docker-socket-proxy
cadvisor
Our great sponsors
docker-socket-proxy | cadvisor | |
---|---|---|
23 | 44 | |
1,160 | 16,204 | |
6.3% | 1.2% | |
5.3 | 8.0 | |
8 days ago | about 23 hours ago | |
Python | Go | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-socket-proxy
-
Security for your Homeserver
I just found this the other day. You might be interested I haven't done myself yet https://github.com/Tecnativa/docker-socket-proxy
-
Gitea 1.19.0 released - now with support for Actions
I think you could provide access to the socket using a "docker-socket-proxy" container. It allows other containers to access the docker socket, you can even control which actions are allowed and which are not. You can use a bridge network for the communication to the socket-proxy container, so the socket-proxy container does not need to map/expose any ports. In the other container you need to set the "DOCKER_HOST" env variable accordingly, e.g. "DOCKER_HOST=tcp://mydockersockerproxycontainer:2375". https://github.com/Tecnativa/docker-socket-proxy
-
Is there any docker dashboard that auto detect the services ?
May be not necessarily: https://github.com/Tecnativa/docker-socket-proxy
-
Basic Traefik configuration tutorial
version: "3.7" services: traefik: image: traefik:v2.6 command: # Entrypoints configuration - --entrypoints.web.address=:80 # Docker provider configuration - --providers.docker=true # Makes sure that services have to explicitly direct Traefik to expose them - --providers.docker.exposedbydefault=false # Use the secure docker socket proxy - --providers.docker.endpoint=tcp://socket_proxy:2375 # Default docker network to use for connections to all containers - --providers.docker.network=traefik_public # Logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - --log.level=info ports: - 80:80 networks: - traefik_public - socket_proxy restart: unless-stopped depends_on: - socket_proxy # https://github.com/traefik/whoami whoami: image: traefik/whoami:v1.7.1 labels: # Explicitly instruct Traefik to expose this service - traefik.enable=true # Router configuration ## Listen to the `web` entrypoint - traefik.http.routers.whoami_route.entrypoints=web ## Rule based on the Host of the request - traefik.http.routers.whoami_route.rule=Host(`whoami.karvounis.tutorial`) - traefik.http.routers.whoami_route.service=whoami_service # Service configuration ## 80 is the port that the whoami container is listening to - traefik.http.services.whoami_service.loadbalancer.server.port=80 networks: - traefik_public # https://github.com/Tecnativa/docker-socket-proxy # Security-enhanced proxy for the Docker Socket socket_proxy: image: tecnativa/docker-socket-proxy:latest restart: unless-stopped environment: NETWORKS: 1 SERVICES: 1 CONTAINERS: 1 TASKS: 1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: - socket_proxy networks: traefik_public: external: true socket_proxy: external: true
-
Traefik Docker Protector
tecnativa's docker-socket-proxy does roughly the same thing but can be used for any container that requires access to the Docker socket.
- How to properly secure the server?
-
Monitoring app releases and updates..
Have you checked-out any socket proxies? Instead of exposing the socket though a volume, it’s done through the local docker network through the proxy container. This allows you to enable/disable access to the socket API using environmental variables. This is the image I’m using: https://github.com/Tecnativa/docker-socket-proxy
-
Worry for Synology?
Docker’s root privileges are only a problem if you grant your container unrestricted access to the docker socket /var/run/docker.sock. For containers that need it, there are strategies to limit access only to the APIs that the container actually needs by using the docker-socket-proxy.
- How to begin with Docker if I want the best security for my websites?
-
This is why I don't blindly suggest people to selfhost their Bitwarden account. Unless: 1. You are experienced and know what you are doing 2. You have time to setup and maintain it 3. You have your own trusted people to maintain it
I wish more people understood this. You may be interested in https://github.com/Tecnativa/docker-socket-proxy.
cadvisor
-
List of your reverse proxied services
cAdvisor
-
Prometheus JMX Exporter for Java17
For CPU and memory metrics, you can use cAdvisor to collect container level data.
- How to monitor container exit codes?
-
Building a realtime performance monitoring system with Kafka and Go
We could have used a much more focussed tool like Prometheus or Cadvisor to gather system stats, but that is not the main objective of this article.
-
Looking for an open source monitoring solution that will capture specific process info
If you're running things under systemd, you can enable process accounting and use cAdvisor.
-
Kubernetes Monitoring: Strategy, Best Practices, and Tools to Use
Container Advisor (cAdvisor) is an open-source metrics collection agent specifically built for containers. This solution runs at a node level, since it comes integrated with the kubelet service as one of the binaries. cAdvisor gathers data on CPU usage, memory usage, network status, and storage for every live container, helping administrators gain insight into machine-level performance metrics.
-
How to monitor the network usage of docker containers
That said, cadvisor should work great. You'd want to have prometheus scrape those metrics. In particular you'd probably be interested in container_network_receive_bytes_total and container_network_transmit_bytes_total. Reference: https://github.com/google/cadvisor/blob/master/docs/storage/prometheus.md
-
Métricas cAdvisor no Kubernetes com Prometheus e Grafana
cAdvisor é um agente de monitoramento para containers e tem suporte nativo ao Docker.
-
9 Tools Every Platform Engineer Should Know
cAdvisor, an observability tool, has made monitoring containers easy. It gives users insight into the resource consumption and performance aspects of their running containers. cAdvisor is an open-source running daemon that aggregates processes and exports information about containers that are running. It saves resource isolation settings, historical resource consumption, histograms of total historical resource usage, and network data for each container. This information is exported by container as well as machine-wide.
-
Metrics for OOM kills
cAdvisor: container_oom_events_total
What are some alternatives?
node_exporter - Exporter for machine metrics
kube-state-metrics - Add-on agent to generate and expose cluster-level metrics.
Netdata - Monitor your servers, containers, and applications, in high-resolution and in real-time.
watchtower - A process for automating Docker container base image updates.
Zabbix - Real-time monitoring of IT components and services, such as networks, servers, VMs, applications and the cloud.
Portainer - Making Docker and Kubernetes management easy.
wireguard-ui - Wireguard web interface
prometheus - The Prometheus monitoring system and time series database.
Diun - Receive notifications when an image is updated on a Docker registry
Healthchecks - Open-source cron job and background task monitoring service, written in Python & Django
Grafana - The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
docker - ⛴ Docker image of Nextcloud