selemon-exporter/docker-compose.yml at main · selectel/selemon-exporter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
volumes:
  selemon_textfiles:
  selemon_sslfiles:

services:
  node-exporter:
    image: prom/node-exporter:v1.10.2
    container_name: selemon-node-exporter
    restart: unless-stopped

    #Settings
    network_mode: host
    pid: host
    # nobody user
    user: "65534:65534"

    # Resources
    deploy:
      resources:
        limits:
          memory: 50m
          cpus: '1.0'

    volumes:
      - selemon_textfiles:/var/lib/node_exporter/textfile_collector:rw
      - selemon_sslfiles:/etc/node_exporter:rw
      - "/:/host:ro,rslave"
      - "/proc:/host/proc:ro"
      - "/sys:/host/sys:ro"

    security_opt:
      - "no-new-privileges:true"

    command:
      - "--path.rootfs=/host"
      - "--path.sysfs=/host/sys"
      - "--path.procfs=/host/proc"
      - "--path.udev.data=/host/run/udev/data"
      - "--collector.filesystem.mount-points-exclude='^/(sys|proc|dev|host|etc|var/lib/docker|run|var/lib/lxcfs|var/lib/kubelet)($|/)'"
      - "--web.disable-exporter-metrics"
      - "--web.max-requests=40"
      - "--collector.cpufreq"
      - "--collector.ethtool"
      - "--web.config.file=/etc/node_exporter/web-config.yml"
    # Specify your custom port here, if needed
      - "--web.listen-address=:9100"
      - "--collector.textfile.directory=/var/lib/node_exporter/textfile_collector"
    entrypoint: >
      /bin/sh -c "
      exec /bin/node_exporter \"\$@\""
    depends_on:
      - selemon-collector

  selemon-collector:
    image: ghcr.io/selectel/selemon-exporter:latest
    container_name: selemon-collector
    restart: unless-stopped

    # Resources
    deploy:
      resources:
        limits:
          memory: 100m
          cpus: '1.0'

    # Settings
    network_mode: "host"
    pid: "host"

    volumes:
      - selemon_textfiles:/var/lib/node_exporter/textfile_collector:rw
      - selemon_sslfiles:/etc/node_exporter:rw
      - "/dev:/dev:ro"
      - "/sys:/sys:ro"

    # Privilegies
    cap_add:
      - CAP_SYS_RAWIO
      - CAP_SYS_ADMIN
      - CAP_SYSLOG

    security_opt:
      - "no-new-privileges:true"

    # Device access
    device_cgroup_rules:
      - "b 259:* r"  # NVMe devices
      - "b 8:* r"    # SCSI/SATA devices
      - "b 3:* r"    # IDE devices