diff --git a/docker-stack/Dockerfile.prom-proc-net b/docker-stack/Dockerfile.prom-proc-net new file mode 100644 index 0000000..09d71d9 --- /dev/null +++ b/docker-stack/Dockerfile.prom-proc-net @@ -0,0 +1,6 @@ +FROM alpine:3.16 + +RUN apk --update --no-cache add bash +COPY --chmod=755 prom-proc-net.sh /bin/prom-proc-net.sh + +CMD ["/bin/prom-proc-net.sh"] diff --git a/docker-stack/Makefile b/docker-stack/Makefile new file mode 100644 index 0000000..521f7df --- /dev/null +++ b/docker-stack/Makefile @@ -0,0 +1,112 @@ +DATA_ROOT := /home/gfs-data + +all: + @echo "ERROR: Be specific with one or more targets" + +build: + DOCKER_BUILDKIT=1 docker build -t alpine:prom-proc-net -f Dockerfile.prom-proc-net . + +push: + docker tag alpine:prom-proc-net docker.io/hyunghwan/alpine:prom-proc-net + docker push docker.io/hyunghwan/alpine:prom-proc-net + +init-traefik-data: + mkdir -p "$(DATA_ROOT)/traefik" + cp traefik-cert.yml "$(DATA_ROOT)/traefik" + cp /etc/letsencrypt/live/miflux.com/fullchain.pem "$(DATA_ROOT)/traefik/miflux.crt" + cp /etc/letsencrypt/live/miflux.com/privkey.pem "$(DATA_ROOT)/traefik/miflux.key" + +init-prometheus-data: + mkdir -p "$(DATA_ROOT)/prometheus/etc" + mkdir -p "$(DATA_ROOT)/prometheus/data" + chown 65534:65534 "$(DATA_ROOT)/prometheus/data" + cp prometheus.conf.yml "$(DATA_ROOT)/prometheus/etc/prometheus.yml" + +network-up-drone: + docker network create --driver overlay --attachable drone-network + +network-down-drone: + docker network rm drone-network + +network-up-prometheus: + docker network create --driver overlay --attachable prometheus-network + +network-down-prometheus: + docker network rm prometheus-network + +network-up-traefik: + docker network create --driver overlay --attachable traefik-network + +network-down-traefik: + docker network rm traefik-network + +stack-up-traefik: + docker stack deploy --compose-file traefik.yml traefik-stack + +stack-down-traefik: + docker stack rm traefik-stack + + +stack-up-codepot: + docker stack deploy --compose-file codepot.yml codepot-stack + +stack-down-codepot: + docker stack rm codepot-stack + +stack-up-gitea: + docker stack deploy --compose-file gitea.yml gitea-stack + +stack-down-gitea: + docker stack rm gitea-stack + +stack-up-drone: + docker stack deploy --compose-file drone.yml drone-stack + +stack-down-drone: + docker stack rm drone-stack + +stack-up-drone-runner: + docker stack deploy --compose-file drone-runner.yml drone-runner-stack + +stack-down-drone-runner: + docker stack rm drone-runner-stack + +stack-up-portainer: + docker stack deploy --compose-file portainer.yml portainer-stack + +stack-down-portainer: + docker stack rm portainer-stack + +#------------------------------------------------ +stack-up-cadvisor: + docker stack deploy --compose-file cadvisor.yml cadvisor-stack + +stack-down-cadvisor: + docker stack rm cadvisor-stack + +stack-up-prometheus-node-exporter: + docker stack deploy --compose-file prometheus-node-exporter.yml prometheus-node-exporter-stack + +stack-down-prometheus-node-exporter: + docker stack rm prometheus-node-exporter-stack + +stack-up-prometheus: + docker stack deploy --compose-file prometheus.yml prometheus-stack + +stack-down-prometheus: + docker stack rm prometheus-stack + +stack-up-grafana: + docker stack deploy --compose-file grafana.yml grafana-stack + +stack-down-grafana: + docker stack rm grafana-stack + +stack-up-monitor: stack-up-prometheus-node-exporter stack-up-prometheus stack-up-grafana + +stack-down-monitor: stack-down-grafana stack-down-prometheus stack-down-prometheus-node-exporter + +#------------------------------------------------ +stack-down-all: stack-down-portainer stack-down-drone-runner stack-down-drone stack-down-gitea stack-down-codepot stack-down-traefik + +stack-up-all: stack-up-traefik stack-up-codepot stack-up-gitea stack-up-drone stack-up-drone-runner stack-up-portainer diff --git a/docker-stack/cadvisor.yml b/docker-stack/cadvisor.yml new file mode 100644 index 0000000..1e5ae27 --- /dev/null +++ b/docker-stack/cadvisor.yml @@ -0,0 +1,45 @@ +version: "3.8" + +networks: + host-network: + name: host + external: true + prometheus-network: + external: true + traefik-network: + external: true + +services: + cadvisor-service: + ##image: docker.io/google/cadvisor + image: gcr.io/cadvisor/cadvisor + hostname: cadvisor-service-host + command: + - -logtostderr + #- -docker_only + environment: + - DS_NODE_NAME="{{.Node.Hostname}}" + - DS_SERVICE_NAME="{{.Service.Name}}" + - DS_TASK_NAME="{{.Task.Name}}" + networks: + - traefik-network + - prometheus-network + volumes: + - /:/rootfs:ro + - /var/run:/var/run:rw + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + - /dev/disk/:/dev/disk:ro + ports: + - target: 8080 + published: 9080 + protocol: tcp + mode: ingress + ##privileged: true + deploy: + mode: global + restart_policy: + condition: on-failure + resources: + limits: + memory: 256MB diff --git a/docker-stack/codepot.yml b/docker-stack/codepot.yml new file mode 100644 index 0000000..8262461 --- /dev/null +++ b/docker-stack/codepot.yml @@ -0,0 +1,45 @@ +version: '3.8' + +networks: + traefik-network: + external: true + +services: + codepot-service: + image: docker.io/hyunghwan/codepot:ubnt + hostname: codepot-service-host + tty: true + environment: + - DS_NODE_NAME="{{.Node.Hostname}}" + - DS_SERVICE_NAME="{{.Service.Name}}" + - DS_TASK_NAME="{{.Task.Name}}" + command: + - --port=80 + - --hide-index-page=yes + - --https-redirected=yes + volumes: + - type: bind + source: /home/gfs-data/codepot-1 + target: /var/lib/codepot + deploy: + replicas: 1 + placement: + max_replicas_per_node: 1 + ##constraints: [node.role == manager] + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure + labels: + - traefik.enable=true + - traefik.http.routers.codepot-secure.entrypoints=websec + - traefik.http.routers.codepot-secure.rule=Host(`gitea.miflux.com`) + - traefik.http.routers.codepot-secure.tls=true + - traefik.http.routers.codepot-plain.entrypoints=web + - traefik.http.routers.codepot-plain.rule=Host(`gitea.miflux.com`) + - traefik.http.services.codepot.loadbalancer.sticky.cookie=true + - traefik.http.services.codepot.loadbalancer.sticky.cookie.name=codepot-sticker + - traefik.http.services.codepot.loadbalancer.server.port=80 + networks: + - traefik-network diff --git a/docker-stack/drone-runner.yml b/docker-stack/drone-runner.yml new file mode 100644 index 0000000..a66df48 --- /dev/null +++ b/docker-stack/drone-runner.yml @@ -0,0 +1,58 @@ +version: "3.8" + +networks: + drone-network: + external: true + traefik-network: + external: true + +services: + drone-runner-service: + image: docker.io/drone/drone-runner-docker:1 + hostname: drone-runner-service-host + tty: true + environment: + ##- DRONE_RPC_PROTO=https + ##- DRONE_RPC_HOST=ci.miflux.com + - DRONE_RPC_PROTO=http + - DRONE_RPC_HOST=drone-service-host + - DRONE_RPC_PORT=:80 + - DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d + - DRONE_RUNNER_CAPACITY=10 + - DRONE_RUNNER_NAME=drone-runner-docker-1 + - DS_NODE_NAME="{{.Node.Hostname}}" + - DS_SERVICE_NAME="{{.Service.Name}}" + - DS_TASK_NAME="{{.Task.Name}}" + networks: + - drone-network + ##- traefik-network + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + # - type: bind + # source: /etc/timezone + # target: /etc/timezone + # read_only: true + # - type: bind + # source: /etc/localtime + # target: /etc/localtime + # read_only: true + #ports: + # - target: 3000 + # published: 3000 + # protocol: tcp + deploy: + mode: global + ##mode: replicated + ##replicas: 3 + ##placement: + ##max_replicas_per_node: 1 + ##constraints: + ## - node.labels.location == home + ## - node.hostname == rose + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure diff --git a/docker-stack/drone.yml b/docker-stack/drone.yml new file mode 100644 index 0000000..738e1f0 --- /dev/null +++ b/docker-stack/drone.yml @@ -0,0 +1,74 @@ +version: "3.8" + +networks: + drone-network: + external: true + traefik-network: + external: true + +services: + drone-service: + image: docker.io/drone/drone:2 + hostname: drone-service-host + tty: true + environment: + ## unabel to use the internal DNS name as this URL is shown to + ## the user for oauth login. + ##- DRONE_GITEA_SERVER=http://gitea-service-host:3000 + - DRONE_GITEA_SERVER=https://code.miflux.com + - DRONE_GITEA_CLIENT_ID=55c9b1a3-0902-4877-bc7a-225a87906b52 + - DRONE_GITEA_CLIENT_SECRET=gto_5vemyidhgakygsowyjkhm2kqvjksdpzaiakfscj7e6dfmnips4xa + - DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d + - DRONE_SERVER_HOST=ci.miflux.com + - DRONE_SERVER_PROTO=https + - DRONE_USER_CREATE=username:hyung-hwan,admin:true + - DS_NODE_NAME="{{.Node.Hostname}}" + - DS_SERVICE_NAME="{{.Service.Name}}" + - DS_TASK_NAME="{{.Task.Name}}" + networks: + - drone-network + - traefik-network + volumes: + - type: bind + source: /home/gfs-data/drone + target: /data + - type: bind + source: /etc/timezone + target: /etc/timezone + read_only: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true +# ports: +# - target: 80 +# published: 80 +# protocol: tcp +# - target: 443 +# published: 443 +# protocol: tcp + deploy: + mode: replicated + replicas: 1 + placement: + max_replicas_per_node: 1 + ##constraints: + ## - node.labels.location == home + ## - node.hostname == rose + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure + labels: + - traefik.enable=true + ##- traefik.docker.network=traefik-network + - traefik.http.routers.drone-https.entrypoints=websec + - traefik.http.routers.drone-https.rule=Host(`ci.miflux.com`) + - traefik.http.routers.drone-https.tls=true +# - traefik.http.routers.drone-http.entrypoints=web +# - traefik.http.routers.drone-http.rule=Host(`ci.miflux.com`) +# - traefik.http.routers.drone-http.tls=false + - traefik.http.services.drone-service.loadbalancer.server.port=80 + - traefik.http.services.drone-service.loadbalancer.sticky.cookie=true + - traefik.http.services.drone-service.loadbalancer.sticky.cookie.name=drone-sticker diff --git a/docker-stack/gitea.yml b/docker-stack/gitea.yml new file mode 100644 index 0000000..57ab5d3 --- /dev/null +++ b/docker-stack/gitea.yml @@ -0,0 +1,86 @@ +version: "3.8" + +networks: + host-network: + name: host + external: true + prometheus-network: + external: true + traefik-network: + external: true + +services: + gitea-service: + image: gitea/gitea:latest + hostname: gitea-service-host + tty: true + environment: + ##- USER_UID=1000 + ##- USER_GID=1000 + - GITEA____APP_NAME=HYUNG-HWAN + - GITEA__server__DISABLE_SSH=true + - GITEA__server__HTTP_PORT=3000 + - GITEA__server__ROOT_URL=https://code.miflux.com/ + - GITEA__indexer__REPO_INDEXER_ENABLED=true + - GITEA__indexer__REPO_INDEXER_PATH=/data/gitea/indexers/repos.bleve + - GITEA__indexer__UPDATE_BUFFER_LEN=20 + - GITEA__indexer__MAX_FILE_SIZE=1048576 + - GITEA__indexer__REPO_INDEXER_INCLUDE= + - GITEA__indexer__REPO_INDEXER_EXCLUDE=resources/bin/** + - GITEA__service__DISABLE_REGISTRATION=true + - GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=true + - GITEA__service__EMAIL_NOTIFY_TRUE=false + - GITEA__openid__ENABLE_OPENID_SIGNIN=false + - GITEA__openid__ENABLE_OPENID_SIGNUP=false + - GITEA__wehhook__ALLOWED_HOST_LIST=* + - GITEA__metrics__ENABLED=true + - DS_NODE_NAME="{{.Node.Hostname}}" + - DS_SERVICE_NAME="{{.Service.Name}}" + - DS_TASK_NAME="{{.Task.Name}}" + networks: + - traefik-network + - prometheus-network + volumes: + - type: bind + source: /home/gfs-data/gitea + target: /data + - type: bind + source: /etc/timezone + target: /etc/timezone + read_only: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true +# ports: +# - target: 3000 +# published: 3000 +# protocol: tcp +# - target: 22 +# published: 222 +# protocol: tcp + deploy: + mode: replicated + replicas: 1 + placement: + max_replicas_per_node: 1 + ##constraints: + ## - node.labels.location == home + ## - node.hostname == rose + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure + labels: + - traefik.enable=true + ##- traefik.docker.network=traefik-network + - traefik.http.routers.gitea-https.entrypoints=websec + - traefik.http.routers.gitea-https.rule=Host(`code.miflux.com`) + - traefik.http.routers.gitea-https.tls=true +# - traefik.http.routers.gitea-http.entrypoints=web +# - traefik.http.routers.gitea-http.rule=Host(`code.miflux.com`) +# - traefik.http.routers.gitea-http.tls=false + - traefik.http.services.gitea-service.loadbalancer.server.port=3000 + - traefik.http.services.gitea-service.loadbalancer.sticky.cookie=true + - traefik.http.services.gitea-service.loadbalancer.sticky.cookie.name=gitea-sticker diff --git a/docker-stack/grafana.yml b/docker-stack/grafana.yml new file mode 100644 index 0000000..55ffd3b --- /dev/null +++ b/docker-stack/grafana.yml @@ -0,0 +1,52 @@ +version: "3.9" + +networks: + host-network: + name: host + external: true + prometheus-network: + external: true + traefik-network: + external: true + +services: + grafana-service: + image: docker.io/grafana/grafana:latest + hostname: grafana-service-host + tty: true + environment: + - GF_SECURITY_ADMIN_USER=admin + - GF_SECURITY_ADMIN_PASSWORD=admin + - DS_NODE_NAME="{{.Node.Hostname}}" + - DS_SERVICE_NAME="{{.Service.Name}}" + - DS_TASK_NAME="{{.Task.Name}}" + networks: + - prometheus-network + - traefik-network + ##depends_on: + ## - prometheus-service + deploy: + mode: replicated + replicas: 1 + placement: + max_replicas_per_node: 1 + ##constraints: + ## - node.labels.location == home + ## - node.hostname == rose + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure + labels: + - traefik.enable=true + ##- traefik.docker.network=traefik-network + - traefik.http.routers.grafana-https.entrypoints=websec + - traefik.http.routers.grafana-https.rule=Host(`gf.miflux.com`) + - traefik.http.routers.grafana-https.tls=true + ##- traefik.http.routers.grafana-http.entrypoints=web + ##- traefik.http.routers.grafana-http.rule=Host(`gf.miflux.com`) + ##- traefik.http.routers.grafana-http.tls=false + - traefik.http.services.grafana-service.loadbalancer.server.port=3000 + - traefik.http.services.grafana-service.loadbalancer.sticky.cookie=true + - traefik.http.services.grafana-service.loadbalancer.sticky.cookie.name=grafana-sticker diff --git a/docker-stack/monitor.yml b/docker-stack/monitor.yml new file mode 100644 index 0000000..24631b2 --- /dev/null +++ b/docker-stack/monitor.yml @@ -0,0 +1,105 @@ +version: "3.9" + +networks: + host-network: + name: host + external: true + prometheus-network: + external: false + traefik-network: + external: true + +services: + prometheus-service: + image: docker.io/prom/prometheus:latest + hostname: prometheus-service-host + networks: + - prometheus-network + volumes: + - type: bind + source: /home/gfs-data/monitor/prometheus/etc + target: /etc/prometheus + read_only: true + - type: bind + source: /home/gfs-data/monitor/prometheus/data + target: /prometheus + read_only: false + ##command: + ##- --config.file=/etc/prometheus/prometheus.yml + ##- --storage.tsdb.path=/prometheus + ##- --web.console.libraries=/usr/share/prometheus/console_libraries + ##- --web.console.templates=/usr/share/prometheus/consoles + + prometheus-node-exporter-service: + image: docker.io/prom/node-exporter:latest + hostname: prometheus-node-exporter-service-host + networks: + - prometheus-network + - host-network + volumes: + - type: bind + source: / + target: /host + read_only: true + bind: + propagation: rslave + pid: host + command: + - --path.rootfs=/host + ##- --path.procfs=/host/proc + ##- --path.sysfs=/host/sys + ##- --collector.filesystem.ignored-mount-points="^/(sys|proc|dev|host|etc)/?.*$$" + ##ports: + ## - target: 9100 + ## published: 9100 + ## protocol: tcp + deploy: + mode: global + ##replicas: 3 + ##placement: + ##max_replicas_per_node: 1 + ##constraints: + ## - node.labels.location == home + ## - node.hostname == rose + resources: + limits: + memory: 256MB + restart_policy: + condition: on-failure + + grafana-service: + image: docker.io/grafana/grafana:latest + hostname: grafana-service-host + environment: + - GF_SECURITY_ADMIN_USER=admin + - GF_SECURITY_ADMIN_PASSWORD=admin + networks: + - prometheus-network + - traefik-network + depends_on: + - prometheus-service + deploy: + mode: replicated + replicas: 1 + placement: + max_replicas_per_node: 1 + ##constraints: + ## - node.labels.location == home + ## - node.hostname == rose + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure + labels: + - traefik.enable=true + ##- traefik.docker.network=traefik-network + - traefik.http.routers.grafana-https.entrypoints=websec + - traefik.http.routers.grafana-https.rule=Host(`gf.miflux.com`) + - traefik.http.routers.grafana-https.tls=true + ##- traefik.http.routers.grafana-http.entrypoints=web + ##- traefik.http.routers.grafana-http.rule=Host(`gf.miflux.com`) + ##- traefik.http.routers.grafana-http.tls=false + - traefik.http.services.grafana-service.loadbalancer.server.port=3000 + - traefik.http.services.grafana-service.loadbalancer.sticky.cookie=true + - traefik.http.services.grafana-service.loadbalancer.sticky.cookie.name=grafana-sticker diff --git a/docker-stack/portainer.yml b/docker-stack/portainer.yml new file mode 100644 index 0000000..72ac4cb --- /dev/null +++ b/docker-stack/portainer.yml @@ -0,0 +1,48 @@ +version: '3.8' + +networks: + traefik-network: + external: true + +services: + portainer-service: + image: docker.io/portainer/portainer-ce:latest + hostname: portainer-service-host + #stdin_open: true + #tty: true + command: -H unix:///var/run/docker.sock + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + - type: bind + source: /home/gfs-data/portainer-1 + target: /data + read_only: false + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + read_only: true + deploy: + replicas: 1 + placement: + max_replicas_per_node: 1 + ##constraints: [node.role == manager] + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure + labels: + - traefik.enable=true + - traefik.http.routers.portainer-secure.entrypoints=websec + - traefik.http.routers.portainer-secure.rule=Host(`pt.miflux.com`) + - traefik.http.routers.portainer-secure.tls=true + - traefik.http.routers.portainer-plain.entrypoints=web + - traefik.http.routers.portainer-plain.rule=Host(`pt.miflux.com`) + - traefik.http.services.portainer.loadbalancer.sticky.cookie=true + - traefik.http.services.portainer.loadbalancer.sticky.cookie.name=portainer-sticker + - traefik.http.services.portainer.loadbalancer.server.port=9000 + networks: + - traefik-network diff --git a/docker-stack/prom-proc-net.sh b/docker-stack/prom-proc-net.sh new file mode 100644 index 0000000..79edfc7 --- /dev/null +++ b/docker-stack/prom-proc-net.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +[ -z "${PROM_PROC_NET_DIR}" ] && PROM_PROC_NET_DIR="/tmp/prometheus-proc-net" + +function copy() { + local basedir="$1" + local tgtdir="$2" + for f in "$basedir"/* + do + local tgtfile=${f##$basedir/} + if [[ -d "$f" ]] + then + mkdir -p "${tgtdir}/${tgtfile}" + copy "$f" "${tgtdir}/${tgtfile}" + elif [[ -r "$f" ]] + then + cat "$f" "${tgtdir}/${tgtfile}" + : + fi + done +} + +while true +do + copy "/proc/net" "${PROM_PROC_NET_DIR}" + sleep 0.5 +done diff --git a/docker-stack/prometheus-node-exporter.yml b/docker-stack/prometheus-node-exporter.yml new file mode 100644 index 0000000..d07c590 --- /dev/null +++ b/docker-stack/prometheus-node-exporter.yml @@ -0,0 +1,50 @@ +version: "3.8" + +networks: + host-network: + name: host + external: true + prometheus-network: + external: true + traefik-network: + external: true + +services: + prometheus-node-exporter-service: + image: docker.io/prom/node-exporter:latest + hostname: prometheus-node-exporter-service-host + tty: true + environment: + - DS_NODE_NAME="{{.Node.Hostname}}" + - DS_SERVICE_NAME="{{.Service.Name}}" + - DS_TASK_NAME="{{.Task.Name}}" + networks: + - host-network + volumes: + - type: bind + source: / + target: /host + read_only: true + ##pid: host + command: + - --path.rootfs=/host + - --web.listen-address=:9100 + ##- --web.disable-exporter-metrics + ##- --log.level=debug + ##- --path.procfs=/host/proc + ##- --path.sysfs=/host/sys + ##- --collector.filesystem.ignored-mount-points="^/(sys|proc|dev|host|etc)/?.*$$" + ##ports: + ## - target: 9100 + ## published: 9100 + ## protocol: tcp + deploy: + mode: global + ##placement: + ##constraints: + ## - node.role == manager + resources: + limits: + memory: 256MB + restart_policy: + condition: on-failure diff --git a/docker-stack/prometheus.conf.yml b/docker-stack/prometheus.conf.yml new file mode 100644 index 0000000..74c7ab0 --- /dev/null +++ b/docker-stack/prometheus.conf.yml @@ -0,0 +1,56 @@ +global: + scrape_interval: 15s # By default, scrape targets every 15 seconds. + evaluation_interval: 15s + + # Attach these labels to any time series or alerts when communicating with + # external systems (federation, remote storage, Alertmanager). + external_labels: + monitor: codelab-monitor + +##rule_files: +## - prometheus.rules.yml + +scrape_configs: + - job_name: prometheus + scrape_interval: 10s + static_configs: + - targets: ['localhost:9090'] + + - job_name: gitea + scrape_interval: 10s + #scheme: https + #static_configs: + # - targets: ['gitea-service-host:3000'] + dns_sd_configs: + - names: ['gitea-service-host'] + type: A + port: 3000 + refresh_interval: 30s + + - job_name: node + scrape_interval: 10s + #scheme: https + #static_configs: + # - targets: ['prometheus-node-exporter-service-host:9100'] + ##dns_sd_configs: + ## - names: ['prometheus-node-exporter-service-host'] + ## type: A + ## port: 9100 + ## refresh_interval: 30s + dockerswarm_sd_configs: + - host: tcp://prometheus-socat-service-host:2375 + role: nodes + relabel_configs: + - source_labels: [__meta_dockerswarm_node_address] + target_label: __address__ + replacement: $1:9100 + - source_labels: [__meta_dockerswarm_node_hostname] + target_label: instance + + - job_name: cadvisor + scrape_interval: 10s + dns_sd_configs: + - names: ['cadvisor-service-host'] + type: A + port: 8080 + refresh_interval: 30s diff --git a/docker-stack/prometheus.yml b/docker-stack/prometheus.yml new file mode 100644 index 0000000..4fbbf2b --- /dev/null +++ b/docker-stack/prometheus.yml @@ -0,0 +1,64 @@ +version: "3.8" + +networks: + host-network: + name: host + external: true + prometheus-network: + external: true + traefik-network: + external: true + +services: + prometheus-socat-service: + image: docker.io/alpine/socat + hostname: prometheus-socat-service-host + command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock + environment: + - DS_NODE_NAME="{{.Node.Hostname}}" + - DS_SERVICE_NAME="{{.Service.Name}}" + - DS_TASK_NAME="{{.Task.Name}}" + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + networks: + - prometheus-network + deploy: + mode: global + placement: + constraints: + - node.role == manager + + prometheus-service: + image: docker.io/prom/prometheus:latest + hostname: prometheus-service-host + tty: true + environment: + - DS_NODE_NAME="{{.Node.Hostname}}" + - DS_SERVICE_NAME="{{.Service.Name}}" + - DS_TASK_NAME="{{.Task.Name}}" + networks: + - prometheus-network + ports: + - target: 9090 + published: 9090 + protocol: tcp + mode: ingress + volumes: + - type: bind + source: /home/gfs-data/prometheus/etc + target: /etc/prometheus + read_only: true + - type: bind + source: /home/gfs-data/prometheus/data + target: /prometheus + read_only: false + ##command: + ##- --config.file=/etc/prometheus/prometheus.yml + ##- --storage.tsdb.path=/prometheus + ##- --web.console.libraries=/usr/share/prometheus/console_libraries + ##- --web.console.templates=/usr/share/prometheus/consoles + deploy: + mode: replicated + replicas: 1 diff --git a/docker-stack/traefik-cert.yml b/docker-stack/traefik-cert.yml new file mode 100644 index 0000000..f9a50bf --- /dev/null +++ b/docker-stack/traefik-cert.yml @@ -0,0 +1,10 @@ +tls: + certificates: + - certFile: /config/miflux.crt + keyFile: /config/miflux.key + + stores: + default: + defaultCertificate: + certFile: /config/miflux.crt + keyFile: /config/miflux.key diff --git a/docker-stack/traefik.yml b/docker-stack/traefik.yml new file mode 100644 index 0000000..517685c --- /dev/null +++ b/docker-stack/traefik.yml @@ -0,0 +1,65 @@ +version: "3.8" + +networks: + host-network: + name: host + external: true + traefik-network: + external: true + +services: + traefik-service: + image: docker.io/traefik:2.9 + hostname: traefik-service-host + tty: true + environment: + - DS_NODE_NAME="{{.Node.Hostname}}" + - DS_SERVICE_NAME="{{.Service.Name}}" + - DS_TASK_NAME="{{.Task.Name}}" + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + # if /etc/traefik direcotry exists, traefik looks for /etc/traefik/traefik.toml + # use a different directory(/config) to avoid problems for the lack of traefik.toml + - type: bind + source: /home/gfs-data/traefik + target: /config + ports: + - target: 80 + published: 80 + protocol: tcp + mode: host + - target: 443 + published: 443 + protocol: tcp + mode: host + - target: 4444 + published: 4444 + protocol: tcp + mode: host + networks: + - traefik-network + #- host-network + deploy: + mode: global + placement: + constraints: [node.role == manager] + command: + - --log.level=INFO + - --accessLog + - --api.dashboard=true + - --api.insecure=true + - --ping=true + - --entrypoints.traefik.address=:4444 + - --entrypoints.web.address=:80 + ##- --entrypoints.web.http.redirections.entryPoint.to=websec + ##- --entrypoints.web.http.redirections.entryPoint.scheme=https + - --entrypoints.websec.address=:443 + - --providers.docker.swarmmode=true + - --providers.docker.exposedbydefault=false + - --providers.docker.network=traefik-network + - --providers.docker.watch=true + - --providers.file.filename=/config/traefik-cert.yml + - --providers.file.watch=true + - --metrics.prometheus=true