hyung-hwan/playground
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adding various docker stack files

Browse Source
This commit is contained in:
hyung-hwan 2022-10-10 01:59:31 +09:00
parent 4118d4e8c4
commit 7ab61b5805
16 changed files with 903 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docker-stack/Dockerfile.prom-proc-net Normal file
View File

@ -0,0 +1,6 @@
FROM alpine:3.16
RUN apk --update --no-cache add bash
COPY --chmod=755 prom-proc-net.sh /bin/prom-proc-net.sh
CMD ["/bin/prom-proc-net.sh"]

112
docker-stack/Makefile Normal file
View File

@ -0,0 +1,112 @@
DATA_ROOT := /home/gfs-data
all:
@echo "ERROR: Be specific with one or more targets"
build:
DOCKER_BUILDKIT=1 docker build -t alpine:prom-proc-net -f Dockerfile.prom-proc-net .
push:
docker tag alpine:prom-proc-net docker.io/hyunghwan/alpine:prom-proc-net
docker push docker.io/hyunghwan/alpine:prom-proc-net
init-traefik-data:
mkdir -p "$(DATA_ROOT)/traefik"
cp traefik-cert.yml "$(DATA_ROOT)/traefik"
cp /etc/letsencrypt/live/miflux.com/fullchain.pem "$(DATA_ROOT)/traefik/miflux.crt"
cp /etc/letsencrypt/live/miflux.com/privkey.pem "$(DATA_ROOT)/traefik/miflux.key"
init-prometheus-data:
mkdir -p "$(DATA_ROOT)/prometheus/etc"
mkdir -p "$(DATA_ROOT)/prometheus/data"
chown 65534:65534 "$(DATA_ROOT)/prometheus/data"
cp prometheus.conf.yml "$(DATA_ROOT)/prometheus/etc/prometheus.yml"
network-up-drone:
docker network create --driver overlay --attachable drone-network
network-down-drone:
docker network rm drone-network
network-up-prometheus:
docker network create --driver overlay --attachable prometheus-network
network-down-prometheus:
docker network rm prometheus-network
network-up-traefik:
docker network create --driver overlay --attachable traefik-network
network-down-traefik:
docker network rm traefik-network
stack-up-traefik:
docker stack deploy --compose-file traefik.yml traefik-stack
stack-down-traefik:
docker stack rm traefik-stack
stack-up-codepot:
docker stack deploy --compose-file codepot.yml codepot-stack
stack-down-codepot:
docker stack rm codepot-stack
stack-up-gitea:
docker stack deploy --compose-file gitea.yml gitea-stack
stack-down-gitea:
docker stack rm gitea-stack
stack-up-drone:
docker stack deploy --compose-file drone.yml drone-stack
stack-down-drone:
docker stack rm drone-stack
stack-up-drone-runner:
docker stack deploy --compose-file drone-runner.yml drone-runner-stack
stack-down-drone-runner:
docker stack rm drone-runner-stack
stack-up-portainer:
docker stack deploy --compose-file portainer.yml portainer-stack
stack-down-portainer:
docker stack rm portainer-stack
#------------------------------------------------
stack-up-cadvisor:
docker stack deploy --compose-file cadvisor.yml cadvisor-stack
stack-down-cadvisor:
docker stack rm cadvisor-stack
stack-up-prometheus-node-exporter:
docker stack deploy --compose-file prometheus-node-exporter.yml prometheus-node-exporter-stack
stack-down-prometheus-node-exporter:
docker stack rm prometheus-node-exporter-stack
stack-up-prometheus:
docker stack deploy --compose-file prometheus.yml prometheus-stack
stack-down-prometheus:
docker stack rm prometheus-stack
stack-up-grafana:
docker stack deploy --compose-file grafana.yml grafana-stack
stack-down-grafana:
docker stack rm grafana-stack
stack-up-monitor: stack-up-prometheus-node-exporter stack-up-prometheus stack-up-grafana
stack-down-monitor: stack-down-grafana stack-down-prometheus stack-down-prometheus-node-exporter
#------------------------------------------------
stack-down-all: stack-down-portainer stack-down-drone-runner stack-down-drone stack-down-gitea stack-down-codepot stack-down-traefik
stack-up-all: stack-up-traefik stack-up-codepot stack-up-gitea stack-up-drone stack-up-drone-runner stack-up-portainer

45
docker-stack/cadvisor.yml Normal file
View File

@ -0,0 +1,45 @@
version: "3.8"
networks:
host-network:
name: host
external: true
prometheus-network:
external: true
traefik-network:
external: true
services:
cadvisor-service:
##image: docker.io/google/cadvisor
image: gcr.io/cadvisor/cadvisor
hostname: cadvisor-service-host
command:
- -logtostderr
#- -docker_only
environment:
- DS_NODE_NAME="{{.Node.Hostname}}"
- DS_SERVICE_NAME="{{.Service.Name}}"
- DS_TASK_NAME="{{.Task.Name}}"
networks:
- traefik-network
- prometheus-network
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
ports:
- target: 8080
published: 9080
protocol: tcp
mode: ingress
##privileged: true
deploy:
mode: global
restart_policy:
condition: on-failure
resources:
limits:
memory: 256MB

45
docker-stack/codepot.yml Normal file
View File

@ -0,0 +1,45 @@
version: '3.8'
networks:
traefik-network:
external: true
services:
codepot-service:
image: docker.io/hyunghwan/codepot:ubnt
hostname: codepot-service-host
tty: true
environment:
- DS_NODE_NAME="{{.Node.Hostname}}"
- DS_SERVICE_NAME="{{.Service.Name}}"
- DS_TASK_NAME="{{.Task.Name}}"
command:
- --port=80
- --hide-index-page=yes
- --https-redirected=yes
volumes:
- type: bind
source: /home/gfs-data/codepot-1
target: /var/lib/codepot
deploy:
replicas: 1
placement:
max_replicas_per_node: 1
##constraints: [node.role == manager]
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.codepot-secure.entrypoints=websec
- traefik.http.routers.codepot-secure.rule=Host(`gitea.miflux.com`)
- traefik.http.routers.codepot-secure.tls=true
- traefik.http.routers.codepot-plain.entrypoints=web
- traefik.http.routers.codepot-plain.rule=Host(`gitea.miflux.com`)
- traefik.http.services.codepot.loadbalancer.sticky.cookie=true
- traefik.http.services.codepot.loadbalancer.sticky.cookie.name=codepot-sticker
- traefik.http.services.codepot.loadbalancer.server.port=80
networks:
- traefik-network

58
docker-stack/drone-runner.yml Normal file
View File

@ -0,0 +1,58 @@
version: "3.8"
networks:
drone-network:
external: true
traefik-network:
external: true
services:
drone-runner-service:
image: docker.io/drone/drone-runner-docker:1
hostname: drone-runner-service-host
tty: true
environment:
##- DRONE_RPC_PROTO=https
##- DRONE_RPC_HOST=ci.miflux.com
- DRONE_RPC_PROTO=http
- DRONE_RPC_HOST=drone-service-host
- DRONE_RPC_PORT=:80
- DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d
- DRONE_RUNNER_CAPACITY=10
- DRONE_RUNNER_NAME=drone-runner-docker-1
- DS_NODE_NAME="{{.Node.Hostname}}"
- DS_SERVICE_NAME="{{.Service.Name}}"
- DS_TASK_NAME="{{.Task.Name}}"
networks:
- drone-network
##- traefik-network
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
# - type: bind
# source: /etc/timezone
# target: /etc/timezone
# read_only: true
# - type: bind
# source: /etc/localtime
# target: /etc/localtime
# read_only: true
#ports:
# - target: 3000
# published: 3000
# protocol: tcp
deploy:
mode: global
##mode: replicated
##replicas: 3
##placement:
##max_replicas_per_node: 1
##constraints:
## - node.labels.location == home
## - node.hostname == rose
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure

74
docker-stack/drone.yml Normal file
View File

@ -0,0 +1,74 @@
version: "3.8"
networks:
drone-network:
external: true
traefik-network:
external: true
services:
drone-service:
image: docker.io/drone/drone:2
hostname: drone-service-host
tty: true
environment:
## unabel to use the internal DNS name as this URL is shown to
## the user for oauth login.
##- DRONE_GITEA_SERVER=http://gitea-service-host:3000
- DRONE_GITEA_SERVER=https://code.miflux.com
- DRONE_GITEA_CLIENT_ID=55c9b1a3-0902-4877-bc7a-225a87906b52
- DRONE_GITEA_CLIENT_SECRET=gto_5vemyidhgakygsowyjkhm2kqvjksdpzaiakfscj7e6dfmnips4xa
- DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d
- DRONE_SERVER_HOST=ci.miflux.com
- DRONE_SERVER_PROTO=https
- DRONE_USER_CREATE=username:hyung-hwan,admin:true
- DS_NODE_NAME="{{.Node.Hostname}}"
- DS_SERVICE_NAME="{{.Service.Name}}"
- DS_TASK_NAME="{{.Task.Name}}"
networks:
- drone-network
- traefik-network
volumes:
- type: bind
source: /home/gfs-data/drone
target: /data
- type: bind
source: /etc/timezone
target: /etc/timezone
read_only: true
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
# ports:
# - target: 80
# published: 80
# protocol: tcp
# - target: 443
# published: 443
# protocol: tcp
deploy:
mode: replicated
replicas: 1
placement:
max_replicas_per_node: 1
##constraints:
## - node.labels.location == home
## - node.hostname == rose
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
##- traefik.docker.network=traefik-network
- traefik.http.routers.drone-https.entrypoints=websec
- traefik.http.routers.drone-https.rule=Host(`ci.miflux.com`)
- traefik.http.routers.drone-https.tls=true
# - traefik.http.routers.drone-http.entrypoints=web
# - traefik.http.routers.drone-http.rule=Host(`ci.miflux.com`)
# - traefik.http.routers.drone-http.tls=false
- traefik.http.services.drone-service.loadbalancer.server.port=80
- traefik.http.services.drone-service.loadbalancer.sticky.cookie=true
- traefik.http.services.drone-service.loadbalancer.sticky.cookie.name=drone-sticker

86
docker-stack/gitea.yml Normal file
View File

@ -0,0 +1,86 @@
version: "3.8"
networks:
host-network:
name: host
external: true
prometheus-network:
external: true
traefik-network:
external: true
services:
gitea-service:
image: gitea/gitea:latest
hostname: gitea-service-host
tty: true
environment:
##- USER_UID=1000
##- USER_GID=1000
- GITEA____APP_NAME=HYUNG-HWAN
- GITEA__server__DISABLE_SSH=true
- GITEA__server__HTTP_PORT=3000
- GITEA__server__ROOT_URL=https://code.miflux.com/
- GITEA__indexer__REPO_INDEXER_ENABLED=true
- GITEA__indexer__REPO_INDEXER_PATH=/data/gitea/indexers/repos.bleve
- GITEA__indexer__UPDATE_BUFFER_LEN=20
- GITEA__indexer__MAX_FILE_SIZE=1048576
- GITEA__indexer__REPO_INDEXER_INCLUDE=
- GITEA__indexer__REPO_INDEXER_EXCLUDE=resources/bin/**
- GITEA__service__DISABLE_REGISTRATION=true
- GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=true
- GITEA__service__EMAIL_NOTIFY_TRUE=false
- GITEA__openid__ENABLE_OPENID_SIGNIN=false
- GITEA__openid__ENABLE_OPENID_SIGNUP=false
- GITEA__wehhook__ALLOWED_HOST_LIST=*
- GITEA__metrics__ENABLED=true
- DS_NODE_NAME="{{.Node.Hostname}}"
- DS_SERVICE_NAME="{{.Service.Name}}"
- DS_TASK_NAME="{{.Task.Name}}"
networks:
- traefik-network
- prometheus-network
volumes:
- type: bind
source: /home/gfs-data/gitea
target: /data
- type: bind
source: /etc/timezone
target: /etc/timezone
read_only: true
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
# ports:
# - target: 3000
# published: 3000
# protocol: tcp
# - target: 22
# published: 222
# protocol: tcp
deploy:
mode: replicated
replicas: 1
placement:
max_replicas_per_node: 1
##constraints:
## - node.labels.location == home
## - node.hostname == rose
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
##- traefik.docker.network=traefik-network
- traefik.http.routers.gitea-https.entrypoints=websec
- traefik.http.routers.gitea-https.rule=Host(`code.miflux.com`)
- traefik.http.routers.gitea-https.tls=true
# - traefik.http.routers.gitea-http.entrypoints=web
# - traefik.http.routers.gitea-http.rule=Host(`code.miflux.com`)
# - traefik.http.routers.gitea-http.tls=false
- traefik.http.services.gitea-service.loadbalancer.server.port=3000
- traefik.http.services.gitea-service.loadbalancer.sticky.cookie=true
- traefik.http.services.gitea-service.loadbalancer.sticky.cookie.name=gitea-sticker

52
docker-stack/grafana.yml Normal file
View File

@ -0,0 +1,52 @@
version: "3.9"
networks:
host-network:
name: host
external: true
prometheus-network:
external: true
traefik-network:
external: true
services:
grafana-service:
image: docker.io/grafana/grafana:latest
hostname: grafana-service-host
tty: true
environment:
- GF_SECURITY_ADMIN_USER=admin
- GF_SECURITY_ADMIN_PASSWORD=admin
- DS_NODE_NAME="{{.Node.Hostname}}"
- DS_SERVICE_NAME="{{.Service.Name}}"
- DS_TASK_NAME="{{.Task.Name}}"
networks:
- prometheus-network
- traefik-network
##depends_on:
## - prometheus-service
deploy:
mode: replicated
replicas: 1
placement:
max_replicas_per_node: 1
##constraints:
## - node.labels.location == home
## - node.hostname == rose
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
##- traefik.docker.network=traefik-network
- traefik.http.routers.grafana-https.entrypoints=websec
- traefik.http.routers.grafana-https.rule=Host(`gf.miflux.com`)
- traefik.http.routers.grafana-https.tls=true
##- traefik.http.routers.grafana-http.entrypoints=web
##- traefik.http.routers.grafana-http.rule=Host(`gf.miflux.com`)
##- traefik.http.routers.grafana-http.tls=false
- traefik.http.services.grafana-service.loadbalancer.server.port=3000
- traefik.http.services.grafana-service.loadbalancer.sticky.cookie=true
- traefik.http.services.grafana-service.loadbalancer.sticky.cookie.name=grafana-sticker

105
docker-stack/monitor.yml Normal file
View File

@ -0,0 +1,105 @@
version: "3.9"
networks:
host-network:
name: host
external: true
prometheus-network:
external: false
traefik-network:
external: true
services:
prometheus-service:
image: docker.io/prom/prometheus:latest
hostname: prometheus-service-host
networks:
- prometheus-network
volumes:
- type: bind
source: /home/gfs-data/monitor/prometheus/etc
target: /etc/prometheus
read_only: true
- type: bind
source: /home/gfs-data/monitor/prometheus/data
target: /prometheus
read_only: false
##command:
##- --config.file=/etc/prometheus/prometheus.yml
##- --storage.tsdb.path=/prometheus
##- --web.console.libraries=/usr/share/prometheus/console_libraries
##- --web.console.templates=/usr/share/prometheus/consoles
prometheus-node-exporter-service:
image: docker.io/prom/node-exporter:latest
hostname: prometheus-node-exporter-service-host
networks:
- prometheus-network
- host-network
volumes:
- type: bind
source: /
target: /host
read_only: true
bind:
propagation: rslave
pid: host
command:
- --path.rootfs=/host
##- --path.procfs=/host/proc
##- --path.sysfs=/host/sys
##- --collector.filesystem.ignored-mount-points="^/(sys|proc|dev|host|etc)/?.*$$"
##ports:
## - target: 9100
## published: 9100
## protocol: tcp
deploy:
mode: global
##replicas: 3
##placement:
##max_replicas_per_node: 1
##constraints:
## - node.labels.location == home
## - node.hostname == rose
resources:
limits:
memory: 256MB
restart_policy:
condition: on-failure
grafana-service:
image: docker.io/grafana/grafana:latest
hostname: grafana-service-host
environment:
- GF_SECURITY_ADMIN_USER=admin
- GF_SECURITY_ADMIN_PASSWORD=admin
networks:
- prometheus-network
- traefik-network
depends_on:
- prometheus-service
deploy:
mode: replicated
replicas: 1
placement:
max_replicas_per_node: 1
##constraints:
## - node.labels.location == home
## - node.hostname == rose
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
##- traefik.docker.network=traefik-network
- traefik.http.routers.grafana-https.entrypoints=websec
- traefik.http.routers.grafana-https.rule=Host(`gf.miflux.com`)
- traefik.http.routers.grafana-https.tls=true
##- traefik.http.routers.grafana-http.entrypoints=web
##- traefik.http.routers.grafana-http.rule=Host(`gf.miflux.com`)
##- traefik.http.routers.grafana-http.tls=false
- traefik.http.services.grafana-service.loadbalancer.server.port=3000
- traefik.http.services.grafana-service.loadbalancer.sticky.cookie=true
- traefik.http.services.grafana-service.loadbalancer.sticky.cookie.name=grafana-sticker

48
docker-stack/portainer.yml Normal file
View File

@ -0,0 +1,48 @@
version: '3.8'
networks:
traefik-network:
external: true
services:
portainer-service:
image: docker.io/portainer/portainer-ce:latest
hostname: portainer-service-host
#stdin_open: true
#tty: true
command: -H unix:///var/run/docker.sock
volumes:
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
- type: bind
source: /home/gfs-data/portainer-1
target: /data
read_only: false
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
read_only: true
deploy:
replicas: 1
placement:
max_replicas_per_node: 1
##constraints: [node.role == manager]
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.portainer-secure.entrypoints=websec
- traefik.http.routers.portainer-secure.rule=Host(`pt.miflux.com`)
- traefik.http.routers.portainer-secure.tls=true
- traefik.http.routers.portainer-plain.entrypoints=web
- traefik.http.routers.portainer-plain.rule=Host(`pt.miflux.com`)
- traefik.http.services.portainer.loadbalancer.sticky.cookie=true
- traefik.http.services.portainer.loadbalancer.sticky.cookie.name=portainer-sticker
- traefik.http.services.portainer.loadbalancer.server.port=9000
networks:
- traefik-network

27
docker-stack/prom-proc-net.sh Normal file
View File

@ -0,0 +1,27 @@
#!/bin/bash
[ -z "${PROM_PROC_NET_DIR}" ] && PROM_PROC_NET_DIR="/tmp/prometheus-proc-net"
function copy() {
local basedir="$1"
local tgtdir="$2"
for f in "$basedir"/*
do
local tgtfile=${f##$basedir/}
if [[ -d "$f" ]]
then
mkdir -p "${tgtdir}/${tgtfile}"
copy "$f" "${tgtdir}/${tgtfile}"
elif [[ -r "$f" ]]
then
cat "$f" "${tgtdir}/${tgtfile}"
:
fi
done
}
while true
do
copy "/proc/net" "${PROM_PROC_NET_DIR}"
sleep 0.5
done

50
docker-stack/prometheus-node-exporter.yml Normal file
View File

@ -0,0 +1,50 @@
version: "3.8"
networks:
host-network:
name: host
external: true
prometheus-network:
external: true
traefik-network:
external: true
services:
prometheus-node-exporter-service:
image: docker.io/prom/node-exporter:latest
hostname: prometheus-node-exporter-service-host
tty: true
environment:
- DS_NODE_NAME="{{.Node.Hostname}}"
- DS_SERVICE_NAME="{{.Service.Name}}"
- DS_TASK_NAME="{{.Task.Name}}"
networks:
- host-network
volumes:
- type: bind
source: /
target: /host
read_only: true
##pid: host
command:
- --path.rootfs=/host
- --web.listen-address=:9100
##- --web.disable-exporter-metrics
##- --log.level=debug
##- --path.procfs=/host/proc
##- --path.sysfs=/host/sys
##- --collector.filesystem.ignored-mount-points="^/(sys|proc|dev|host|etc)/?.*$$"
##ports:
## - target: 9100
## published: 9100
## protocol: tcp
deploy:
mode: global
##placement:
##constraints:
## - node.role == manager
resources:
limits:
memory: 256MB
restart_policy:
condition: on-failure

56
docker-stack/prometheus.conf.yml Normal file
View File

@ -0,0 +1,56 @@
global:
scrape_interval: 15s # By default, scrape targets every 15 seconds.
evaluation_interval: 15s
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
external_labels:
monitor: codelab-monitor
##rule_files:
## - prometheus.rules.yml
scrape_configs:
- job_name: prometheus
scrape_interval: 10s
static_configs:
- targets: ['localhost:9090']
- job_name: gitea
scrape_interval: 10s
#scheme: https
#static_configs:
# - targets: ['gitea-service-host:3000']
dns_sd_configs:
- names: ['gitea-service-host']
type: A
port: 3000
refresh_interval: 30s
- job_name: node
scrape_interval: 10s
#scheme: https
#static_configs:
# - targets: ['prometheus-node-exporter-service-host:9100']
##dns_sd_configs:
## - names: ['prometheus-node-exporter-service-host']
## type: A
## port: 9100
## refresh_interval: 30s
dockerswarm_sd_configs:
- host: tcp://prometheus-socat-service-host:2375
role: nodes
relabel_configs:
- source_labels: [__meta_dockerswarm_node_address]
target_label: __address__
replacement: $1:9100
- source_labels: [__meta_dockerswarm_node_hostname]
target_label: instance
- job_name: cadvisor
scrape_interval: 10s
dns_sd_configs:
- names: ['cadvisor-service-host']
type: A
port: 8080
refresh_interval: 30s

64
docker-stack/prometheus.yml Normal file
View File

@ -0,0 +1,64 @@
version: "3.8"
networks:
host-network:
name: host
external: true
prometheus-network:
external: true
traefik-network:
external: true
services:
prometheus-socat-service:
image: docker.io/alpine/socat
hostname: prometheus-socat-service-host
command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock
environment:
- DS_NODE_NAME="{{.Node.Hostname}}"
- DS_SERVICE_NAME="{{.Service.Name}}"
- DS_TASK_NAME="{{.Task.Name}}"
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
networks:
- prometheus-network
deploy:
mode: global
placement:
constraints:
- node.role == manager
prometheus-service:
image: docker.io/prom/prometheus:latest
hostname: prometheus-service-host
tty: true
environment:
- DS_NODE_NAME="{{.Node.Hostname}}"
- DS_SERVICE_NAME="{{.Service.Name}}"
- DS_TASK_NAME="{{.Task.Name}}"
networks:
- prometheus-network
ports:
- target: 9090
published: 9090
protocol: tcp
mode: ingress
volumes:
- type: bind
source: /home/gfs-data/prometheus/etc
target: /etc/prometheus
read_only: true
- type: bind
source: /home/gfs-data/prometheus/data
target: /prometheus
read_only: false
##command:
##- --config.file=/etc/prometheus/prometheus.yml
##- --storage.tsdb.path=/prometheus
##- --web.console.libraries=/usr/share/prometheus/console_libraries
##- --web.console.templates=/usr/share/prometheus/consoles
deploy:
mode: replicated
replicas: 1

10
docker-stack/traefik-cert.yml Normal file
View File

@ -0,0 +1,10 @@
tls:
certificates:
- certFile: /config/miflux.crt
keyFile: /config/miflux.key
stores:
default:
defaultCertificate:
certFile: /config/miflux.crt
keyFile: /config/miflux.key

65
docker-stack/traefik.yml Normal file
View File

@ -0,0 +1,65 @@
version: "3.8"
networks:
host-network:
name: host
external: true
traefik-network:
external: true
services:
traefik-service:
image: docker.io/traefik:2.9
hostname: traefik-service-host
tty: true
environment:
- DS_NODE_NAME="{{.Node.Hostname}}"
- DS_SERVICE_NAME="{{.Service.Name}}"
- DS_TASK_NAME="{{.Task.Name}}"
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
# if /etc/traefik direcotry exists, traefik looks for /etc/traefik/traefik.toml
# use a different directory(/config) to avoid problems for the lack of traefik.toml
- type: bind
source: /home/gfs-data/traefik
target: /config
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 4444
published: 4444
protocol: tcp
mode: host
networks:
- traefik-network
#- host-network
deploy:
mode: global
placement:
constraints: [node.role == manager]
command:
- --log.level=INFO
- --accessLog
- --api.dashboard=true
- --api.insecure=true
- --ping=true
- --entrypoints.traefik.address=:4444
- --entrypoints.web.address=:80
##- --entrypoints.web.http.redirections.entryPoint.to=websec
##- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.websec.address=:443
- --providers.docker.swarmmode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=traefik-network
- --providers.docker.watch=true
- --providers.file.filename=/config/traefik-cert.yml
- --providers.file.watch=true
- --metrics.prometheus=true