30 lines
985 B
YAML
30 lines
985 B
YAML
---
|
|
# roles/swarm_cadvisor/defaults/main.yml
|
|
# cAdvisor (Container Advisor) exposes container-level metrics
|
|
|
|
# === CONCEPT: Container Metrics vs Host Metrics ===
|
|
# node-exporter → Host CPU/RAM/Disk
|
|
# cAdvisor → Per-container CPU/RAM/Network/Disk I/O
|
|
# Combined, these give you full visibility into resource usage
|
|
|
|
cadvisor_version: "latest"
|
|
cadvisor_port: 8080
|
|
cadvisor_container_name: "cadvisor"
|
|
|
|
# === SECURITY: Read-Only Docker Socket ===
|
|
# cAdvisor needs access to Docker to inspect containers
|
|
# Mount the socket as READ-ONLY to prevent tampering
|
|
cadvisor_volumes:
|
|
- "/:/rootfs:ro"
|
|
- "/var/run:/var/run:ro"
|
|
- "/sys:/sys:ro"
|
|
- "/var/lib/docker/:/var/lib/docker:ro"
|
|
- "/dev/disk/:/dev/disk:ro"
|
|
|
|
cadvisor_restart_policy: "unless-stopped"
|
|
|
|
# === PRO-TIP: Lighter Alternative ===
|
|
# For Docker-only environments, you can enable Docker's built-in
|
|
# metrics endpoint instead: dockerd --metrics-addr=0.0.0.0:9323
|
|
# But cAdvisor provides more detailed per-container breakdowns
|