feat: docker apps

provision/files/grafana/provisioning/datasrouces/prometheus.yml

@@ -0,0 +1,7 @@
+apiVersion: 1
+
+datasources:
+  - name: Prometheus
+    type: prometheus
+    access: proxy
+    url: http://prometheus:9090

provision/files/traefik/traefik.yaml

@@ -65,7 +65,8 @@ log:
 #
 # Optional
 #
-#accessLog:
+accessLog:
+  format: common
 # Sets the file path for the access log. If not specified, stdout will be used.
 # Intermediate directories are created if necessary.
 #
@@ -109,7 +110,8 @@ api:
 ################################################################
 
 # Enable ping
-#ping:
+ping:
+  entryPoint: traefik
 # Name of the related entry point
 #
 # Optional
@@ -129,3 +131,6 @@ providers:
   file:
     directory: /etc/traefik/conf
     watch: true
+
+metrics:
+  prometheus: {}

provision/hosts

@@ -1 +1 @@
-local ansible_connection=local ansible_python_interpreter=/usr/bin/python3
+local ansible_connection=local

provision/setup.yml

@@ -72,3 +72,6 @@
 
     - import_tasks: tasks/virtualization/_main.yml
       tags: ["virtualization"]
+
+    - import_tasks: tasks/docker-apps/_main.yml
+      tags: ["docker-apps"]

provision/tasks/dev/_main.yml

@@ -52,13 +52,6 @@
 - import_tasks: sops.yml
   tags: ["sops", "github"]
 
-- import_tasks: docker/containers/traefik.yml
-  tags: ["docker", "traefik", "docker-app"]
-- import_tasks: docker/containers/portainer.yml
-  tags: ["docker", "portainer", "docker-app"]
-- import_tasks: docker/containers/grafana.yml
-  tags: ["docker", "grafana", "docker-app"]
-
 # # ============================
 # # Kubernetes
 # # ============================

provision/tasks/docker-apps/_main.yml

@@ -0,0 +1,30 @@
+
+- import_tasks: 'traefik.yml'
+  tags: 'traefik'
+
+- import_tasks: 'portainer.yml'
+  tags: 'portainer'
+
+- name: Create monitoring network
+  community.docker.docker_network:
+    name: monitoring
+    state: present
+  tags: ['docker-monitoring-stack']
+
+- import_tasks: 'grafana.yml'
+  tags: ['grafana', 'docker-monitoring-stack']
+
+- import_tasks: 'loki.yml'
+  tags: ['loki', 'docker-monitoring-stack']
+
+- import_tasks: 'promtail.yml'
+  tags: ['promtail', 'docker-monitoring-stack']
+
+- import_tasks: 'cadvisor.yml'
+  tags: ['cadvisor', 'docker-monitoring-stack']
+
+- import_tasks: 'prometheus.yml'
+  tags: ['prometheus', 'docker-monitoring-stack']
+
+- import_tasks: 'node-exporter.yml'
+  tags: ['node-exporter', 'docker-monitoring-stack']

provision/tasks/docker-apps/cadvisor.yml

@@ -0,0 +1,24 @@
+- name: cAdvisor | Start container
+  community.docker.docker_container:
+    name: cadvisor
+    image: gcr.io/cadvisor/cadvisor:v0.47.2
+    command: --docker_only=true
+    state: started
+    restart_policy: "unless-stopped"
+    networks:
+      - name: monitoring
+      - name: traefik-public
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /dev/kmsg:/dev/kmsg
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.cadvisor.rule: "Host(`cadvisor.docker`)"
+      traefik.http.routers.cadvisor.entrypoints: "web"
+      traefik.http.services.cadvisor.loadbalancer.server.port: "8080"
+      traefik.docker.network: traefik-public
+
+

provision/tasks/docker-apps/grafana.yml

@@ -0,0 +1,42 @@
+- name: Grafana | Create persistent volume
+  community.docker.docker_volume:
+    name: grafana-storage
+    state: present
+
+- name: Grafana | Create Configuration folder
+  ansible.builtin.copy:
+    src: grafana/
+    dest: /etc/grafana
+  become: true
+
+- name: Grafana | Start Container
+  community.docker.docker_container:
+    name: grafana
+    image: grafana/grafana:10.1.0
+    state: started
+    restart_policy: "unless-stopped"
+    networks:
+      - name: monitoring
+      - name: traefik-public
+    volumes:
+      - "grafana-storage:/var/lib/grafana"
+      - "/etc/grafana/provisioning:/etc/grafana/provisioning"
+    labels:
+      traefik.enable: "true"
+      traefik.docker.network: traefik-public
+      traefik.http.routers.grafana.rule: "Host(`grafana.docker`)"
+      traefik.http.routers.grafana.tls: "true"
+      traefik.http.routers.grafana.entrypoints: "websecure"
+      traefik.http.services.grafana.loadbalancer.server.port: "3000"
+    healthcheck:
+      test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/api/health"]
+      interval: 10s
+      timeout: 2s
+      retries: 3
+      start_period: 10s
+    env:
+      GF_AUTH_ANONYMOUS_ENABLED: "true"
+      GF_AUTH_ANONYMOUS_ORG_ROLE: "Admin"
+      GF_AUTH_ANONYMOUS_ORG_NAME: "Main Org."
+
+

provision/tasks/docker-apps/loki.yml

@@ -0,0 +1,38 @@
+- name: Loki | Ensure Configuration folder exists
+  ansible.builtin.file:
+    path: /etc/loki
+    state: directory
+    mode: '0755'
+  become: true
+
+- name: Loki | Ensure Configuration file exists
+  ansible.builtin.template:
+    src: loki/loki-local-config.yaml.j2
+    dest: /etc/loki/config.yaml
+  become: true
+
+- name: Loki | Ensure data volume exists
+  community.docker.docker_volume:
+    name: loki-storage
+    state: present
+
+- name: Loki | Start container
+  community.docker.docker_container:
+    name: loki
+    image: grafana/loki:2.8.4
+    state: started
+    command: -config.file=/etc/loki/config.yaml
+    labels:
+      traefik.enable: "false"
+    networks:
+      - name: monitoring
+    restart_policy: "unless-stopped"
+    volumes:
+      - /etc/loki/config.yaml:/etc/loki/config.yaml
+      - loki-storage:/loki
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://localhost:3100/ready"]
+      interval: 10s
+      timeout: 2s
+      retries: 3
+      start_period: 10s

provision/tasks/docker-apps/node-exporter.yml

@@ -0,0 +1,22 @@
+- name: Node Exporter | Start Container
+  community.docker.docker_container:
+    name: node-exporter
+    image: prom/node-exporter:v1.6.1
+    command:
+      - '--path.procfs=/host/proc'
+      - '--path.rootfs=/rootfs'
+      - '--path.sysfs=/host/sys'
+      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
+    state: started
+    restart_policy: "unless-stopped"
+    networks:
+      - name: monitoring
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+    labels:
+      traefik.enable: "false"
+
+
+

provision/tasks/dev/docker/containers/portainer.yml → provision/tasks/docker-apps/portainer.yml

@@ -1,14 +1,12 @@
-- name: Docker | Create Portainer volume
-  docker_volume:
+- name: Docker | Ensure Portainer volume is present
+  community.docker.docker_volume:
     name: portainer_data
     state: present
-  become: true
 
 - name: Docker | Start Portainer container
-  docker_container:
+  community.docker.docker_container:
     name: portainer
-    image: portainer/portainer-ce:2.17.1-alpine
-    state: started
+    image: portainer/portainer-ce:2.18.4-alpine
     restart_policy: "unless-stopped"
     networks:
       - name: traefik-public
@@ -21,4 +19,9 @@
       traefik.http.routers.portainer.tls: "true"
       traefik.http.routers.portainer.entrypoints: "websecure"
       traefik.http.services.portainer.loadbalancer.server.port: "9000"
-  become: true
+    healthcheck:
+      test: ["CMD", "wget", "-q", "--spider", "http://localhost:9000/api/status"]
+      interval: 10s
+      timeout: 2s
+      retries: 3
+      start_period: 10s