From 656548d4b0f2ef71e81149d1b1e4acb722120b7b Mon Sep 17 00:00:00 2001 From: Teck Meng Date: Fri, 31 May 2024 20:39:06 +0800 Subject: [PATCH] feat: swarm services --- swarm/swarmpit.yml | 96 +++++++++++++++++++ swarm/swarmprom.yml | 222 ++++++++++++++++++++++++++++++++++++++++++++ swarm/thelounge.yml | 27 ++++++ 3 files changed, 345 insertions(+) create mode 100644 swarm/swarmpit.yml create mode 100644 swarm/swarmprom.yml create mode 100644 swarm/thelounge.yml diff --git a/swarm/swarmpit.yml b/swarm/swarmpit.yml new file mode 100644 index 0000000..b65b182 --- /dev/null +++ b/swarm/swarmpit.yml @@ -0,0 +1,96 @@ +services: + app: + image: swarmpit/swarmpit:latest + environment: + - SWARMPIT_DB=http://db:5984 + - SWARMPIT_INFLUXDB=http://influxdb:8086 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - net + - traefik-public + deploy: + resources: + limits: + cpus: '0.50' + memory: 1024M + reservations: + cpus: '0.25' + memory: 512M + placement: + constraints: + - node.role == manager + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.swarmpit-https.rule=Host(`swarmpit.${DOMAIN?Variable not set}`) + - traefik.http.routers.swarmpit-https.entrypoints=https + - traefik.http.routers.swarmpit-https.tls=true + - traefik.http.routers.swarmpit-https.tls.certresolver=le + - traefik.http.services.swarmpit.loadbalancer.server.port=8080 + + db: + image: couchdb:2.3 + volumes: + - db-data:/opt/couchdb/data + networks: + - net + deploy: + resources: + limits: + cpus: '0.30' + memory: 512M + reservations: + cpus: '0.15' + memory: 256M + placement: + constraints: + - node.labels.swarmpit.db-data == true + influxdb: + image: influxdb:1.7 + volumes: + - influx-data:/var/lib/influxdb + networks: + - net + deploy: + resources: + reservations: + cpus: '0.3' + memory: 128M + limits: + cpus: '0.6' + memory: 512M + placement: + constraints: + - node.labels.swarmpit.influx-data == true + agent: + image: swarmpit/agent:latest + environment: + - DOCKER_API_VERSION=1.35 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - net + deploy: + mode: global + resources: + limits: + cpus: '0.10' + memory: 64M + reservations: + cpus: '0.05' + memory: 32M + +networks: + net: + driver: overlay + attachable: true + traefik-public: + external: true + +volumes: + db-data: + driver: local + influx-data: + driver: local diff --git a/swarm/swarmprom.yml b/swarm/swarmprom.yml new file mode 100644 index 0000000..32ab3d3 --- /dev/null +++ b/swarm/swarmprom.yml @@ -0,0 +1,222 @@ +networks: + net: + driver: overlay + attachable: true + traefik-public: + external: true + +volumes: + prometheus: {} + grafana: {} + alertmanager: {} + +configs: + dockerd_config: + file: ./dockerd-exporter/Caddyfile + node_rules: + file: ./prometheus/rules/swarm_node.rules.yml + task_rules: + file: ./prometheus/rules/swarm_task.rules.yml + +services: + dockerd-exporter: + image: stefanprodan/caddy + networks: + - net + environment: + - DOCKER_GWBRIDGE_IP=172.18.0.1 + configs: + - source: dockerd_config + target: /etc/caddy/Caddyfile + deploy: + mode: global + resources: + limits: + memory: 128M + reservations: + memory: 64M + + cadvisor: + image: gcr.io/cadvisor/cadvisor + networks: + - net + command: -logtostderr -docker_only + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - /:/rootfs:ro + - /var/run:/var/run + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + deploy: + mode: global + resources: + limits: + memory: 128M + reservations: + memory: 64M + + grafana: + image: stefanprodan/swarmprom-grafana:5.3.4 + networks: + - default + - net + - traefik-public + environment: + - GF_SECURITY_ADMIN_USER=${ADMIN_USER:-admin} + - GF_SECURITY_ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin} + - GF_USERS_ALLOW_SIGN_UP=false + #- GF_SERVER_ROOT_URL=${GF_SERVER_ROOT_URL:-localhost} + #- GF_SMTP_ENABLED=${GF_SMTP_ENABLED:-false} + #- GF_SMTP_FROM_ADDRESS=${GF_SMTP_FROM_ADDRESS:-grafana@test.com} + #- GF_SMTP_FROM_NAME=${GF_SMTP_FROM_NAME:-Grafana} + #- GF_SMTP_HOST=${GF_SMTP_HOST:-smtp:25} + #- GF_SMTP_USER=${GF_SMTP_USER} + #- GF_SMTP_PASSWORD=${GF_SMTP_PASSWORD} + volumes: + - grafana:/var/lib/grafana + deploy: + mode: replicated + replicas: 1 + placement: + constraints: + - node.role == manager + resources: + limits: + memory: 128M + reservations: + memory: 64M + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.swarmprom-grafana-https.rule=Host(`grafana.${DOMAIN?Variable not set}`) + - traefik.http.routers.swarmprom-grafana-https.entrypoints=https + - traefik.http.routers.swarmprom-grafana-https.tls=true + - traefik.http.routers.swarmprom-grafana-https.tls.certresolver=le + - traefik.http.services.swarmprom-grafana.loadbalancer.server.port=3000 + + alertmanager: + image: stefanprodan/swarmprom-alertmanager:v0.14.0 + networks: + - default + - net + - traefik-public + environment: + - SLACK_URL=${SLACK_URL:-https://hooks.slack.com/services/TOKEN} + - SLACK_CHANNEL=${SLACK_CHANNEL:-general} + - SLACK_USER=${SLACK_USER:-alertmanager} + command: + - '--config.file=/etc/alertmanager/alertmanager.yml' + - '--storage.path=/alertmanager' + volumes: + - alertmanager:/alertmanager + deploy: + mode: replicated + replicas: 1 + placement: + constraints: + - node.role == manager + resources: + limits: + memory: 128M + reservations: + memory: 64M + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.swarmprom-alertmanager-https.rule=Host(`alertmanager.${DOMAIN?Variable not set}`) + - traefik.http.routers.swarmprom-alertmanager-https.entrypoints=https + - traefik.http.routers.swarmprom-alertmanager-https.tls=true + - traefik.http.routers.swarmprom-alertmanager-https.tls.certresolver=le + - traefik.http.services.swarmprom-alertmanager.loadbalancer.server.port=9093 + - traefik.http.middlewares.swarmprom-alertmanager-auth.basicauth.users=${ADMIN_USER?Variable not set}:${HASHED_PASSWORD?Variable not set} + - traefik.http.routers.swarmprom-alertmanager-https.middlewares=swarmprom-alertmanager-auth + + unsee: + image: cloudflare/unsee:v0.8.0 + networks: + - default + - net + - traefik-public + environment: + - "ALERTMANAGER_URIS=default:http://alertmanager:9093" + deploy: + mode: replicated + replicas: 1 + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.swarmprom-unsee-https.rule=Host(`unsee.${DOMAIN?Variable not set}`) + - traefik.http.routers.swarmprom-unsee-https.entrypoints=https + - traefik.http.routers.swarmprom-unsee-https.tls=true + - traefik.http.routers.swarmprom-unsee-https.tls.certresolver=le + - traefik.http.services.swarmprom-unsee.loadbalancer.server.port=8080 + - traefik.http.middlewares.swarmprom-unsee-auth.basicauth.users=${ADMIN_USER?Variable not set}:${HASHED_PASSWORD?Variable not set} + - traefik.http.routers.swarmprom-unsee-https.middlewares=swarmprom-unsee-auth + + node-exporter: + image: stefanprodan/swarmprom-node-exporter:v0.16.0 + networks: + - net + environment: + - NODE_ID={{.Node.ID}} + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /:/rootfs:ro + - /etc/hostname:/etc/nodename + command: + - '--path.sysfs=/host/sys' + - '--path.procfs=/host/proc' + - '--collector.textfile.directory=/etc/node-exporter/' + - '--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|host|etc)($$|/)' + - '--no-collector.ipvs' + deploy: + mode: global + resources: + limits: + memory: 128M + reservations: + memory: 64M + + prometheus: + image: stefanprodan/swarmprom-prometheus:v2.5.0 + networks: + - default + - net + - traefik-public + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--storage.tsdb.retention=${PROMETHEUS_RETENTION:-24h}' + volumes: + - prometheus:/prometheus + configs: + - source: node_rules + target: /etc/prometheus/swarm_node.rules.yml + - source: task_rules + target: /etc/prometheus/swarm_task.rules.yml + deploy: + mode: replicated + replicas: 1 + placement: + constraints: + - node.role == manager + resources: + limits: + memory: 2048M + reservations: + memory: 128M + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.swarmprom-prometheus-https.rule=Host(`prometheus.${DOMAIN?Variable not set}`) + - traefik.http.routers.swarmprom-prometheus-https.entrypoints=https + - traefik.http.routers.swarmprom-prometheus-https.tls=true + - traefik.http.routers.swarmprom-prometheus-https.tls.certresolver=le + - traefik.http.services.swarmprom-prometheus.loadbalancer.server.port=9090 + - traefik.http.middlewares.swarmprom-prometheus-auth.basicauth.users=${ADMIN_USER?Variable not set}:${HASHED_PASSWORD?Variable not set} + - traefik.http.routers.swarmprom-prometheus-https.middlewares=swarmprom-prometheus-auth diff --git a/swarm/thelounge.yml b/swarm/thelounge.yml new file mode 100644 index 0000000..8f30045 --- /dev/null +++ b/swarm/thelounge.yml @@ -0,0 +1,27 @@ +services: + app: + image: thelounge/thelounge:latest + volumes: + - thelounge-data:/var/opt/thelounge + networks: + - traefik-public + deploy: + placement: + constraints: + - node.labels.thelounge.thelounge-data == true + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.thelounge-https.rule=Host(`${DOMAIN?Variable not set}`) + - traefik.http.routers.thelounge-https.entrypoints=https + - traefik.http.routers.thelounge-https.tls=true + - traefik.http.routers.thelounge-https.tls.certresolver=le + - traefik.http.services.thelounge.loadbalancer.server.port=9000 + +networks: + traefik-public: + external: true + +volumes: + thelounge-data: