diff options
author | terminaldweller <thabogre@gmail.com> | 2023-01-14 04:30:53 +0000 |
---|---|---|
committer | terminaldweller <thabogre@gmail.com> | 2023-01-14 04:30:53 +0000 |
commit | c81052b70888eb18dca82e33444ebbd9910f5ebc (patch) | |
tree | 6b6eb892438a15f7b4849d7508d61d9491b809c3 /terminaldweller.com/haproxy | |
parent | update (diff) | |
download | scripts-c81052b70888eb18dca82e33444ebbd9910f5ebc.tar.gz scripts-c81052b70888eb18dca82e33444ebbd9910f5ebc.zip |
update
Diffstat (limited to '')
-rw-r--r-- | terminaldweller.com/haproxy/conf.yml | 429 | ||||
-rw-r--r-- | terminaldweller.com/haproxy/docker-compose.yaml | 90 |
2 files changed, 480 insertions, 39 deletions
diff --git a/terminaldweller.com/haproxy/conf.yml b/terminaldweller.com/haproxy/conf.yml new file mode 100644 index 0000000..f3c8a9c --- /dev/null +++ b/terminaldweller.com/haproxy/conf.yml @@ -0,0 +1,429 @@ +# my global config +global: + scrape_interval: 60s + evaluation_interval: 120s + scrape_timeout: 10s + + external_labels: + monitor: codelab + foo: bar + +rule_files: + - "first.rules" + - "my/*.rules" + +remote_write: + - url: http://remote1/push + name: drop_expensive + write_relabel_configs: + - source_labels: [__name__] + regex: expensive.* + action: drop + oauth2: + client_id: "123" + client_secret: "456" + token_url: "http://remote1/auth" + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + + - url: http://remote2/push + name: rw_tls + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + headers: + name: value + +remote_read: + - url: http://remote1/read + read_recent: true + name: default + enable_http2: false + - url: http://remote3/read + read_recent: false + name: read_special + required_matchers: + job: special + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + +scrape_configs: + - job_name: prometheus + + honor_labels: true + # scrape_interval is defined by the configured global (15s). + # scrape_timeout is defined by the global default (10s). + + # metrics_path defaults to '/metrics' + # scheme defaults to 'http'. + + file_sd_configs: + - files: + - foo/*.slow.json + - foo/*.slow.yml + - single/file.yml + refresh_interval: 10m + - files: + - bar/*.yaml + + static_configs: + - targets: ["localhost:9090", "localhost:9191"] + labels: + my: label + your: label + + relabel_configs: + - source_labels: [job, __meta_dns_name] + regex: (.*)some-[regex] + target_label: job + replacement: foo-${1} + # action defaults to 'replace' + - source_labels: [abc] + target_label: cde + - replacement: static + target_label: abc + - regex: + replacement: static + target_label: abc + - source_labels: [foo] + target_label: abc + action: keepequal + - source_labels: [foo] + target_label: abc + action: dropequal + + authorization: + credentials_file: valid_token_file + + tls_config: + min_version: TLS10 + + - job_name: service-x + + basic_auth: + username: admin_name + password: "multiline\nmysecret\ntest" #pragma: allowlist secret + + scrape_interval: 50s + scrape_timeout: 5s + + body_size_limit: 10MB + sample_limit: 1000 + + metrics_path: /my_path + scheme: https + + dns_sd_configs: + - refresh_interval: 15s + names: + - first.dns.address.domain.com + - second.dns.address.domain.com + - names: + - first.dns.address.domain.com + + relabel_configs: + - source_labels: [job] + regex: (.*)some-[regex] + action: drop + - source_labels: [__address__] + modulus: 8 + target_label: __tmp_hash + action: hashmod + - source_labels: [__tmp_hash] + regex: 1 + action: keep + - action: labelmap + regex: 1 + - action: labeldrop + regex: d + - action: labelkeep + regex: k + + metric_relabel_configs: + - source_labels: [__name__] + regex: expensive_metric.* + action: drop + + - job_name: service-y + + consul_sd_configs: + - server: "localhost:1234" + token: mysecret + services: ["nginx", "cache", "mysql"] + tags: ["canary", "v1"] + node_meta: + rack: "123" + allow_stale: true + scheme: https + tls_config: + ca_file: valid_ca_file + cert_file: valid_cert_file + key_file: valid_key_file + insecure_skip_verify: false + + relabel_configs: + - source_labels: [__meta_sd_consul_tags] + separator: "," + regex: label:([^=]+)=([^,]+) + target_label: ${1} + replacement: ${2} + + - job_name: service-z + + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + + authorization: + credentials: mysecret + + - job_name: service-kubernetes + + kubernetes_sd_configs: + - role: endpoints + api_server: "https://localhost:1234" + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + + basic_auth: + username: "myusername" + password: "mysecret" #pragma: allowlist secret + + - job_name: service-kubernetes-namespaces + + kubernetes_sd_configs: + - role: endpoints + api_server: "https://localhost:1234" + namespaces: + names: + - default + + basic_auth: + username: "myusername" + password_file: valid_password_file #pragma: allowlist secret + + - job_name: service-kuma + + kuma_sd_configs: + - server: http://kuma-control-plane.kuma-system.svc:5676 + + - job_name: service-marathon + marathon_sd_configs: + - servers: + - "https://marathon.example.com:443" + + auth_token: "mysecret" + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + + - job_name: service-nomad + nomad_sd_configs: + - server: 'http://localhost:4646' + + - job_name: service-ec2 + ec2_sd_configs: + - region: us-east-1 + access_key: access + secret_key: mysecret #pragma: allowlist secret + profile: profile + filters: + - name: tag:environment + values: + - prod + + - name: tag:service + values: + - web + - db + + - job_name: service-lightsail + lightsail_sd_configs: + - region: us-east-1 + access_key: access + secret_key: mysecret #pragma: allowlist secret + profile: profile + + - job_name: service-azure + azure_sd_configs: + - environment: AzurePublicCloud + authentication_method: OAuth + subscription_id: 11AAAA11-A11A-111A-A111-1111A1111A11 + resource_group: my-resource-group + tenant_id: BBBB222B-B2B2-2B22-B222-2BB2222BB2B2 + client_id: 333333CC-3C33-3333-CCC3-33C3CCCCC33C + client_secret: mysecret #pragma: allowlist secret + port: 9100 + + - job_name: service-nerve + nerve_sd_configs: + - servers: + - localhost + paths: + - /monitoring + + - job_name: 0123service-xxx + metrics_path: /metrics + static_configs: + - targets: + - localhost:9090 + + - job_name: badfederation + honor_timestamps: false + metrics_path: /federate + static_configs: + - targets: + - localhost:9090 + + - job_name: 測試 + metrics_path: /metrics + static_configs: + - targets: + - localhost:9090 + + - job_name: httpsd + http_sd_configs: + - url: "http://example.com/prometheus" + + - job_name: service-triton + triton_sd_configs: + - account: "testAccount" + dns_suffix: "triton.example.com" + endpoint: "triton.example.com" + port: 9163 + refresh_interval: 1m + version: 1 + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + + - job_name: digitalocean-droplets + digitalocean_sd_configs: + - authorization: + credentials: abcdef + + - job_name: docker + docker_sd_configs: + - host: unix:///var/run/docker.sock + + - job_name: dockerswarm + dockerswarm_sd_configs: + - host: http://127.0.0.1:2375 + role: nodes + + - job_name: service-openstack + openstack_sd_configs: + - role: instance + region: RegionOne + port: 80 + refresh_interval: 1m + tls_config: + ca_file: valid_ca_file + cert_file: valid_cert_file + key_file: valid_key_file + + - job_name: service-puppetdb + puppetdb_sd_configs: + - url: https://puppetserver/ + query: 'resources { type = "Package" and title = "httpd" }' + include_parameters: true + port: 80 + refresh_interval: 1m + tls_config: + ca_file: valid_ca_file + cert_file: valid_cert_file + key_file: valid_key_file + + - job_name: hetzner + relabel_configs: + - action: uppercase + source_labels: [instance] + target_label: instance + hetzner_sd_configs: + - role: hcloud + authorization: + credentials: abcdef + - role: robot + basic_auth: + username: abcdef + password: abcdef + + - job_name: service-eureka + eureka_sd_configs: + - server: "http://eureka.example.com:8761/eureka" + + - job_name: ovhcloud + ovhcloud_sd_configs: + - service: vps + endpoint: ovh-eu + application_key: testAppKey + application_secret: testAppSecret #pragma: allowlist secret + consumer_key: testConsumerKey + refresh_interval: 1m + - service: dedicated_server + endpoint: ovh-eu + application_key: testAppKey + application_secret: testAppSecret #pragma: allowlist secret + consumer_key: testConsumerKey + refresh_interval: 1m + + - job_name: scaleway + scaleway_sd_configs: + - role: instance + project_id: 11111111-1111-1111-1111-111111111112 + access_key: SCWXXXXXXXXXXXXXXXXX + secret_key: 11111111-1111-1111-1111-111111111111 + - role: baremetal + project_id: 11111111-1111-1111-1111-111111111112 + access_key: SCWXXXXXXXXXXXXXXXXX + secret_key: 11111111-1111-1111-1111-111111111111 + + - job_name: linode-instances + linode_sd_configs: + - authorization: + credentials: abcdef + + - job_name: uyuni + uyuni_sd_configs: + - server: https://localhost:1234 + username: gopher + password: hole #pragma: allowlist secret + + - job_name: ionos + ionos_sd_configs: + - datacenter_id: 8feda53f-15f0-447f-badf-ebe32dad2fc0 + authorization: + credentials: abcdef + + - job_name: vultr + vultr_sd_configs: + - authorization: + credentials: abcdef + +alerting: + alertmanagers: + - scheme: https + static_configs: + - targets: + - "1.2.3.4:9093" + - "1.2.3.5:9093" + - "1.2.3.6:9093" + +storage: + tsdb: + out_of_order_time_window: 30m + +tracing: + endpoint: "localhost:4317" + client_type: "grpc" + headers: + foo: "bar" + timeout: 5s + compression: "gzip" + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + insecure_skip_verify: true diff --git a/terminaldweller.com/haproxy/docker-compose.yaml b/terminaldweller.com/haproxy/docker-compose.yaml index f24d17c..6e89024 100644 --- a/terminaldweller.com/haproxy/docker-compose.yaml +++ b/terminaldweller.com/haproxy/docker-compose.yaml @@ -1,7 +1,7 @@ version: "3.4" services: haproxy: - image: haproxy + image: haproxy:2.7.1-bullseye ports: - "80:80" - "443:443" @@ -17,51 +17,63 @@ services: - "587:587" volumes: - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro - - ./certs:/usr/local/etc/certs:ro + # - ./certs:/usr/local/etc/certs:ro networks: - proxynet - - certnet + - metricsnet + # - certnet restart: unless-stopped cap_drop: - ALL - certbot: - image: certbot - build: - context: ./certbot - ports: - - "127.0.0.1:9080:80" - - "127.0.0.1:9443:443" + # certbot: + # image: certbot + # build: + # context: ./certbot + # ports: + # - "127.0.0.1:9080:80" + # - "127.0.0.1:9443:443" + # networks: + # - certnet + # # restart: unless-stopped + # volumes: + # - ./letsencrypt:/etc/letsencrypt + # - ./webroot:/webroot + # - ./certs:/certs + # # command: ["certonly","--test-cert","--webroot","-w","/webroot","-d","chat.terminaldweller.com","--email","thabogre@gmail.com","--non-interactive","--agree-tos"] + # entrypoint: ["/certbot-entrypoint.sh"] + # environment: + # - DOMAIN=chat.terminaldweller.com + # - EMAIL=devi@mail.terminaldweller.com + # nginx: + # image: nginx + # ports: + # - "127.0.0.1:8080:80" + # networks: + # - certnet + # restart: unless-stopped + # volumes: + # - ./webroot:/usr/share/nginx/html + # udpproxy: + # image: nginx + # ports: + # - "127.0.0.1:3478:3478/udp" + # - "127.0.0.1:5349:5349/udp" + # networks: + # - proxynet + # restart: unless-stopped + # volumes: + # - ./nginx.conf:/etc/nginx/nginx.conf:ro + prometheus: + image: bitnami/prometheus:2.41.0 networks: - - certnet - # restart: unless-stopped - volumes: - - ./letsencrypt:/etc/letsencrypt - - ./webroot:/webroot - - ./certs:/certs - # command: ["certonly","--test-cert","--webroot","-w","/webroot","-d","chat.terminaldweller.com","--email","thabogre@gmail.com","--non-interactive","--agree-tos"] - entrypoint: ["/certbot-entrypoint.sh"] - environment: - - DOMAIN=chat.terminaldweller.com - - EMAIL=devi@mail.terminaldweller.com - nginx: - image: nginx - ports: - - "127.0.0.1:8080:80" - networks: - - certnet - restart: unless-stopped - volumes: - - ./webroot:/usr/share/nginx/html - udpproxy: - image: nginx - ports: - - "127.0.0.1:3478:3478/udp" - - "127.0.0.1:5349:5349/udp" - networks: - - proxynet + - metricsnet restart: unless-stopped volumes: - - ./nginx.conf:/etc/nginx/nginx.conf:ro + - metricsvault:/opt/bitnami/prometheus/data + - ./conf.yml:/opt/bitnami/prometheus/conf/prometheus.yml:ro networks: proxynet: - certnet: + metricsnet: + # certnet: +volumes: + metricsvault: |