From d5a34436f98c04e63c3c95c01d7974eb5e2dbebd Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Tue, 7 Feb 2023 13:15:40 +0100 Subject: [PATCH] wip --- .env.sample | 76 +++++++++------ abra.sh | 4 + compose.grafana.yml | 54 ++++++++++ compose.loki.yml | 39 ++++++++ compose.metrics.yml | 67 +++++++++++++ compose.prometheus.yml | 83 ++++++++++++++++ compose.promtail.yml | 29 ++++++ compose.yml | 190 +----------------------------------- loki.htpasswd.tmpl | 1 - nginx.conf.tmpl | 43 -------- node-exporter-entrypoint.sh | 11 +++ promtail.yml.tmpl | 29 ++++++ 12 files changed, 363 insertions(+), 263 deletions(-) create mode 100644 abra.sh create mode 100644 compose.grafana.yml create mode 100644 compose.loki.yml create mode 100644 compose.metrics.yml create mode 100644 compose.prometheus.yml create mode 100644 compose.promtail.yml delete mode 100644 loki.htpasswd.tmpl delete mode 100644 nginx.conf.tmpl create mode 100644 node-exporter-entrypoint.sh create mode 100644 promtail.yml.tmpl diff --git a/.env.sample b/.env.sample index acff59a..5eacd0a 100644 --- a/.env.sample +++ b/.env.sample @@ -1,38 +1,50 @@ -TYPE=monitoring -STACK_NAME=gp_monitoring +TYPE=monitoring-ng +STACK_NAME=monitoring-ng LETS_ENCRYPT_ENV=production +COMPOSE_FILE=compose.yml +DOMAIN=monitoring.example.com -GRAFANA_DOMAIN=g.monitor.autonomic.zone -GRAFANA_CUSTOM_INI_VERSION=v3 -GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN} -SECRET_GRAFANA_ADMIN_PASSWORD_VERSION=v1 -SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION=v1 +# Gathering Metrics (Node Exporter, Cadvisor) +COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml" -PROMETHEUS_DOMAIN=p.monitor.autonomic.zone -PROMETHEUS_YML_VERSION=v10 -PROMETHEUS_WEB_YML_VERSION=v2 -SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION=v1 -SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION=v1 +# Gathering Logs (Promtail) +# COMPOSE_FILE="$COMPOSE_FILE:compose.promtail.yml" +# LOKI_PUSH_URL=https://l.monitor.autonomic.zone/loki/api/v1/push -LOKI_DOMAIN=l.monitor.autonomic.zone -LOKI_AWS_ENDPOINT=https://minio.autonomic.zone -LOKI_AWS_REGION=eu-west-1 -LOKI_ACCESS_KEY_ID=bush-debrief-approval-robust-scraggly-molecule -LOKI_BUCKET_NAMES=loki -LOKI_YML_VERSION=v7 -SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION=v1 -SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION=v1 +# Grafana +# +# COMPOSE_FILE="$COMPOSE_FILE:compose.grafana.yml" +# GRAFANA_DOMAIN=grafana.example.com +# GRAFANA_CUSTOM_INI_VERSION=v3 +# GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN} +# SECRET_GRAFANA_ADMIN_PASSWORD_VERSION=v1 +# SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION=v1 +# KEYCLOAK_AUTH_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/auth" +# KEYCLOAK_API_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/userinfo" +# KEYCLOAK_TOKEN_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/token" -ALERTMANAGER_CONFIG_VERSION=v2 +# Prometheus, Alertmanager +# +# COMPOSE_FILE="$COMPOSE_FILE:compose.prometheus.yml" +# PROMETHEUS_DOMAIN=prometheus.example.com +# PROMETHEUS_YML_VERSION=v1 +# PROMETHEUS_WEB_YML_VERSION=v +# SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION=v1 +# SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION=v1 +# ALERTMANAGER_CONFIG_VERSION=v1 +# ALERTMANAGER_SMTP_FROM=noreply@autonomic.zone +# ALERTMANAGER_SMTP_HOST=mail.gandi.net:587 +# ALERTMANAGER_SMTP_TO=kaboom@autonomic.zone +# SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION=v1 -NGINX_CONFIG_VERSION=v5 -HTPASSWD_CONFIG_VERSION=v1 - -KEYCLOAK_AUTH_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/auth" -KEYCLOAK_API_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/userinfo" -KEYCLOAK_TOKEN_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/token" - -ALERTMANAGER_SMTP_FROM=noreply@autonomic.zone -ALERTMANAGER_SMTP_HOST=mail.gandi.net:587 -ALERTMANAGER_SMTP_TO=kaboom@autonomic.zone -SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION=v1 +# Loki Server +# +# COMPOSE_FILE="$COMPOSE_FILE:compose.loki.yml" +# LOKI_DOMAIN=loki.example.com +# LOKI_AWS_ENDPOINT=https://minio.autonomic.zone +# LOKI_AWS_REGION=eu-west-1 +# LOKI_ACCESS_KEY_ID=bush-debrief-approval-robust-scraggly-molecule +# LOKI_BUCKET_NAMES=loki +# LOKI_YML_VERSION=v7 +# SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION=v1 +# SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION=v1 \ No newline at end of file diff --git a/abra.sh b/abra.sh new file mode 100644 index 0000000..4aacf8c --- /dev/null +++ b/abra.sh @@ -0,0 +1,4 @@ +export PROMTAIL_YML_VERSION=v1 +export NODE_EXPORTER_ENTRYPOINT_VERSION=v1 +export NGINX_CONFIG_VERSION=v1 +export HTPASSWD_CONFIG_VERSION=v1 \ No newline at end of file diff --git a/compose.grafana.yml b/compose.grafana.yml new file mode 100644 index 0000000..3b32fbc --- /dev/null +++ b/compose.grafana.yml @@ -0,0 +1,54 @@ +version: '3.8' + +services: + grafana: + image: grafana/grafana:8.4.4 + volumes: + - grafana-data:/var/lib/grafana:rw + secrets: + - grafana_admin_password + - grafana_oauth_client_secret + configs: + - source: grafana_custom_ini + target: /etc/grafana/grafana.ini + networks: + - proxy + - internal + environment: + - GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN} + - GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana_admin_password + - KEYCLOAK_API_URL + - KEYCLOAK_AUTH_URL + - KEYCLOAK_TOKEN_URL + deploy: + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}-grafana.loadbalancer.server.port=3000" + - "traefik.http.routers.${STACK_NAME}-grafana.rule=Host(`${GRAFANA_DOMAIN}`)" + - "traefik.http.routers.${STACK_NAME}-grafana.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}-grafana.tls=true" + - "traefik.http.routers.${STACK_NAME}-grafana.tls.certresolver=${LETS_ENCRYPT_ENV}" + healthcheck: + test: "wget -q http://localhost:3000/ -O/dev/null" + interval: 5s + timeout: 10s + retries: 3 + start_period: 10s + +configs: + grafana_custom_ini: + template_driver: golang + name: ${STACK_NAME}_grafana_custom_ini_${GRAFANA_CUSTOM_INI_VERSION} + file: grafana_custom.ini + + +volumes: + grafana-data: + +secrets: + grafana_admin_password: + external: true + name: ${STACK_NAME}_grafana_admin_password_${SECRET_GRAFANA_ADMIN_PASSWORD_VERSION} + grafana_oauth_client_secret: + external: true + name: ${STACK_NAME}_grafana_oauth_client_secret_${SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION} diff --git a/compose.loki.yml b/compose.loki.yml new file mode 100644 index 0000000..42d2fe3 --- /dev/null +++ b/compose.loki.yml @@ -0,0 +1,39 @@ +version: '3.8' + +services: + loki: + image: grafana/loki:2.0.0 + command: -config.file=/etc/loki/local-config.yaml + networks: + - internal + configs: + - source: loki_yml + target: /etc/loki/local-config.yaml + volumes: + - loki-data:/loki + secrets: + - loki_aws_secret_access_key + environment: + - LOKI_ACCESS_KEY_ID + - LOKI_AWS_ENDPOINT + - LOKI_AWS_REGION + - LOKI_BUCKET_NAMES + - STACK_NAME + +configs: + loki_yml: + template_driver: golang + name: ${STACK_NAME}_loki_yml_${LOKI_YML_VERSION} + file: loki.yml.tmpl + + +volumes: + loki-data: + +secrets: + loki_aws_secret_access_key: + external: true + name: ${STACK_NAME}_loki_aws_secret_access_key_${SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION} + loki_admin_password_hashed: + external: true + name: ${STACK_NAME}_loki_admin_password_hashed_${SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION} diff --git a/compose.metrics.yml b/compose.metrics.yml new file mode 100644 index 0000000..6d4fa93 --- /dev/null +++ b/compose.metrics.yml @@ -0,0 +1,67 @@ +version: '3.8' + +services: + node_exporter: + image: prom/node-exporter:v1.0.1 + user: root + environment: + - NODE_ID={{.Node.ID}} + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /:/rootfs:ro + - /etc/hostname:/etc/nodename:ro + command: + - "--path.sysfs=/host/sys" + - "--path.procfs=/host/proc" + - "--path.rootfs=/rootfs" + - "--collector.textfile.directory=/etc/node-exporter/" + - "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|host|etc)($$|/)" + - "--no-collector.ipvs" + configs: + - source: node_exporter_entrypoint_sh + target: /entrypoint.sh + networks: + - internal + - proxy + entrypoint: [ "/bin/sh", "-e", "/entrypoint.sh" ] + deploy: + restart_policy: + condition: on-failure + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}-node.loadbalancer.server.port=9100" + - "traefik.http.routers.${STACK_NAME}-node.rule=Host(`node.${DOMAIN}`)" + - "traefik.http.routers.${STACK_NAME}-node.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}-node.tls=true" + - "traefik.http.routers.${STACK_NAME}-node.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "traefik.http.routers.${STACK_NAME}-node.middlewares=basicauth@file" + + cadvisor: + image: gcr.io/cadvisor/cadvisor:v0.47.0 + command: -logtostderr -docker_only + volumes: + - /var/lib/docker/:/var/lib/docker:ro + - /dev/disk/:/dev/disk:ro + - /sys:/sys:ro + - /var/run:/var/run:ro + - /:/rootfs:ro + networks: + - internal + - proxy + deploy: + restart_policy: + condition: on-failure + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}-cadvisor.loadbalancer.server.port=8080" + - "traefik.http.routers.${STACK_NAME}-cadvisor.rule=Host(`cadvisor.${DOMAIN}`)" + - "traefik.http.routers.${STACK_NAME}-cadvisor.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}-cadvisor.tls=true" + - "traefik.http.routers.${STACK_NAME}-cadvisor.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "traefik.http.routers.${STACK_NAME}-cadvisor.middlewares=basicauth@file" + +configs: + node_exporter_entrypoint_sh: + name: ${STACK_NAME}_node_exporter_entrypoint_${NODE_EXPORTER_ENTRYPOINT_VERSION} + file: node-exporter-entrypoint.sh diff --git a/compose.prometheus.yml b/compose.prometheus.yml new file mode 100644 index 0000000..6529d05 --- /dev/null +++ b/compose.prometheus.yml @@ -0,0 +1,83 @@ +version: '3.8' + +services: + prometheus: + image: prom/prometheus:v2.34.0 + secrets: + - prometheus_admin_password + - prometheus_admin_password_hashed + volumes: + - prometheus-data:/prometheus:rw + configs: + - source: prometheus_yml + target: /etc/prometheus/prometheus.yml + - source: prometheus_web_yml + target: /etc/prometheus/prometheus_web.yml + command: + - "--config.file=/etc/prometheus/prometheus.yml" + - "--web.config.file=/etc/prometheus/prometheus_web.yml" + - "--storage.tsdb.path=/prometheus" + - "--web.console.libraries=/usr/share/prometheus/console_libraries" + - "--web.console.templates=/usr/share/prometheus/consoles" + networks: + - proxy + - internal + deploy: + restart_policy: + condition: on-failure + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}_prometheus.loadbalancer.server.port=9090" + - "traefik.http.routers.${STACK_NAME}-prometheus.rule=Host(`${PROMETHEUS_DOMAIN}`)" + - "traefik.http.routers.${STACK_NAME}-prometheus.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}-prometheus.tls=true" + - "traefik.http.routers.${STACK_NAME}-prometheus.tls.certresolver=${LETS_ENCRYPT_ENV}" + + alertmanager: + image: prom/alertmanager:v0.23.0 + volumes: + - alertmanager-data:/etc/alertmanager + command: + - "--config.file=/etc/alertmanager/config.yml" + - "--storage.path=/alertmanager" + networks: + - internal + secrets: + - alertmanager_smtp_password + configs: + - source: alertmanager_config + target: /etc/alertmanager/config.yml + environment: + - ALERTMANAGER_SMTP_FROM + - ALERTMANAGER_SMTP_HOST + - ALERTMANAGER_SMTP_TO + +configs: + prometheus_yml: + template_driver: golang + name: ${STACK_NAME}_prometheus_yml_${PROMETHEUS_YML_VERSION} + file: prometheus.yml.tmpl + prometheus_web_yml: + template_driver: golang + name: ${STACK_NAME}_prometheus_web_yml_${PROMETHEUS_WEB_YML_VERSION} + file: prometheus_web.yml.tmpl + alertmanager_config: + template_driver: golang + name: ${STACK_NAME}_alertmanager_config_${ALERTMANAGER_CONFIG_VERSION} + file: ./alertmanager.yml.tmpl + + +volumes: + prometheus-data: + alertmanager-data: + +secrets: + prometheus_admin_password_hashed: + external: true + name: ${STACK_NAME}_prometheus_admin_password_hashed_${SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION} + prometheus_admin_password: + external: true + name: ${STACK_NAME}_prometheus_admin_password_${SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION} + alertmanager_smtp_password: + external: true + name: ${STACK_NAME}_alertmanager_smtp_password_${SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION} \ No newline at end of file diff --git a/compose.promtail.yml b/compose.promtail.yml new file mode 100644 index 0000000..0b2a48e --- /dev/null +++ b/compose.promtail.yml @@ -0,0 +1,29 @@ +version: "3.8" + +services: + promtail: + image: grafana/promtail:2.0.0 + volumes: + - /var/log:/var/log:ro + - /var/lib/docker/containers:/var/lib/docker/containers:ro + command: -config.file=/etc/promtail/config.yml + configs: + - source: promtail_yml + target: /etc/promtail/config.yml + networks: + - internal + secrets: + - loki_admin_password + +configs: + promtail_yml: + name: ${STACK_NAME}_promtail_yml_${PROMTAIL_YML_VERSION} + file: promtail.yml.tmpl + template_driver: golang + +secrets: + loki_admin_password: + external: true + name: ${STACK_NAME}_loki_admin_password_${SECRET_LOKI_ADMIN_PASSWORD_VERSION} + + diff --git a/compose.yml b/compose.yml index 6a80dbb..6e06394 100644 --- a/compose.yml +++ b/compose.yml @@ -3,194 +3,10 @@ version: "3.8" services: app: - image: grafana/grafana:8.4.4 - volumes: - - grafana-data:/var/lib/grafana:rw - secrets: - - grafana_admin_password - - grafana_oauth_client_secret - configs: - - source: grafana_custom_ini - target: /etc/grafana/grafana.ini - networks: - - proxy - - internal - environment: - - GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN} - - GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana_admin_password - - KEYCLOAK_API_URL - - KEYCLOAK_AUTH_URL - - KEYCLOAK_TOKEN_URL - deploy: - labels: - - "traefik.enable=true" - - "traefik.http.services.${STACK_NAME}-grafana.loadbalancer.server.port=3000" - - "traefik.http.routers.${STACK_NAME}-grafana.rule=Host(`${GRAFANA_DOMAIN}`)" - - "traefik.http.routers.${STACK_NAME}-grafana.entrypoints=web-secure" - - "traefik.http.routers.${STACK_NAME}-grafana.tls=true" - - "traefik.http.routers.${STACK_NAME}-grafana.tls.certresolver=${LETS_ENCRYPT_ENV}" - healthcheck: - test: "wget -q http://localhost:3000/ -O/dev/null" - interval: 5s - timeout: 10s - retries: 3 - start_period: 10s - - prometheus: - image: prom/prometheus:v2.34.0 - secrets: - - prometheus_admin_password - - prometheus_admin_password_hashed - volumes: - - prometheus-data:/prometheus:rw - configs: - - source: prometheus_yml - target: /etc/prometheus/prometheus.yml - - source: prometheus_web_yml - target: /etc/prometheus/prometheus_web.yml - command: - - "--config.file=/etc/prometheus/prometheus.yml" - - "--web.config.file=/etc/prometheus/prometheus_web.yml" - - "--storage.tsdb.path=/prometheus" - - "--web.console.libraries=/usr/share/prometheus/console_libraries" - - "--web.console.templates=/usr/share/prometheus/consoles" - networks: - - proxy - - internal - deploy: - restart_policy: - condition: on-failure - labels: - - "traefik.enable=true" - - "traefik.http.services.${STACK_NAME}_prometheus.loadbalancer.server.port=9090" - - "traefik.http.routers.${STACK_NAME}-prometheus.rule=Host(`${PROMETHEUS_DOMAIN}`)" - - "traefik.http.routers.${STACK_NAME}-prometheus.entrypoints=web-secure" - - "traefik.http.routers.${STACK_NAME}-prometheus.tls=true" - - "traefik.http.routers.${STACK_NAME}-prometheus.tls.certresolver=${LETS_ENCRYPT_ENV}" - - alertmanager: - image: prom/alertmanager:v0.23.0 - volumes: - - alertmanager-data:/etc/alertmanager - command: - - "--config.file=/etc/alertmanager/config.yml" - - "--storage.path=/alertmanager" - networks: - - internal - secrets: - - alertmanager_smtp_password - configs: - - source: alertmanager_config - target: /etc/alertmanager/config.yml - environment: - - ALERTMANAGER_SMTP_FROM - - ALERTMANAGER_SMTP_HOST - - ALERTMANAGER_SMTP_TO - - web: - image: nginx:1.20.0 - networks: - - proxy - - internal - environment: - - LOKI_DOMAIN - - STACK_NAME - configs: - - source: nginx_config - target: /etc/nginx/nginx.conf - - source: htpasswd_conf - target: /etc/nginx/conf.d/loki.htpasswd - secrets: - - loki_admin_password_hashed - deploy: - restart_policy: - condition: on-failure - labels: - - "traefik.enable=true" - - "traefik.http.services.${STACK_NAME}-web.loadbalancer.server.port=80" - - "traefik.http.routers.${STACK_NAME}-web.rule=Host(`${LOKI_DOMAIN}`)" - - "traefik.http.routers.${STACK_NAME}-web.entrypoints=web-secure" - - "traefik.http.routers.${STACK_NAME}-web.tls.certresolver=${LETS_ENCRYPT_ENV}" - - loki: - image: grafana/loki:2.0.0 - command: -config.file=/etc/loki/local-config.yaml - networks: - - internal - configs: - - source: loki_yml - target: /etc/loki/local-config.yaml - volumes: - - loki-data:/loki - secrets: - - loki_aws_secret_access_key - environment: - - LOKI_ACCESS_KEY_ID - - LOKI_AWS_ENDPOINT - - LOKI_AWS_REGION - - LOKI_BUCKET_NAMES - - STACK_NAME - -configs: - grafana_custom_ini: - template_driver: golang - name: ${STACK_NAME}_grafana_custom_ini_${GRAFANA_CUSTOM_INI_VERSION} - file: grafana_custom.ini - prometheus_yml: - template_driver: golang - name: ${STACK_NAME}_prometheus_yml_${PROMETHEUS_YML_VERSION} - file: prometheus.yml.tmpl - prometheus_web_yml: - template_driver: golang - name: ${STACK_NAME}_prometheus_web_yml_${PROMETHEUS_WEB_YML_VERSION} - file: prometheus_web.yml.tmpl - loki_yml: - template_driver: golang - name: ${STACK_NAME}_loki_yml_${LOKI_YML_VERSION} - file: loki.yml.tmpl - alertmanager_config: - template_driver: golang - name: ${STACK_NAME}_alertmanager_config_${ALERTMANAGER_CONFIG_VERSION} - file: ./alertmanager.yml.tmpl - nginx_config: - template_driver: golang - name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION} - file: nginx.conf.tmpl - htpasswd_conf: - template_driver: golang - name: ${STACK_NAME}_htpasswd_${HTPASSWD_CONFIG_VERSION} - file: loki.htpasswd.tmpl - -volumes: - prometheus-data: - grafana-data: - loki-data: - alertmanager-data: + image: debian:stable-slim + entrypoint: "/bin/tail -f /dev/null" networks: proxy: external: true - internal: - -secrets: - loki_aws_secret_access_key: - external: true - name: ${STACK_NAME}_loki_aws_secret_access_key_${SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION} - grafana_admin_password: - external: true - name: ${STACK_NAME}_grafana_admin_password_${SECRET_GRAFANA_ADMIN_PASSWORD_VERSION} - grafana_oauth_client_secret: - external: true - name: ${STACK_NAME}_grafana_oauth_client_secret_${SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION} - prometheus_admin_password_hashed: - external: true - name: ${STACK_NAME}_prometheus_admin_password_hashed_${SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION} - prometheus_admin_password: - external: true - name: ${STACK_NAME}_prometheus_admin_password_${SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION} - alertmanager_smtp_password: - external: true - name: ${STACK_NAME}_alertmanager_smtp_password_${SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION} - loki_admin_password_hashed: - external: true - name: ${STACK_NAME}_loki_admin_password_hashed_${SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION} + internal: \ No newline at end of file diff --git a/loki.htpasswd.tmpl b/loki.htpasswd.tmpl deleted file mode 100644 index 74f33cc..0000000 --- a/loki.htpasswd.tmpl +++ /dev/null @@ -1 +0,0 @@ -loki:{{ secret "loki_admin_password_hashed" }} diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl deleted file mode 100644 index b8af0ba..0000000 --- a/nginx.conf.tmpl +++ /dev/null @@ -1,43 +0,0 @@ -user www-data; - -events { - worker_connections 768; -} - -http { - include /etc/nginx/mime.types; - - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - server { - listen 80; - server_name {{ env "LOKI_DOMAIN" }}; - - auth_basic "loki"; - auth_basic_user_file /etc/nginx/conf.d/loki.htpasswd; - - location / { - proxy_read_timeout 1800s; - proxy_connect_timeout 1600s; - proxy_pass http://{{ env "STACK_NAME" }}_loki:3100; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Connection "Keep-Alive"; - proxy_set_header Proxy-Connection "Keep-Alive"; - proxy_redirect off; - } - - location /ready { - proxy_pass http://{{ env "STACK_NAME" }}_loki:3100; - proxy_http_version 1.1; - proxy_set_header Connection "Keep-Alive"; - proxy_set_header Proxy-Connection "Keep-Alive"; - proxy_redirect off; - auth_basic "off"; - } - } -} diff --git a/node-exporter-entrypoint.sh b/node-exporter-entrypoint.sh new file mode 100644 index 0000000..286098d --- /dev/null +++ b/node-exporter-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh -e + +NODE_NAME=$(cat /etc/nodename) + +mkdir -p /etc/node-exporter + +echo "node_meta{node_id=\"$NODE_ID\", container_label_com_docker_swarm_node_id=\"$NODE_ID\", node_name=\"$NODE_NAME\"} 1" > /etc/node-exporter/node-meta.prom + +set -- /bin/node_exporter "$@" + +exec "$@" diff --git a/promtail.yml.tmpl b/promtail.yml.tmpl new file mode 100644 index 0000000..3e51946 --- /dev/null +++ b/promtail.yml.tmpl @@ -0,0 +1,29 @@ +server: + http_listen_port: 9080 + grpc_listen_port: 0 + +positions: + filename: /tmp/positions.yaml + +clients: + - url: {{ env "LOKI_PUSH_URL" }} + basic_auth: + username: loki + password: {{ secret "loki_admin_password" }} + +scrape_configs: +- job_name: system + static_configs: + - targets: + - localhost + labels: + job: varlogs + __path__: /var/log/*log + +- job_name: containers + static_configs: + - targets: + - localhost + labels: + job: containers + __path__: /var/lib/docker/containers/*/*log