data "docker_registry_image" "prometheus" { name = "prom/prometheus" } locals { labels_prometheus = { "shepherd.auto-update" = "true", "traefik.enable" = "true" "traefik.http.services.prometheus.loadbalancer.server.port" = "9090", "traefik.http.routers.prometheus.rule" = "Host(`prometheus.chaoswest.tv`)", "traefik.http.routers.prometheus.tls" = "true", "traefik.http.routers.prometheus.tls.certresolver" = "default", "traefik.http.routers.prometheus.middlewares" = "prometheus-auth", "traefik.http.middlewares.prometheus-auth.basicauth.users" = "prometheus:$2y$10$XK9vcKzVol9ZWJLiSbKruuFP2jBsVrFY8Vc4ANtm6JnhsXgbnfLYm" } } resource "docker_config" "prometheus" { name = "prometheus-yml-${replace(timestamp(), ":", ".")}" data = base64encode(file("${path.module}/cfg/prometheus.yml")) lifecycle { ignore_changes = [name] create_before_destroy = true } } resource "docker_service" "prometheus" { name = "prometheus" dynamic "labels" { for_each = local.labels_prometheus content { label = labels.key value = labels.value } } task_spec { networks_advanced { name = data.docker_network.traefik.id } networks_advanced { name = docker_network.metrics.id } networks_advanced { name = docker_network.docker_socket_proxy.id } container_spec { image = "${data.docker_registry_image.prometheus.name}@${data.docker_registry_image.prometheus.sha256_digest}" configs { config_id = docker_config.prometheus.id config_name = docker_config.prometheus.name file_name = "/etc/prometheus/prometheus.yml" file_uid = "0" file_gid = "0" file_mode = "0444" } mounts { target = "/prometheus" source = "/mnt/data/prometheus/" type = "bind" } mounts { target = "/var/run/docker.sock" source = "/var/run/docker.sock" type = "bind" } } } } data "hetznerdns_zone" "primary" { name = "chaoswest.tv" } resource "hetznerdns_record" "primary" { zone_id = data.hetznerdns_zone.primary.id name = "prometheus" value = "ax41-1.fsn.mon2.de." type = "CNAME" }