From 30014852cab5ac303c7a8fc1e540a3d0fd33553c Mon Sep 17 00:00:00 2001 From: Sun-ZhenXing <1006925066@qq.com> Date: Fri, 26 Sep 2025 16:40:04 +0800 Subject: [PATCH] feat: add apisix/etcd/grafana/prometheus --- README.md | 4 + src/apisix/.env.example | 34 +++++ src/apisix/README.md | 209 +++++++++++++++++++++++++++++ src/apisix/README.zh.md | 209 +++++++++++++++++++++++++++++ src/apisix/docker-compose.yaml | 121 +++++++++++++++++ src/etcd/.env.example | 37 +++++ src/etcd/README.md | 135 +++++++++++++++++++ src/etcd/README.zh.md | 135 +++++++++++++++++++ src/etcd/docker-compose.yaml | 64 +++++++++ src/grafana/.env.example | 25 ++++ src/grafana/README.md | 75 +++++++++++ src/grafana/README.zh.md | 75 +++++++++++ src/grafana/docker-compose.yaml | 46 +++++++ src/prometheus/.env.example | 16 +++ src/prometheus/README.md | 119 ++++++++++++++++ src/prometheus/README.zh.md | 119 ++++++++++++++++ src/prometheus/docker-compose.yaml | 50 +++++++ 17 files changed, 1473 insertions(+) create mode 100644 src/apisix/.env.example create mode 100644 src/apisix/README.md create mode 100644 src/apisix/README.zh.md create mode 100644 src/apisix/docker-compose.yaml create mode 100644 src/etcd/.env.example create mode 100644 src/etcd/README.md create mode 100644 src/etcd/README.zh.md create mode 100644 src/etcd/docker-compose.yaml create mode 100644 src/grafana/.env.example create mode 100644 src/grafana/README.md create mode 100644 src/grafana/README.zh.md create mode 100644 src/grafana/docker-compose.yaml create mode 100644 src/prometheus/.env.example create mode 100644 src/prometheus/README.md create mode 100644 src/prometheus/README.zh.md create mode 100644 src/prometheus/docker-compose.yaml diff --git a/README.md b/README.md index b953385..e7033ed 100644 --- a/README.md +++ b/README.md @@ -6,15 +6,18 @@ Compose Anything helps users quickly deploy various services by providing a set | Service | Version | | -------------------------------------------------------- | ---------------------------- | +| [Apache APISIX](./src/apisix) | 3.13.0 | | [Bifrost Gateway](./src/bifrost-gateway) | 1.2.15 | | [Clash](./src/clash) | 1.18.0 | | [Docker Registry](./src/docker-registry) | 3.0.0 | +| [etcd](./src/etcd) | 3.6.0 | | [frpc](./src/frpc) | 0.64.0 | | [frps](./src/frps) | 0.64.0 | | [Gitea](./src/gitea) | 1.24.6 | | [Gitea Runner](./src/gitea-runner) | 0.2.12 | | [GitLab](./src/gitlab) | 17.10.4-ce.0 | | [GitLab Runner](./src/gitlab-runner) | 17.10.1 | +| [Grafana](./src/grafana) | 12.1.1 | | [IOPaint](./src/io-paint) | latest | | [Milvus Standalone](./src/milvus-standalone) | 2.6.2 | | [Milvus Standalone Embed](./src/milvus-standalone-embed) | 2.6.2 | @@ -29,6 +32,7 @@ Compose Anything helps users quickly deploy various services by providing a set | [OpenCut](./src/opencut) | latest | | [PocketBase](./src/pocketbase) | 0.30.0 | | [PostgreSQL](./src/postgres) | 17.6 | +| [Prometheus](./src/prometheus) | 3.5.0 | | [Qdrant](./src/qdrant) | 1.15.4 | | [RabbitMQ](./src/rabbitmq) | 4.1.4 | | [Redis](./src/redis) | 8.2.1 | diff --git a/src/apisix/.env.example b/src/apisix/.env.example new file mode 100644 index 0000000..8d9330d --- /dev/null +++ b/src/apisix/.env.example @@ -0,0 +1,34 @@ +# Apache APISIX Environment Variables + +# APISIX image version +APISIX_VERSION=3.13.0-debian + +# Host port mapping for HTTP traffic (9080) +APISIX_HTTP_PORT_OVERRIDE=9080 + +# Host port mapping for HTTPS traffic (9443) +APISIX_HTTPS_PORT_OVERRIDE=9443 + +# Host port mapping for Admin API (9180) +APISIX_ADMIN_PORT_OVERRIDE=9180 + +# Run APISIX in standalone mode (without etcd) +APISIX_STAND_ALONE=false + +# etcd image version +ETCD_VERSION=v3.6.0 + +# Host port mapping for etcd client connections (2379) +ETCD_CLIENT_PORT_OVERRIDE=2379 + +# APISIX Dashboard image version +APISIX_DASHBOARD_VERSION=3.0.1-alpine + +# Host port mapping for Dashboard (9000) +APISIX_DASHBOARD_PORT_OVERRIDE=9000 + +# Dashboard admin username +APISIX_DASHBOARD_USER=admin + +# Dashboard admin password - CHANGE THIS FOR PRODUCTION! +APISIX_DASHBOARD_PASSWORD=admin diff --git a/src/apisix/README.md b/src/apisix/README.md new file mode 100644 index 0000000..9a6aa13 --- /dev/null +++ b/src/apisix/README.md @@ -0,0 +1,209 @@ +# Apache APISIX + +[English](./README.md) | [中文](./README.zh.md) + +This service deploys Apache APISIX, a dynamic, real-time, high-performance cloud-native API gateway. + +## Services + +- `apisix`: The APISIX API gateway. +- `etcd`: The configuration storage backend for APISIX. +- `apisix-dashboard` (optional): Web UI for managing APISIX configuration. + +## Environment Variables + +| Variable Name | Description | Default Value | +| ------------------------------ | ---------------------------------------------------- | --------------- | +| APISIX_VERSION | APISIX image version | `3.13.0-debian` | +| APISIX_HTTP_PORT_OVERRIDE | Host port mapping for HTTP traffic (9080) | `9080` | +| APISIX_HTTPS_PORT_OVERRIDE | Host port mapping for HTTPS traffic (9443) | `9443` | +| APISIX_ADMIN_PORT_OVERRIDE | Host port mapping for Admin API (9180) | `9180` | +| APISIX_STAND_ALONE | Run APISIX in standalone mode (without etcd) | `false` | +| ETCD_VERSION | etcd image version | `v3.6.0` | +| ETCD_CLIENT_PORT_OVERRIDE | Host port mapping for etcd client connections (2379) | `2379` | +| APISIX_DASHBOARD_VERSION | APISIX Dashboard image version | `3.0.1-alpine` | +| APISIX_DASHBOARD_PORT_OVERRIDE | Host port mapping for Dashboard (9000) | `9000` | +| APISIX_DASHBOARD_USER | Dashboard admin username | `admin` | +| APISIX_DASHBOARD_PASSWORD | Dashboard admin password | `admin` | + +Please modify the `.env` file as needed for your use case. + +## Volumes + +- `apisix_logs`: A volume for storing APISIX logs. +- `etcd_data`: A volume for storing etcd configuration data. +- `dashboard_conf`: A volume for storing Dashboard configuration. +- `config.yaml`: Optional custom APISIX configuration file (mount to `/usr/local/apisix/conf/config.yaml`). +- `apisix.yaml`: Optional custom APISIX route configuration file (mount to `/usr/local/apisix/conf/apisix.yaml`). + +## Network Ports + +- `9080`: HTTP traffic port +- `9443`: HTTPS traffic port +- `9180`: Admin API port +- `9000`: Dashboard web interface (optional) +- `2379`: etcd client port + +## Usage + +### Basic Setup + +1. Start the services: + + ```bash + docker compose up -d + ``` + +2. Access the Admin API: + + ```bash + curl http://localhost:9180/apisix/admin/routes + ``` + +### With Dashboard + +To enable the web dashboard, use the `dashboard` profile: + +```bash +docker compose --profile dashboard up -d +``` + +Access the dashboard at `http://localhost:9000` with credentials: + +- Username: `admin` (configurable via `APISIX_DASHBOARD_USER`) +- Password: `admin` (configurable via `APISIX_DASHBOARD_PASSWORD`) + +### Creating Routes + +#### Using Admin API + +Create a simple route: + +```bash +curl -X PUT http://localhost:9180/apisix/admin/routes/1 \ + -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' \ + -H 'Content-Type: application/json' \ + -d '{ + "uri": "/get", + "upstream": { + "type": "roundrobin", + "nodes": { + "httpbin.org:80": 1 + } + } + }' +``` + +Test the route: + +```bash +curl http://localhost:9080/get +``` + +#### Using Dashboard + +1. Access the dashboard at `http://localhost:9000` +2. Login with admin credentials +3. Navigate to "Route" section +4. Create and configure routes through the web interface + +### Configuration Files + +#### Custom APISIX Configuration + +Mount a custom `config.yaml` file: + +```yaml +volumes: + - ./config.yaml:/usr/local/apisix/conf/config.yaml +``` + +Example `config.yaml`: + +```yaml +apisix: + node_listen: 9080 + enable_ipv6: false + enable_admin: true + port_admin: 9180 + +etcd: + host: + - "http://etcd:2379" + prefix: "/apisix" + timeout: 30 + +plugin_attr: + prometheus: + export_addr: + ip: "0.0.0.0" + port: 9091 +``` + +#### Standalone Mode + +For simple setups without etcd, enable standalone mode: + +```env +APISIX_STAND_ALONE=true +``` + +Mount an `apisix.yaml` file with route definitions: + +```yaml +volumes: + - ./apisix.yaml:/usr/local/apisix/conf/apisix.yaml +``` + +### SSL/TLS Configuration + +To enable HTTPS: + +1. Mount SSL certificates +2. Configure SSL in `config.yaml` +3. Create SSL-enabled routes + +Example SSL volume mount: + +```yaml +volumes: + - ./ssl:/usr/local/apisix/conf/cert +``` + +### Plugins + +APISIX supports numerous plugins for authentication, rate limiting, logging, etc.: + +- Authentication: `jwt-auth`, `key-auth`, `oauth` +- Rate Limiting: `limit-req`, `limit-conn`, `limit-count` +- Observability: `prometheus`, `zipkin`, `skywalking` +- Security: `cors`, `csrf`, `ip-restriction` + +Enable plugins through the Admin API or Dashboard. + +## Security Notes + +- **Change the default Admin API key** (`edd1c9f034335f136f87ad84b625c8f1`) in production +- **Change dashboard credentials** for production use +- Configure proper SSL/TLS certificates for HTTPS +- Use authentication plugins for sensitive routes +- Implement rate limiting to prevent abuse +- Regular security updates are recommended + +## Monitoring + +APISIX provides built-in metrics for Prometheus: + +- Enable the `prometheus` plugin +- Metrics available at `http://localhost:9091/apisix/prometheus/metrics` + +## Performance Tuning + +- Adjust worker processes based on CPU cores +- Configure appropriate buffer sizes +- Use connection pooling for upstream services +- Enable response caching when appropriate + +## License + +Apache APISIX is licensed under the Apache 2.0 license. diff --git a/src/apisix/README.zh.md b/src/apisix/README.zh.md new file mode 100644 index 0000000..dbfd4eb --- /dev/null +++ b/src/apisix/README.zh.md @@ -0,0 +1,209 @@ +# Apache APISIX + +[English](./README.md) | [中文](./README.zh.md) + +本服务部署 Apache APISIX,这是一个动态、实时、高性能的云原生 API 网关。 + +## 服务 + +- `apisix`: APISIX API 网关。 +- `etcd`: APISIX 的配置存储后端。 +- `apisix-dashboard`(可选): 用于管理 APISIX 配置的 Web UI。 + +## 环境变量 + +| 变量名 | 描述 | 默认值 | +| ------------------------------ | ------------------------------------- | --------------- | +| APISIX_VERSION | APISIX 镜像版本 | `3.13.0-debian` | +| APISIX_HTTP_PORT_OVERRIDE | HTTP 流量的主机端口映射(9080) | `9080` | +| APISIX_HTTPS_PORT_OVERRIDE | HTTPS 流量的主机端口映射(9443) | `9443` | +| APISIX_ADMIN_PORT_OVERRIDE | Admin API 的主机端口映射(9180) | `9180` | +| APISIX_STAND_ALONE | 以独立模式运行 APISIX(不使用 etcd) | `false` | +| ETCD_VERSION | etcd 镜像版本 | `v3.6.0` | +| ETCD_CLIENT_PORT_OVERRIDE | etcd 客户端连接的主机端口映射(2379) | `2379` | +| APISIX_DASHBOARD_VERSION | APISIX Dashboard 镜像版本 | `3.0.1-alpine` | +| APISIX_DASHBOARD_PORT_OVERRIDE | Dashboard 的主机端口映射(9000) | `9000` | +| APISIX_DASHBOARD_USER | Dashboard 管理员用户名 | `admin` | +| APISIX_DASHBOARD_PASSWORD | Dashboard 管理员密码 | `admin` | + +请根据您的使用情况修改 `.env` 文件。 + +## 数据卷 + +- `apisix_logs`: 用于存储 APISIX 日志的数据卷。 +- `etcd_data`: 用于存储 etcd 配置数据的数据卷。 +- `dashboard_conf`: 用于存储 Dashboard 配置的数据卷。 +- `config.yaml`: 可选的自定义 APISIX 配置文件(挂载到 `/usr/local/apisix/conf/config.yaml`)。 +- `apisix.yaml`: 可选的自定义 APISIX 路由配置文件(挂载到 `/usr/local/apisix/conf/apisix.yaml`)。 + +## 网络端口 + +- `9080`: HTTP 流量端口 +- `9443`: HTTPS 流量端口 +- `9180`: Admin API 端口 +- `9000`: Dashboard Web 界面(可选) +- `2379`: etcd 客户端端口 + +## 使用方法 + +### 基本设置 + +1. 启动服务: + + ```bash + docker compose up -d + ``` + +2. 访问 Admin API: + + ```bash + curl http://localhost:9180/apisix/admin/routes + ``` + +### 使用 Dashboard + +要启用 Web 仪表板,使用 `dashboard` 配置文件: + +```bash +docker compose --profile dashboard up -d +``` + +在 `http://localhost:9000` 访问仪表板,凭据: + +- 用户名: `admin`(可通过 `APISIX_DASHBOARD_USER` 配置) +- 密码: `admin`(可通过 `APISIX_DASHBOARD_PASSWORD` 配置) + +### 创建路由 + +#### 使用 Admin API + +创建简单路由: + +```bash +curl -X PUT http://localhost:9180/apisix/admin/routes/1 \ + -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' \ + -H 'Content-Type: application/json' \ + -d '{ + "uri": "/get", + "upstream": { + "type": "roundrobin", + "nodes": { + "httpbin.org:80": 1 + } + } + }' +``` + +测试路由: + +```bash +curl http://localhost:9080/get +``` + +#### 使用 Admin Dashboard + +1. 在 `http://localhost:9000` 访问仪表板 +2. 使用管理员凭据登录 +3. 导航到"路由"部分 +4. 通过 Web 界面创建和配置路由 + +### 配置文件 + +#### 自定义 APISIX 配置 + +挂载自定义 `config.yaml` 文件: + +```yaml +volumes: + - ./config.yaml:/usr/local/apisix/conf/config.yaml +``` + +示例 `config.yaml`: + +```yaml +apisix: + node_listen: 9080 + enable_ipv6: false + enable_admin: true + port_admin: 9180 + +etcd: + host: + - "http://etcd:2379" + prefix: "/apisix" + timeout: 30 + +plugin_attr: + prometheus: + export_addr: + ip: "0.0.0.0" + port: 9091 +``` + +#### 独立模式 + +对于不使用 etcd 的简单设置,启用独立模式: + +```env +APISIX_STAND_ALONE=true +``` + +挂载带有路由定义的 `apisix.yaml` 文件: + +```yaml +volumes: + - ./apisix.yaml:/usr/local/apisix/conf/apisix.yaml +``` + +### SSL/TLS 配置 + +要启用 HTTPS: + +1. 挂载 SSL 证书 +2. 在 `config.yaml` 中配置 SSL +3. 创建启用 SSL 的路由 + +SSL 卷挂载示例: + +```yaml +volumes: + - ./ssl:/usr/local/apisix/conf/cert +``` + +### 插件 + +APISIX 支持众多插件,用于身份验证、速率限制、日志记录等: + +- 身份验证: `jwt-auth`、`key-auth`、`oauth` +- 速率限制: `limit-req`、`limit-conn`、`limit-count` +- 可观察性: `prometheus`、`zipkin`、`skywalking` +- 安全性: `cors`、`csrf`、`ip-restriction` + +通过 Admin API 或 Dashboard 启用插件。 + +## 安全注意事项 + +- **在生产环境中更改默认 Admin API 密钥**(`edd1c9f034335f136f87ad84b625c8f1`) +- **为生产使用更改仪表板凭据** +- 为 HTTPS 配置适当的 SSL/TLS 证书 +- 对敏感路由使用身份验证插件 +- 实施速率限制以防止滥用 +- 建议定期进行安全更新 + +## 监控 + +APISIX 为 Prometheus 提供内置指标: + +- 启用 `prometheus` 插件 +- 指标可在 `http://localhost:9091/apisix/prometheus/metrics` 获得 + +## 性能调优 + +- 根据 CPU 核心数调整工作进程 +- 配置适当的缓冲区大小 +- 为上游服务使用连接池 +- 在适当时启用响应缓存 + +## 许可证 + +Apache APISIX 采用 Apache 2.0 许可证。 diff --git a/src/apisix/docker-compose.yaml b/src/apisix/docker-compose.yaml new file mode 100644 index 0000000..70ec547 --- /dev/null +++ b/src/apisix/docker-compose.yaml @@ -0,0 +1,121 @@ +x-default: &default + restart: unless-stopped + volumes: + - &localtime /etc/localtime:/etc/localtime:ro + - &timezone /etc/timezone:/etc/timezone:ro + logging: + driver: json-file + options: + max-size: 100m + +services: + apisix: + <<: *default + image: apache/apisix:${APISIX_VERSION:-3.13.0-debian} + container_name: apisix + ports: + - "${APISIX_HTTP_PORT_OVERRIDE:-9080}:9080" + - "${APISIX_HTTPS_PORT_OVERRIDE:-9443}:9443" + - "${APISIX_ADMIN_PORT_OVERRIDE:-9180}:9180" + volumes: + - *localtime + - *timezone + - apisix_logs:/usr/local/apisix/logs + + # Optional: Mount custom configuration + # - ./config.yaml:/usr/local/apisix/conf/config.yaml + # - ./apisix.yaml:/usr/local/apisix/conf/apisix.yaml + environment: + - APISIX_STAND_ALONE=${APISIX_STAND_ALONE:-false} + depends_on: + - etcd + deploy: + resources: + limits: + cpus: '1.0' + memory: 1G + reservations: + cpus: '0.25' + memory: 256M + + etcd: + <<: *default + image: quay.io/coreos/etcd:${ETCD_VERSION:-v3.6.0} + container_name: apisix-etcd + ports: + - "${ETCD_CLIENT_PORT_OVERRIDE:-2379}:2379" + volumes: + - *localtime + - *timezone + - etcd_data:/etcd-data + environment: + - ETCD_NAME=apisix-etcd + - ETCD_DATA_DIR=/etcd-data + - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 + - ETCD_ADVERTISE_CLIENT_URLS=http://etcd:2379 + - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380 + - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd:2380 + - ETCD_INITIAL_CLUSTER=apisix-etcd=http://etcd:2380 + - ETCD_INITIAL_CLUSTER_STATE=new + - ETCD_INITIAL_CLUSTER_TOKEN=apisix-etcd-cluster + - ETCD_AUTO_COMPACTION_RETENTION=1 + - ETCD_QUOTA_BACKEND_BYTES=2147483648 + - ETCD_HEARTBEAT_INTERVAL=100 + - ETCD_ELECTION_TIMEOUT=1000 + - ETCD_ENABLE_V2=false + command: + - etcd + - --name=apisix-etcd + - --data-dir=/etcd-data + - --listen-client-urls=http://0.0.0.0:2379 + - --advertise-client-urls=http://etcd:2379 + - --listen-peer-urls=http://0.0.0.0:2380 + - --initial-advertise-peer-urls=http://etcd:2380 + - --initial-cluster=apisix-etcd=http://etcd:2380 + - --initial-cluster-state=new + - --initial-cluster-token=apisix-etcd-cluster + - --auto-compaction-retention=1 + - --quota-backend-bytes=2147483648 + - --heartbeat-interval=100 + - --election-timeout=1000 + - --enable-v2=false + deploy: + resources: + limits: + cpus: '0.5' + memory: 512M + reservations: + cpus: '0.1' + memory: 128M + + # Optional: APISIX Dashboard + apisix-dashboard: + <<: *default + image: apache/apisix-dashboard:${APISIX_DASHBOARD_VERSION:-3.0.1-alpine} + container_name: apisix-dashboard + ports: + - "${APISIX_DASHBOARD_PORT_OVERRIDE:-9000}:9000" + volumes: + - *localtime + - *timezone + - dashboard_conf:/usr/local/apisix-dashboard/conf + environment: + - APISIX_DASHBOARD_USER=${APISIX_DASHBOARD_USER:-admin} + - APISIX_DASHBOARD_PASSWORD=${APISIX_DASHBOARD_PASSWORD:-admin} + depends_on: + - apisix + profiles: + - dashboard + deploy: + resources: + limits: + cpus: '0.5' + memory: 512M + reservations: + cpus: '0.1' + memory: 128M + +volumes: + apisix_logs: + etcd_data: + dashboard_conf: diff --git a/src/etcd/.env.example b/src/etcd/.env.example new file mode 100644 index 0000000..b14a2cf --- /dev/null +++ b/src/etcd/.env.example @@ -0,0 +1,37 @@ +# etcd Environment Variables + +# etcd image version +ETCD_VERSION=v3.6.0 + +# Host port mapping for client connections (2379) +ETCD_CLIENT_PORT_OVERRIDE=2379 + +# Host port mapping for peer connections (2380) +ETCD_PEER_PORT_OVERRIDE=2380 + +# Human-readable name for this etcd member +ETCD_NAME=etcd-node + +# Initial cluster configuration +ETCD_INITIAL_CLUSTER=etcd-node=http://localhost:2380 + +# Initial cluster state ('new' or 'existing') +ETCD_INITIAL_CLUSTER_STATE=new + +# Initial cluster token for bootstrap +ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster + +# Auto compaction retention in hours +ETCD_AUTO_COMPACTION_RETENTION=1 + +# Storage size limit in bytes (2GB = 2147483648) +ETCD_QUOTA_BACKEND_BYTES=2147483648 + +# Heartbeat interval in milliseconds +ETCD_HEARTBEAT_INTERVAL=100 + +# Election timeout in milliseconds +ETCD_ELECTION_TIMEOUT=1000 + +# Enable etcd v2 API +ETCD_ENABLE_V2=false diff --git a/src/etcd/README.md b/src/etcd/README.md new file mode 100644 index 0000000..79249d2 --- /dev/null +++ b/src/etcd/README.md @@ -0,0 +1,135 @@ +# etcd + +[English](./README.md) | [中文](./README.zh.md) + +This service deploys etcd, a distributed, reliable key-value store for the most critical data of a distributed system. + +## Services + +- `etcd`: The etcd key-value store service. + +## Environment Variables + +| Variable Name | Description | Default Value | +| ------------------------------ | ----------------------------------------------- | --------------------------------- | +| ETCD_VERSION | etcd image version | `v3.6.0` | +| ETCD_CLIENT_PORT_OVERRIDE | Host port mapping for client connections (2379) | `2379` | +| ETCD_PEER_PORT_OVERRIDE | Host port mapping for peer connections (2380) | `2380` | +| ETCD_NAME | Human-readable name for this etcd member | `etcd-node` | +| ETCD_INITIAL_CLUSTER | Initial cluster configuration | `etcd-node=http://localhost:2380` | +| ETCD_INITIAL_CLUSTER_STATE | Initial cluster state ('new' or 'existing') | `new` | +| ETCD_INITIAL_CLUSTER_TOKEN | Initial cluster token for bootstrap | `etcd-cluster` | +| ETCD_AUTO_COMPACTION_RETENTION | Auto compaction retention in hours | `1` | +| ETCD_QUOTA_BACKEND_BYTES | Storage size limit in bytes | `2147483648` (2GB) | +| ETCD_HEARTBEAT_INTERVAL | Heartbeat interval in milliseconds | `100` | +| ETCD_ELECTION_TIMEOUT | Election timeout in milliseconds | `1000` | +| ETCD_ENABLE_V2 | Enable etcd v2 API | `false` | + +Please modify the `.env` file as needed for your use case. + +## Volumes + +- `etcd_data`: A volume for storing etcd data persistently. + +## Network Ports + +- `2379`: Client communication port +- `2380`: Peer communication port (for clustering) + +## Single Node Setup + +The default configuration runs etcd as a single node, suitable for development and testing. + +## Cluster Setup + +To set up a multi-node etcd cluster, you need to: + +1. Define multiple etcd services in your compose file +2. Configure the `ETCD_INITIAL_CLUSTER` variable properly +3. Set unique names for each node + +Example for a 3-node cluster: + +```yaml +services: + etcd1: + # ... base config + environment: + - ETCD_NAME=etcd1 + - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 + - ETCD_ADVERTISE_CLIENT_URLS=http://etcd1:2379 + - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd1:2380 + + etcd2: + # ... base config + environment: + - ETCD_NAME=etcd2 + - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 + - ETCD_ADVERTISE_CLIENT_URLS=http://etcd2:2379 + - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd2:2380 + + etcd3: + # ... base config + environment: + - ETCD_NAME=etcd3 + - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 + - ETCD_ADVERTISE_CLIENT_URLS=http://etcd3:2379 + - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd3:2380 +``` + +## Client Access + +### Using etcdctl + +Connect to etcd using the etcdctl client: + +```bash +# Set endpoint +export ETCDCTL_ENDPOINTS=http://localhost:2379 + +# Put a key-value pair +etcdctl put mykey myvalue + +# Get a value +etcdctl get mykey + +# List all keys +etcdctl get --prefix "" +``` + +### Using HTTP API + +etcd provides a RESTful HTTP API: + +```bash +# Put a key-value pair +curl -X PUT http://localhost:2379/v3/kv/put \ + -H 'Content-Type: application/json' \ + -d '{"key":"bXlrZXk=","value":"bXl2YWx1ZQ=="}' + +# Get a value +curl -X POST http://localhost:2379/v3/kv/range \ + -H 'Content-Type: application/json' \ + -d '{"key":"bXlrZXk="}' +``` + +## Performance Tuning + +- Adjust `ETCD_QUOTA_BACKEND_BYTES` based on your storage needs +- Tune `ETCD_HEARTBEAT_INTERVAL` and `ETCD_ELECTION_TIMEOUT` for your network latency +- Configure `ETCD_AUTO_COMPACTION_RETENTION` to manage data size + +## Security Notes + +- The default configuration is for development/testing only +- For production, enable TLS encryption and authentication +- Consider network security and firewall rules +- Regular backups are recommended + +## Monitoring + +etcd exposes metrics at `http://localhost:2379/metrics` in Prometheus format. + +## License + +etcd is licensed under the Apache 2.0 license. diff --git a/src/etcd/README.zh.md b/src/etcd/README.zh.md new file mode 100644 index 0000000..d58a977 --- /dev/null +++ b/src/etcd/README.zh.md @@ -0,0 +1,135 @@ +# etcd + +[English](./README.md) | [中文](./README.zh.md) + +本服务部署 etcd,这是一个分布式、可靠的键值存储,用于分布式系统的最关键数据。 + +## 服务 + +- `etcd`: etcd 键值存储服务。 + +## 环境变量 + +| 变量名 | 描述 | 默认值 | +| ------------------------------ | ----------------------------------- | --------------------------------- | +| ETCD_VERSION | etcd 镜像版本 | `v3.6.0` | +| ETCD_CLIENT_PORT_OVERRIDE | 客户端连接的主机端口映射(2379) | `2379` | +| ETCD_PEER_PORT_OVERRIDE | 对等连接的主机端口映射(2380) | `2380` | +| ETCD_NAME | 此 etcd 成员的人类可读名称 | `etcd-node` | +| ETCD_INITIAL_CLUSTER | 初始集群配置 | `etcd-node=http://localhost:2380` | +| ETCD_INITIAL_CLUSTER_STATE | 初始集群状态('new' 或 'existing') | `new` | +| ETCD_INITIAL_CLUSTER_TOKEN | 用于引导的初始集群令牌 | `etcd-cluster` | +| ETCD_AUTO_COMPACTION_RETENTION | 自动压缩保留时间(小时) | `1` | +| ETCD_QUOTA_BACKEND_BYTES | 存储大小限制(字节) | `2147483648` (2GB) | +| ETCD_HEARTBEAT_INTERVAL | 心跳间隔(毫秒) | `100` | +| ETCD_ELECTION_TIMEOUT | 选举超时(毫秒) | `1000` | +| ETCD_ENABLE_V2 | 启用 etcd v2 API | `false` | + +请根据您的使用情况修改 `.env` 文件。 + +## 数据卷 + +- `etcd_data`: 用于持久存储 etcd 数据的数据卷。 + +## 网络端口 + +- `2379`: 客户端通信端口 +- `2380`: 对等通信端口(用于集群) + +## 单节点设置 + +默认配置将 etcd 作为单节点运行,适用于开发和测试。 + +## 集群设置 + +要设置多节点 etcd 集群,您需要: + +1. 在您的 compose 文件中定义多个 etcd 服务 +2. 正确配置 `ETCD_INITIAL_CLUSTER` 变量 +3. 为每个节点设置唯一名称 + +3 节点集群示例: + +```yaml +services: + etcd1: + # ... 基础配置 + environment: + - ETCD_NAME=etcd1 + - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 + - ETCD_ADVERTISE_CLIENT_URLS=http://etcd1:2379 + - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd1:2380 + + etcd2: + # ... 基础配置 + environment: + - ETCD_NAME=etcd2 + - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 + - ETCD_ADVERTISE_CLIENT_URLS=http://etcd2:2379 + - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd2:2380 + + etcd3: + # ... 基础配置 + environment: + - ETCD_NAME=etcd3 + - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 + - ETCD_ADVERTISE_CLIENT_URLS=http://etcd3:2379 + - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd3:2380 +``` + +## 客户端访问 + +### 使用 etcdctl + +使用 etcdctl 客户端连接到 etcd: + +```bash +# 设置端点 +export ETCDCTL_ENDPOINTS=http://localhost:2379 + +# 放置键值对 +etcdctl put mykey myvalue + +# 获取值 +etcdctl get mykey + +# 列出所有键 +etcdctl get --prefix "" +``` + +### 使用 HTTP API + +etcd 提供 RESTful HTTP API: + +```bash +# 放置键值对 +curl -X PUT http://localhost:2379/v3/kv/put \ + -H 'Content-Type: application/json' \ + -d '{"key":"bXlrZXk=","value":"bXl2YWx1ZQ=="}' + +# 获取值 +curl -X POST http://localhost:2379/v3/kv/range \ + -H 'Content-Type: application/json' \ + -d '{"key":"bXlrZXk="}' +``` + +## 性能调优 + +- 根据您的存储需求调整 `ETCD_QUOTA_BACKEND_BYTES` +- 根据您的网络延迟调整 `ETCD_HEARTBEAT_INTERVAL` 和 `ETCD_ELECTION_TIMEOUT` +- 配置 `ETCD_AUTO_COMPACTION_RETENTION` 来管理数据大小 + +## 安全注意事项 + +- 默认配置仅适用于开发/测试 +- 对于生产环境,启用 TLS 加密和身份验证 +- 考虑网络安全和防火墙规则 +- 建议定期备份 + +## 监控 + +etcd 在 `http://localhost:2379/metrics` 以 Prometheus 格式公开指标。 + +## 许可证 + +etcd 采用 Apache 2.0 许可证。 diff --git a/src/etcd/docker-compose.yaml b/src/etcd/docker-compose.yaml new file mode 100644 index 0000000..7fe7d9b --- /dev/null +++ b/src/etcd/docker-compose.yaml @@ -0,0 +1,64 @@ +x-default: &default + restart: unless-stopped + volumes: + - &localtime /etc/localtime:/etc/localtime:ro + - &timezone /etc/timezone:/etc/timezone:ro + logging: + driver: json-file + options: + max-size: 100m + +services: + etcd: + <<: *default + image: quay.io/coreos/etcd:${ETCD_VERSION:-v3.6.0} + container_name: etcd + ports: + - "${ETCD_CLIENT_PORT_OVERRIDE:-2379}:2379" + - "${ETCD_PEER_PORT_OVERRIDE:-2380}:2380" + volumes: + - *localtime + - *timezone + - etcd_data:/etcd-data + environment: + - ETCD_NAME=${ETCD_NAME:-etcd-node} + - ETCD_DATA_DIR=/etcd-data + - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 + - ETCD_ADVERTISE_CLIENT_URLS=http://localhost:2379 + - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380 + - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://localhost:2380 + - ETCD_INITIAL_CLUSTER=${ETCD_INITIAL_CLUSTER:-etcd-node=http://localhost:2380} + - ETCD_INITIAL_CLUSTER_STATE=${ETCD_INITIAL_CLUSTER_STATE:-new} + - ETCD_INITIAL_CLUSTER_TOKEN=${ETCD_INITIAL_CLUSTER_TOKEN:-etcd-cluster} + - ETCD_AUTO_COMPACTION_RETENTION=${ETCD_AUTO_COMPACTION_RETENTION:-1} + - ETCD_QUOTA_BACKEND_BYTES=${ETCD_QUOTA_BACKEND_BYTES:-2147483648} + - ETCD_HEARTBEAT_INTERVAL=${ETCD_HEARTBEAT_INTERVAL:-100} + - ETCD_ELECTION_TIMEOUT=${ETCD_ELECTION_TIMEOUT:-1000} + - ETCD_ENABLE_V2=${ETCD_ENABLE_V2:-false} + command: + - etcd + - --name=${ETCD_NAME:-etcd-node} + - --data-dir=/etcd-data + - --listen-client-urls=http://0.0.0.0:2379 + - --advertise-client-urls=http://localhost:2379 + - --listen-peer-urls=http://0.0.0.0:2380 + - --initial-advertise-peer-urls=http://localhost:2380 + - --initial-cluster=${ETCD_INITIAL_CLUSTER:-etcd-node=http://localhost:2380} + - --initial-cluster-state=${ETCD_INITIAL_CLUSTER_STATE:-new} + - --initial-cluster-token=${ETCD_INITIAL_CLUSTER_TOKEN:-etcd-cluster} + - --auto-compaction-retention=${ETCD_AUTO_COMPACTION_RETENTION:-1} + - --quota-backend-bytes=${ETCD_QUOTA_BACKEND_BYTES:-2147483648} + - --heartbeat-interval=${ETCD_HEARTBEAT_INTERVAL:-100} + - --election-timeout=${ETCD_ELECTION_TIMEOUT:-1000} + - --enable-v2=${ETCD_ENABLE_V2:-false} + deploy: + resources: + limits: + cpus: '1.0' + memory: 1G + reservations: + cpus: '0.25' + memory: 256M + +volumes: + etcd_data: diff --git a/src/grafana/.env.example b/src/grafana/.env.example new file mode 100644 index 0000000..2532378 --- /dev/null +++ b/src/grafana/.env.example @@ -0,0 +1,25 @@ +# Grafana Environment Variables + +# Grafana image version +GRAFANA_VERSION=12.1.1 + +# Host port mapping (maps to Grafana port 3000 in container) +GRAFANA_PORT_OVERRIDE=3000 + +# Admin username +GRAFANA_ADMIN_USER=admin + +# Admin password - CHANGE THIS FOR PRODUCTION! +GRAFANA_ADMIN_PASSWORD=admin + +# Allow users to sign up themselves +GRAFANA_ALLOW_SIGN_UP=false + +# Comma-separated list of plugins to install +GRAFANA_PLUGINS= + +# Root URL for Grafana (used for links and redirects) +GRAFANA_ROOT_URL=http://localhost:3000 + +# Secret key for signing cookies and encrypting database - SET THIS FOR PRODUCTION! +GRAFANA_SECRET_KEY= diff --git a/src/grafana/README.md b/src/grafana/README.md new file mode 100644 index 0000000..f3832cd --- /dev/null +++ b/src/grafana/README.md @@ -0,0 +1,75 @@ +# Grafana + +[English](./README.md) | [中文](./README.zh.md) + +This service deploys Grafana, an open-source analytics and monitoring platform for visualizing metrics from various data sources. + +## Services + +- `grafana`: The Grafana web interface and API server. + +## Environment Variables + +| Variable Name | Description | Default Value | +| ---------------------- | ---------------------------------------------------------- | ----------------------- | +| GRAFANA_VERSION | Grafana image version | `12.1.1` | +| GRAFANA_PORT_OVERRIDE | Host port mapping (maps to Grafana port 3000 in container) | `3000` | +| GRAFANA_ADMIN_USER | Admin username | `admin` | +| GRAFANA_ADMIN_PASSWORD | Admin password | `admin` | +| GRAFANA_ALLOW_SIGN_UP | Allow users to sign up themselves | `false` | +| GRAFANA_PLUGINS | Comma-separated list of plugins to install | `""` | +| GRAFANA_ROOT_URL | Root URL for Grafana (used for links and redirects) | `http://localhost:3000` | +| GRAFANA_SECRET_KEY | Secret key for signing cookies and encrypting database | `""` | + +Please modify the `.env` file as needed for your use case. + +## Volumes + +- `grafana_data`: A volume for storing Grafana's database and configuration. +- `grafana_logs`: A volume for storing Grafana logs. +- `grafana.ini`: Optional custom configuration file (mount to `/etc/grafana/grafana.ini`). +- `provisioning`: Optional directory for provisioning datasources and dashboards (mount to `/etc/grafana/provisioning`). + +## Default Credentials + +- Username: `admin` (configurable via `GRAFANA_ADMIN_USER`) +- Password: `admin` (configurable via `GRAFANA_ADMIN_PASSWORD`) + +## Security Notes + +- **Change the default admin password** in production environments. +- Set a strong `GRAFANA_SECRET_KEY` for production use. +- Consider disabling sign-up (`GRAFANA_ALLOW_SIGN_UP=false`) in production. +- Use HTTPS in production by configuring a reverse proxy or Grafana's TLS settings. + +## Common Use Cases + +### Installing Plugins + +Set the `GRAFANA_PLUGINS` environment variable with a comma-separated list of plugin IDs: + +```env +GRAFANA_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource +``` + +### Custom Configuration + +Mount a custom `grafana.ini` file to `/etc/grafana/grafana.ini`: + +```yaml +volumes: + - ./grafana.ini:/etc/grafana/grafana.ini +``` + +### Provisioning Datasources and Dashboards + +Mount a provisioning directory with datasource and dashboard configurations: + +```yaml +volumes: + - ./provisioning:/etc/grafana/provisioning +``` + +## License + +Grafana is licensed under the AGPL v3.0 license. Commercial licenses are available from Grafana Labs. diff --git a/src/grafana/README.zh.md b/src/grafana/README.zh.md new file mode 100644 index 0000000..803803d --- /dev/null +++ b/src/grafana/README.zh.md @@ -0,0 +1,75 @@ +# Grafana + +[English](./README.md) | [中文](./README.zh.md) + +本服务部署 Grafana,这是一个开源的分析和监控平台,用于可视化来自各种数据源的指标。 + +## 服务 + +- `grafana`: Grafana Web 界面和 API 服务器。 + +## 环境变量 + +| 变量名 | 描述 | 默认值 | +| ---------------------- | ------------------------------------------------ | ----------------------- | +| GRAFANA_VERSION | Grafana 镜像版本 | `12.1.1` | +| GRAFANA_PORT_OVERRIDE | 主机端口映射(映射到容器中的 Grafana 端口 3000) | `3000` | +| GRAFANA_ADMIN_USER | 管理员用户名 | `admin` | +| GRAFANA_ADMIN_PASSWORD | 管理员密码 | `admin` | +| GRAFANA_ALLOW_SIGN_UP | 允许用户自行注册 | `false` | +| GRAFANA_PLUGINS | 要安装的插件列表(逗号分隔) | `""` | +| GRAFANA_ROOT_URL | Grafana 的根 URL(用于链接和重定向) | `http://localhost:3000` | +| GRAFANA_SECRET_KEY | 用于签名 cookies 和加密数据库的密钥 | `""` | + +请根据您的使用情况修改 `.env` 文件。 + +## 数据卷 + +- `grafana_data`: 用于存储 Grafana 数据库和配置的数据卷。 +- `grafana_logs`: 用于存储 Grafana 日志的数据卷。 +- `grafana.ini`: 可选的自定义配置文件(挂载到 `/etc/grafana/grafana.ini`)。 +- `provisioning`: 用于预配置数据源和仪表板的可选目录(挂载到 `/etc/grafana/provisioning`)。 + +## 默认凭据 + +- 用户名: `admin`(可通过 `GRAFANA_ADMIN_USER` 配置) +- 密码: `admin`(可通过 `GRAFANA_ADMIN_PASSWORD` 配置) + +## 安全注意事项 + +- **在生产环境中更改默认管理员密码**。 +- 为生产环境设置强 `GRAFANA_SECRET_KEY`。 +- 考虑在生产环境中禁用注册(`GRAFANA_ALLOW_SIGN_UP=false`)。 +- 通过配置反向代理或 Grafana 的 TLS 设置在生产环境中使用 HTTPS。 + +## 常见用例 + +### 安装插件 + +使用逗号分隔的插件 ID 列表设置 `GRAFANA_PLUGINS` 环境变量: + +```env +GRAFANA_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource +``` + +### 自定义配置 + +将自定义 `grafana.ini` 文件挂载到 `/etc/grafana/grafana.ini`: + +```yaml +volumes: + - ./grafana.ini:/etc/grafana/grafana.ini +``` + +### 预配置数据源和仪表板 + +挂载包含数据源和仪表板配置的预配置目录: + +```yaml +volumes: + - ./provisioning:/etc/grafana/provisioning +``` + +## 许可证 + +Grafana 采用 AGPL v3.0 许可证。商业许可证可从 Grafana Labs 获得。 diff --git a/src/grafana/docker-compose.yaml b/src/grafana/docker-compose.yaml new file mode 100644 index 0000000..3a0b3c0 --- /dev/null +++ b/src/grafana/docker-compose.yaml @@ -0,0 +1,46 @@ +x-default: &default + restart: unless-stopped + volumes: + - &localtime /etc/localtime:/etc/localtime:ro + - &timezone /etc/timezone:/etc/timezone:ro + logging: + driver: json-file + options: + max-size: 100m + +services: + grafana: + <<: *default + image: grafana/grafana:${GRAFANA_VERSION:-12.1.1} + container_name: grafana + ports: + - "${GRAFANA_PORT_OVERRIDE:-3000}:3000" + volumes: + - *localtime + - *timezone + - grafana_data:/var/lib/grafana + - grafana_logs:/var/log/grafana + + # Optional: Mount custom configuration + # - ./grafana.ini:/etc/grafana/grafana.ini + # - ./provisioning:/etc/grafana/provisioning + environment: + - GF_SECURITY_ADMIN_USER=${GRAFANA_ADMIN_USER:-admin} + - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD:-admin} + - GF_USERS_ALLOW_SIGN_UP=${GRAFANA_ALLOW_SIGN_UP:-false} + - GF_INSTALL_PLUGINS=${GRAFANA_PLUGINS:-} + - GF_SERVER_ROOT_URL=${GRAFANA_ROOT_URL:-http://localhost:3000} + - GF_SECURITY_SECRET_KEY=${GRAFANA_SECRET_KEY:-} + user: "472:472" # Grafana user + deploy: + resources: + limits: + cpus: '1.0' + memory: 1G + reservations: + cpus: '0.25' + memory: 256M + +volumes: + grafana_data: + grafana_logs: diff --git a/src/prometheus/.env.example b/src/prometheus/.env.example new file mode 100644 index 0000000..673b0f3 --- /dev/null +++ b/src/prometheus/.env.example @@ -0,0 +1,16 @@ +# Prometheus Environment Variables + +# Prometheus image version +PROMETHEUS_VERSION=v3.5.0 + +# Host port mapping (maps to Prometheus port 9090 in container) +PROMETHEUS_PORT_OVERRIDE=9090 + +# How long to retain data (examples: 15d, 30d, 1y) +PROMETHEUS_RETENTION_TIME=15d + +# Maximum storage size (empty = unlimited, examples: 10GB, 1TB) +PROMETHEUS_RETENTION_SIZE= + +# External URL for Prometheus (used for links and redirects) +PROMETHEUS_EXTERNAL_URL=http://localhost:9090 diff --git a/src/prometheus/README.md b/src/prometheus/README.md new file mode 100644 index 0000000..2a904a2 --- /dev/null +++ b/src/prometheus/README.md @@ -0,0 +1,119 @@ +# Prometheus + +[English](./README.md) | [中文](./README.zh.md) + +This service deploys Prometheus, an open-source system monitoring and alerting toolkit with a multi-dimensional data model and powerful query language. + +## Services + +- `prometheus`: The Prometheus server for scraping and storing time series data. + +## Environment Variables + +| Variable Name | Description | Default Value | +| ------------------------- | ------------------------------------------------------------- | ----------------------- | +| PROMETHEUS_VERSION | Prometheus image version | `v3.5.0` | +| PROMETHEUS_PORT_OVERRIDE | Host port mapping (maps to Prometheus port 9090 in container) | `9090` | +| PROMETHEUS_RETENTION_TIME | How long to retain data | `15d` | +| PROMETHEUS_RETENTION_SIZE | Maximum storage size (empty = unlimited) | `""` | +| PROMETHEUS_EXTERNAL_URL | External URL for Prometheus (used for links and redirects) | `http://localhost:9090` | + +Please modify the `.env` file as needed for your use case. + +## Volumes + +- `prometheus_data`: A volume for storing Prometheus time series data. +- `prometheus.yml`: Optional custom configuration file (mount to `/etc/prometheus/prometheus.yml`). +- `rules`: Optional directory for alerting and recording rules (mount to `/etc/prometheus/rules`). + +## Default Configuration + +The default Prometheus configuration includes: + +- Scraping itself for metrics +- Global scrape interval of 15 seconds +- Basic web console access + +## Configuration Files + +### Custom Prometheus Configuration + +Mount a custom `prometheus.yml` file to `/etc/prometheus/prometheus.yml`: + +```yaml +volumes: + - ./prometheus.yml:/etc/prometheus/prometheus.yml +``` + +Example `prometheus.yml`: + +```yaml +global: + scrape_interval: 15s + evaluation_interval: 15s + +scrape_configs: + - job_name: 'prometheus' + static_configs: + - targets: ['localhost:9090'] + + - job_name: 'node_exporter' + static_configs: + - targets: ['node_exporter:9100'] +``` + +### Alert Rules + +Mount rules directory to `/etc/prometheus/rules`: + +```yaml +volumes: + - ./rules:/etc/prometheus/rules +``` + +## Data Retention + +Configure data retention using environment variables: + +- `PROMETHEUS_RETENTION_TIME`: Time-based retention (e.g., `30d`, `1y`) +- `PROMETHEUS_RETENTION_SIZE`: Size-based retention (e.g., `10GB`, `1TB`) + +## API Access + +- Web UI: `http://localhost:9090` +- API endpoint: `http://localhost:9090/api/v1/` +- Admin API is enabled for configuration reloads + +## Security Notes + +- Consider restricting access to the admin API in production +- Use authentication/authorization proxy for production deployments +- Monitor resource usage as Prometheus can consume significant storage and memory + +## Common Use Cases + +### Monitoring Docker Containers + +Add cAdvisor to monitor container metrics: + +```yaml +services: + cadvisor: + image: gcr.io/cadvisor/cadvisor:latest + ports: + - "8080:8080" + volumes: + - /:/rootfs:ro + - /var/run:/var/run:ro + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + - /dev/disk/:/dev/disk:ro +``` + +### Service Discovery + +Use file-based service discovery or integrate with service discovery systems like Consul or Kubernetes. + +## License + +Prometheus is licensed under the Apache 2.0 license. diff --git a/src/prometheus/README.zh.md b/src/prometheus/README.zh.md new file mode 100644 index 0000000..2b99835 --- /dev/null +++ b/src/prometheus/README.zh.md @@ -0,0 +1,119 @@ +# Prometheus + +[English](./README.md) | [中文](./README.zh.md) + +本服务部署 Prometheus,这是一个开源的系统监控和警报工具包,具有多维数据模型和强大的查询语言。 + +## 服务 + +- `prometheus`: 用于抓取和存储时间序列数据的 Prometheus 服务器。 + +## 环境变量 + +| 变量名 | 描述 | 默认值 | +| ------------------------- | --------------------------------------------------- | ----------------------- | +| PROMETHEUS_VERSION | Prometheus 镜像版本 | `v3.5.0` | +| PROMETHEUS_PORT_OVERRIDE | 主机端口映射(映射到容器中的 Prometheus 端口 9090) | `9090` | +| PROMETHEUS_RETENTION_TIME | 数据保留时间 | `15d` | +| PROMETHEUS_RETENTION_SIZE | 最大存储大小(空值 = 无限制) | `""` | +| PROMETHEUS_EXTERNAL_URL | Prometheus 的外部 URL(用于链接和重定向) | `http://localhost:9090` | + +请根据您的使用情况修改 `.env` 文件。 + +## 数据卷 + +- `prometheus_data`: 用于存储 Prometheus 时间序列数据的数据卷。 +- `prometheus.yml`: 可选的自定义配置文件(挂载到 `/etc/prometheus/prometheus.yml`)。 +- `rules`: 用于警报和记录规则的可选目录(挂载到 `/etc/prometheus/rules`)。 + +## 默认配置 + +默认的 Prometheus 配置包括: + +- 抓取自身的指标 +- 全局抓取间隔为 15 秒 +- 基本的 Web 控制台访问 + +## 配置文件 + +### 自定义 Prometheus 配置 + +将自定义 `prometheus.yml` 文件挂载到 `/etc/prometheus/prometheus.yml`: + +```yaml +volumes: + - ./prometheus.yml:/etc/prometheus/prometheus.yml +``` + +示例 `prometheus.yml`: + +```yaml +global: + scrape_interval: 15s + evaluation_interval: 15s + +scrape_configs: + - job_name: 'prometheus' + static_configs: + - targets: ['localhost:9090'] + + - job_name: 'node_exporter' + static_configs: + - targets: ['node_exporter:9100'] +``` + +### 警报规则 + +将规则目录挂载到 `/etc/prometheus/rules`: + +```yaml +volumes: + - ./rules:/etc/prometheus/rules +``` + +## 数据保留 + +使用环境变量配置数据保留: + +- `PROMETHEUS_RETENTION_TIME`: 基于时间的保留(例如,`30d`、`1y`) +- `PROMETHEUS_RETENTION_SIZE`: 基于大小的保留(例如,`10GB`、`1TB`) + +## API 访问 + +- Web UI: `http://localhost:9090` +- API 端点: `http://localhost:9090/api/v1/` +- 启用了管理 API 用于配置重新加载 + +## 安全注意事项 + +- 考虑在生产环境中限制对管理 API 的访问 +- 为生产部署使用身份验证/授权代理 +- 监控资源使用情况,因为 Prometheus 可能消耗大量存储和内存 + +## 常见用例 + +### 监控 Docker 容器 + +添加 cAdvisor 来监控容器指标: + +```yaml +services: + cadvisor: + image: gcr.io/cadvisor/cadvisor:latest + ports: + - "8080:8080" + volumes: + - /:/rootfs:ro + - /var/run:/var/run:ro + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + - /dev/disk/:/dev/disk:ro +``` + +### 服务发现 + +使用基于文件的服务发现或与 Consul 或 Kubernetes 等服务发现系统集成。 + +## 许可证 + +Prometheus 采用 Apache 2.0 许可证。 diff --git a/src/prometheus/docker-compose.yaml b/src/prometheus/docker-compose.yaml new file mode 100644 index 0000000..84e9af0 --- /dev/null +++ b/src/prometheus/docker-compose.yaml @@ -0,0 +1,50 @@ +x-default: &default + restart: unless-stopped + volumes: + - &localtime /etc/localtime:/etc/localtime:ro + - &timezone /etc/timezone:/etc/timezone:ro + logging: + driver: json-file + options: + max-size: 100m + +services: + prometheus: + <<: *default + image: prom/prometheus:${PROMETHEUS_VERSION:-v3.5.0} + container_name: prometheus + ports: + - "${PROMETHEUS_PORT_OVERRIDE:-9090}:9090" + volumes: + - *localtime + - *timezone + - prometheus_data:/prometheus + + # Optional: Mount custom configuration + # - ./prometheus.yml:/etc/prometheus/prometheus.yml + # - ./rules:/etc/prometheus/rules + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--web.console.libraries=/etc/prometheus/console_libraries' + - '--web.console.templates=/etc/prometheus/consoles' + - '--storage.tsdb.retention.time=${PROMETHEUS_RETENTION_TIME:-15d}' + - '--storage.tsdb.retention.size=${PROMETHEUS_RETENTION_SIZE:-}' + - '--web.enable-lifecycle' + - '--web.enable-admin-api' + - '--web.external-url=${PROMETHEUS_EXTERNAL_URL:-http://localhost:9090}' + environment: + - PROMETHEUS_RETENTION_TIME=${PROMETHEUS_RETENTION_TIME:-15d} + - PROMETHEUS_RETENTION_SIZE=${PROMETHEUS_RETENTION_SIZE:-} + user: "65534:65534" # nobody user + deploy: + resources: + limits: + cpus: '1.0' + memory: 2G + reservations: + cpus: '0.25' + memory: 512M + +volumes: + prometheus_data: