-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcompose.yml
More file actions
101 lines (92 loc) · 3.53 KB
/
compose.yml
File metadata and controls
101 lines (92 loc) · 3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: monitoring
# Central observability stack.
# OTel Collector → ingestion gateway (OTLP gRPC 4317 / HTTP 4318)
# Loki → logs
# Tempo → traces (OTLP-native; Grafana has first-class support)
# Prometheus → metrics (native OTLP remote-write-receiver)
# Grafana → UI
#
# Projects ship telemetry to this host via OTLP. Do NOT publish :4317/:4318
# directly to the public internet — expose via Cloudflare Tunnel, Tailscale,
# WireGuard, or similar. The port bindings below are bound to 127.0.0.1 so
# they are only reachable from the host / tunnel sidecar.
x-logging: &default-logging
driver: json-file
options:
max-size: "10m"
max-file: "3"
services:
otel-collector:
image: otel/opentelemetry-collector-contrib:0.150.1
restart: unless-stopped
depends_on: [ loki, tempo, prometheus ]
ports:
- "127.0.0.1:4317:4317" # OTLP gRPC
- "127.0.0.1:4318:4318" # OTLP HTTP
volumes:
- ./config/otel-collector.yaml:/etc/otelcol/config.yaml:ro
command: [ "--config=/etc/otelcol/config.yaml" ]
logging: *default-logging
platform: linux/amd64
loki:
image: grafana/loki:3.6.10
restart: unless-stopped
volumes:
- ./config/loki.yaml:/etc/loki/loki.yaml:ro
- loki_data:/loki
command: [ "-config.file=/etc/loki/loki.yaml" ]
logging: *default-logging
tempo:
image: grafana/tempo:2.10.4
restart: unless-stopped
volumes:
- ./config/tempo.yaml:/etc/tempo/tempo.yaml:ro
- tempo_data:/var/tempo
command: [ "-config.file=/etc/tempo/tempo.yaml" ]
logging: *default-logging
prometheus:
image: prom/prometheus:v3.11.2
restart: unless-stopped
volumes:
- ./config/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro
- prometheus_data:/prometheus
command:
- --config.file=/etc/prometheus/prometheus.yaml
- --storage.tsdb.path=/prometheus
- --storage.tsdb.retention.time=30d
- --web.enable-remote-write-receiver
- --enable-feature=native-histograms,otlp-write-receiver,exemplar-storage
logging: *default-logging
grafana:
image: grafana/grafana:13.0.1
restart: unless-stopped
depends_on: [ loki, tempo, prometheus ]
ports:
- "127.0.0.1:3000:3000"
volumes:
- ./config/grafana/datasources.yaml:/etc/grafana/provisioning/datasources/datasources.yaml:ro
- ./config/grafana/dashboards.yaml:/etc/grafana/provisioning/dashboards/dashboards.yaml:ro
- ./dashboards:/var/lib/grafana/dashboards:ro
- grafana_data:/var/lib/grafana
environment:
GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD:?set GRAFANA_ADMIN_PASSWORD in .env}
GF_USERS_ALLOW_SIGN_UP: "false"
GF_SERVER_ROOT_URL: ${GRAFANA_ROOT_URL:-http://localhost:3000}
GF_FEATURE_TOGGLES_ENABLE: traceqlEditor,metricsSummary,traceToProfiles
logging: *default-logging
cloudflared:
image: cloudflare/cloudflared:latest
restart: unless-stopped
depends_on: [ grafana, otel-collector ]
# Token-based tunnel: routes are configured in the Cloudflare Zero Trust dashboard.
# Create a tunnel at dash.cloudflare.com → Zero Trust → Networks → Tunnels,
# then set the public hostnames there (e.g. grafana.example.com → http://grafana:3000,
# otlp.example.com → http://otel-collector:4318).
command: tunnel --no-autoupdate run --token ${CLOUDFLARE_TUNNEL_TOKEN:?set CLOUDFLARE_TUNNEL_TOKEN in .env}
logging: *default-logging
pull_policy: always
volumes:
loki_data:
tempo_data:
prometheus_data:
grafana_data: