diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2019-04-26 16:22:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2019-04-26 16:22:55 +0000 |
commit | caf1a5281f9e974ba73ceded3a782db3d0142c5f (patch) | |
tree | a09197b1fd2e984a0e8598e7007deb2a8e1969d7 /packaging/docker/README.md | |
parent | Releasing debian version 1.14.0~rc0-1. (diff) | |
download | netdata-caf1a5281f9e974ba73ceded3a782db3d0142c5f.tar.xz netdata-caf1a5281f9e974ba73ceded3a782db3d0142c5f.zip |
Merging upstream version 1.14.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'packaging/docker/README.md')
-rw-r--r-- | packaging/docker/README.md | 158 |
1 files changed, 0 insertions, 158 deletions
diff --git a/packaging/docker/README.md b/packaging/docker/README.md deleted file mode 100644 index 93272295d..000000000 --- a/packaging/docker/README.md +++ /dev/null @@ -1,158 +0,0 @@ -# Install netdata with Docker - -> :warning: As of Sep 9th, 2018 we ship [new docker builds](https://github.com/netdata/netdata/pull/3995), running netdata in docker with an [ENTRYPOINT](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, not a COMMAND directive. Please adapt your execution scripts accordingly. You can find more information about ENTRYPOINT vs COMMAND is presented by goinbigdata [here](http://goinbigdata.com/docker-run-vs-cmd-vs-entrypoint/) and by docker docs [here](https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact). -> -> Also, the `latest` is now based on alpine, so **`alpine` is not updated any more** and `armv7hf` is now replaced with `armhf` (to comply with https://github.com/multiarch naming), so **`armv7hf` is not updated** either. - -## Limitations - -Running netdata in a container for monitoring the whole host, can limit its capabilities. Some data is not accessible or not as detailed as when running netdata on the host. - -## Package scrambling in runtime (x86_64 only) - -By default on x86_64 architecture our docker images use Polymorphic Polyverse Linux package scrambling. For increased security you can enable rescrambling of packages during runtime. To do this set environment variable `RESCRAMBLE=true` while starting netdata docker container. - -For more information go to [Polyverse site](https://polyverse.io/how-it-works/) - -## Run netdata with docker command - -Quickly start netdata with the docker command line. -Netdata is then available at http://host:19999 - -This is good for an internal network or to quickly analyse a host. - -```bash -docker run -d --name=netdata \ - -p 19999:19999 \ - -v /proc:/host/proc:ro \ - -v /sys:/host/sys:ro \ - -v /var/run/docker.sock:/var/run/docker.sock:ro \ - --cap-add SYS_PTRACE \ - --security-opt apparmor=unconfined \ - netdata/netdata -``` - -The above can be converted to docker-compose file for ease of management: - -```yaml -version: '3' -services: - netdata: - image: netdata/netdata - hostname: example.com # set to fqdn of host - ports: - - 19999:19999 - cap_add: - - SYS_PTRACE - security_opt: - - apparmor:unconfined - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock:ro -``` - -### Docker container names resolution - -If you want to have your container names resolved by netdata it needs to have access to docker group. To achive that just add environment variable `PGID=999` to netdata container, where `999` is a docker group id from your host. This number can be found by running: -```bash -grep docker /etc/group | cut -d ':' -f 3 -``` - -### Pass command line options to Netdata - -Since we use an [ENTRYPOINT](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, you can provide [netdata daemon command line options](https://docs.netdata.cloud/daemon/#command-line-options) such as the IP address netdata will be running on, using the [command instruction](https://docs.docker.com/engine/reference/builder/#cmd). - -## Install Netdata using Docker Compose with SSL/TLS enabled http proxy - -For a permanent installation on a public server, you should [secure the netdata instance](../../docs/netdata-security.md). This section contains an example of how to install netdata with an SSL reverse proxy and basic authentication. - -You can use use the following docker-compose.yml and Caddyfile files to run netdata with docker. Replace the Domains and email address for [Letsencrypt](https://letsencrypt.org/) before starting. - -### Prerequisites -* [Docker](https://docs.docker.com/install/#server) -* [Docker Compose](https://docs.docker.com/compose/install/) -* Domain configured in DNS pointing to host. - -### Caddyfile - -This file needs to be placed in /opt with name `Caddyfile`. Here you customize your domain and you need to provide your email address to obtain a Letsencrypt certificate. Certificate renewal will happen automatically and will be executed internally by the caddy server. - -``` -netdata.example.org { - proxy / netdata:19999 - tls admin@example.org -} -``` - -### docker-compose.yml - -After setting Caddyfile run this with `docker-compose up -d` to have fully functioning netdata setup behind HTTP reverse proxy. - -```yaml -version: '3' -volumes: - caddy: - -services: - caddy: - image: abiosoft/caddy - ports: - - 80:80 - - 443:443 - volumes: - - /opt/Caddyfile:/etc/Caddyfile - - caddy:/root/.caddy - environment: - ACME_AGREE: 'true' - netdata: - restart: always - hostname: netdata.example.org - image: netdata/netdata - cap_add: - - SYS_PTRACE - security_opt: - - apparmor:unconfined - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock:ro -``` - -### Restrict access with basic auth - -You can restrict access by following [official caddy guide](https://caddyserver.com/docs/basicauth) and adding lines to Caddyfile. - -[![analytics](https://www.google-analytics.com/collect?v=1&aip=1&t=pageview&_s=1&ds=github&dr=https%3A%2F%2Fgithub.com%2Fnetdata%2Fnetdata&dl=https%3A%2F%2Fmy-netdata.io%2Fgithub%2Fpackaging%2Fdocker%2FREADME&_u=MAC~&cid=5792dfd7-8dc4-476b-af31-da2fdb9f93d2&tid=UA-64295674-3)]() - -### Publish a test image to your own repository - -The script `packaging/docker/build-test.sh` can be used to create an image and upload it to a repository of your choosing. - -``` -Usage: packaging/docker/build-test.sh -r <REPOSITORY> -v <VERSION> -u <DOCKER_USERNAME> -p <DOCKER_PASSWORD> [-s] - -s skip build, just push the image -Builds an amd64 image and pushes it to the docker hub repository REPOSITORY -``` - -This is especially useful when testing a Pull Request for Kubernetes, since you can set `image` to an immutable repository and tag, set the `imagePullPolicy` to `Always` and just keep uploading new images. - -Example: - -We get a local copy of the Helm chart at https://github.com/netdata/helmchart. We modify `values.yaml` to have the following: - -``` -image: - repository: cakrit/netdata-prs - tag: PR5576 - pullPolicy: Always -``` - -We check out PR5576 and run the following: -``` -./packaging/docker/build-test.sh -r cakrit/netdata-prs -v PR5576 -u cakrit -p 'XXX' -``` - -Then we can run `helm install [path to our helmchart clone]`. - -If we make changes to the code, we execute the same `build-test.sh` command, followed by `helm upgrade [name] [path to our helmchart clone]`
\ No newline at end of file |