c4825c2d27
- 对外端口统一为 18428(vmauth 入口),VM 不再直接暴露宿主机端口 - 边缘 vmagent 与中央 Prometheus remote_write 增加 basic auth - 支持 tenants.csv 驱动的 per-tenant 写入/查询隔离,并提供管理员跨租户只读查询 - 更新 Grafana provisioning 与部署/文档 Made-with: Cursor
161 lines
6.0 KiB
YAML
161 lines
6.0 KiB
YAML
services:
|
||
# 中央Prometheus服务器
|
||
prometheus-central:
|
||
image: prom/prometheus:latest
|
||
container_name: prometheus-central
|
||
restart: unless-stopped
|
||
mem_limit: "128m"
|
||
ports:
|
||
- "${PROMETHEUS_PORT:-9091}:9090"
|
||
volumes:
|
||
- ${PROMETHEUS_DATA_DIR:-./data/prometheus-data}:/prometheus
|
||
- ./config/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
|
||
- ./config/prometheus/alert_rules.yml:/etc/prometheus/alert_rules.yml:ro
|
||
command:
|
||
- '--config.file=/etc/prometheus/prometheus.yml'
|
||
- "--storage.tsdb.retention.time=${PROMETHEUS_RETENTION_TIME:-30d}"
|
||
- '--web.console.libraries=/etc/prometheus/console_libraries'
|
||
- '--web.console.templates=/etc/prometheus/consoles'
|
||
- '--web.enable-lifecycle'
|
||
labels:
|
||
- "traefik.enable=${TRAEFIK_ENABLED:-true}"
|
||
- "traefik.http.routers.prometheus.rule=Host(`${PROMETHEUS_DOMAIN:-prometheus.example.com}`)"
|
||
- "traefik.http.routers.prometheus.entrypoints=${TRAEFIK_ENTRYPOINT:-web}"
|
||
- "traefik.http.routers.prometheus.service=prometheus"
|
||
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
|
||
- "traefik.docker.network=${TRAEFIK_NETWORK:-traefik}"
|
||
|
||
# Grafana仪表板
|
||
grafana:
|
||
image: grafana/grafana:latest
|
||
container_name: grafana
|
||
restart: unless-stopped
|
||
mem_limit: "128m"
|
||
ports:
|
||
- "${GRAFANA_PORT:-3000}:3000"
|
||
environment:
|
||
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD:-admin123}
|
||
- GF_METRICS_ENABLED=true
|
||
- GF_METRICS_BASIC_AUTH_ENABLED=false
|
||
- GF_DEFAULT_LANGUAGE=${GRAFANA_DEFAULT_LANGUAGE:-zh-Hans}
|
||
- GF_USERS_DEFAULT_THEME=${GRAFANA_DEFAULT_THEME:-light}
|
||
# 配置 Grafana 的根 URL(用于 Traefik 反向代理)
|
||
- GF_SERVER_ROOT_URL=${GRAFANA_ROOT_URL:-http://localhost:3000}
|
||
volumes:
|
||
- ${GRAFANA_DATA_DIR:-./data/grafana-data}:/var/lib/grafana
|
||
- ./config/grafana/provisioning:/etc/grafana/provisioning
|
||
- ./config/grafana/dashboards:/var/lib/grafana/dashboards
|
||
labels:
|
||
- "traefik.enable=${TRAEFIK_ENABLED:-true}"
|
||
- "traefik.http.routers.grafana.rule=Host(`${GRAFANA_DOMAIN:-grafana.example.com}`)"
|
||
- "traefik.http.routers.grafana.entrypoints=${TRAEFIK_ENTRYPOINT:-web}"
|
||
- "traefik.http.routers.grafana.service=grafana"
|
||
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
||
- "traefik.docker.network=${TRAEFIK_NETWORK:-traefik}"
|
||
|
||
# Alertmanager告警管理
|
||
alertmanager:
|
||
image: prom/alertmanager:latest
|
||
container_name: alertmanager
|
||
restart: unless-stopped
|
||
mem_limit: "32m"
|
||
ports:
|
||
- "${ALERTMANAGER_PORT:-9093}:9093"
|
||
volumes:
|
||
- ./config/alertmanager/alertmanager.yml:/etc/alertmanager/alertmanager.yml:ro
|
||
labels:
|
||
- "traefik.enable=${TRAEFIK_ENABLED:-true}"
|
||
- "traefik.http.routers.alertmanager.rule=Host(`${ALERTMANAGER_DOMAIN:-alertmanager.example.com}`)"
|
||
- "traefik.http.routers.alertmanager.entrypoints=${TRAEFIK_ENTRYPOINT:-web}"
|
||
- "traefik.http.routers.alertmanager.service=alertmanager"
|
||
- "traefik.http.services.alertmanager.loadbalancer.server.port=9093"
|
||
- "traefik.docker.network=${TRAEFIK_NETWORK:-traefik}"
|
||
|
||
# 远程写入接收器 (VictoriaMetrics)
|
||
victoria-metrics:
|
||
image: victoriametrics/victoria-metrics:latest
|
||
container_name: victoria-metrics
|
||
restart: unless-stopped
|
||
mem_limit: "64m"
|
||
volumes:
|
||
- ${VICTORIAMETRICS_DATA_DIR:-./data/victoria-metrics-data}:/victoria-metrics-data
|
||
command:
|
||
- '--storageDataPath=/victoria-metrics-data'
|
||
- "--retentionPeriod=${VICTORIAMETRICS_RETENTION_PERIOD:-30d}"
|
||
|
||
# vmauth:VictoriaMetrics 的鉴权/路由入口(对外只暴露 vmauth)
|
||
vmauth:
|
||
image: victoriametrics/vmauth:latest
|
||
container_name: vmauth
|
||
restart: unless-stopped
|
||
mem_limit: "64m"
|
||
ports:
|
||
- "${VICTORIAMETRICS_PORT:-18428}:8427"
|
||
volumes:
|
||
- ./config/vmauth/vmauth.yml:/etc/vmauth/vmauth.yml:ro
|
||
command:
|
||
- "-auth.config=/etc/vmauth/vmauth.yml"
|
||
- "-httpListenAddr=:8427"
|
||
|
||
# GPS 标注助手(上传/下载 targets.csv,H5 采集 GPS + 天地图校验)
|
||
topology-editor:
|
||
build:
|
||
context: .
|
||
dockerfile: apps/topology-editor/Dockerfile
|
||
image: topology-editor:local
|
||
container_name: topology-editor
|
||
restart: unless-stopped
|
||
environment:
|
||
- PORT=4080
|
||
- TILE_CACHE_URL=http://tile-cache:4090
|
||
ports:
|
||
- "${TOPOLOGY_EDITOR_PORT:-4080}:4080"
|
||
mem_limit: "128m"
|
||
|
||
# Traefik 反向代理(仅 TRAEFIK_PROVIDER=internal 时启动)
|
||
traefik:
|
||
image: traefik:v2.10
|
||
container_name: traefik-central
|
||
restart: unless-stopped
|
||
profiles:
|
||
- traefik-internal
|
||
command:
|
||
- "--api.insecure=true"
|
||
- "--providers.docker=true"
|
||
- "--providers.docker.exposedbydefault=false"
|
||
- "--providers.docker.network=${TRAEFIK_NETWORK:-central_default}"
|
||
- "--entrypoints.web.address=:80"
|
||
- "--entrypoints.websecure.address=:443"
|
||
ports:
|
||
- "${TRAEFIK_HTTP_PORT:-80}:80"
|
||
- "${TRAEFIK_HTTPS_PORT:-443}:443"
|
||
volumes:
|
||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||
mem_limit: "64m"
|
||
|
||
# 天地图瓦片缓存(节省 key 免费量;可手动清空缓存后重新拉取)
|
||
tile-cache:
|
||
build:
|
||
context: .
|
||
dockerfile: apps/tile-cache/Dockerfile
|
||
image: tile-cache:local
|
||
container_name: tile-cache
|
||
restart: unless-stopped
|
||
environment:
|
||
- PORT=4090
|
||
- TIANDITU_TK=${TIANDITU_TK:-}
|
||
- CACHE_DIR=/cache
|
||
- CACHE_TTL_DAYS=${TILE_CACHE_TTL_DAYS:-7}
|
||
- UPSTREAM_TIMEOUT_MS=${TILE_CACHE_UPSTREAM_TIMEOUT_MS:-15000}
|
||
volumes:
|
||
- ${TILE_CACHE_DATA_DIR:-./data/tile-cache}:/cache
|
||
ports:
|
||
- "${TILE_CACHE_PORT:-4090}:4090"
|
||
mem_limit: "32m"
|
||
|
||
|
||
# 定义网络配置(默认使用已存在的 traefik 网络)
|
||
networks:
|
||
default:
|
||
name: ${NETWORK_NAME:-traefik}
|
||
external: ${EXTERNAL_NETWORK:-true} |