docker搭建简易devops环境

说明

简易的devops环境包括:

基础中间件

  • nginx
  • gitea
  • registry

监控告警

  • grafana
    • loki
      • promtail
  • prometheus
    • node-exporter

先决配置

docker启动swarm

1
docker starm init

创建swarm共享网络

1
2
3
4
5
docker network create \
--driver overlay \
--subnet=192.168.32.0/24 \
--attachable \
aida_ingress

下载所需镜像

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
## nginx
docker pull nginx:1.21.6-alpine
## gitea
docker pull gitea/gitea:1.16.5
## registry
docker pull registry:2.8.1

## grafana
docker pull grafana/loki:2.4.2
docker pull grafana/promtail:2.4.2
docker pull grafana/grafana:8.2.6

## prometheus
docker pull prom/node-exporter:latest
docker pull prom/prometheus:v2.34.0

配置docker lok

  • 下载docker loki插件
1
docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions

启用loki

loki可以全局启用,也可以对特定容器启用。

  • 全局启用
1
2
3
4
5
6
7
8
[root@primary ~]# cat /etc/docker/daemon.json
{
"log-driver": "loki",
"log-opts": {
"loki-url": "http://localhost:3100/loki/api/v1/push",
"loki-batch-size": "400"
}
}
  • 特定使用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
version: "3.9"

services:
nginx:
image: nginx:1.21.6-alpine
networks:
- ingress
ports:
- "80:80"
- "443:443"
configs:
- source: nginx
target: /etc/nginx/nginx.conf
volumes:
- ./conf.d:/etc/nginx/conf.d
logging:
driver: loki
options:
loki-url: "http://localhost:3100/loki/api/v1/push"
loki-batch-size: "400"
loki-retries: 3

基础应用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
version: "3.9"

services:
nginx:
image: nginx:1.21.6-alpine
networks:
- ingress
ports:
- "80:80"
- "443:443"
configs:
- source: nginx
target: /etc/nginx/nginx.conf
secrets:
- source: cakey
target: /etc/nginx/certs/cert.key
mode: 0440
- source: capem
target: /etc/nginx/certs/cert.pem
mode: 0440
- source: registry
target: /etc/nginx/registry.htpasswd
mode: 0777
volumes:
- ./conf.d:/etc/nginx/conf.d
- /data/nginx/web_root:/usr/share/nginx/html:ro
depends_on:
- registry
- gitea

registry:
image: registry:2.8.1
networks:
- ingress
volumes:
- /data/registry:/var/lib/registry

gitea:
image: gitea/gitea:1.16.5
networks:
- ingress
environment:
- USER_UID=1000
- USER_GID=1000
- APP_NAME=Where the world builds software
- RUN_MODE=prod
- RUN_USER=git
- DISABLE_SSH=true
- DOMAIN=<domain>
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- /data/devops/gitea:/data

configs:
nginx:
file: ./nginx.conf

networks:
ingress:
external: true
name: aida_ingress

secrets:
cakey:
file: ./acme.sh/certs/cert.key
capem:
file: ./acme.sh/certs/cert.pem
registry:
file: ./registry.htpasswd

监控

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
version: "3.9"

services:
grafana:
image: grafana/grafana:8.2.6
user: root
ports:
- "3000:3000"
networks:
- ingress
volumes:
- /data/grafana:/var/lib/grafana
configs:
- source: grafana
target: /etc/grafana/grafana.ini

loki:
image: grafana/loki:2.5.0
user: root
networks:
- ingress
ports:
- "3100:3100"
command: -config.file=/etc/loki/local-config.yaml
volumes:
- /data/loki:/loki
configs:
- source: loki
target: /etc/loki/local-config.yaml

promtail:
image: grafana/promtail:2.5.0
user: root
networks:
- ingress
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: -config.file=/etc/promtail/config.yml
configs:
- source: promtail
target: /etc/promtail/config.yml

prometheus:
image: prom/prometheus:v2.34.0
command: --config.file=/etc/prometheus/prometheus.yml --web.route-prefix=/ --web.external-url=https://<domain>/prometheus
user: root
networks:
- ingress
ports:
- "9090:9090"
volumes:
- /data/prometheus:/prometheus
configs:
- source: prometheus
target: /etc/prometheus/prometheus.yml

node-exporter:
image: prom/node-exporter:latest
command:
- '--path.procfs=/host/proc'
- '--path.rootfs=/rootfs'
- '--path.sysfs=/host/sys'
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
networks:
- ingress
volumes:
- /proc:/host/proc
- /sys:/host/sys
- /:/rootfs
- /etc/localtime:/etc/localtime

networks:
ingress:
external: true
name: aida_ingress

configs:
loki:
file: ./loki/local-config.yaml
promtail:
file: ./promtail/docker-config.yaml
prometheus:
file: ./prometheus/prometheus.yml
grafana:
file: ./grafana/grafana.ini