secrets: monitoring_vault_role_id: external: true monitoring_vault_secret_id: external: true networks: cicd: external: true volumes: loki_data: grafana_data: prometheus_data: alertmanager_data: alertmanager_config: driver: local driver_opts: type: tmpfs device: tmpfs o: size=8m,uid=0,gid=0,mode=0755 vault_secrets: driver: local driver_opts: type: tmpfs device: tmpfs o: size=32m,uid=472,gid=472,mode=0750 services: vault-agent-monitoring: image: hashicorp/vault:latest networks: [cicd] cap_add: ["IPC_LOCK"] environment: VAULT_ADDR: "http://vault:8200" command: > sh -lc 'vault agent -config=/etc/vault/agent.hcl' secrets: - source: monitoring_vault_role_id target: /etc/vault/role_id - source: monitoring_vault_secret_id target: /etc/vault/secret_id volumes: - ./vault-agent/agent.hcl:/etc/vault/agent.hcl:ro - ./vault-agent/templates:/etc/vault/templates:ro - vault_secrets:/vault/secrets:rw - alertmanager_config:/vault/alertmanager:rw healthcheck: test: ["CMD-SHELL", "test -s /vault/secrets/grafana.env"] interval: 30s timeout: 5s retries: 3 deploy: restart_policy: condition: any prometheus: image: prom/prometheus:latest networks: [cicd] command: - --config.file=/etc/prometheus/prometheus.yml - --storage.tsdb.path=/prometheus - --storage.tsdb.retention.time=30d - --web.enable-lifecycle volumes: - ./prometheus/config.yml:/etc/prometheus/prometheus.yml:ro - prometheus_data:/prometheus healthcheck: test: ["CMD", "wget", "--spider", "-q", "http://localhost:9090/-/ready"] interval: 30s timeout: 5s retries: 3 labels: - "traefik.enable=true" - "traefik.http.routers.prometheus.rule=Host(`prometheus.sendico.io`)" - "traefik.http.routers.prometheus.entrypoints=websecure" - "traefik.http.routers.prometheus.tls.certresolver=letsencrypt" - "traefik.http.services.prometheus.loadbalancer.server.port=9090" deploy: restart_policy: condition: any alertmanager: image: prom/alertmanager:latest networks: [cicd] command: > sh -c 'while [ ! -s /vault/alertmanager/alertmanager.yml ]; do echo "⏳ waiting for alertmanager.yml"; sleep 2; done; exec /bin/alertmanager --config.file=/vault/alertmanager/alertmanager.yml --storage.path=/alertmanager' volumes: - alertmanager_data:/alertmanager - alertmanager_config:/vault/alertmanager:ro healthcheck: test: ["CMD", "wget", "--spider", "-q", "http://localhost:9093/-/ready"] interval: 30s timeout: 5s retries: 3 labels: - "traefik.enable=true" - "traefik.http.routers.alertmanager.rule=Host(`alertmanager.sendico.io`)" - "traefik.http.routers.alertmanager.entrypoints=websecure" - "traefik.http.routers.alertmanager.tls.certresolver=letsencrypt" - "traefik.http.services.alertmanager.loadbalancer.server.port=9093" deploy: restart_policy: condition: any loki: image: grafana/loki:latest networks: [cicd] command: ["-config.file=/etc/loki/config.yml"] volumes: - ./loki/config.yml:/etc/loki/config.yml:ro - loki_data:/loki healthcheck: test: ["CMD", "wget", "--spider", "-q", "http://localhost:3100/ready"] interval: 30s timeout: 5s retries: 5 deploy: restart_policy: condition: any grafana: image: grafana/grafana:latest networks: [cicd] command: > sh -c 'while [ ! -s /vault/secrets/grafana.env ]; do echo "⏳ waiting for grafana.env"; sleep 2; done; set -a; . /vault/secrets/grafana.env; set +a; exec /run.sh' volumes: - grafana_data:/var/lib/grafana - vault_secrets:/vault/secrets:ro healthcheck: test: ["CMD", "wget", "--spider", "-q", "http://localhost:3000/api/health"] interval: 30s timeout: 5s retries: 5 labels: - "traefik.enable=true" - "traefik.http.routers.grafana.rule=Host(`grafana.sendico.io`)" - "traefik.http.routers.grafana.entrypoints=websecure" - "traefik.http.routers.grafana.tls.certresolver=letsencrypt" - "traefik.http.services.grafana.loadbalancer.server.port=3000" deploy: restart_policy: condition: any