---
# roles/swarm_cadvisor/defaults/main.yml
# cAdvisor (Container Advisor) exposes container-level metrics

# === CONCEPT: Container Metrics vs Host Metrics ===
# node-exporter → Host CPU/RAM/Disk
# cAdvisor → Per-container CPU/RAM/Network/Disk I/O
# Combined, these give you full visibility into resource usage

cadvisor_version: "latest"
cadvisor_port: 8080
cadvisor_container_name: "cadvisor"

# === SECURITY: Read-Only Docker Socket ===
# cAdvisor needs access to Docker to inspect containers
# Mount the socket as READ-ONLY to prevent tampering
cadvisor_volumes:
  - "/:/rootfs:ro"
  - "/var/run:/var/run:ro"
  - "/sys:/sys:ro"
  - "/var/lib/docker/:/var/lib/docker:ro"
  - "/dev/disk/:/dev/disk:ro"

cadvisor_restart_policy: "unless-stopped"

# === PRO-TIP: Lighter Alternative ===
# For Docker-only environments, you can enable Docker's built-in
# metrics endpoint instead: dockerd --metrics-addr=0.0.0.0:9323
# But cAdvisor provides more detailed per-container breakdowns