-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
193 lines (182 loc) · 8.32 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
---
version: "3.7"
services:
traefik:
image: traefik:v3.3@sha256:19884a9d0b922b321c9cff54cbfe43f3169893041b8dd4ea6100677afaddce46
command:
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
# letsencrypt configuration
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:[email protected]}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
# enable dashboard
- "--api.dashboard=true"
# define entrypoints
- "--entryPoints.http.address=:80"
- "--entryPoints.http.http.redirections.entryPoint.to=https"
- "--entryPoints.http.http.redirections.entryPoint.scheme=https"
- "--entryPoints.https.address=:443"
# docker provider (get configuration from container labels)
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.routers.traefik.tls.certresolver=http"
- "traefik.http.routers.traefik.service=api@internal"
logging:
driver: "local"
restart: always
grafana:
image: grafana/grafana:11.5.2@sha256:8b37a2f028f164ce7b9889e1765b9d6ee23fec80f871d156fbf436d6198d32b7
volumes:
- grafana:/var/lib/grafana
- ./config/grafana/dashboards/:/etc/grafana/dashboards/
- ./config/grafana/provisioning/:/etc/grafana/provisioning/
environment:
- GF_SERVER_DOMAIN=${GRAFANA_DOMAIN:-grafana.owncloud.test}
- GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN:-grafana.owncloud.test}
- GF_AUTH_BASIC_ENABLED=false
- GF_SECURITY_ADMIN_USER=${GRAFANA_USER:-admin}
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD:-admin}
- GF_AUTH_ANONYMOUS_ENABLED=true
- GF_INSTALL_PLUGINS=grafana-piechart-panel,grafana-github-datasource,grafana-clock-panel
- GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH=/etc/grafana/dashboards/home.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.entrypoints=https"
- "traefik.http.routers.grafana.rule=Host(`${GRAFANA_DOMAIN:-grafana.owncloud.test}`)"
- "traefik.http.routers.grafana.tls.certresolver=http"
- "traefik.http.routers.grafana.service=grafana"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
logging:
driver: "local"
restart: always
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.17.2@sha256:9fb5d27b49cb8d895209736d8e5d1bea4e0c2232c35874bf4c36628e9c7f7e54
environment:
- bootstrap.memory_lock=true
- ES_JAVA_OPTS=-Xms2G -Xmx2G
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 4g
volumes:
- elasticsearch-data:/usr/share/elasticsearch/data
- ./config/elasticsearch/config.yml:/usr/share/elasticsearch/config/elasticsearch.yml
logging:
driver: "local"
restart: always
kibana:
image: docker.elastic.co/kibana/kibana:8.17.2@sha256:2dc937a86da341da8ccaaf25b36fe024794a0496d70aa0593559c5699b680049
environment:
ELASTICSEARCH_URL: http://elasticsearch:9200
ports:
- "127.0.0.1:5601:5601"
labels:
- "traefik.enable=${KIBANA_EXPOSED:-false}"
- "traefik.http.routers.kibana.entrypoints=https"
- "traefik.http.routers.kibana.rule=Host(`${KIBANA_DOMAIN:-kibana.owncloud.test}`)"
- "traefik.http.routers.kibana.tls.certresolver=http"
- "traefik.http.routers.kibana.service=kibana"
- "traefik.http.services.kibana.loadbalancer.server.port=5601"
- "traefik.http.middlewares.kibana-auth.basicauth.users=${KIBANA_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.routers.kibana.middlewares=kibana-auth"
logging:
driver: "local"
restart: always
jaeger-collector:
image: jaegertracing/jaeger-collector:1.66.0@sha256:fbff3f571ab1274e5a4fb5672214b4c0db7f5abe234e38cb558b2a09e9dde515
command: |
--es.server-urls=http://elasticsearch:9200
environment:
SPAN_STORAGE_TYPE: elasticsearch
labels:
- "traefik.enable=true"
- "traefik.http.routers.jaeger-collector.entrypoints=https"
- "traefik.http.routers.jaeger-collector.rule=Host(`${JAEGER_COLLECTOR_DOMAIN:-jaeger-collector.owncloud.test}`)"
- "traefik.http.routers.jaeger-collector.tls.certresolver=http"
- "traefik.http.routers.jaeger-collector.service=jaeger-collector"
- "traefik.http.services.jaeger-collector.loadbalancer.server.scheme=h2c"
- "traefik.http.services.jaeger-collector.loadbalancer.server.port=14250"
logging:
driver: "local"
restart: always
jaeger-query:
image: jaegertracing/jaeger-query:1.66.0@sha256:a8619a0df0569d674063e94b8d12d2559527bb05101a6113b577dc4de05e7a6a
command: |
--span-storage.type=elasticsearch
--es.server-urls=http://elasticsearch:9200
--es.sniffer=false
labels:
- "traefik.enable=true"
- "traefik.http.routers.jaeger-query.entrypoints=https"
- "traefik.http.routers.jaeger-query.rule=Host(`${JAEGER_QUERY_DOMAIN:-jaeger.owncloud.test}`)"
- "traefik.http.routers.jaeger-query.tls.certresolver=http"
- "traefik.http.routers.jaeger-query.service=jaeger-query"
- "traefik.http.services.jaeger-query.loadbalancer.server.port=16686"
# you can protect your jaeger query instance with basic auth
#- "traefik.http.middlewares.jaeger-query-auth.basicauth.users=${JAEGER_QUERY_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
#- "traefik.http.routers.jaeger-query.middlewares=jaeger-query-auth"
logging:
driver: "local"
restart: always
prometheus:
image: prom/prometheus:v3.2.0@sha256:5888c188cf09e3f7eebc97369c3b2ce713e844cdbd88ccf36f5047c958aea120
command:
- "--web.external-url=https://${PROMETHEUS_DOMAIN:-prometheus.owncloud.test}"
- "--config.file=/etc/prometheus/prometheus.yml"
- "--storage.tsdb.path=/prometheus"
volumes:
- ./config/prometheus/scrape_targets:/etc/prometheus/scrape_targets:ro
- ./config/prometheus/config.yml:/etc/prometheus/prometheus.yml:ro
- prometheus-data:/prometheus
labels:
- "traefik.enable=true"
- "traefik.http.routers.prometheus.entrypoints=https"
- "traefik.http.routers.prometheus.rule=Host(`${PROMETHEUS_DOMAIN:-prometheus.owncloud.test}`)"
- "traefik.http.routers.prometheus.tls.certresolver=http"
- "traefik.http.routers.prometheus.service=prometheus"
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
# you can protect your prometheus instance with basic auth
#- "traefik.http.middlewares.prometheus-auth.basicauth.users=${PROMETHEUS_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
#- "traefik.http.routers.prometheus.middlewares=prometheus-auth"
logging:
driver: "local"
restart: always
telegraf:
image: telegraf:1.33.2@sha256:5afb934bd448b8cd49d495fffac5fe8227267123a9af05f9f9ec6044a1799bd1
user: telegraf:${HOST_DOCKER_GROUP_ID} # host docker group id, so that telegraf has access to the docker socket
command: | # only use config directory, but therefore we need to give a empty config file
--config-directory /etc/telegraf/telegraf.d/
--config /dev/null
volumes:
- ./config/telegraf:/etc/telegraf/telegraf.d:ro
- /var/run/docker.sock:/var/run/docker.sock
- /:/hostfs:ro
environment:
HOSTNAME: ${TELEMETRY_SERVE_DOMAIN:-telemetry.infra.owncloud.test}
HOST_ETC: /hostfs/etc
HOST_PROC: /hostfs/proc
HOST_SYS: /hostfs/sys
HOST_VAR: /hostfs/var
HOST_RUN: /hostfs/run
HOST_MOUNT_PREFIX: /hostfs
logging:
driver: "local"
restart: always
volumes:
certs:
elasticsearch-data:
prometheus-data:
grafana: