106 lines
3.1 KiB
YAML
106 lines
3.1 KiB
YAML
services:
|
|
otel-collector:
|
|
image: otel/opentelemetry-collector-contrib:0.104.0
|
|
command: "--config=/etc/otel-collector-config.yaml"
|
|
volumes:
|
|
- ./otel-collector/config.yaml:/etc/otel-collector-config.yaml
|
|
expose:
|
|
- 4317 # OTLP gRPC receiver
|
|
- 4318 # OTLP http receiver
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.otel.rule=Host(`otel.kmsign.ru`)"
|
|
- "traefik.http.services.otel-http.loadbalancer.server.port=4318"
|
|
links:
|
|
- loki
|
|
- mimir
|
|
- tempo
|
|
networks:
|
|
- www
|
|
- default
|
|
|
|
pyroscope:
|
|
image: grafana/pyroscope:1.7.1
|
|
expose:
|
|
- 4040
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.pyroscope.rule=Host(`pyroscope.kmsign.ru`)"
|
|
- "traefik.http.services.pyroscope.loadbalancer.server.port=4040"
|
|
volumes:
|
|
- ./pyroscope/config.yaml:/etc/pyroscope.yml
|
|
- pyroscope_data:/data
|
|
networks:
|
|
- www
|
|
- default
|
|
|
|
loki:
|
|
image: grafana/loki:3.1.0
|
|
links:
|
|
- mimir
|
|
expose:
|
|
- "3100"
|
|
command: -config.file=/etc/loki/config.yaml
|
|
volumes:
|
|
- ./loki/config.yaml:/etc/loki/config.yaml
|
|
- loki_data:/loki
|
|
|
|
mimir:
|
|
image: grafana/mimir:2.12.0
|
|
expose:
|
|
- "9009"
|
|
command: [-config.file=/etc/mimir/config.yaml]
|
|
volumes:
|
|
- ./mimir/config.yaml:/etc/mimir/config.yaml
|
|
- mimir_data:/mimir
|
|
|
|
tempo:
|
|
image: grafana/tempo:2.5.0
|
|
command: ["-config.file=/etc/tempo/config.yaml"]
|
|
links:
|
|
- mimir
|
|
volumes:
|
|
- ./tempo/config.yaml:/etc/tempo/config.yaml
|
|
- tempo_data:/tempo-data
|
|
expose:
|
|
- "3200" # tempo
|
|
- "4317" # otlp grpc
|
|
- "4318" # otlp http
|
|
|
|
grafana:
|
|
image: grafana/grafana:11.1.0
|
|
environment:
|
|
GF_SERVER_ROOT_URL: ${GRAFANA_URL}
|
|
GF_SERVER_SERVE_FROM_SUB_PATH: "false"
|
|
GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD}
|
|
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
|
|
GF_AUTH_GENERIC_OAUTH_NAME: KonfachSSO
|
|
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "true"
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: oraMLSBuIaSPqZElSNRZ6gntM2xizjXL
|
|
GF_AUTH_GENERIC_OAUTH_SCOPES: openid email profile offline_access roles
|
|
GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: email
|
|
GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: username
|
|
GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: full_name
|
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.konfach.ru/realms/konfach/protocol/openid-connect/auth
|
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.konfach.ru/realms/konfach/protocol/openid-connect/token
|
|
GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.konfach.ru/realms/konfach/protocol/openid-connect/userinfo
|
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(realm_access.roles[*], 'developer') && 'Editor'"
|
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT: "true"
|
|
volumes:
|
|
- grafana_data:/var/lib/grafana
|
|
- ./grafana/datasources.yaml:/etc/grafana/provisioning/datasources/ds.yaml
|
|
networks:
|
|
- default
|
|
- www
|
|
|
|
networks:
|
|
www:
|
|
external: true
|
|
|
|
volumes:
|
|
loki_data:
|
|
mimir_data:
|
|
tempo_data:
|
|
grafana_data:
|
|
pyroscope_data:
|