Last active
March 28, 2022 21:16
-
-
Save copolycube/9374ac2db519a6f33e0ce0d65fa3b218 to your computer and use it in GitHub Desktop.
Traefik v2 + monitoring (cadvisor, node-exporter, netdata, whoami) dynamic routing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3' | |
networks: | |
web: | |
external: true | |
internal: | |
external: false | |
volumes: | |
netdataconfig: | |
netdatalib: | |
netdatacache: | |
# Volume to store traefik certificates | |
traefik-letsencrypt: | |
traefik: | |
image: "traefik:v2.6" | |
container_name: "traefik" | |
command: | |
- "--log.level=DEBUG" | |
# http://HOST:8080/dashboard/#/ | |
- "--api.dashboard=true" | |
- "--api.insecure=true" | |
- "--providers.docker=true" | |
- "--providers.docker.exposedbydefault=false" | |
- "--providers.docker.endpoint=unix:///var/run/docker.sock" | |
- "--providers.docker.network=internal" | |
# Redirect http to https | |
- "--entrypoints.web.address=:80" | |
- "--entrypoints.web.http.redirections.entryPoint.to=websecure" | |
- "--entrypoints.web.http.redirections.entryPoint.scheme=https" | |
- "--entrypoints.web.http.redirections.entrypoint.permanent=true" | |
# Https : port 443, with letsencrypt certificates | |
- "--entrypoints.websecure.address=:443" | |
- "--certificatesresolvers.myresolver.acme.httpchallenge=true" | |
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" | |
# staging letsencrypt, to move to | |
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" | |
- "--certificatesresolvers.myresolver.acme.email=postmaster@${DOMAIN}" | |
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" | |
# Expose prometheus metrics : KO - not working | |
# logs : | |
# level=error msg="entryPoint \"metrics\" doesn't exist" routerName=prometheus@internal entryPointName=metrics | |
# level=error msg="no valid entryPoint for this router" routerName=prometheus@internal | |
- "--metrics.prometheus=true" | |
- '--metrics.prometheus.buckets=0.1,0.3,1.2,5.0' | |
#- "--metrics.prometheus.entrypoint=metrics" | |
#- "--accesslog=true" | |
#- "--tracing=true" | |
ports: | |
- "80:80" | |
- "443:443" | |
- "8080:8080" | |
volumes: | |
- traefik-letsencrypt:/letsencrypt | |
- "/var/run/docker.sock:/var/run/docker.sock:ro" | |
networks: | |
- web | |
- internal | |
whoami: | |
image: "traefik/whoami" | |
container_name: "whoami" | |
networks: | |
- internal | |
labels: | |
- traefik.enable=true | |
- traefik.docker.network=internal | |
- traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`) | |
- traefik.http.routers.whoami.entrypoints=websecure | |
- traefik.http.routers.whoami.tls.certresolver=myresolver | |
- traefik.http.services.whoami.loadbalancer.server.port=80 | |
# Container Advisor : mesures of docker containers | |
cadvisor: | |
image: gcr.io/cadvisor/cadvisor:v0.43.0 | |
container_name: cadvisor | |
privileged: true | |
devices: | |
- /dev/kmsg:/dev/kmsg | |
volumes: | |
- /:/rootfs:ro | |
- /var/run:/var/run:rw | |
- /sys:/sys:ro | |
#- /var/snap/docker/common/var-lib-docker:/var/lib/docker:ro # for ubuntu snap installation of docker | |
- /var/lib/docker:/var/lib/docker:ro # does not exist for ubuntu snap installation of docker | |
#- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux | |
- /sys/fs/cgroup/:/cgroup:ro # where I found it on ubuntu 18.04 | |
- /etc/machine-id:/etc/machine-id:ro | |
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id:ro | |
#network_mode: host | |
command: | |
- '--docker_only=true' | |
- '--housekeeping_interval=10s' | |
restart: always | |
expose: | |
- 8080 | |
networks: | |
- internal | |
healthcheck: | |
test: ["CMD", "wget", "--tries=1", "--spider", "http://localhost:8080/healthz"] | |
interval: 10s | |
timeout: 5s | |
environment: | |
- CADVISOR_HEALTHCHECK_URL=http://localhost:8080/cadvisor/healthz | |
labels: | |
- org.label-schema.group="monitoring" | |
- traefik.enable=true | |
- traefik.docker.network=internal | |
- traefik.http.services.cadvisor.loadbalancer.server.port=8080 | |
#- traefik.http.routers.cadvisor.rule=PathPrefix(`/cadvisor`) | |
- traefik.http.routers.cadvisor.rule=Host(`cadvisor.${DOMAIN}`) | |
- traefik.http.routers.cadvisor.entrypoints=websecure | |
- traefik.http.routers.cadvisor.tls.certresolver=myresolver | |
# https://stackoverflow.com/questions/65020158/google-cadvisor-with-traefik | |
# https://hub.docker.com/r/gregyankovoy/goaccess | |
goaccess: | |
image: gregyankovoy/goaccess | |
container_name: goaccess | |
#ports: | |
# - 7889:7889 | |
networks: | |
- internal | |
volumes: | |
- /var/log/nginx/:/opt/log | |
- ./goaccess:/config | |
- goaccess-html:/config/html | |
- goaccess-data:/tmp | |
- ./goaccess-test/goaccess.sh:/usr/local/bin/goaccess.sh | |
restart: unless-stopped | |
labels: | |
- org.label-schema.group="monitoring" | |
- traefik.enable=true | |
- traefik.docker.network=internal | |
- traefik.http.routers.goaccess.rule=Host(`goaccess.${DOMAIN}`) | |
- traefik.http.routers.goaccess.entrypoints=websecure | |
- traefik.http.routers.goaccess.tls.certresolver=myresolver | |
- traefik.http.services.goaccess.loadbalancer.server.port=7889 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://community.traefik.io/t/traefik-v2-6-dynamic-configuration/13735/3