-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.monitoring.yml
More file actions
252 lines (223 loc) · 5.89 KB
/
Copy pathdocker-compose.monitoring.yml
File metadata and controls
252 lines (223 loc) · 5.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
services:
caddy:
image: caddy:2.11-alpine
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
DOMAIN: ${DOMAIN:-localhost}
AUTH_USER: ${AUTH_USER:-canopy}
# canopy
AUTH_PASSWORDHASH: ${AUTH_PASSWORDHASH:-"$$2a$$14$$0IP2/ZvbwWQ0JsJp6B8IpOYxME/6KSuPY3l4Hpj8phNTMdjMdh8aa"}
configs:
- source: caddyfile
target: /etc/caddy/Caddyfile
volumes:
- caddy-data:/data
- caddy-config:/config
prometheus:
image: prom/prometheus:v3.13.1
container_name: prometheus
restart: unless-stopped
command: ["--config.file=/etc/prometheus/prometheus.yml"]
expose:
- "9090"
configs:
- source: prometheus_config
target: /etc/prometheus/prometheus.yml
volumes:
- prometheus-data:/prometheus
grafana:
image: grafana/grafana:12.3
container_name: grafana
restart: unless-stopped
# served through caddy at https://monitoring.<DOMAIN>
expose:
- "3000"
environment:
GF_SECURITY_ADMIN_USER: ${GF_ADMIN_USER:-canopy}
GF_SECURITY_ADMIN_PASSWORD: ${GF_ADMIN_PASSWORD:-canopy}
GF_USERS_ALLOW_SIGN_UP: "false"
configs:
- source: grafana_datasources
target: /etc/grafana/provisioning/datasources/automatic.yaml
volumes:
- grafana-data:/var/lib/grafana
- ./monitoring/grafana/dashboards:/etc/grafana/dashboards:ro
loki:
image: grafana/loki:3.7.0
container_name: loki
restart: unless-stopped
command: ["--config.file=/etc/loki/config.yaml"]
# served through caddy at https://loki.<DOMAIN> (basic-auth)
expose:
- "3100"
configs:
- source: loki_config
target: /etc/loki/config.yaml
volumes:
# /loki is pre-owned by the loki user in the image, so a fresh named
# volume inherits the right permissions (uid 10001)
- loki-data:/loki
alloy:
image: grafana/alloy:v1.17.1
container_name: alloy
restart: unless-stopped
command:
- run
- --server.http.listen-addr=0.0.0.0:12345
- --storage.path=/var/lib/alloy/data
- /etc/alloy/config.alloy
configs:
- source: alloy_config
target: /etc/alloy/config.alloy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- alloy-data:/var/lib/alloy/data
volumes:
caddy-data:
caddy-config:
prometheus-data:
grafana-data:
loki-data:
alloy-data:
configs:
caddyfile:
content: |
# Same-origin API paths on a UI host.
# args[0] = rpc upstream, args[1] = admin upstream
(api_routes) {
handle /rpc* {
uri strip_prefix /rpc
rewrite / /v1/eth
reverse_proxy {args[0]}
}
handle /adminrpc/v1/admin/* {
uri strip_prefix /adminrpc
reverse_proxy {args[1]}
}
handle /adminrpc* {
uri strip_prefix /adminrpc
rewrite / /v1/tx
reverse_proxy {args[0]}
}
}
(auth) {
basic_auth {args[:]} {
{$$AUTH_USER} {$$AUTH_PASSWORDHASH}
}
}
wallet.{$$DOMAIN} {
@protected not path /rpc*
import auth @protected
import api_routes node:50002 node:50003
handle {
reverse_proxy node:50000
}
}
explorer.{$$DOMAIN} {
@protected path /adminrpc*
import auth @protected
import api_routes node:50002 node:50003
handle {
reverse_proxy node:50001
}
}
rpc.{$$DOMAIN} {
rewrite / /v1/eth
reverse_proxy node:50002
}
adminrpc.{$$DOMAIN} {
import auth
@admin path /v1/admin/*
handle @admin {
reverse_proxy node:50003
}
handle {
rewrite / /v1/tx
reverse_proxy node:50002
}
}
monitoring.{$$DOMAIN} {
reverse_proxy grafana:3000
}
prometheus_config:
content: |
global:
scrape_interval: 15s
scrape_configs:
- job_name: canopy-nodes
static_configs:
- targets: ["node:9090"]
- job_name: prometheus
static_configs:
- targets: ["localhost:9090"]
grafana_datasources:
content: |
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
access: proxy
url: http://prometheus:9090
isDefault: true
editable: true
- name: Loki
type: loki
access: proxy
url: http://loki:3100
loki_config:
content: |
auth_enabled: false
server:
http_listen_port: 3100
common:
instance_addr: 127.0.0.1
path_prefix: /loki
storage:
filesystem:
chunks_directory: /loki/chunks
rules_directory: /loki/rules
replication_factor: 1
ring:
kvstore:
store: inmemory
schema_config:
configs:
- from: 2020-10-24
store: tsdb
object_store: filesystem
schema: v13
index:
prefix: index_
period: 24h
alloy_config:
content: |
discovery.docker "containers" {
host = "unix:///var/run/docker.sock"
refresh_interval = "15s"
filter {
name = "name"
values = ["node", "caddy", "prometheus", "grafana", "loki", "alloy"]
}
}
discovery.relabel "containers" {
targets = discovery.docker.containers.targets
rule {
source_labels = ["__meta_docker_container_name"]
regex = "/(.*)"
target_label = "container"
}
}
loki.source.docker "containers" {
host = "unix:///var/run/docker.sock"
targets = discovery.relabel.containers.output
forward_to = [loki.write.default.receiver]
}
loki.write "default" {
endpoint {
url = "http://loki:3100/loki/api/v1/push"
}
}