108 lines
3.2 KiB
YAML
108 lines
3.2 KiB
YAML
version: "3"
|
|
|
|
services:
|
|
pyroscope:
|
|
image: grafana/pyroscope:v1.5.0
|
|
expose:
|
|
- 4040
|
|
ports:
|
|
- "4040:4040"
|
|
volumes:
|
|
- ./pyroscope/pyroscope.yml:/etc/pyroscope.yml
|
|
|
|
otel-collector:
|
|
image: otel/opentelemetry-collector-contrib:0.97.0
|
|
restart: always
|
|
command: "--config=/etc/otel-collector-config.yaml"
|
|
volumes:
|
|
- ./otel-collector/config.yaml:/etc/otel-collector-config.yaml
|
|
ports:
|
|
- 4317:4317 # OTLP gRPC receiver
|
|
- 4318:4318 # OTLP http receiver
|
|
expose:
|
|
- 13133:13133 # health_check extension
|
|
- 8889:8889 # Prometheus exporter metrics
|
|
- 8888:8888 # Prometheus metrics exposed by the Collector
|
|
depends_on:
|
|
- loki
|
|
- prometheus
|
|
- tempo
|
|
|
|
loki:
|
|
image: grafana/loki:2.9.6
|
|
expose:
|
|
- "3100"
|
|
command: -config.file=/etc/loki/config.yaml
|
|
volumes:
|
|
- ./loki/config.yaml:/etc/loki/config.yaml
|
|
- loki_data:/loki
|
|
|
|
prometheus:
|
|
image: prom/prometheus:v2.51.1
|
|
restart: always
|
|
expose:
|
|
- "9090"
|
|
volumes:
|
|
- ./prometheus/config.yaml:/etc/prometheus/config.yaml
|
|
- prometheus_data:/prometheus
|
|
command:
|
|
- "--config.file=/etc/prometheus/config.yaml"
|
|
- "--storage.tsdb.path=/prometheus"
|
|
- "--web.enable-remote-write-receiver"
|
|
|
|
tempo:
|
|
image: grafana/tempo:2.4.1
|
|
command: ["-config.file=/etc/tempo/config.yaml"]
|
|
depends_on:
|
|
- prometheus
|
|
volumes:
|
|
- ./tempo/config.yaml:/etc/tempo/config.yaml
|
|
- tempo_data:/tempo-data
|
|
expose:
|
|
- "3200" # tempo
|
|
- "4317" # otlp grpc
|
|
- "4318" # otlp http
|
|
|
|
grafana:
|
|
image: grafana/grafana:10.4.1
|
|
links:
|
|
- loki
|
|
- prometheus
|
|
- tempo
|
|
- pyroscope
|
|
environment:
|
|
GF_SERVER_ROOT_URL: ${GRAFANA_URL}
|
|
GF_SERVER_SERVE_FROM_SUB_PATH: "false"
|
|
GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD}
|
|
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
|
|
GF_AUTH_GENERIC_OAUTH_NAME: KonfachSSO
|
|
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "true"
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: oraMLSBuIaSPqZElSNRZ6gntM2xizjXL
|
|
GF_AUTH_GENERIC_OAUTH_SCOPES: openid email profile offline_access roles
|
|
GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: email
|
|
GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: username
|
|
GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: full_name
|
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.konfach.ru/realms/konfach/protocol/openid-connect/auth
|
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.konfach.ru/realms/konfach/protocol/openid-connect/token
|
|
GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.konfach.ru/realms/konfach/protocol/openid-connect/userinfo
|
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(realm_access.roles[*], 'developer') && 'Editor'"
|
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT: "true"
|
|
volumes:
|
|
- grafana_data:/var/lib/grafana
|
|
- ./grafana/datasources.yaml:/etc/grafana/provisioning/datasources/ds.yaml
|
|
ports:
|
|
- ${GRAFANA_PORT}:3000
|
|
networks:
|
|
- default
|
|
- www
|
|
|
|
networks:
|
|
www:
|
|
external: true
|
|
|
|
volumes:
|
|
loki_data:
|
|
prometheus_data:
|
|
tempo_data:
|
|
grafana_data:
|