iac
/
docker-elk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Apply SELinux options to bind mounts 

https://docs.docker.com/storage/bind-mounts/

Related to #639
Closes #661
This commit is contained in:
Antoine Cotten 2022-02-11 20:11:22 +01:00
parent a82e95d94e
commit 641290c20a
No known key found for this signature in database
GPG Key ID: 94637E68D4A79DD0
7 changed files with 13 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docker-compose.yml
View File

@ -27,8 +27,8 @@ services:
args: args:
ELK_VERSION: $ELK_VERSION ELK_VERSION: $ELK_VERSION
volumes: volumes:
- ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro,z - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro,Z
- ./logstash/pipeline:/usr/share/logstash/pipeline:ro,z - ./logstash/pipeline:/usr/share/logstash/pipeline:ro,Z
ports: ports:
- "5044:5044" - "5044:5044"
- "5000:5000/tcp" - "5000:5000/tcp"
@ -47,7 +47,7 @@ services:
args: args:
ELK_VERSION: $ELK_VERSION ELK_VERSION: $ELK_VERSION
volumes: volumes:
- ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro,z - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro,Z
ports: ports:
- "5601:5601" - "5601:5601"
networks: networks:

5
extensions/apm-server/apm-server-compose.yml
View File

@ -11,10 +11,7 @@ services:
# https://www.elastic.co/guide/en/beats/libbeat/current/config-file-permissions.html # https://www.elastic.co/guide/en/beats/libbeat/current/config-file-permissions.html
- --strict.perms=false - --strict.perms=false
volumes: volumes:
- type: bind - ./extensions/apm-server/config/apm-server.yml:/usr/share/apm-server/apm-server.yml:ro,Z
source: ./extensions/apm-server/config/apm-server.yml
target: /usr/share/apm-server/apm-server.yml
read_only: true
ports: ports:
- '8200:8200' - '8200:8200'
networks: networks:

10
extensions/curator/curator-compose.yml
View File

@ -6,14 +6,8 @@ services:
context: extensions/curator/ context: extensions/curator/
init: true init: true
volumes: volumes:
- type: bind - ./extensions/curator/config/curator.yml:/usr/share/curator/config/curator.yml:ro,Z
source: ./extensions/curator/config/curator.yml - ./extensions/curator/config/delete_log_files_curator.yml:/usr/share/curator/config/delete_log_files_curator.yml:ro,Z
target: /usr/share/curator/config/curator.yml
read_only: true
- type: bind
source: ./extensions/curator/config/delete_log_files_curator.yml
target: /usr/share/curator/config/delete_log_files_curator.yml
read_only: true
networks: networks:
- elk - elk
depends_on: depends_on:

5
extensions/enterprise-search/enterprise-search-compose.yml
View File

@ -7,10 +7,7 @@ services:
args: args:
ELK_VERSION: $ELK_VERSION ELK_VERSION: $ELK_VERSION
volumes: volumes:
- type: bind - ./extensions/enterprise-search/config/enterprise-search.yml:/usr/share/enterprise-search/config/enterprise-search.yml:ro,Z
source: ./extensions/enterprise-search/config/enterprise-search.yml
target: /usr/share/enterprise-search/config/enterprise-search.yml
read_only: true
environment: environment:
JAVA_OPTS: -Xmx2g -Xms2g JAVA_OPTS: -Xmx2g -Xms2g
ENT_SEARCH_DEFAULT_PASSWORD: 'changeme' ENT_SEARCH_DEFAULT_PASSWORD: 'changeme'

5
extensions/filebeat/filebeat-compose.yml
View File

@ -17,10 +17,7 @@ services:
# see: https://www.elastic.co/guide/en/beats/libbeat/current/config-file-permissions.html # see: https://www.elastic.co/guide/en/beats/libbeat/current/config-file-permissions.html
- --strict.perms=false - --strict.perms=false
volumes: volumes:
- type: bind - ./extensions/filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro,Z
source: ./extensions/filebeat/config/filebeat.yml
target: /usr/share/filebeat/filebeat.yml
read_only: true
- type: bind - type: bind
source: /var/lib/docker/containers source: /var/lib/docker/containers
target: /var/lib/docker/containers target: /var/lib/docker/containers

5
extensions/logspout/logspout-compose.yml
View File

@ -5,7 +5,10 @@ services:
build: build:
context: extensions/logspout context: extensions/logspout
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
read_only: true
environment: environment:
ROUTE_URIS: logstash://logstash:5000 ROUTE_URIS: logstash://logstash:5000
LOGSTASH_TAGS: docker-elk LOGSTASH_TAGS: docker-elk

5
extensions/metricbeat/metricbeat-compose.yml
View File

@ -20,10 +20,7 @@ services:
# from within a container. # from within a container.
- --system.hostfs=/hostfs - --system.hostfs=/hostfs
volumes: volumes:
- type: bind - ./extensions/metricbeat/config/metricbeat.yml:/usr/share/metricbeat/metricbeat.yml:ro,Z
source: ./extensions/metricbeat/config/metricbeat.yml
target: /usr/share/metricbeat/metricbeat.yml
read_only: true
- type: bind - type: bind
source: / source: /
target: /hostfs target: /hostfs