--- version: "3.8" services: app: image: grafana/grafana:8.4.4 volumes: - grafana-data:/var/lib/grafana:rw secrets: - grafana_admin_password - grafana_oauth_client_secret - grafana_smtp_password configs: - source: grafana_custom_ini target: /etc/grafana/grafana.ini networks: - proxy - internal environment: - GF_SMTP_HOST - GF_SMTP_ENABLED - GF_SMTP_FROM_ADDRESS - GF_SMTP_SKIP_VERIFY - GF_SECURITY_ALLOW_EMBEDDING - GF_INSTALL_PLUGINS=grafana-piechart-panel - GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN} - GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana_admin_password - KEYCLOAK_API_URL - KEYCLOAK_AUTH_URL - KEYCLOAK_TOKEN_URL deploy: labels: - "traefik.enable=true" - "traefik.http.services.${STACK_NAME}-grafana.loadbalancer.server.port=3000" - "traefik.http.routers.${STACK_NAME}-grafana.rule=Host(`${GRAFANA_DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}-grafana.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}-grafana.tls=true" - "traefik.http.routers.${STACK_NAME}-grafana.tls.certresolver=${LETS_ENCRYPT_ENV}" healthcheck: test: "wget -q http://localhost:3000/ -O/dev/null" interval: 5s timeout: 10s retries: 3 start_period: 10s prometheus: image: prom/prometheus:v2.34.0 secrets: - prometheus_admin_password - prometheus_admin_password_hashed - swarm_demo_admin_password volumes: - prometheus-data:/prometheus:rw configs: - source: prometheus_yml target: /etc/prometheus/prometheus.yml - source: prometheus_web_yml target: /etc/prometheus/prometheus_web.yml command: - "--config.file=/etc/prometheus/prometheus.yml" - "--web.config.file=/etc/prometheus/prometheus_web.yml" - "--storage.tsdb.path=/prometheus" - "--web.console.libraries=/usr/share/prometheus/console_libraries" - "--web.console.templates=/usr/share/prometheus/consoles" networks: - proxy - internal deploy: restart_policy: condition: on-failure labels: - "traefik.enable=true" - "traefik.http.services.${STACK_NAME}_prometheus.loadbalancer.server.port=9090" - "traefik.http.routers.${STACK_NAME}-prometheus.rule=Host(`${PROMETHEUS_DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}-prometheus.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}-prometheus.tls=true" - "traefik.http.routers.${STACK_NAME}-prometheus.tls.certresolver=${LETS_ENCRYPT_ENV}" alertmanager: image: prom/alertmanager:v0.23.0 volumes: - alertmanager-data:/etc/alertmanager command: - "--config.file=/etc/alertmanager/config.yml" - "--storage.path=/alertmanager" networks: - internal secrets: - alertmanager_smtp_password configs: - source: alertmanager_config target: /etc/alertmanager/config.yml environment: - ALERTMANAGER_SMTP_FROM - ALERTMANAGER_SMTP_HOST - ALERTMANAGER_SMTP_TO web: image: nginx:1.20.0 networks: - proxy - internal environment: - LOKI_DOMAIN - STACK_NAME configs: - source: nginx_config target: /etc/nginx/nginx.conf - source: htpasswd_conf target: /etc/nginx/conf.d/loki.htpasswd secrets: - loki_admin_password_hashed deploy: restart_policy: condition: on-failure labels: - "traefik.enable=true" - "traefik.http.services.${STACK_NAME}-web.loadbalancer.server.port=80" - "traefik.http.routers.${STACK_NAME}-web.rule=Host(`${LOKI_DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}-web.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}-web.tls.certresolver=${LETS_ENCRYPT_ENV}" loki: image: grafana/loki:2.0.0 command: -config.file=/etc/loki/local-config.yaml networks: - internal configs: - source: loki_yml target: /etc/loki/local-config.yaml volumes: - loki-data:/loki secrets: - loki_aws_secret_access_key environment: - LOKI_ACCESS_KEY_ID - LOKI_AWS_ENDPOINT - LOKI_AWS_REGION - LOKI_BUCKET_NAMES - STACK_NAME configs: grafana_custom_ini: template_driver: golang name: ${STACK_NAME}_grafana_custom_ini_${GRAFANA_CUSTOM_INI_VERSION} file: grafana_custom.ini prometheus_yml: template_driver: golang name: ${STACK_NAME}_prometheus_yml_${PROMETHEUS_YML_VERSION} file: prometheus.yml.tmpl prometheus_web_yml: template_driver: golang name: ${STACK_NAME}_prometheus_web_yml_${PROMETHEUS_WEB_YML_VERSION} file: prometheus_web.yml.tmpl loki_yml: template_driver: golang name: ${STACK_NAME}_loki_yml_${LOKI_YML_VERSION} file: loki.yml.tmpl alertmanager_config: template_driver: golang name: ${STACK_NAME}_alertmanager_config_${ALERTMANAGER_CONFIG_VERSION} file: ./alertmanager.yml.tmpl nginx_config: template_driver: golang name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION} file: nginx.conf.tmpl htpasswd_conf: template_driver: golang name: ${STACK_NAME}_htpasswd_${HTPASSWD_CONFIG_VERSION} file: loki.htpasswd.tmpl volumes: prometheus-data: grafana-data: loki-data: alertmanager-data: networks: proxy: external: true internal: secrets: loki_aws_secret_access_key: external: true name: ${STACK_NAME}_loki_aws_secret_access_key_${SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION} grafana_admin_password: external: true name: ${STACK_NAME}_grafana_admin_password_${SECRET_GRAFANA_ADMIN_PASSWORD_VERSION} grafana_oauth_client_secret: external: true name: ${STACK_NAME}_grafana_oauth_client_secret_${SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION} grafana_smtp_password: external: true name: ${STACK_NAME}_grafana_smtp_password_${SECRET_GRAFANA_SMTP_PASSWORD_VERSION} prometheus_admin_password_hashed: external: true name: ${STACK_NAME}_prometheus_admin_password_hashed_${SECRET_PROMETHEUS_ADMIN_PASSWORD_HASHED_VERSION} prometheus_admin_password: external: true name: ${STACK_NAME}_prometheus_admin_password_${SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION} alertmanager_smtp_password: external: true name: ${STACK_NAME}_alertmanager_smtp_password_${SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION} loki_admin_password_hashed: external: true name: ${STACK_NAME}_loki_admin_password_hashed_${SECRET_LOKI_ADMIN_PASSWORD_HASHED_VERSION} swarm_demo_admin_password: external: true name: ${STACK_NAME}_swarm_demo_admin_password_${SECRET_SWARM_DEMO_ADMIN_PASSWORD_VERSION}