Created
October 21, 2020 18:42
-
-
Save tghastings/6f69ee031c1c4ffcd77650e109988f2c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
docker-compose.yml | |
version: '2.1' | |
services: | |
gitlab: | |
image: gitlab/gitlab-ce:latest | |
privileged: true | |
environment: | |
GITLAB_OMNIBUS_CONFIG: | | |
external_url 'http://gitlab.service' | |
gitlab_rails['gitlab_shell_ssh_port'] = 2222 | |
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect'] | |
gitlab_rails['omniauth_block_auto_created_users'] = false | |
gitlab_rails['omniauth_providers'] = [ | |
{ 'name' => 'Keycloak', | |
'label' => 'Keycloak', | |
'args' => { | |
'name' => 'openid_connect', | |
'scope' => ['openid','profile'], | |
'response_type' => 'code', | |
'issuer' => 'https://keycloak.service/auth/realms/master', | |
'discovery' => true, | |
'client_auth_method' => 'query', | |
'uid_field' => 'preferred_username', | |
'send_scope_to_token_endpoint' => 'false', | |
'client_options' => { | |
'identifier' => 'gitlab', | |
'secret' => 'c6a95d3b-5dc7-4f81-848b-4f0503dc2d62', | |
'redirect_uri' => 'http://gitlab.service/users/auth/openid_connect/callback' | |
} | |
} | |
} | |
] | |
ports: | |
- "8080:80" | |
- "2222:22" | |
volumes: | |
- /srv/docker/gitlab/config:/etc/gitlab | |
- /srv/docker/gitlab/logs:/var/log/gitlab | |
- /srv/docker/gitlab/data:/var/opt/gitlab | |
- /srv/docker/nginx/certs/:/etc/gitlab/trusted-certs | |
extra_hosts: | |
- "mattermost.in:10.10.100.7" | |
- "keycloak.service:10.10.100.7" | |
restart: unless-stopped | |
networks: | |
- "default" | |
depends_on: | |
- artifactory | |
keycloak_postgres: | |
image: postgres | |
networks: | |
- "default" | |
volumes: | |
- /srv/docker/keycloak_postgres:/var/lib/postgresql/data | |
environment: | |
POSTGRES_DB: keycloak | |
POSTGRES_USER: keycloak | |
POSTGRES_PASSWORD: R00tP@ssw0rd | |
restart: unless-stopped | |
keycloak: | |
image: quay.io/keycloak/keycloak:latest | |
environment: | |
DB_VENDOR: POSTGRES | |
DB_ADDR: keycloak_postgres | |
DB_DATABASE: keycloak | |
DB_USER: keycloak | |
DB_SCHEMA: public | |
DB_PASSWORD: R00tP@ssw0rd | |
KEYCLOAK_USER: admin | |
KEYCLOAK_PASSWORD: R00tP@ssw0rd | |
PROXY_ADDRESS_FORWARDING: "true" | |
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it. | |
#JDBC_PARAMS: "ssl=true" | |
networks: | |
- "default" | |
extra_hosts: | |
- "artifactory.service:10.10.100.7" | |
ports: | |
- 8087:8080 | |
depends_on: | |
- keycloak_postgres | |
restart: unless-stopped | |
# prom: | |
# image: artifactory.service:5000/prom/prometheus | |
# volumes: | |
# - /srv/docker/prom:/etc/prometheus/ | |
# extra_hosts: | |
# - "artifactory.service:192.168.1.22" | |
# - "gitlab.service:192.168.1.22" | |
# restart: unless-stopped | |
# artifactory: | |
# image: docker.bintray.io/jfrog/artifactory-pro:6.17.0 | |
# ports: | |
# - "8081:8081" | |
# volumes: | |
# - /srv/docker/artifactory:/var/opt/jfrog/artifactory | |
# - /home/root/export:/home/export | |
# ulimits: | |
# nofile: | |
# soft: 90000 | |
# hard: 90000 | |
# restart: unless-stopped | |
artifactory: | |
image: docker.bintray.io/jfrog/artifactory-pro:7.7.3 | |
ports: | |
- "8081:8081" | |
- "8085:8082" | |
volumes: | |
- /srv/docker/artifactory7:/var/opt/jfrog/artifactory | |
- /home/root/export7:/home/export | |
ulimits: | |
nofile: | |
soft: 90000 | |
hard: 90000 | |
extra_hosts: | |
- "keycloak.service:10.10.100.7" | |
networks: | |
- "default" | |
restart: unless-stopped | |
gitlab-runner: | |
image: gitlab/gitlab-runner:latest | |
volumes: | |
- /srv/docker/gitlab_runner/:/etc/gitlab-runner | |
- /var/run/docker.sock:/var/run/docker.sock | |
- /opt/RL:/opt/RL | |
networks: | |
- "default" | |
restart: unless-stopped | |
twistlock-console: | |
image: artifactory.service:5000/private:console_19_03_311 | |
networks: | |
- "default" | |
ports: | |
- "8082:8081" | |
- "8083:8083" | |
- "8084:8084" | |
volumes: | |
- /srv/docker/twistlock/data:/data | |
- /srv/docker/twistlock/var/lib/twistlock:/var/lib/twistlock | |
- /srv/docker/twistlock/log:/var/log | |
extra_hosts: | |
- "artifactory.service:10.10.100.7" | |
restart: unless-stopped | |
depends_on: | |
- artifactory | |
nginx: | |
image: nginx | |
ports: | |
- "80:80" | |
- "443:443" | |
- "5000:5000" | |
volumes: | |
- /srv/docker/nginx/config/nginx.conf:/etc/nginx/nginx.conf:ro | |
- /srv/docker/nginx/logs:/etc/nginx/logs | |
- /srv/docker/nginx/snippets/self-signed.conf:/etc/nginx/snippets/self-signed.conf | |
- /srv/docker/nginx/certs/nginx-selfsigned.crt:/etc/ssl/certs/nginx.crt | |
- /srv/docker/nginx/certs/nginx-selfsigned.key:/etc/ssl/private/nginx.key | |
- /srv/docker/nginx/certs/dhparam.pem:/etc/nginx/dhparam.pem | |
restart: unless-stopped | |
# nextcloud: | |
# image: artifactory.service:5000/nextcloud:16-apache | |
# restart: always | |
# ports: | |
# - 8089:80 | |
# volumes: | |
# - /srv/docker/nextcloud/var/www/html:/var/www/html | |
networks: | |
default: | |
driver: 'bridge' | |
enable_ipv6: false | |
###################################### | |
###################################### | |
docker-compose for TICK stack | |
version: '3' | |
services: | |
# Define a Telegraf service | |
telegraf: | |
image: telegraf:1.15.2 | |
privileged: true | |
hostname: 'HARPER' | |
volumes: | |
- /srv/docker/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro | |
- /var/run/docker.sock:/var/run/docker.sock | |
links: | |
- influxdb | |
ports: | |
- "8092:8092/udp" | |
- "8094:8094" | |
- "8125:8125/udp" | |
# Define an InfluxDB service | |
influxdb: | |
image: influxdb:1.8.3 | |
volumes: | |
- /srv/docker/influxdb:/var/lib/influxdb | |
ports: | |
- "8086:8086" | |
# Define a Chronograf service | |
chronograf: | |
image: chronograf:1.8.6 | |
environment: | |
INFLUXDB_URL: http://influxdb:8086 | |
KAPACITOR_URL: http://kapacitor:9092 | |
ports: | |
- "8888:8888" | |
links: | |
- influxdb | |
- kapacitor | |
# Define a Kapacitor service | |
kapacitor: | |
image: kapacitor:1.5.6 | |
environment: | |
KAPACITOR_HOSTNAME: kapacitor | |
KAPACITOR_INFLUXDB_0_URLS_0: http://influxdb:8086 | |
links: | |
- influxdb | |
ports: | |
- "9092:9092" | |
# Define a service for using the influx CLI tool. | |
# docker-compose run influxdb-cli | |
influxdb-cli: | |
image: influxdb:1.8.3 | |
entrypoint: | |
- influx | |
- -host | |
- influxdb | |
links: | |
- influxdb | |
# Define a service for using the kapacitor CLI tool. | |
# docker-compose run kapacitor-cli | |
kapacitor-cli: | |
image: kapacitor:1.5.6 | |
entrypoint: bash | |
environment: | |
KAPACITOR_URL: http://kapacitor:9092 | |
links: | |
- kapacitor | |
################################# | |
TELEGRAF CONFIG | |
################################# | |
# Telegraf configuration | |
# Telegraf is entirely plugin driven. All metrics are gathered from the | |
# declared inputs, and sent to the declared outputs. | |
# Plugins must be declared in here to be active. | |
# To deactivate a plugin, comment out the name and any variables. | |
# Use 'telegraf -config telegraf.conf -test' to see what metrics a config | |
# file would generate. | |
# Global tags can be specified here in key="value" format. | |
[global_tags] | |
# dc = "us-east-1" # will tag all metrics with dc=us-east-1 | |
# rack = "1a" | |
# Configuration for telegraf agent | |
[agent] | |
## Default data collection interval for all inputs | |
interval = "10s" | |
## Rounds collection interval to 'interval' | |
## ie, if interval="10s" then always collect on :00, :10, :20, etc. | |
round_interval = true | |
## Telegraf will cache metric_buffer_limit metrics for each output, and will | |
## flush this buffer on a successful write. | |
metric_buffer_limit = 10000 | |
## Flush the buffer whenever full, regardless of flush_interval. | |
flush_buffer_when_full = true | |
## Collection jitter is used to jitter the collection by a random amount. | |
## Each plugin will sleep for a random time within jitter before collecting. | |
## This can be used to avoid many plugins querying things like sysfs at the | |
## same time, which can have a measurable effect on the system. | |
collection_jitter = "0s" | |
## Default flushing interval for all outputs. You shouldn't set this below | |
## interval. Maximum flush_interval will be flush_interval + flush_jitter | |
flush_interval = "10s" | |
## Jitter the flush interval by a random amount. This is primarily to avoid | |
## large write spikes for users running a large number of telegraf instances. | |
## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s | |
flush_jitter = "0s" | |
## Run telegraf in debug mode | |
debug = false | |
## Run telegraf in quiet mode | |
quiet = false | |
## Override default hostname, if empty use os.Hostname() | |
hostname = "" | |
############################################################################### | |
# OUTPUTS # | |
############################################################################### | |
# Configuration for influxdb server to send metrics to | |
[[outputs.influxdb]] | |
# The full HTTP or UDP endpoint URL for your InfluxDB instance. | |
# Multiple urls can be specified but it is assumed that they are part of the same | |
# cluster, this means that only ONE of the urls will be written to each interval. | |
# urls = ["udp://localhost:8089"] # UDP endpoint example | |
urls = ["http://influxdb:8086"] # required | |
# The target database for metrics (telegraf will create it if not exists) | |
database = "telegraf" # required | |
# Precision of writes, valid values are "ns", "us" (or "µs"), "ms", "s", "m", "h". | |
# note: using second precision greatly helps InfluxDB compression | |
precision = "s" | |
## Write timeout (for the InfluxDB client), formatted as a string. | |
## If not provided, will default to 5s. 0s means no timeout (not recommended). | |
timeout = "5s" | |
# username = "telegraf" | |
# password = "metricsmetricsmetricsmetrics" | |
# Set the user agent for HTTP POSTs (can be useful for log differentiation) | |
# user_agent = "telegraf" | |
# Set UDP payload size, defaults to InfluxDB UDP Client default (512 bytes) | |
# udp_payload = 512 | |
############################################################################### | |
# INPUTS # | |
############################################################################### | |
# Read metrics about cpu usage | |
[[inputs.cpu]] | |
# Whether to report per-cpu stats or not | |
percpu = true | |
# Whether to report total system cpu stats or not | |
totalcpu = true | |
# Comment this line if you want the raw CPU time metrics | |
fielddrop = ["time_*"] | |
# Read metrics about disk usage by mount point | |
[[inputs.disk]] | |
# By default, telegraf gather stats for all mountpoints. | |
# Setting mountpoints will restrict the stats to the specified mountpoints. | |
# mount_points=["/"] | |
# Ignore some mountpoints by filesystem type. For example (dev)tmpfs (usually | |
# present on /run, /var/run, /dev/shm or /dev). | |
ignore_fs = ["tmpfs", "devtmpfs"] | |
# Read metrics about disk IO by device | |
[[inputs.diskio]] | |
# By default, telegraf will gather stats for all devices including | |
# disk partitions. | |
# Setting devices will restrict the stats to the specified devices. | |
# devices = ["sda", "sdb"] | |
# Uncomment the following line if you do not need disk serial numbers. | |
# skip_serial_number = true | |
# Read metrics about memory usage | |
[[inputs.mem]] | |
# no configuration | |
# Read metrics about swap memory usage | |
[[inputs.swap]] | |
# no configuration | |
# Read metrics about system load & uptime | |
[[inputs.system]] | |
# no configuration | |
############################################################################### | |
# SERVICE INPUTS # | |
############################################################################### | |
# Read metrics about docker containers | |
[[inputs.docker]] | |
## Docker Endpoint | |
## To use TCP, set endpoint = "tcp://[ip]:[port]" | |
## To use environment variables (ie, docker-machine), set endpoint = "ENV" | |
endpoint = "unix:///var/run/docker.sock" | |
## Set to true to collect Swarm metrics(desired_replicas, running_replicas) | |
## Note: configure this in one of the manager nodes in a Swarm cluster. | |
## configuring in multiple Swarm managers results in duplication of metrics. | |
gather_services = false | |
## Only collect metrics for these containers. Values will be appended to | |
## container_name_include. | |
## Deprecated (1.4.0), use container_name_include | |
container_names = [] | |
## Set the source tag for the metrics to the container ID hostname, eg first 12 chars | |
source_tag = false | |
## Containers to include and exclude. Collect all if empty. Globs accepted. | |
container_name_include = [] | |
container_name_exclude = [] | |
## Container states to include and exclude. Globs accepted. | |
## When empty only containers in the "running" state will be captured. | |
## example: container_state_include = ["created", "restarting", "running", "removing", "paused", "exited", "dead"] | |
## example: container_state_exclude = ["created", "restarting", "running", "removing", "paused", "exited", "dead"] | |
# container_state_include = [] | |
# container_state_exclude = [] | |
## Timeout for docker list, info, and stats commands | |
timeout = "5s" | |
## Whether to report for each container per-device blkio (8:0, 8:1...) and | |
## network (eth0, eth1, ...) stats or not | |
perdevice = true | |
## Whether to report for each container total blkio and network stats or not | |
total = false | |
## docker labels to include and exclude as tags. Globs accepted. | |
## Note that an empty array for both will include all labels as tags | |
docker_label_include = [] | |
docker_label_exclude = [] | |
## Which environment variables should we use as a tag | |
tag_env = ["JAVA_HOME", "HEAP_SIZE"] | |
## Optional TLS Config | |
# tls_ca = "/etc/telegraf/ca.pem" | |
# tls_cert = "/etc/telegraf/cert.pem" | |
# tls_key = "/etc/telegraf/key.pem" | |
## Use TLS but skip chain & host verification | |
# insecure_skip_verify = false | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment