224 lines
7.5 KiB
YAML
224 lines
7.5 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
services:
|
|
app:
|
|
image: grafana/grafana:8.4.4
|
|
volumes:
|
|
- grafana-data:/var/lib/grafana:rw
|
|
secrets:
|
|
- grafana_admin_password
|
|
- grafana_oauth_client_secret
|
|
configs:
|
|
- source: grafana_datasources_yml
|
|
target: /etc/grafana/provisioning/datasources/datasources.yml
|
|
- source: grafana_dashboards_yml
|
|
target: /etc/grafana/provisioning/dashboards/dashboards.yml
|
|
- source: grafana_swarm_dashboard_json
|
|
target: /var/lib/grafana/dashboards/docker-swarm-nodes.json
|
|
- source: grafana_stacks_dashboard_json
|
|
target: /var/lib/grafana/dashboards/docker-swarm-stacks.json
|
|
- source: grafana_traefik_dashboard_json
|
|
target: /var/lib/grafana/dashboards/traefik.json
|
|
- source: grafana_custom_ini
|
|
target: /etc/grafana/grafana.ini
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
environment:
|
|
- GF_SMTP_HOST
|
|
- GF_SMTP_ENABLED
|
|
- GF_SMTP_FROM_ADDRESS
|
|
- GF_SMTP_SKIP_VERIFY
|
|
- GF_SECURITY_ALLOW_EMBEDDING
|
|
- GF_INSTALL_PLUGINS=grafana-piechart-panel
|
|
- GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}
|
|
- GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana_admin_password
|
|
- KEYCLOAK_API_URL
|
|
- KEYCLOAK_AUTH_URL
|
|
- KEYCLOAK_TOKEN_URL
|
|
deploy:
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.${STACK_NAME}-grafana.loadbalancer.server.port=3000"
|
|
- "traefik.http.routers.${STACK_NAME}-grafana.rule=Host(`${GRAFANA_DOMAIN}`)"
|
|
- "traefik.http.routers.${STACK_NAME}-grafana.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}-grafana.tls=true"
|
|
- "traefik.http.routers.${STACK_NAME}-grafana.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
healthcheck:
|
|
test: "wget -q http://localhost:3000/ -O/dev/null"
|
|
interval: 5s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
prometheus:
|
|
image: prom/prometheus:v2.34.0
|
|
secrets:
|
|
- prometheus_admin_password
|
|
volumes:
|
|
- prometheus-data:/prometheus:rw
|
|
configs:
|
|
- source: prometheus_yml
|
|
target: /etc/prometheus/prometheus.yml
|
|
- source: prometheus_web_yml
|
|
target: /etc/prometheus/prometheus_web.yml
|
|
command:
|
|
- "--config.file=/etc/prometheus/prometheus.yml"
|
|
- "--web.config.file=/etc/prometheus/prometheus_web.yml"
|
|
- "--storage.tsdb.path=/prometheus"
|
|
- "--web.console.libraries=/usr/share/prometheus/console_libraries"
|
|
- "--web.console.templates=/usr/share/prometheus/consoles"
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.${STACK_NAME}_prometheus.loadbalancer.server.port=9090"
|
|
- "traefik.http.routers.${STACK_NAME}-prometheus.rule=Host(`${PROMETHEUS_DOMAIN}`)"
|
|
- "traefik.http.routers.${STACK_NAME}-prometheus.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}-prometheus.tls=true"
|
|
- "traefik.http.routers.${STACK_NAME}-prometheus.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
|
|
alertmanager:
|
|
image: prom/alertmanager:v0.23.0
|
|
volumes:
|
|
- alertmanager-data:/etc/alertmanager
|
|
command:
|
|
- "--config.file=/etc/alertmanager/config.yml"
|
|
- "--storage.path=/alertmanager"
|
|
networks:
|
|
- internal
|
|
secrets:
|
|
- alertmanager_smtp_password
|
|
configs:
|
|
- source: alertmanager_config
|
|
target: /etc/alertmanager/config.yml
|
|
environment:
|
|
- ALERTMANAGER_SMTP_FROM
|
|
- ALERTMANAGER_SMTP_HOST
|
|
- ALERTMANAGER_SMTP_TO
|
|
|
|
# Note(d1): https://grafana.com/docs/loki/latest/operations/authentication/
|
|
web:
|
|
image: nginx:1.20.0
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
environment:
|
|
- LOKI_DOMAIN
|
|
- STACK_NAME
|
|
configs:
|
|
- source: nginx_config
|
|
target: /etc/nginx/nginx.conf
|
|
- source: htpasswd_conf
|
|
target: /etc/nginx/conf.d/loki.htpasswd
|
|
secrets:
|
|
- loki_admin_password
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.${STACK_NAME}-web.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.${STACK_NAME}-web.rule=Host(`${LOKI_DOMAIN}`)"
|
|
- "traefik.http.routers.${STACK_NAME}-web.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}-web.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
|
|
loki:
|
|
image: grafana/loki:2.0.0
|
|
command: -config.file=/etc/loki/local-config.yaml
|
|
networks:
|
|
- internal
|
|
configs:
|
|
- source: loki_yml
|
|
target: /etc/loki/local-config.yaml
|
|
volumes:
|
|
- loki-data:/loki
|
|
secrets:
|
|
- loki_aws_secret_access_key
|
|
environment:
|
|
- LOKI_AWS_ENDPOINT
|
|
- LOKI_AWS_REGION
|
|
- LOKI_ACCESS_KEY_ID
|
|
- LOKI_BUCKET_NAMES
|
|
|
|
configs:
|
|
grafana_custom_ini:
|
|
template_driver: golang
|
|
name: ${STACK_NAME}_grafana_custom_ini_${GRAFANA_CUSTOM_INI_VERSION}
|
|
file: grafana_custom.ini
|
|
prometheus_yml:
|
|
template_driver: golang
|
|
name: ${STACK_NAME}_prometheus_yml_${PROMETHEUS_YML_VERSION}
|
|
file: prometheus.yml.tmpl
|
|
prometheus_web_yml:
|
|
template_driver: golang
|
|
name: ${STACK_NAME}_prometheus_web_yml_${PROMETHEUS_WEB_YML_VERSION}
|
|
file: prometheus_web.yml.tmpl
|
|
loki_yml:
|
|
template_driver: golang
|
|
name: ${STACK_NAME}_loki_yml_${LOKI_YML_VERSION}
|
|
file: loki.yml.tmpl
|
|
alertmanager_config:
|
|
template_driver: golang
|
|
name: ${STACK_NAME}_alertmanager_config_${ALERTMANAGER_CONFIG_VERSION}
|
|
file: ./alertmanager.yml.tmpl
|
|
nginx_config:
|
|
template_driver: golang
|
|
name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION}
|
|
file: nginx.conf.tmpl
|
|
htpasswd_conf:
|
|
template_driver: golang
|
|
name: ${STACK_NAME}_htpasswd_${HTPASSWD_CONFIG_VERSION}
|
|
file: loki.htpasswd.tmpl
|
|
grafana_datasources_yml:
|
|
name: ${STACK_NAME}_grafana_datasources_yml_${GRAFANA_DATASOURCES_YML_VERSION}
|
|
file: grafana-datasources.yml
|
|
grafana_dashboards_yml:
|
|
name: ${STACK_NAME}_grafana_dashboards_yml_${GRAFANA_DASHBOARDS_YML_VERSION}
|
|
file: grafana-dashboards.yml
|
|
grafana_swarm_dashboard_json:
|
|
name: ${STACK_NAME}_grafana_swarm_dashboard_json_${GRAFANA_SWARM_DASHBOARD_JSON_VERSION}
|
|
file: grafana-swarm-dashboard.json
|
|
grafana_stacks_dashboard_json:
|
|
name: ${STACK_NAME}_grafana_stacks_dashboard_json_${GRAFANA_STACKS_DASHBOARD_JSON_VERSION}
|
|
file: grafana-stacks-dashboard.json
|
|
grafana_traefik_dashboard_json:
|
|
name: ${STACK_NAME}_grafana_traefik_dashboard_json_${GRAFANA_TRAEFIK_DASHBOARD_JSON_VERSION}
|
|
file: grafana-traefik-dashboard.json
|
|
|
|
volumes:
|
|
prometheus-data:
|
|
grafana-data:
|
|
loki-data:
|
|
alertmanager-data:
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
internal:
|
|
|
|
secrets:
|
|
loki_aws_secret_access_key:
|
|
external: true
|
|
name: ${STACK_NAME}_loki_aws_secret_access_key_${SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION}
|
|
grafana_admin_password:
|
|
external: true
|
|
name: ${STACK_NAME}_grafana_admin_password_${SECRET_GRAFANA_ADMIN_PASSWORD_VERSION}
|
|
grafana_oauth_client_secret:
|
|
external: true
|
|
name: ${STACK_NAME}_grafana_oauth_client_secret_${SECRET_GRAFANA_OAUTH_CLIENT_SECRET_VERSION}
|
|
prometheus_admin_password:
|
|
external: true
|
|
name: ${STACK_NAME}_prometheus_admin_password_${SECRET_PROMETHEUS_ADMIN_PASSWORD_VERSION}
|
|
alertmanager_smtp_password:
|
|
external: true
|
|
name: ${STACK_NAME}_alertmanager_smtp_password_${SECRET_ALERTMANAGER_SMTP_PASSWORD_VERSION}
|
|
loki_admin_password:
|
|
external: true
|
|
name: ${STACK_NAME}_loki_admin_password_${SECRET_LOKI_ADMIN_PASSWORD_VERSION}
|