log