john/docker-observation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prometheus mtls working

Browse Source
This commit is contained in:
John Lancaster
2025-12-28 20:17:04 -06:00
parent 015725d2cc
commit 0fb52c50ff
4 changed files with 36 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
.env* .env*
certs/

0
certs/.gitkeep Normal file
View File

8
docker-compose.yml
View File

@@ -12,9 +12,13 @@ services:
image: grafana/alloy image: grafana/alloy
container_name: grafana-alloy container_name: grafana-alloy
restart: unless-stopped restart: unless-stopped
privileged: true
volumes: volumes:
- ./grafana-alloy/config.alloy:/etc/alloy/config.alloy
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- ./grafana-alloy/config.alloy:/etc/alloy/config.alloy
- ./certs:/etc/alloy/certs
ports:
- '12345:12345'
command: command:
- run - run
- --server.http.listen-addr=0.0.0.0:12345 - --server.http.listen-addr=0.0.0.0:12345
@@ -33,7 +37,7 @@ services:
WATCHTOWER_SCHEDULE: "0 0 3 * * *" WATCHTOWER_SCHEDULE: "0 0 3 * * *"
docker-proxy: docker-proxy:
image: ghcr.io/tecnativa/docker-socket-proxy:latest image: ghcr.io/tecnativa/docker-socket-proxy
container_name: docker-proxy container_name: docker-proxy
restart: unless-stopped restart: unless-stopped
ports: ports:

50
grafana-alloy/config.alloy
View File

@@ -4,6 +4,7 @@
prometheus.exporter.cadvisor "docker_metrics" { prometheus.exporter.cadvisor "docker_metrics" {
docker_host = "unix:///var/run/docker.sock" docker_host = "unix:///var/run/docker.sock"
storage_duration = "5m" storage_duration = "5m"
allowlisted_container_labels = ["name", "container", "container_name", "id"]
} }
prometheus.scrape "scraper" { prometheus.scrape "scraper" {
@@ -15,7 +16,12 @@ prometheus.scrape "scraper" {
prometheus.remote_write "default" { prometheus.remote_write "default" {
endpoint { endpoint {
url = "http://prometheus:9090/api/v1/write" url = "https://prometheus.john-stream.com:9090/api/v1/write"
tls_config {
cert_file = "/etc/alloy/certs/prometheus.crt"
key_file = "/etc/alloy/certs/prometheus.key"
ca_file = "/etc/alloy/certs/root_ca.crt"
}
} }
} }
@@ -23,27 +29,27 @@ discovery.docker "linux" {
host = "unix:///var/run/docker.sock" host = "unix:///var/run/docker.sock"
} }
discovery.relabel "logs_integrations_docker" { // discovery.relabel "logs_integrations_docker" {
targets = [] // targets = []
rule { // rule {
source_labels = ["__meta_docker_container_name"] // source_labels = ["__meta_docker_container_name"]
regex = "/(.*)" // regex = "/(.*)"
target_label = "service_name" // target_label = "service_name"
} // }
} // }
loki.source.docker "default" { // loki.source.docker "default" {
host = "unix:///var/run/docker.sock" // host = "unix:///var/run/docker.sock"
targets = discovery.docker.linux.targets // targets = discovery.docker.linux.targets
labels = {"platform" = "docker"} // labels = {"platform" = "docker"}
relabel_rules = discovery.relabel.logs_integrations_docker.rules // relabel_rules = discovery.relabel.logs_integrations_docker.rules
forward_to = [loki.write.default.receiver] // forward_to = [loki.write.default.receiver]
} // }
loki.write "default" { // loki.write "default" {
endpoint { // endpoint {
url = "http://loki:3100/loki/api/v1/push" // url = "http://loki:3100/loki/api/v1/push"
} // }
external_labels = {} // external_labels = {}
} // }