Moves oidc and smtp to a seperate compose config

fix: Removes duplicate basic auth from prometheus and a few other improvements
chore: publish 1.6.0+v1.8.1 release
2025-11-05 15:28:49 +01:00 · 2025-02-21 18:31:54 +01:00 · 2025-02-21 17:23:06 +01:00 · 2025-02-21 17:21:46 +01:00
12 changed files with 76 additions and 24 deletions
--- a/.env.sample
+++ b/.env.sample
@ -12,6 +12,9 @@ ENABLE_BACKUPS=true
 # COMPOSE_FILE="$COMPOSE_FILE:compose.promtail.yml"
 # LOKI_PUSH_URL=https://loki.monitoring.example.org/loki/api/v1/push

+## Expose node and cadvisor ports instead of traefik
+# COMPOSE_FILE="$COMPOSE_FILE:compose.expose-ports.yml"
+
 # Monitoring Server
 #
 ## Prometheus
@ -47,6 +50,7 @@ ENABLE_BACKUPS=true
 #GRAFANA_DOMAIN=grafana.example.com
 #
 ## Single-Sign-On with OIDC
+# COMPOSE_FILE="$COMPOSE_FILE:compose.grafana-oidc.yml"
 # OIDC_ENABLED=1
 # SECRET_GRAFANA_OIDC_CLIENT_SECRET_VERSION=v1
 # OIDC_CLIENT_ID=grafana
@ -59,6 +63,7 @@ ENABLE_BACKUPS=true
 # GF_INSTALL_PLUGINS=grafana-piechart-panel
 #
 ## grafana SMTP configuration (optional)
+# COMPOSE_FILE="$COMPOSE_FILE:compose.grafana-smtp.yml"
 # GF_SMTP_HOST=changeme
 # GF_SMTP_USER=changme
 # GF_SMTP_ENABLED=true
--- a/README.md
+++ b/README.md
@ -36,7 +36,7 @@ Where gathering.org is the node you want to gather metrics from.
  SECRET_USERSFILE_VERSION=v1
  ```
  - Generate userslist with httpasswd hashed password
-    `abra app secret insert traefik.gathering.org userslist v1 'admin:<hashed-secret>'`
+    `abra app secret insert traefik.gathering.org usersfile v1 'admin:<hashed-secret>'`
    make sure there is no whitespace in between `admin:<hashed-secret>`, it seems to break stuff...
  - `abra app deploy -f traefik`
 1. `abra app new monitoring-ng`
@ -47,6 +47,13 @@ Where gathering.org is the node you want to gather metrics from.
  - cadvisor.monitoring.gathering.org
  - node.monitoring.gathering.org

+### Expose node and cadvisor via ports instead of traefik
+
+In case you have no traefik running on the machine, you can expose the ports directly by uncommenting the following line:
+```
+# COMPOSE_FILE="$COMPOSE_FILE:compose.expose-ports.yml"
+```
+
 ## Setup Metrics Browser


@ -85,7 +92,6 @@ Where gathering.org is the node you want to gather metrics from.
 | Cadvisor      | traefik basic-auth | cadvisor.monitoring.example.org   |
 | Node Exporter | traefik basic-auth | node.monitoring.example.org       |

-
 ### Logging from a docker host to loki server without anything else

 ```
--- a/compose.expose-ports.yml
+++ b/compose.expose-ports.yml
@ -0,0 +1,13 @@
+---
+version: "3.8"
+
+services:
+  app:
+    ports:
+      - "9100:9100"
+    deploy:
+
+  cadvisor:
+    ports:
+      - "9101:8080"
+    deploy:
--- a/compose.grafana-oidc.yml
+++ b/compose.grafana-oidc.yml
@ -0,0 +1,16 @@
+version: '3.8'
+
+services:
+  grafana:
+      - grafana_oidc_client_secret
+    environment:
+      - OIDC_API_URL
+      - OIDC_AUTH_URL
+      - OIDC_CLIENT_ID
+      - OIDC_ENABLED
+      - OIDC_TOKEN_URL
+
+secrets:
+  grafana_oidc_client_secret:
+    external: true
+    name: ${STACK_NAME}_grafana_oidc_client_secret_${SECRET_GRAFANA_OIDC_CLIENT_SECRET_VERSION}
--- a/compose.grafana-smtp.yml
+++ b/compose.grafana-smtp.yml
@ -0,0 +1,18 @@
+version: '3.8'
+
+services:
+  grafana:
+    secrets:
+      - grafana_smtp_password
+    environment:
+      - GF_SMTP_HOST
+      - GF_SMTP_USER
+      - GF_SMTP_PASSWORD__FILE=/run/secrets/grafana_smtp_password
+      - GF_SMTP_ENABLED
+      - GF_SMTP_FROM_ADDRESS
+      - GF_SMTP_SKIP_VERIFY
+
+secrets:
+  grafana_smtp_password:
+    external: true
+    name: ${STACK_NAME}_grafana_smtp_password_${SECRET_GRAFANA_SMTP_PASSWORD_VERSION}
--- a/compose.grafana.yml
+++ b/compose.grafana.yml
@ -7,8 +7,6 @@ services:
      - grafana-data:/var/lib/grafana:rw
    secrets:
      - grafana_admin_password
-      - grafana_oidc_client_secret
-      - grafana_smtp_password
    configs:
      - source: grafana_custom_ini
        target: /etc/grafana/grafana.ini
@ -32,22 +30,12 @@ services:
    environment:
      - GF_SERVER_ROOT_URL
      - GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana_admin_password
-      - GF_SMTP_HOST
-      - GF_SMTP_USER
-      - GF_SMTP_PASSWORD__FILE=/run/secrets/grafana_smtp_password
-      - GF_SMTP_ENABLED
-      - GF_SMTP_FROM_ADDRESS
-      - GF_SMTP_SKIP_VERIFY
      - GF_SECURITY_ALLOW_EMBEDDING
      - GF_INSTALL_PLUGINS
-      - OIDC_API_URL
-      - OIDC_AUTH_URL
-      - OIDC_CLIENT_ID
-      - OIDC_ENABLED
-      - OIDC_TOKEN_URL
    deploy:
      labels:
        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}-grafana.loadbalancer.server.port=3000"
        - "traefik.http.routers.${STACK_NAME}-grafana.rule=Host(`${GRAFANA_DOMAIN:-$DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}-grafana.entrypoints=web-secure"
@ -96,9 +84,3 @@ secrets:
  grafana_admin_password:
    external: true
    name: ${STACK_NAME}_grafana_admin_password_${SECRET_GRAFANA_ADMIN_PASSWORD_VERSION}
-  grafana_oidc_client_secret:
-    external: true
-    name: ${STACK_NAME}_grafana_oidc_client_secret_${SECRET_GRAFANA_OIDC_CLIENT_SECRET_VERSION}
-  grafana_smtp_password:
-    external: true
-    name: ${STACK_NAME}_grafana_smtp_password_${SECRET_GRAFANA_SMTP_PASSWORD_VERSION}
--- a/compose.loki.yml
+++ b/compose.loki.yml
@ -27,6 +27,7 @@ services:
        condition: on-failure
      labels:
        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}-loki.loadbalancer.server.port=3100"
        - "traefik.http.routers.${STACK_NAME}-loki.rule=Host(`loki.${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}-loki.entrypoints=web-secure"
@ -48,4 +49,4 @@ volumes:
 # secrets:
 #   loki_aws_secret_access_key:
 #     external: true
-#     name: ${STACK_NAME}_loki_aws_secret_access_key_${SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION}
+#     name: ${STACK_NAME}_loki_aws_secret_access_key_${SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION}
--- a/compose.prometheus.yml
+++ b/compose.prometheus.yml
@ -24,12 +24,12 @@ services:
        condition: on-failure
      labels:
        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}-prometheus.loadbalancer.server.port=9090"
        - "traefik.http.routers.${STACK_NAME}-prometheus.rule=Host(`prometheus.${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}-prometheus.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}-prometheus.tls=true"
        - "traefik.http.routers.${STACK_NAME}-prometheus.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "traefik.http.routers.${STACK_NAME}-prometheus.middlewares=basicauth@file"

 configs:
  prometheus_yml:
--- a/compose.pushgateway.yml
+++ b/compose.pushgateway.yml
@ -17,6 +17,7 @@ services:
        condition: on-failure
      labels:
        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}-pushgateway.loadbalancer.server.port=9191"
        - "traefik.http.routers.${STACK_NAME}-pushgateway.rule=Host(`pushgateway.${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}-pushgateway.entrypoints=web-secure"
--- a/compose.yml
+++ b/compose.yml
@ -32,13 +32,14 @@ services:
      labels:
        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}-node.loadbalancer.server.port=9100"
        - "traefik.http.routers.${STACK_NAME}-node.rule=Host(`node.${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}-node.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}-node.tls=true"
        - "traefik.http.routers.${STACK_NAME}-node.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}-node.middlewares=basicauth@file"
-        - "coop-cloud.${STACK_NAME}.version=1.5.0+v1.8.1"
+        - "coop-cloud.${STACK_NAME}.version=1.6.0+v1.8.1"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"

  cadvisor:
@ -63,6 +64,7 @@ services:
        condition: on-failure
      labels:
        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}-cadvisor.loadbalancer.server.port=8080"
        - "traefik.http.routers.${STACK_NAME}-cadvisor.rule=Host(`cadvisor.${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}-cadvisor.entrypoints=web-secure"
--- a/release/1.6.0+v1.8.1
+++ b/release/1.6.0+v1.8.1
@ -0,0 +1 @@
+Adds option to expose ports for node and cadvisor service
--- a/release/next
+++ b/release/next
@ -0,0 +1,7 @@
+1. OIDC was moved into a seperate compose file. If you have oidc configured you need to add the following line to you .env file:
+
+COMPOSE_FILE="$COMPOSE_FILE:compose.grafana-oidc.yml"
+
+2. SMTP was moved into a seperate compose file. If you have smtp configured you need to add the following line to you .env file:
+
+COMPOSE_FILE="$COMPOSE_FILE:compose.grafana-smtp.yml"
Author	SHA1	Message	Date
p4u1	5af3f8c643	Moves oidc and smtp to a seperate compose config	2025-11-05 15:28:49 +01:00
p4u1	7dbe5bf22e	fix: Removes duplicate basic auth from prometheus and a few other improvements	2025-02-21 18:31:54 +01:00
p4u1	89b5fef6ac	chore: publish 1.6.0+v1.8.1 release	2025-02-21 17:23:06 +01:00
p4u1	cd42c64544	feat: Adds option to expose ports for node and cadvisor service	2025-02-21 17:21:46 +01:00
				`@ -0,0 +1 @@`
				`Adds option to expose ports for node and cadvisor service`