adding various docker stack files

docker-stack/Dockerfile.prom-proc-net

@@ -0,0 +1,6 @@
+FROM alpine:3.16
+
+RUN apk --update --no-cache add bash
+COPY --chmod=755 prom-proc-net.sh /bin/prom-proc-net.sh
+
+CMD ["/bin/prom-proc-net.sh"]

docker-stack/Makefile

@@ -0,0 +1,112 @@
+DATA_ROOT := /home/gfs-data
+
+all:
+	@echo  "ERROR: Be specific with one or more targets"
+
+build:
+	DOCKER_BUILDKIT=1 docker build -t alpine:prom-proc-net -f Dockerfile.prom-proc-net .
+
+push:
+	docker tag alpine:prom-proc-net docker.io/hyunghwan/alpine:prom-proc-net
+	docker push docker.io/hyunghwan/alpine:prom-proc-net
+
+init-traefik-data:
+	mkdir -p "$(DATA_ROOT)/traefik"
+	cp traefik-cert.yml "$(DATA_ROOT)/traefik"
+	cp /etc/letsencrypt/live/miflux.com/fullchain.pem "$(DATA_ROOT)/traefik/miflux.crt"
+	cp /etc/letsencrypt/live/miflux.com/privkey.pem "$(DATA_ROOT)/traefik/miflux.key"
+
+init-prometheus-data:
+	mkdir -p "$(DATA_ROOT)/prometheus/etc"
+	mkdir -p "$(DATA_ROOT)/prometheus/data"
+	chown 65534:65534 "$(DATA_ROOT)/prometheus/data"
+	cp prometheus.conf.yml "$(DATA_ROOT)/prometheus/etc/prometheus.yml"
+
+network-up-drone:
+	docker network create --driver overlay --attachable drone-network
+
+network-down-drone:
+	docker network rm drone-network
+
+network-up-prometheus:
+	docker network create --driver overlay --attachable prometheus-network
+
+network-down-prometheus:
+	docker network rm prometheus-network
+
+network-up-traefik:
+	docker network create --driver overlay --attachable traefik-network
+
+network-down-traefik:
+	docker network rm traefik-network
+
+stack-up-traefik:
+	docker stack deploy --compose-file traefik.yml traefik-stack
+
+stack-down-traefik:
+	docker stack rm traefik-stack
+
+
+stack-up-codepot:
+	docker stack deploy --compose-file codepot.yml codepot-stack
+
+stack-down-codepot:
+	docker stack rm codepot-stack
+
+stack-up-gitea:
+	docker stack deploy --compose-file gitea.yml gitea-stack
+
+stack-down-gitea:
+	docker stack rm gitea-stack
+
+stack-up-drone:
+	docker stack deploy --compose-file drone.yml drone-stack
+
+stack-down-drone:
+	docker stack rm drone-stack
+
+stack-up-drone-runner:
+	docker stack deploy --compose-file drone-runner.yml drone-runner-stack
+
+stack-down-drone-runner:
+	docker stack rm drone-runner-stack
+
+stack-up-portainer:
+	docker stack deploy --compose-file portainer.yml portainer-stack
+
+stack-down-portainer:
+	docker stack rm portainer-stack
+
+#------------------------------------------------
+stack-up-cadvisor:
+	docker stack deploy --compose-file cadvisor.yml cadvisor-stack
+
+stack-down-cadvisor:
+	docker stack rm cadvisor-stack
+
+stack-up-prometheus-node-exporter:
+	docker stack deploy --compose-file prometheus-node-exporter.yml prometheus-node-exporter-stack
+
+stack-down-prometheus-node-exporter:
+	docker stack rm prometheus-node-exporter-stack
+
+stack-up-prometheus:
+	docker stack deploy --compose-file prometheus.yml prometheus-stack
+
+stack-down-prometheus:
+	docker stack rm prometheus-stack
+
+stack-up-grafana:
+	docker stack deploy --compose-file grafana.yml grafana-stack
+
+stack-down-grafana:
+	docker stack rm grafana-stack
+
+stack-up-monitor: stack-up-prometheus-node-exporter stack-up-prometheus stack-up-grafana
+
+stack-down-monitor: stack-down-grafana stack-down-prometheus stack-down-prometheus-node-exporter 
+
+#------------------------------------------------
+stack-down-all: stack-down-portainer stack-down-drone-runner stack-down-drone  stack-down-gitea stack-down-codepot stack-down-traefik
+
+stack-up-all: stack-up-traefik  stack-up-codepot  stack-up-gitea  stack-up-drone  stack-up-drone-runner  stack-up-portainer

docker-stack/cadvisor.yml

@@ -0,0 +1,45 @@
+version: "3.8"
+
+networks:
+  host-network:
+    name: host
+    external: true
+  prometheus-network:
+    external: true
+  traefik-network:
+    external: true
+
+services:
+  cadvisor-service:
+    ##image: docker.io/google/cadvisor
+    image: gcr.io/cadvisor/cadvisor
+    hostname: cadvisor-service-host
+    command: 
+      - -logtostderr
+      #- -docker_only
+    environment:
+      - DS_NODE_NAME="{{.Node.Hostname}}"
+      - DS_SERVICE_NAME="{{.Service.Name}}"
+      - DS_TASK_NAME="{{.Task.Name}}"
+    networks:
+      - traefik-network
+      - prometheus-network
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:rw
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /dev/disk/:/dev/disk:ro
+    ports:
+      - target: 8080
+        published: 9080
+        protocol: tcp
+        mode: ingress
+    ##privileged: true
+    deploy:
+       mode: global
+       restart_policy:
+         condition: on-failure
+       resources:
+         limits:
+           memory: 256MB

docker-stack/codepot.yml

@@ -0,0 +1,45 @@
+version: '3.8'
+
+networks:
+  traefik-network:
+    external: true
+
+services:
+  codepot-service:
+    image: docker.io/hyunghwan/codepot:ubnt
+    hostname: codepot-service-host
+    tty: true
+    environment:
+      - DS_NODE_NAME="{{.Node.Hostname}}"
+      - DS_SERVICE_NAME="{{.Service.Name}}"
+      - DS_TASK_NAME="{{.Task.Name}}"
+    command:
+      - --port=80
+      - --hide-index-page=yes
+      - --https-redirected=yes
+    volumes:
+      - type: bind
+        source: /home/gfs-data/codepot-1
+        target: /var/lib/codepot
+    deploy:
+      replicas: 1
+      placement:
+        max_replicas_per_node: 1
+        ##constraints: [node.role == manager]
+      resources:
+        limits:
+          memory: 1GB
+      restart_policy:
+        condition: on-failure
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.codepot-secure.entrypoints=websec
+        - traefik.http.routers.codepot-secure.rule=Host(`gitea.miflux.com`)
+        - traefik.http.routers.codepot-secure.tls=true
+        - traefik.http.routers.codepot-plain.entrypoints=web
+        - traefik.http.routers.codepot-plain.rule=Host(`gitea.miflux.com`)
+        - traefik.http.services.codepot.loadbalancer.sticky.cookie=true
+        - traefik.http.services.codepot.loadbalancer.sticky.cookie.name=codepot-sticker
+        - traefik.http.services.codepot.loadbalancer.server.port=80
+    networks:
+      - traefik-network

docker-stack/drone-runner.yml

@@ -0,0 +1,58 @@
+version: "3.8"
+
+networks:
+  drone-network:
+    external: true
+  traefik-network:
+    external: true
+
+services:
+  drone-runner-service:
+    image: docker.io/drone/drone-runner-docker:1
+    hostname: drone-runner-service-host
+    tty: true
+    environment:
+      ##- DRONE_RPC_PROTO=https
+      ##- DRONE_RPC_HOST=ci.miflux.com
+      - DRONE_RPC_PROTO=http
+      - DRONE_RPC_HOST=drone-service-host
+      - DRONE_RPC_PORT=:80
+      - DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d
+      - DRONE_RUNNER_CAPACITY=10
+      - DRONE_RUNNER_NAME=drone-runner-docker-1
+      - DS_NODE_NAME="{{.Node.Hostname}}"
+      - DS_SERVICE_NAME="{{.Service.Name}}"
+      - DS_TASK_NAME="{{.Task.Name}}"
+    networks:
+      - drone-network
+      ##- traefik-network  
+    volumes:
+      - type: bind
+        source: /var/run/docker.sock
+        target: /var/run/docker.sock
+    # - type: bind
+    #   source: /etc/timezone
+    #   target: /etc/timezone
+    #   read_only: true
+    # - type: bind
+    #   source: /etc/localtime
+    #   target: /etc/localtime
+    #   read_only: true
+    #ports:
+    #  - target: 3000
+    #    published: 3000
+    #    protocol: tcp
+    deploy:
+      mode: global
+      ##mode: replicated
+      ##replicas: 3
+      ##placement:
+        ##max_replicas_per_node: 1
+        ##constraints:
+        ##  - node.labels.location == home
+        ##  - node.hostname == rose
+      resources:
+        limits:
+          memory: 1GB
+      restart_policy:
+        condition: on-failure

docker-stack/drone.yml

@@ -0,0 +1,74 @@
+version: "3.8"
+
+networks:
+  drone-network:
+    external: true
+  traefik-network:
+    external: true
+
+services:
+  drone-service:
+    image: docker.io/drone/drone:2
+    hostname: drone-service-host
+    tty: true
+    environment:
+      ## unabel to use the internal DNS name as this URL is shown to 
+      ## the user for oauth login.
+      ##- DRONE_GITEA_SERVER=http://gitea-service-host:3000
+      - DRONE_GITEA_SERVER=https://code.miflux.com
+      - DRONE_GITEA_CLIENT_ID=55c9b1a3-0902-4877-bc7a-225a87906b52
+      - DRONE_GITEA_CLIENT_SECRET=gto_5vemyidhgakygsowyjkhm2kqvjksdpzaiakfscj7e6dfmnips4xa
+      - DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d
+      - DRONE_SERVER_HOST=ci.miflux.com
+      - DRONE_SERVER_PROTO=https
+      - DRONE_USER_CREATE=username:hyung-hwan,admin:true
+      - DS_NODE_NAME="{{.Node.Hostname}}"
+      - DS_SERVICE_NAME="{{.Service.Name}}"
+      - DS_TASK_NAME="{{.Task.Name}}"
+    networks:
+      - drone-network
+      - traefik-network  
+    volumes:
+      - type: bind
+        source: /home/gfs-data/drone
+        target: /data
+      - type: bind
+        source: /etc/timezone
+        target: /etc/timezone
+        read_only: true
+      - type: bind
+        source: /etc/localtime
+        target: /etc/localtime
+        read_only: true
+#    ports:
+#      - target: 80
+#        published: 80
+#        protocol: tcp
+#      - target: 443
+#        published: 443
+#        protocol: tcp
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        max_replicas_per_node: 1
+        ##constraints:
+        ##  - node.labels.location == home
+        ##  - node.hostname == rose
+      resources:
+        limits:
+          memory: 1GB
+      restart_policy:
+        condition: on-failure
+      labels:
+        - traefik.enable=true
+        ##- traefik.docker.network=traefik-network
+        - traefik.http.routers.drone-https.entrypoints=websec
+        - traefik.http.routers.drone-https.rule=Host(`ci.miflux.com`)
+        - traefik.http.routers.drone-https.tls=true
+#        - traefik.http.routers.drone-http.entrypoints=web
+#        - traefik.http.routers.drone-http.rule=Host(`ci.miflux.com`)
+#        - traefik.http.routers.drone-http.tls=false
+        - traefik.http.services.drone-service.loadbalancer.server.port=80
+        - traefik.http.services.drone-service.loadbalancer.sticky.cookie=true
+        - traefik.http.services.drone-service.loadbalancer.sticky.cookie.name=drone-sticker

docker-stack/gitea.yml

@@ -0,0 +1,86 @@
+version: "3.8"
+
+networks:
+  host-network:
+    name: host
+    external: true
+  prometheus-network:
+    external: true
+  traefik-network:
+    external: true
+
+services:
+  gitea-service:
+    image: gitea/gitea:latest
+    hostname: gitea-service-host
+    tty: true
+    environment:
+      ##- USER_UID=1000
+      ##- USER_GID=1000
+      - GITEA____APP_NAME=HYUNG-HWAN
+      - GITEA__server__DISABLE_SSH=true
+      - GITEA__server__HTTP_PORT=3000
+      - GITEA__server__ROOT_URL=https://code.miflux.com/
+      - GITEA__indexer__REPO_INDEXER_ENABLED=true
+      - GITEA__indexer__REPO_INDEXER_PATH=/data/gitea/indexers/repos.bleve
+      - GITEA__indexer__UPDATE_BUFFER_LEN=20
+      - GITEA__indexer__MAX_FILE_SIZE=1048576
+      - GITEA__indexer__REPO_INDEXER_INCLUDE=
+      - GITEA__indexer__REPO_INDEXER_EXCLUDE=resources/bin/**
+      - GITEA__service__DISABLE_REGISTRATION=true
+      - GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=true
+      - GITEA__service__EMAIL_NOTIFY_TRUE=false
+      - GITEA__openid__ENABLE_OPENID_SIGNIN=false
+      - GITEA__openid__ENABLE_OPENID_SIGNUP=false
+      - GITEA__wehhook__ALLOWED_HOST_LIST=*
+      - GITEA__metrics__ENABLED=true
+      - DS_NODE_NAME="{{.Node.Hostname}}"
+      - DS_SERVICE_NAME="{{.Service.Name}}"
+      - DS_TASK_NAME="{{.Task.Name}}"
+    networks:
+      - traefik-network  
+      - prometheus-network  
+    volumes:
+      - type: bind
+        source: /home/gfs-data/gitea
+        target: /data
+      - type: bind
+        source: /etc/timezone
+        target: /etc/timezone
+        read_only: true
+      - type: bind
+        source: /etc/localtime
+        target: /etc/localtime
+        read_only: true
+#    ports:
+#      - target: 3000
+#        published: 3000
+#        protocol: tcp
+#      - target: 22
+#        published: 222
+#        protocol: tcp
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        max_replicas_per_node: 1
+        ##constraints:
+        ##  - node.labels.location == home
+        ##  - node.hostname == rose
+      resources:
+        limits:
+          memory: 1GB
+      restart_policy:
+        condition: on-failure
+      labels:
+        - traefik.enable=true
+        ##- traefik.docker.network=traefik-network
+        - traefik.http.routers.gitea-https.entrypoints=websec
+        - traefik.http.routers.gitea-https.rule=Host(`code.miflux.com`)
+        - traefik.http.routers.gitea-https.tls=true
+#        - traefik.http.routers.gitea-http.entrypoints=web
+#        - traefik.http.routers.gitea-http.rule=Host(`code.miflux.com`)
+#        - traefik.http.routers.gitea-http.tls=false
+        - traefik.http.services.gitea-service.loadbalancer.server.port=3000
+        - traefik.http.services.gitea-service.loadbalancer.sticky.cookie=true
+        - traefik.http.services.gitea-service.loadbalancer.sticky.cookie.name=gitea-sticker

docker-stack/grafana.yml

@@ -0,0 +1,52 @@
+version: "3.9"
+
+networks:
+  host-network:
+    name: host
+    external: true
+  prometheus-network:
+    external: true
+  traefik-network:
+    external: true
+
+services:
+  grafana-service:
+    image: docker.io/grafana/grafana:latest
+    hostname: grafana-service-host
+    tty: true
+    environment:
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=admin
+      - DS_NODE_NAME="{{.Node.Hostname}}"
+      - DS_SERVICE_NAME="{{.Service.Name}}"
+      - DS_TASK_NAME="{{.Task.Name}}"
+    networks:
+      - prometheus-network
+      - traefik-network
+    ##depends_on:
+    ##  - prometheus-service
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        max_replicas_per_node: 1
+        ##constraints:
+        ##  - node.labels.location == home
+        ##  - node.hostname == rose
+      resources:
+        limits:
+          memory: 1GB
+      restart_policy:
+        condition: on-failure
+      labels:
+        - traefik.enable=true
+        ##- traefik.docker.network=traefik-network
+        - traefik.http.routers.grafana-https.entrypoints=websec
+        - traefik.http.routers.grafana-https.rule=Host(`gf.miflux.com`)
+        - traefik.http.routers.grafana-https.tls=true
+        ##- traefik.http.routers.grafana-http.entrypoints=web
+        ##- traefik.http.routers.grafana-http.rule=Host(`gf.miflux.com`)
+        ##- traefik.http.routers.grafana-http.tls=false
+        - traefik.http.services.grafana-service.loadbalancer.server.port=3000
+        - traefik.http.services.grafana-service.loadbalancer.sticky.cookie=true
+        - traefik.http.services.grafana-service.loadbalancer.sticky.cookie.name=grafana-sticker

docker-stack/monitor.yml

@@ -0,0 +1,105 @@
+version: "3.9"
+
+networks:
+  host-network:
+    name: host
+    external: true
+  prometheus-network:
+    external: false
+  traefik-network:
+    external: true
+
+services:
+  prometheus-service:
+    image: docker.io/prom/prometheus:latest
+    hostname: prometheus-service-host
+    networks:
+      - prometheus-network
+    volumes:
+      - type: bind
+        source: /home/gfs-data/monitor/prometheus/etc
+        target: /etc/prometheus
+        read_only: true
+      - type: bind
+        source: /home/gfs-data/monitor/prometheus/data
+        target: /prometheus
+        read_only: false
+    ##command:
+      ##- --config.file=/etc/prometheus/prometheus.yml 
+      ##- --storage.tsdb.path=/prometheus 
+      ##- --web.console.libraries=/usr/share/prometheus/console_libraries 
+      ##- --web.console.templates=/usr/share/prometheus/consoles
+
+  prometheus-node-exporter-service:
+    image: docker.io/prom/node-exporter:latest
+    hostname: prometheus-node-exporter-service-host
+    networks:
+      - prometheus-network
+      - host-network
+    volumes:
+      - type: bind
+        source: /
+        target: /host
+        read_only: true
+        bind:
+          propagation: rslave
+    pid: host
+    command:
+      - --path.rootfs=/host
+      ##- --path.procfs=/host/proc
+      ##- --path.sysfs=/host/sys
+      ##- --collector.filesystem.ignored-mount-points="^/(sys|proc|dev|host|etc)/?.*$$"
+    ##ports:
+    ## - target: 9100
+    ##   published: 9100
+    ##   protocol: tcp
+    deploy:
+      mode: global
+      ##replicas: 3
+      ##placement:
+        ##max_replicas_per_node: 1
+        ##constraints:
+        ##  - node.labels.location == home
+        ##  - node.hostname == rose
+      resources:
+        limits:
+          memory: 256MB
+      restart_policy:
+        condition: on-failure
+
+  grafana-service:
+    image: docker.io/grafana/grafana:latest
+    hostname: grafana-service-host
+    environment:
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=admin
+    networks:
+      - prometheus-network
+      - traefik-network
+    depends_on:
+      - prometheus-service
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        max_replicas_per_node: 1
+        ##constraints:
+        ##  - node.labels.location == home
+        ##  - node.hostname == rose
+      resources:
+        limits:
+          memory: 1GB
+      restart_policy:
+        condition: on-failure
+      labels:
+        - traefik.enable=true
+        ##- traefik.docker.network=traefik-network
+        - traefik.http.routers.grafana-https.entrypoints=websec
+        - traefik.http.routers.grafana-https.rule=Host(`gf.miflux.com`)
+        - traefik.http.routers.grafana-https.tls=true
+        ##- traefik.http.routers.grafana-http.entrypoints=web
+        ##- traefik.http.routers.grafana-http.rule=Host(`gf.miflux.com`)
+        ##- traefik.http.routers.grafana-http.tls=false
+        - traefik.http.services.grafana-service.loadbalancer.server.port=3000
+        - traefik.http.services.grafana-service.loadbalancer.sticky.cookie=true
+        - traefik.http.services.grafana-service.loadbalancer.sticky.cookie.name=grafana-sticker

docker-stack/portainer.yml

@@ -0,0 +1,48 @@
+version: '3.8'
+
+networks:
+  traefik-network:
+    external: true
+
+services:
+  portainer-service:
+    image: docker.io/portainer/portainer-ce:latest
+    hostname: portainer-service-host
+    #stdin_open: true
+    #tty: true
+    command: -H unix:///var/run/docker.sock
+    volumes:
+      - type: bind
+        source: /etc/localtime
+        target: /etc/localtime
+        read_only: true
+      - type: bind
+        source: /home/gfs-data/portainer-1
+        target: /data
+        read_only: false
+      - type: bind
+        source: /var/run/docker.sock
+        target: /var/run/docker.sock
+        read_only: true
+    deploy:
+      replicas: 1
+      placement:
+        max_replicas_per_node: 1
+        ##constraints: [node.role == manager]
+      resources:
+        limits:
+          memory: 1GB
+      restart_policy:
+        condition: on-failure
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.portainer-secure.entrypoints=websec
+        - traefik.http.routers.portainer-secure.rule=Host(`pt.miflux.com`)
+        - traefik.http.routers.portainer-secure.tls=true
+        - traefik.http.routers.portainer-plain.entrypoints=web
+        - traefik.http.routers.portainer-plain.rule=Host(`pt.miflux.com`)
+        - traefik.http.services.portainer.loadbalancer.sticky.cookie=true
+        - traefik.http.services.portainer.loadbalancer.sticky.cookie.name=portainer-sticker
+        - traefik.http.services.portainer.loadbalancer.server.port=9000
+    networks:
+      - traefik-network

docker-stack/prom-proc-net.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+[ -z "${PROM_PROC_NET_DIR}" ] && PROM_PROC_NET_DIR="/tmp/prometheus-proc-net"
+
+function copy() {
+	local basedir="$1"
+	local tgtdir="$2"
+	for f in "$basedir"/*
+	do
+		local tgtfile=${f##$basedir/}
+		if [[ -d "$f" ]]
+		then
+			mkdir -p "${tgtdir}/${tgtfile}"
+			copy "$f" "${tgtdir}/${tgtfile}"
+		elif [[ -r "$f" ]]
+		then
+			cat "$f" "${tgtdir}/${tgtfile}" 
+			:
+		fi
+	done
+}
+
+while true
+do
+	copy "/proc/net" "${PROM_PROC_NET_DIR}"
+	sleep 0.5
+done

docker-stack/prometheus-node-exporter.yml

@@ -0,0 +1,50 @@
+version: "3.8"
+
+networks:
+  host-network:
+    name: host
+    external: true
+  prometheus-network:
+    external: true
+  traefik-network:
+    external: true
+
+services:
+  prometheus-node-exporter-service:
+    image: docker.io/prom/node-exporter:latest
+    hostname: prometheus-node-exporter-service-host
+    tty: true
+    environment:
+      - DS_NODE_NAME="{{.Node.Hostname}}"
+      - DS_SERVICE_NAME="{{.Service.Name}}"
+      - DS_TASK_NAME="{{.Task.Name}}"
+    networks:
+      - host-network
+    volumes:
+      - type: bind
+        source: /
+        target: /host
+        read_only: true
+    ##pid: host
+    command:
+      - --path.rootfs=/host
+      - --web.listen-address=:9100
+      ##- --web.disable-exporter-metrics
+      ##- --log.level=debug
+      ##- --path.procfs=/host/proc
+      ##- --path.sysfs=/host/sys
+      ##- --collector.filesystem.ignored-mount-points="^/(sys|proc|dev|host|etc)/?.*$$"
+    ##ports:
+    ##  - target: 9100
+    ##    published: 9100
+    ##    protocol: tcp
+    deploy:
+      mode: global
+      ##placement:
+        ##constraints:
+        ##  - node.role == manager
+      resources:
+        limits:
+          memory: 256MB
+      restart_policy:
+        condition: on-failure

docker-stack/prometheus.conf.yml

@@ -0,0 +1,56 @@
+global:
+  scrape_interval:     15s # By default, scrape targets every 15 seconds.
+  evaluation_interval: 15s
+
+  # Attach these labels to any time series or alerts when communicating with
+  # external systems (federation, remote storage, Alertmanager).
+  external_labels:
+    monitor: codelab-monitor
+
+##rule_files:
+##  - prometheus.rules.yml
+
+scrape_configs:
+  - job_name: prometheus
+    scrape_interval: 10s
+    static_configs:
+      - targets: ['localhost:9090']
+
+  - job_name: gitea
+    scrape_interval: 10s
+    #scheme: https
+    #static_configs:
+    #  - targets: ['gitea-service-host:3000']
+    dns_sd_configs:
+      - names: ['gitea-service-host']
+        type: A
+        port: 3000
+        refresh_interval: 30s
+
+  - job_name: node
+    scrape_interval: 10s
+    #scheme: https
+    #static_configs:
+    #  - targets: ['prometheus-node-exporter-service-host:9100']
+    ##dns_sd_configs:
+    ##  - names: ['prometheus-node-exporter-service-host']
+    ##    type: A
+    ##    port: 9100
+    ##    refresh_interval: 30s
+    dockerswarm_sd_configs:
+      - host: tcp://prometheus-socat-service-host:2375
+        role: nodes
+    relabel_configs:
+      - source_labels: [__meta_dockerswarm_node_address]
+        target_label: __address__
+        replacement: $1:9100
+      - source_labels: [__meta_dockerswarm_node_hostname]
+        target_label: instance
+
+  - job_name: cadvisor
+    scrape_interval: 10s
+    dns_sd_configs:
+      - names: ['cadvisor-service-host']
+        type: A
+        port: 8080
+        refresh_interval: 30s

docker-stack/prometheus.yml

@@ -0,0 +1,64 @@
+version: "3.8"
+
+networks:
+  host-network:
+    name: host
+    external: true
+  prometheus-network:
+    external: true
+  traefik-network:
+    external: true
+
+services:
+  prometheus-socat-service:
+    image: docker.io/alpine/socat
+    hostname: prometheus-socat-service-host
+    command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock
+    environment:
+      - DS_NODE_NAME="{{.Node.Hostname}}"
+      - DS_SERVICE_NAME="{{.Service.Name}}"
+      - DS_TASK_NAME="{{.Task.Name}}"
+    volumes:
+      - type: bind
+        source: /var/run/docker.sock
+        target: /var/run/docker.sock
+    networks:
+      - prometheus-network
+    deploy:
+      mode: global
+      placement:
+        constraints:
+          - node.role == manager
+
+  prometheus-service:
+    image: docker.io/prom/prometheus:latest
+    hostname: prometheus-service-host
+    tty: true
+    environment:
+      - DS_NODE_NAME="{{.Node.Hostname}}"
+      - DS_SERVICE_NAME="{{.Service.Name}}"
+      - DS_TASK_NAME="{{.Task.Name}}"
+    networks:
+      - prometheus-network
+    ports:
+      - target: 9090
+        published: 9090
+        protocol: tcp 
+        mode: ingress
+    volumes:
+      - type: bind
+        source: /home/gfs-data/prometheus/etc
+        target: /etc/prometheus
+        read_only: true
+      - type: bind
+        source: /home/gfs-data/prometheus/data
+        target: /prometheus
+        read_only: false
+    ##command:
+      ##- --config.file=/etc/prometheus/prometheus.yml 
+      ##- --storage.tsdb.path=/prometheus 
+      ##- --web.console.libraries=/usr/share/prometheus/console_libraries 
+      ##- --web.console.templates=/usr/share/prometheus/consoles
+    deploy:
+      mode: replicated
+      replicas: 1

docker-stack/traefik-cert.yml

@@ -0,0 +1,10 @@
+tls:
+  certificates:
+    - certFile: /config/miflux.crt
+      keyFile: /config/miflux.key
+
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /config/miflux.crt
+        keyFile: /config/miflux.key

docker-stack/traefik.yml

@@ -0,0 +1,65 @@
+version: "3.8"
+
+networks:
+  host-network:
+    name: host
+    external: true
+  traefik-network:
+    external: true
+
+services:
+  traefik-service:
+    image: docker.io/traefik:2.9
+    hostname: traefik-service-host
+    tty: true
+    environment:
+      - DS_NODE_NAME="{{.Node.Hostname}}"
+      - DS_SERVICE_NAME="{{.Service.Name}}"
+      - DS_TASK_NAME="{{.Task.Name}}"
+    volumes:
+      - type: bind
+        source: /var/run/docker.sock
+        target: /var/run/docker.sock
+      # if /etc/traefik direcotry exists, traefik looks for /etc/traefik/traefik.toml
+      # use a different directory(/config) to avoid problems for the lack of traefik.toml
+      - type: bind
+        source: /home/gfs-data/traefik
+        target: /config
+    ports:
+      - target: 80
+        published: 80
+        protocol: tcp
+        mode: host
+      - target: 443
+        published: 443
+        protocol: tcp
+        mode: host
+      - target: 4444
+        published: 4444
+        protocol: tcp
+        mode: host
+    networks:
+      - traefik-network
+      #- host-network
+    deploy:
+      mode: global
+      placement:
+        constraints: [node.role == manager]
+    command:
+      - --log.level=INFO
+      - --accessLog
+      - --api.dashboard=true
+      - --api.insecure=true
+      - --ping=true
+      - --entrypoints.traefik.address=:4444
+      - --entrypoints.web.address=:80
+      ##- --entrypoints.web.http.redirections.entryPoint.to=websec
+      ##- --entrypoints.web.http.redirections.entryPoint.scheme=https
+      - --entrypoints.websec.address=:443
+      - --providers.docker.swarmmode=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.docker.network=traefik-network
+      - --providers.docker.watch=true
+      - --providers.file.filename=/config/traefik-cert.yml
+      - --providers.file.watch=true
+      - --metrics.prometheus=true