我已经在docker容器中成功设置了Prometheus服务。我也在同一主机的不同其他端口上运行node-exporter和cadvisor等服务。
所有服务都使用docker-compose运行。这是样本
version: '2'
volumes:
grafana_data: {}
services:
prometheus:
image: prom/prometheus
privileged: true
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
- ./alertmanager/alert.rules:/alertmanager/alert.rules
command:
- '--config.file=/etc/prometheus/prometheus.yml'
ports:
- '9090:9090'
node-exporter:
image: prom/node-exporter
ports:
- '9100:9100'
cadvisor:
image: google/cadvisor:latest
privileged: true
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
- /cgroup:/sys/fs/cgroup:ro
ports:
- '8080:8080'
如何让公众无法访问管理员服务,因为现在每个人都可以访问管理员和节点导出器访问主机URL以及正在分配的端口。但是,由于普罗米修斯依赖它,只有prometheus应该能够访问它。
如果您不需要从外部访问服务,则只需不要发布该服务的端口,从每个服务中删除ports部分。生成的撰写文件如下所示:
version: '2'
volumes:
grafana_data: {}
services:
prometheus:
image: prom/prometheus
privileged: true
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
- ./alertmanager/alert.rules:/alertmanager/alert.rules
command:
- '--config.file=/etc/prometheus/prometheus.yml'
ports:
- '9090:9090'
node-exporter:
image: prom/node-exporter
# removed "ports" from here
cadvisor:
image: google/cadvisor:latest
privileged: true
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
- /cgroup:/sys/fs/cgroup:ro
# removed "ports" from here
容器通过共享网络相互通信,默认情况下,您可以使用docker compose或docker stack获得它们。要使用容器到容器网络,请通过它的服务名称引用目标容器(在本例中为:node-exporter
和cadvisor
),并使用容器端口,而不是已发布的端口,在您的情况下是相同的。
此配置应按预期工作。请注意,您需要更新Prometheus配置,以便通过别名(node-exporter
,cadvisor
)而不是IP来引用节点导出器和CAdvisor。
version: '2'
volumes:
grafana_data: {}
services:
prometheus:
image: prom/prometheus
privileged: true
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
- ./alertmanager/alert.rules:/alertmanager/alert.rules
command:
- '--config.file=/etc/prometheus/prometheus.yml'
ports:
- '9090:9090'
links:
- 'node-exporter'
- 'cadvisor'
node-exporter:
image: prom/node-exporter
cadvisor:
image: google/cadvisor:latest
privileged: true
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
- /cgroup:/sys/fs/cgroup:ro