wip
This commit is contained in:
parent
6886e0b1a1
commit
d5a34436f9
76
.env.sample
76
.env.sample
|
@ -1,38 +1,50 @@
|
||||||
TYPE=monitoring
|
TYPE=monitoring-ng
|
||||||
STACK_NAME=gp_monitoring
|
STACK_NAME=monitoring-ng
|
||||||
LETS_ENCRYPT_ENV=production
|
LETS_ENCRYPT_ENV=production
|
||||||
|
COMPOSE_FILE=compose.yml
|
||||||
|
DOMAIN=monitoring.example.com
|
||||||
|
|
||||||
GRAFANA_DOMAIN=g.monitor.autonomic.zone
|
# Gathering Metrics (Node Exporter, Cadvisor)
|
||||||
GRAFANA_CUSTOM_INI_VERSION=v3
|
COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml"
|
||||||
GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}
|
|
||||||
SECRET_GRAFANA_ADMIN_PASSWORD_VERSION=v1
|
|
||||||
SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION=v1
|
|
||||||
|
|
||||||
PROMETHEUS_DOMAIN=p.monitor.autonomic.zone
|
# Gathering Logs (Promtail)
|
||||||
PROMETHEUS_YML_VERSION=v10
|
# COMPOSE_FILE="$COMPOSE_FILE:compose.promtail.yml"
|
||||||
PROMETHEUS_WEB_YML_VERSION=v2
|
# LOKI_PUSH_URL=https://l.monitor.autonomic.zone/loki/api/v1/push
|
||||||
SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION=v1
|
|
||||||
SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION=v1
|
|
||||||
|
|
||||||
LOKI_DOMAIN=l.monitor.autonomic.zone
|
# Grafana
|
||||||
LOKI_AWS_ENDPOINT=https://minio.autonomic.zone
|
#
|
||||||
LOKI_AWS_REGION=eu-west-1
|
# COMPOSE_FILE="$COMPOSE_FILE:compose.grafana.yml"
|
||||||
LOKI_ACCESS_KEY_ID=bush-debrief-approval-robust-scraggly-molecule
|
# GRAFANA_DOMAIN=grafana.example.com
|
||||||
LOKI_BUCKET_NAMES=loki
|
# GRAFANA_CUSTOM_INI_VERSION=v3
|
||||||
LOKI_YML_VERSION=v7
|
# GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}
|
||||||
SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION=v1
|
# SECRET_GRAFANA_ADMIN_PASSWORD_VERSION=v1
|
||||||
SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION=v1
|
# SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION=v1
|
||||||
|
# KEYCLOAK_AUTH_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/auth"
|
||||||
|
# KEYCLOAK_API_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/userinfo"
|
||||||
|
# KEYCLOAK_TOKEN_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/token"
|
||||||
|
|
||||||
ALERTMANAGER_CONFIG_VERSION=v2
|
# Prometheus, Alertmanager
|
||||||
|
#
|
||||||
|
# COMPOSE_FILE="$COMPOSE_FILE:compose.prometheus.yml"
|
||||||
|
# PROMETHEUS_DOMAIN=prometheus.example.com
|
||||||
|
# PROMETHEUS_YML_VERSION=v1
|
||||||
|
# PROMETHEUS_WEB_YML_VERSION=v
|
||||||
|
# SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION=v1
|
||||||
|
# SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION=v1
|
||||||
|
# ALERTMANAGER_CONFIG_VERSION=v1
|
||||||
|
# ALERTMANAGER_SMTP_FROM=noreply@autonomic.zone
|
||||||
|
# ALERTMANAGER_SMTP_HOST=mail.gandi.net:587
|
||||||
|
# ALERTMANAGER_SMTP_TO=kaboom@autonomic.zone
|
||||||
|
# SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION=v1
|
||||||
|
|
||||||
NGINX_CONFIG_VERSION=v5
|
# Loki Server
|
||||||
HTPASSWD_CONFIG_VERSION=v1
|
#
|
||||||
|
# COMPOSE_FILE="$COMPOSE_FILE:compose.loki.yml"
|
||||||
KEYCLOAK_AUTH_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/auth"
|
# LOKI_DOMAIN=loki.example.com
|
||||||
KEYCLOAK_API_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/userinfo"
|
# LOKI_AWS_ENDPOINT=https://minio.autonomic.zone
|
||||||
KEYCLOAK_TOKEN_URL="https://id.autonomic.zone/auth/realms/autonomic/protocol/openid-connect/token"
|
# LOKI_AWS_REGION=eu-west-1
|
||||||
|
# LOKI_ACCESS_KEY_ID=bush-debrief-approval-robust-scraggly-molecule
|
||||||
ALERTMANAGER_SMTP_FROM=noreply@autonomic.zone
|
# LOKI_BUCKET_NAMES=loki
|
||||||
ALERTMANAGER_SMTP_HOST=mail.gandi.net:587
|
# LOKI_YML_VERSION=v7
|
||||||
ALERTMANAGER_SMTP_TO=kaboom@autonomic.zone
|
# SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION=v1
|
||||||
SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION=v1
|
# SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION=v1
|
|
@ -0,0 +1,4 @@
|
||||||
|
export PROMTAIL_YML_VERSION=v1
|
||||||
|
export NODE_EXPORTER_ENTRYPOINT_VERSION=v1
|
||||||
|
export NGINX_CONFIG_VERSION=v1
|
||||||
|
export HTPASSWD_CONFIG_VERSION=v1
|
|
@ -0,0 +1,54 @@
|
||||||
|
version: '3.8'
|
||||||
|
|
||||||
|
services:
|
||||||
|
grafana:
|
||||||
|
image: grafana/grafana:8.4.4
|
||||||
|
volumes:
|
||||||
|
- grafana-data:/var/lib/grafana:rw
|
||||||
|
secrets:
|
||||||
|
- grafana_admin_password
|
||||||
|
- grafana_oauth_client_secret
|
||||||
|
configs:
|
||||||
|
- source: grafana_custom_ini
|
||||||
|
target: /etc/grafana/grafana.ini
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
- internal
|
||||||
|
environment:
|
||||||
|
- GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}
|
||||||
|
- GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana_admin_password
|
||||||
|
- KEYCLOAK_API_URL
|
||||||
|
- KEYCLOAK_AUTH_URL
|
||||||
|
- KEYCLOAK_TOKEN_URL
|
||||||
|
deploy:
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.services.${STACK_NAME}-grafana.loadbalancer.server.port=3000"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-grafana.rule=Host(`${GRAFANA_DOMAIN}`)"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-grafana.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-grafana.tls=true"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-grafana.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
healthcheck:
|
||||||
|
test: "wget -q http://localhost:3000/ -O/dev/null"
|
||||||
|
interval: 5s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
start_period: 10s
|
||||||
|
|
||||||
|
configs:
|
||||||
|
grafana_custom_ini:
|
||||||
|
template_driver: golang
|
||||||
|
name: ${STACK_NAME}_grafana_custom_ini_${GRAFANA_CUSTOM_INI_VERSION}
|
||||||
|
file: grafana_custom.ini
|
||||||
|
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
grafana-data:
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
grafana_admin_password:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_grafana_admin_password_${SECRET_GRAFANA_ADMIN_PASSWORD_VERSION}
|
||||||
|
grafana_oauth_client_secret:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_grafana_oauth_client_secret_${SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION}
|
|
@ -0,0 +1,39 @@
|
||||||
|
version: '3.8'
|
||||||
|
|
||||||
|
services:
|
||||||
|
loki:
|
||||||
|
image: grafana/loki:2.0.0
|
||||||
|
command: -config.file=/etc/loki/local-config.yaml
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
configs:
|
||||||
|
- source: loki_yml
|
||||||
|
target: /etc/loki/local-config.yaml
|
||||||
|
volumes:
|
||||||
|
- loki-data:/loki
|
||||||
|
secrets:
|
||||||
|
- loki_aws_secret_access_key
|
||||||
|
environment:
|
||||||
|
- LOKI_ACCESS_KEY_ID
|
||||||
|
- LOKI_AWS_ENDPOINT
|
||||||
|
- LOKI_AWS_REGION
|
||||||
|
- LOKI_BUCKET_NAMES
|
||||||
|
- STACK_NAME
|
||||||
|
|
||||||
|
configs:
|
||||||
|
loki_yml:
|
||||||
|
template_driver: golang
|
||||||
|
name: ${STACK_NAME}_loki_yml_${LOKI_YML_VERSION}
|
||||||
|
file: loki.yml.tmpl
|
||||||
|
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
loki-data:
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
loki_aws_secret_access_key:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_loki_aws_secret_access_key_${SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION}
|
||||||
|
loki_admin_password_hashed:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_loki_admin_password_hashed_${SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION}
|
|
@ -0,0 +1,67 @@
|
||||||
|
version: '3.8'
|
||||||
|
|
||||||
|
services:
|
||||||
|
node_exporter:
|
||||||
|
image: prom/node-exporter:v1.0.1
|
||||||
|
user: root
|
||||||
|
environment:
|
||||||
|
- NODE_ID={{.Node.ID}}
|
||||||
|
volumes:
|
||||||
|
- /proc:/host/proc:ro
|
||||||
|
- /sys:/host/sys:ro
|
||||||
|
- /:/rootfs:ro
|
||||||
|
- /etc/hostname:/etc/nodename:ro
|
||||||
|
command:
|
||||||
|
- "--path.sysfs=/host/sys"
|
||||||
|
- "--path.procfs=/host/proc"
|
||||||
|
- "--path.rootfs=/rootfs"
|
||||||
|
- "--collector.textfile.directory=/etc/node-exporter/"
|
||||||
|
- "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|host|etc)($$|/)"
|
||||||
|
- "--no-collector.ipvs"
|
||||||
|
configs:
|
||||||
|
- source: node_exporter_entrypoint_sh
|
||||||
|
target: /entrypoint.sh
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
- proxy
|
||||||
|
entrypoint: [ "/bin/sh", "-e", "/entrypoint.sh" ]
|
||||||
|
deploy:
|
||||||
|
restart_policy:
|
||||||
|
condition: on-failure
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.services.${STACK_NAME}-node.loadbalancer.server.port=9100"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-node.rule=Host(`node.${DOMAIN}`)"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-node.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-node.tls=true"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-node.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-node.middlewares=basicauth@file"
|
||||||
|
|
||||||
|
cadvisor:
|
||||||
|
image: gcr.io/cadvisor/cadvisor:v0.47.0
|
||||||
|
command: -logtostderr -docker_only
|
||||||
|
volumes:
|
||||||
|
- /var/lib/docker/:/var/lib/docker:ro
|
||||||
|
- /dev/disk/:/dev/disk:ro
|
||||||
|
- /sys:/sys:ro
|
||||||
|
- /var/run:/var/run:ro
|
||||||
|
- /:/rootfs:ro
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
- proxy
|
||||||
|
deploy:
|
||||||
|
restart_policy:
|
||||||
|
condition: on-failure
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.services.${STACK_NAME}-cadvisor.loadbalancer.server.port=8080"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-cadvisor.rule=Host(`cadvisor.${DOMAIN}`)"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-cadvisor.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-cadvisor.tls=true"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-cadvisor.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-cadvisor.middlewares=basicauth@file"
|
||||||
|
|
||||||
|
configs:
|
||||||
|
node_exporter_entrypoint_sh:
|
||||||
|
name: ${STACK_NAME}_node_exporter_entrypoint_${NODE_EXPORTER_ENTRYPOINT_VERSION}
|
||||||
|
file: node-exporter-entrypoint.sh
|
|
@ -0,0 +1,83 @@
|
||||||
|
version: '3.8'
|
||||||
|
|
||||||
|
services:
|
||||||
|
prometheus:
|
||||||
|
image: prom/prometheus:v2.34.0
|
||||||
|
secrets:
|
||||||
|
- prometheus_admin_password
|
||||||
|
- prometheus_admin_password_hashed
|
||||||
|
volumes:
|
||||||
|
- prometheus-data:/prometheus:rw
|
||||||
|
configs:
|
||||||
|
- source: prometheus_yml
|
||||||
|
target: /etc/prometheus/prometheus.yml
|
||||||
|
- source: prometheus_web_yml
|
||||||
|
target: /etc/prometheus/prometheus_web.yml
|
||||||
|
command:
|
||||||
|
- "--config.file=/etc/prometheus/prometheus.yml"
|
||||||
|
- "--web.config.file=/etc/prometheus/prometheus_web.yml"
|
||||||
|
- "--storage.tsdb.path=/prometheus"
|
||||||
|
- "--web.console.libraries=/usr/share/prometheus/console_libraries"
|
||||||
|
- "--web.console.templates=/usr/share/prometheus/consoles"
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
- internal
|
||||||
|
deploy:
|
||||||
|
restart_policy:
|
||||||
|
condition: on-failure
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.services.${STACK_NAME}_prometheus.loadbalancer.server.port=9090"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-prometheus.rule=Host(`${PROMETHEUS_DOMAIN}`)"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-prometheus.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-prometheus.tls=true"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-prometheus.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
|
||||||
|
alertmanager:
|
||||||
|
image: prom/alertmanager:v0.23.0
|
||||||
|
volumes:
|
||||||
|
- alertmanager-data:/etc/alertmanager
|
||||||
|
command:
|
||||||
|
- "--config.file=/etc/alertmanager/config.yml"
|
||||||
|
- "--storage.path=/alertmanager"
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
secrets:
|
||||||
|
- alertmanager_smtp_password
|
||||||
|
configs:
|
||||||
|
- source: alertmanager_config
|
||||||
|
target: /etc/alertmanager/config.yml
|
||||||
|
environment:
|
||||||
|
- ALERTMANAGER_SMTP_FROM
|
||||||
|
- ALERTMANAGER_SMTP_HOST
|
||||||
|
- ALERTMANAGER_SMTP_TO
|
||||||
|
|
||||||
|
configs:
|
||||||
|
prometheus_yml:
|
||||||
|
template_driver: golang
|
||||||
|
name: ${STACK_NAME}_prometheus_yml_${PROMETHEUS_YML_VERSION}
|
||||||
|
file: prometheus.yml.tmpl
|
||||||
|
prometheus_web_yml:
|
||||||
|
template_driver: golang
|
||||||
|
name: ${STACK_NAME}_prometheus_web_yml_${PROMETHEUS_WEB_YML_VERSION}
|
||||||
|
file: prometheus_web.yml.tmpl
|
||||||
|
alertmanager_config:
|
||||||
|
template_driver: golang
|
||||||
|
name: ${STACK_NAME}_alertmanager_config_${ALERTMANAGER_CONFIG_VERSION}
|
||||||
|
file: ./alertmanager.yml.tmpl
|
||||||
|
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
prometheus-data:
|
||||||
|
alertmanager-data:
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
prometheus_admin_password_hashed:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_prometheus_admin_password_hashed_${SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION}
|
||||||
|
prometheus_admin_password:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_prometheus_admin_password_${SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION}
|
||||||
|
alertmanager_smtp_password:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_alertmanager_smtp_password_${SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION}
|
|
@ -0,0 +1,29 @@
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
promtail:
|
||||||
|
image: grafana/promtail:2.0.0
|
||||||
|
volumes:
|
||||||
|
- /var/log:/var/log:ro
|
||||||
|
- /var/lib/docker/containers:/var/lib/docker/containers:ro
|
||||||
|
command: -config.file=/etc/promtail/config.yml
|
||||||
|
configs:
|
||||||
|
- source: promtail_yml
|
||||||
|
target: /etc/promtail/config.yml
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
secrets:
|
||||||
|
- loki_admin_password
|
||||||
|
|
||||||
|
configs:
|
||||||
|
promtail_yml:
|
||||||
|
name: ${STACK_NAME}_promtail_yml_${PROMTAIL_YML_VERSION}
|
||||||
|
file: promtail.yml.tmpl
|
||||||
|
template_driver: golang
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
loki_admin_password:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_loki_admin_password_${SECRET_LOKI_ADMIN_PASSWORD_VERSION}
|
||||||
|
|
||||||
|
|
190
compose.yml
190
compose.yml
|
@ -3,194 +3,10 @@ version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: grafana/grafana:8.4.4
|
image: debian:stable-slim
|
||||||
volumes:
|
entrypoint: "/bin/tail -f /dev/null"
|
||||||
- grafana-data:/var/lib/grafana:rw
|
|
||||||
secrets:
|
|
||||||
- grafana_admin_password
|
|
||||||
- grafana_oauth_client_secret
|
|
||||||
configs:
|
|
||||||
- source: grafana_custom_ini
|
|
||||||
target: /etc/grafana/grafana.ini
|
|
||||||
networks:
|
|
||||||
- proxy
|
|
||||||
- internal
|
|
||||||
environment:
|
|
||||||
- GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}
|
|
||||||
- GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana_admin_password
|
|
||||||
- KEYCLOAK_API_URL
|
|
||||||
- KEYCLOAK_AUTH_URL
|
|
||||||
- KEYCLOAK_TOKEN_URL
|
|
||||||
deploy:
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.services.${STACK_NAME}-grafana.loadbalancer.server.port=3000"
|
|
||||||
- "traefik.http.routers.${STACK_NAME}-grafana.rule=Host(`${GRAFANA_DOMAIN}`)"
|
|
||||||
- "traefik.http.routers.${STACK_NAME}-grafana.entrypoints=web-secure"
|
|
||||||
- "traefik.http.routers.${STACK_NAME}-grafana.tls=true"
|
|
||||||
- "traefik.http.routers.${STACK_NAME}-grafana.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
||||||
healthcheck:
|
|
||||||
test: "wget -q http://localhost:3000/ -O/dev/null"
|
|
||||||
interval: 5s
|
|
||||||
timeout: 10s
|
|
||||||
retries: 3
|
|
||||||
start_period: 10s
|
|
||||||
|
|
||||||
prometheus:
|
|
||||||
image: prom/prometheus:v2.34.0
|
|
||||||
secrets:
|
|
||||||
- prometheus_admin_password
|
|
||||||
- prometheus_admin_password_hashed
|
|
||||||
volumes:
|
|
||||||
- prometheus-data:/prometheus:rw
|
|
||||||
configs:
|
|
||||||
- source: prometheus_yml
|
|
||||||
target: /etc/prometheus/prometheus.yml
|
|
||||||
- source: prometheus_web_yml
|
|
||||||
target: /etc/prometheus/prometheus_web.yml
|
|
||||||
command:
|
|
||||||
- "--config.file=/etc/prometheus/prometheus.yml"
|
|
||||||
- "--web.config.file=/etc/prometheus/prometheus_web.yml"
|
|
||||||
- "--storage.tsdb.path=/prometheus"
|
|
||||||
- "--web.console.libraries=/usr/share/prometheus/console_libraries"
|
|
||||||
- "--web.console.templates=/usr/share/prometheus/consoles"
|
|
||||||
networks:
|
|
||||||
- proxy
|
|
||||||
- internal
|
|
||||||
deploy:
|
|
||||||
restart_policy:
|
|
||||||
condition: on-failure
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.services.${STACK_NAME}_prometheus.loadbalancer.server.port=9090"
|
|
||||||
- "traefik.http.routers.${STACK_NAME}-prometheus.rule=Host(`${PROMETHEUS_DOMAIN}`)"
|
|
||||||
- "traefik.http.routers.${STACK_NAME}-prometheus.entrypoints=web-secure"
|
|
||||||
- "traefik.http.routers.${STACK_NAME}-prometheus.tls=true"
|
|
||||||
- "traefik.http.routers.${STACK_NAME}-prometheus.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
||||||
|
|
||||||
alertmanager:
|
|
||||||
image: prom/alertmanager:v0.23.0
|
|
||||||
volumes:
|
|
||||||
- alertmanager-data:/etc/alertmanager
|
|
||||||
command:
|
|
||||||
- "--config.file=/etc/alertmanager/config.yml"
|
|
||||||
- "--storage.path=/alertmanager"
|
|
||||||
networks:
|
|
||||||
- internal
|
|
||||||
secrets:
|
|
||||||
- alertmanager_smtp_password
|
|
||||||
configs:
|
|
||||||
- source: alertmanager_config
|
|
||||||
target: /etc/alertmanager/config.yml
|
|
||||||
environment:
|
|
||||||
- ALERTMANAGER_SMTP_FROM
|
|
||||||
- ALERTMANAGER_SMTP_HOST
|
|
||||||
- ALERTMANAGER_SMTP_TO
|
|
||||||
|
|
||||||
web:
|
|
||||||
image: nginx:1.20.0
|
|
||||||
networks:
|
|
||||||
- proxy
|
|
||||||
- internal
|
|
||||||
environment:
|
|
||||||
- LOKI_DOMAIN
|
|
||||||
- STACK_NAME
|
|
||||||
configs:
|
|
||||||
- source: nginx_config
|
|
||||||
target: /etc/nginx/nginx.conf
|
|
||||||
- source: htpasswd_conf
|
|
||||||
target: /etc/nginx/conf.d/loki.htpasswd
|
|
||||||
secrets:
|
|
||||||
- loki_admin_password_hashed
|
|
||||||
deploy:
|
|
||||||
restart_policy:
|
|
||||||
condition: on-failure
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.services.${STACK_NAME}-web.loadbalancer.server.port=80"
|
|
||||||
- "traefik.http.routers.${STACK_NAME}-web.rule=Host(`${LOKI_DOMAIN}`)"
|
|
||||||
- "traefik.http.routers.${STACK_NAME}-web.entrypoints=web-secure"
|
|
||||||
- "traefik.http.routers.${STACK_NAME}-web.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
||||||
|
|
||||||
loki:
|
|
||||||
image: grafana/loki:2.0.0
|
|
||||||
command: -config.file=/etc/loki/local-config.yaml
|
|
||||||
networks:
|
|
||||||
- internal
|
|
||||||
configs:
|
|
||||||
- source: loki_yml
|
|
||||||
target: /etc/loki/local-config.yaml
|
|
||||||
volumes:
|
|
||||||
- loki-data:/loki
|
|
||||||
secrets:
|
|
||||||
- loki_aws_secret_access_key
|
|
||||||
environment:
|
|
||||||
- LOKI_ACCESS_KEY_ID
|
|
||||||
- LOKI_AWS_ENDPOINT
|
|
||||||
- LOKI_AWS_REGION
|
|
||||||
- LOKI_BUCKET_NAMES
|
|
||||||
- STACK_NAME
|
|
||||||
|
|
||||||
configs:
|
|
||||||
grafana_custom_ini:
|
|
||||||
template_driver: golang
|
|
||||||
name: ${STACK_NAME}_grafana_custom_ini_${GRAFANA_CUSTOM_INI_VERSION}
|
|
||||||
file: grafana_custom.ini
|
|
||||||
prometheus_yml:
|
|
||||||
template_driver: golang
|
|
||||||
name: ${STACK_NAME}_prometheus_yml_${PROMETHEUS_YML_VERSION}
|
|
||||||
file: prometheus.yml.tmpl
|
|
||||||
prometheus_web_yml:
|
|
||||||
template_driver: golang
|
|
||||||
name: ${STACK_NAME}_prometheus_web_yml_${PROMETHEUS_WEB_YML_VERSION}
|
|
||||||
file: prometheus_web.yml.tmpl
|
|
||||||
loki_yml:
|
|
||||||
template_driver: golang
|
|
||||||
name: ${STACK_NAME}_loki_yml_${LOKI_YML_VERSION}
|
|
||||||
file: loki.yml.tmpl
|
|
||||||
alertmanager_config:
|
|
||||||
template_driver: golang
|
|
||||||
name: ${STACK_NAME}_alertmanager_config_${ALERTMANAGER_CONFIG_VERSION}
|
|
||||||
file: ./alertmanager.yml.tmpl
|
|
||||||
nginx_config:
|
|
||||||
template_driver: golang
|
|
||||||
name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION}
|
|
||||||
file: nginx.conf.tmpl
|
|
||||||
htpasswd_conf:
|
|
||||||
template_driver: golang
|
|
||||||
name: ${STACK_NAME}_htpasswd_${HTPASSWD_CONFIG_VERSION}
|
|
||||||
file: loki.htpasswd.tmpl
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
prometheus-data:
|
|
||||||
grafana-data:
|
|
||||||
loki-data:
|
|
||||||
alertmanager-data:
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
external: true
|
external: true
|
||||||
internal:
|
internal:
|
||||||
|
|
||||||
secrets:
|
|
||||||
loki_aws_secret_access_key:
|
|
||||||
external: true
|
|
||||||
name: ${STACK_NAME}_loki_aws_secret_access_key_${SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION}
|
|
||||||
grafana_admin_password:
|
|
||||||
external: true
|
|
||||||
name: ${STACK_NAME}_grafana_admin_password_${SECRET_GRAFANA_ADMIN_PASSWORD_VERSION}
|
|
||||||
grafana_oauth_client_secret:
|
|
||||||
external: true
|
|
||||||
name: ${STACK_NAME}_grafana_oauth_client_secret_${SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION}
|
|
||||||
prometheus_admin_password_hashed:
|
|
||||||
external: true
|
|
||||||
name: ${STACK_NAME}_prometheus_admin_password_hashed_${SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION}
|
|
||||||
prometheus_admin_password:
|
|
||||||
external: true
|
|
||||||
name: ${STACK_NAME}_prometheus_admin_password_${SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION}
|
|
||||||
alertmanager_smtp_password:
|
|
||||||
external: true
|
|
||||||
name: ${STACK_NAME}_alertmanager_smtp_password_${SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION}
|
|
||||||
loki_admin_password_hashed:
|
|
||||||
external: true
|
|
||||||
name: ${STACK_NAME}_loki_admin_password_hashed_${SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION}
|
|
|
@ -1 +0,0 @@
|
||||||
loki:{{ secret "loki_admin_password_hashed" }}
|
|
|
@ -1,43 +0,0 @@
|
||||||
user www-data;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 768;
|
|
||||||
}
|
|
||||||
|
|
||||||
http {
|
|
||||||
include /etc/nginx/mime.types;
|
|
||||||
|
|
||||||
map $http_upgrade $connection_upgrade {
|
|
||||||
default upgrade;
|
|
||||||
'' close;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name {{ env "LOKI_DOMAIN" }};
|
|
||||||
|
|
||||||
auth_basic "loki";
|
|
||||||
auth_basic_user_file /etc/nginx/conf.d/loki.htpasswd;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_read_timeout 1800s;
|
|
||||||
proxy_connect_timeout 1600s;
|
|
||||||
proxy_pass http://{{ env "STACK_NAME" }}_loki:3100;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
proxy_set_header Connection "Keep-Alive";
|
|
||||||
proxy_set_header Proxy-Connection "Keep-Alive";
|
|
||||||
proxy_redirect off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /ready {
|
|
||||||
proxy_pass http://{{ env "STACK_NAME" }}_loki:3100;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Connection "Keep-Alive";
|
|
||||||
proxy_set_header Proxy-Connection "Keep-Alive";
|
|
||||||
proxy_redirect off;
|
|
||||||
auth_basic "off";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
NODE_NAME=$(cat /etc/nodename)
|
||||||
|
|
||||||
|
mkdir -p /etc/node-exporter
|
||||||
|
|
||||||
|
echo "node_meta{node_id=\"$NODE_ID\", container_label_com_docker_swarm_node_id=\"$NODE_ID\", node_name=\"$NODE_NAME\"} 1" > /etc/node-exporter/node-meta.prom
|
||||||
|
|
||||||
|
set -- /bin/node_exporter "$@"
|
||||||
|
|
||||||
|
exec "$@"
|
|
@ -0,0 +1,29 @@
|
||||||
|
server:
|
||||||
|
http_listen_port: 9080
|
||||||
|
grpc_listen_port: 0
|
||||||
|
|
||||||
|
positions:
|
||||||
|
filename: /tmp/positions.yaml
|
||||||
|
|
||||||
|
clients:
|
||||||
|
- url: {{ env "LOKI_PUSH_URL" }}
|
||||||
|
basic_auth:
|
||||||
|
username: loki
|
||||||
|
password: {{ secret "loki_admin_password" }}
|
||||||
|
|
||||||
|
scrape_configs:
|
||||||
|
- job_name: system
|
||||||
|
static_configs:
|
||||||
|
- targets:
|
||||||
|
- localhost
|
||||||
|
labels:
|
||||||
|
job: varlogs
|
||||||
|
__path__: /var/log/*log
|
||||||
|
|
||||||
|
- job_name: containers
|
||||||
|
static_configs:
|
||||||
|
- targets:
|
||||||
|
- localhost
|
||||||
|
labels:
|
||||||
|
job: containers
|
||||||
|
__path__: /var/lib/docker/containers/*/*log
|
Loading…
Reference in New Issue