johanels/akvorado
1
0
Fork 0
mirror of https://github.com/akvorado/akvorado.git synced 2025-12-11 22:14:02 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
Files
fb361df6a31c6786cc52ce8b9eb3fbd1cb97c998
akvorado/docker/docker-compose-local.yml
Vincent Bernat 65b6bedfc5 docker: do not enable eBPF by default :( 
It requires Linux 5.8+ and this may trigger some support request for
little gain.
2025-10-29 04:22:09 +01:00

119 lines
4.2 KiB
YAML
Raw Blame History

# If possible, overrides should go there!
# If you prefer to use geo IP databases from host, uncomment this block.
# services:
# akvorado-orchestrator:
# volumes:
# - /usr/share/GeoIP:/usr/share/GeoIP:ro
# If you want to expose the service directly on port 80, uncomment this block.
# services:
# traefik:
# ports:
# - 80:8081/tcp
# To not use SQLite for the console database, you need to unset a specific
# environment variable:
# services:
# akvorado-console:
# environment:
# AKVORADO_CFG_CONSOLE_DATABASE_DSN: !reset null
# To add use HTTP basic auth to protect the service, uncomment the snippet
# below. You can generate your own user/password with "htpasswd -nB akvorado".
# If you enable TLS, replace "public" by "publicsecure".
# services:
# traefik:
# environment:
# TRAEFIK_ENTRYPOINTS_public_HTTP_MIDDLEWARES: auth@docker
# labels:
# - traefik.http.middlewares.auth.basicauth.users=akvorado:$$2y$$05$$Ud.JjfZWtKlSOoXKkv48leXze3u4cSNC5G4lG9nkfv5OFOkVcgRrm
# To enable integration with an SSO and protect the console, use something like this:
# services:
# akvorado-console:
# labels:
# # Override authentication middleware
# - traefik.http.routers.akvorado-console.middlewares=sso
# - traefik.http.middlewares.sso.forwardauth.address=http://sso.example.com/api/authz/forward-auth
# - traefik.http.middlewares.sso.forwardauth.trustForwardHeader=true
# - traefik.http.middlewares.sso.forwardauth.authResponseHeaders=Remote-User,Remote-Name,Remote-Email
# It is possible to configure the middleware globally:
# services:
# traefik:
# environment:
# TRAEFIK_ENTRYPOINTS_private_HTTP_MIDDLEWARES: compress@docker,sso@docker
# labels:
# - traefik.http.middlewares.sso.forwardauth.address=http://sso.example.com/api/authz/forward-auth
# - traefik.http.middlewares.sso.forwardauth.trustForwardHeader=true
# - traefik.http.middlewares.sso.forwardauth.authResponseHeaders=Remote-User,Remote-Name,Remote-Email
# akvorado-console:
# labels:
# - traefik.http.routers.akvorado-console.middlewares=
# For OAuth2 services not supporting forward authentication, one can use traefik-forward-auth. Here is an example:
# services:
# sso:
# image: ghcr.io/italypaleale/traefik-forward-auth:4
# restart: unless-stopped
# volumes:
# - ./traefik-forward-auth.yaml:/etc/traefik-forward-auth/config.yaml
# healthcheck:
# interval: 20s
# labels:
# - traefik.enable=true
# - traefik.http.services.sso.loadbalancer.server.port=4181
# - traefik.http.routers.sso.rule=PathPrefix(`/sso`)
# akvorado-console:
# environment:
# AKVORADO_CFG_CONSOLE_AUTH_HEADERS_LOGIN: X-Forwarded-User
# AKVORADO_CFG_CONSOLE_AUTH_HEADERS_NAME: X-Forwarded-Displayname
# AKVORADO_CFG_CONSOLE_AUTH_DEFAULTUSER_LOGIN: ""
# AKVORADO_CFG_CONSOLE_AUTH_LOGOUTURL: /sso/portals/main/logout
# AKVORADO_CFG_CONSOLE_AUTH_AVATARURL: "https://avatars.githubusercontent.com/{{ .Login }}?s=80"
# labels:
# # Override authentication middleware
# - traefik.http.routers.akvorado-console.middlewares=sso
# - traefik.http.middlewares.sso.forwardauth.address=http://sso:4181/sso/portals/main
# - traefik.http.middlewares.sso.forwardauth.trustForwardHeader=true
# - traefik.http.middlewares.sso.forwardauth.authResponseHeaders=X-Forwarded-User,X-Forwarded-Displayname,X-Authenticated-User
# If you don't want to expose Kafka-UI and Traefik on the public endpoints, uncomment this block.
# services:
# kafka-ui:
# labels:
# - traefik.http.routers.kafka-ui.entrypoints=private
# traefik:
# labels:
# - traefik.http.routers.traefik.entrypoints=private
# To enable IPv6 routing, uncomment the following block. This requires Docker
# Engine v27.
# networks:
# default:
# driver: bridge
# driver_opts:
# com.docker.network.bridge.gateway_mode_ipv6: routed
# ipam:
# driver: default
# config:
# - subnet: 2001:db8::/64
# gateway: 2001:db8::1
# You can enable the eBPF load balancer to evenly spread load between workers:
# services:
# akvorado-inlet:
# cap_add:
# - BPF # or SYS_ADMIN if you don't have Linux 5.8+
Reference in New Issue View Git Blame Copy Permalink