cadvisor
docker-socket-proxy
Our great sponsors
cadvisor | docker-socket-proxy | |
---|---|---|
44 | 23 | |
16,323 | 1,200 | |
1.5% | 6.8% | |
8.0 | 5.3 | |
2 days ago | 13 days ago | |
Go | Python | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cadvisor
-
List of your reverse proxied services
cAdvisor
-
Need Recommendation: btop like web page for docker
https://github.com/google/cadvisor exports Prometheus metrics, but also offers a simple web-ui for container metrics.
-
Exporters running, just not in prometheus?
version: '3' volumes: prometheus-data: driver: local grafana-data: driver: local services: prometheus: image: prom/prometheus:latest container_name: prometheus ports: - "9090:9090" volumes: - /etc/prometheus:/etc/prometheus - prometheus-data:/prometheus restart: unless-stopped command: - "--config.file=/etc/prometheus/prometheus.yml" grafana: image: grafana/grafana:latest container_name: grafana ports: - "3000:3000" volumes: - grafana-data:/var/lib/grafana restart: unless-stopped node_exporter: image: quay.io/prometheus/node-exporter:latest container_name: node_exporter command: - '--path.rootfs=/host' pid: host restart: unless-stopped volumes: - '/:/host:ro,rslave' cadvisor: # TODO: latest tag is not updated, check latest release https://github.com/google/cadvisor/releases image: gcr.io/cadvisor/cadvisor-arm:v0.47.0 container_name: cadvisor ports: - "8080:8080" network_mode: host volumes: - /:/rootfs:ro - /var/run:/var/run:ro - /sys:/sys:ro - /var/lib/docker/:/var/lib/docker:ro - /dev/disk/:/dev/disk:ro privileged: true restart: unless-stopped depends_on: - redis redis: image: redis:latest container_name: redis ports: - "6379:6379"
-
Prometheus JMX Exporter for Java17
For CPU and memory metrics, you can use cAdvisor to collect container level data.
-
Docker Monitoring Solution?
Perhaps https://github.com/google/cadvisor + prometheus (or influx or whatever else) + grafana?
- How to monitor container exit codes?
-
Building a realtime performance monitoring system with Kafka and Go
We could have used a much more focussed tool like Prometheus or Cadvisor to gather system stats, but that is not the main objective of this article.
-
Can ChatGPT Debug and Fix your Docker and Kubernetes Issues?
Result: Interestingly, the GitHub Issue that talks about cAdvisor and Docker Desktop for Mac for running cAdvisor is still open and not fixed.
-
Looking for an open source monitoring solution that will capture specific process info
If you're running things under systemd, you can enable process accounting and use cAdvisor.
-
How to identify docker containers names? The names do not match those in the CLI after typing "docker ps"
Check this thread if you’re having difficulties, but it might run out of the box these days: https://github.com/google/cadvisor/issues/1846
docker-socket-proxy
-
Security for your Homeserver
I just found this the other day. You might be interested I haven't done myself yet https://github.com/Tecnativa/docker-socket-proxy
-
Gitea 1.19.0 released - now with support for Actions
I think you could provide access to the socket using a "docker-socket-proxy" container. It allows other containers to access the docker socket, you can even control which actions are allowed and which are not. You can use a bridge network for the communication to the socket-proxy container, so the socket-proxy container does not need to map/expose any ports. In the other container you need to set the "DOCKER_HOST" env variable accordingly, e.g. "DOCKER_HOST=tcp://mydockersockerproxycontainer:2375". https://github.com/Tecnativa/docker-socket-proxy
-
Unraid Remotely Access Docker Daemon
I use the container docker socket proxy
- Why does next cloud docker installation require access to /var/run/docker.sock (albeit read-only)? Is there a way to circumvent that?
-
Docker socket security
There are Docker socket proxys (like docker-socket-proxy 😉) that are made exactly for this. You can pass only read access to the socket and even restrict what resources can be read.
-
VM with multiple staging hosts GitLab CI?
So far I have Traefik set up and tested (along with some security lockdowns https://github.com/Tecnativa/docker-socket-proxy). This is working well: I can manually create containers, get a cert, dynamic hostnames, etc.
-
Is there any docker dashboard that auto detect the services ?
May be not necessarily: https://github.com/Tecnativa/docker-socket-proxy
-
[How-to] Securing access to your `docker.sock` file.
Many of you might already be familiar with Tecnativa's docker-socket-proxy which says:
-
Basic Traefik configuration tutorial
version: "3.7" services: traefik: image: traefik:v2.6 command: # Entrypoints configuration - --entrypoints.web.address=:80 # Docker provider configuration - --providers.docker=true # Makes sure that services have to explicitly direct Traefik to expose them - --providers.docker.exposedbydefault=false # Use the secure docker socket proxy - --providers.docker.endpoint=tcp://socket_proxy:2375 # Default docker network to use for connections to all containers - --providers.docker.network=traefik_public # Logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - --log.level=info ports: - 80:80 networks: - traefik_public - socket_proxy restart: unless-stopped depends_on: - socket_proxy # https://github.com/traefik/whoami whoami: image: traefik/whoami:v1.7.1 labels: # Explicitly instruct Traefik to expose this service - traefik.enable=true # Router configuration ## Listen to the `web` entrypoint - traefik.http.routers.whoami_route.entrypoints=web ## Rule based on the Host of the request - traefik.http.routers.whoami_route.rule=Host(`whoami.karvounis.tutorial`) - traefik.http.routers.whoami_route.service=whoami_service # Service configuration ## 80 is the port that the whoami container is listening to - traefik.http.services.whoami_service.loadbalancer.server.port=80 networks: - traefik_public # https://github.com/Tecnativa/docker-socket-proxy # Security-enhanced proxy for the Docker Socket socket_proxy: image: tecnativa/docker-socket-proxy:latest restart: unless-stopped environment: NETWORKS: 1 SERVICES: 1 CONTAINERS: 1 TASKS: 1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: - socket_proxy networks: traefik_public: external: true socket_proxy: external: true
- docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
What are some alternatives?
node_exporter - Exporter for machine metrics
watchtower - A process for automating Docker container base image updates.
kube-state-metrics - Add-on agent to generate and expose cluster-level metrics.
Diun - Receive notifications when an image is updated on a Docker registry
Netdata - The open-source observability platform everyone needs
wireguard-ui - Wireguard web interface
Zabbix - Real-time monitoring of IT components and services, such as networks, servers, VMs, applications and the cloud.
flap
Portainer - Making Docker and Kubernetes management easy.
docker - ⛴ Docker image of Nextcloud
prometheus - The Prometheus monitoring system and time series database.
docker-socket-protector - Protected the Docker Daemon from forbidden requests