BryantStudio
/
chassis-agent
mirror of https://gitea.bearcatlog.com/Bryant/chassis-agent
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

增加新服务

This commit is contained in:
BryantHe 2023-05-29 16:46:03 +08:00
parent 9e1401a651
commit 86a95cca95
15 changed files with 3198 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -12,6 +12,8 @@ chassis 微服务基座依赖的服务
- Logstash
- Kibana
- Fluentd
- Gateway
- APISIX
- MiddleWares
- RabbitMQ
- Mysql
@ -35,6 +37,14 @@ grafana 的配置在:./service_configs/admin_service/grafana/xxxx.json (根
`docker-compose -f docker-compose-logging.yml up -d --build --remove-orphans`
## 启动 APISIX
启动服务的命令:
`docker-compose -f docker-compose-apisix.yml up -d --build --remove-orphans`
## 启动 RabbitMQ

51
apisix_conf/config.yaml Normal file
View File

@ -0,0 +1,51 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apisix:
node_listen: 9080 # APISIX listening port
enable_ipv6: false
enable_control: true
control:
ip: "0.0.0.0"
port: 9092
deployment:
admin:
allow_admin: # https://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test.
admin_key:
- name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
- name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
etcd:
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- "http://etcd:2379" # multiple etcd address
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
plugin_attr:
prometheus:
export_addr:
ip: "0.0.0.0"
port: 9091

112
dashboard_conf/conf.yaml Normal file
View File

@ -0,0 +1,112 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
conf:
listen:
host: 0.0.0.0 # `manager api` listening ip or host name
port: 9000 # `manager api` listening port
allow_list: # If we don't set any IP list, then any IP access is allowed by default.
- 0.0.0.0/0
etcd:
endpoints: # supports defining multiple etcd host addresses for an etcd cluster
- "http://etcd:2379"
# yamllint disable rule:comments-indentation
# etcd basic auth info
# username: "root" # ignore etcd username if not enable etcd auth
# password: "123456" # ignore etcd password if not enable etcd auth
mtls:
key_file: "" # Path of your self-signed client side key
cert_file: "" # Path of your self-signed client side cert
ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates
# prefix: /apisix # apisix config's prefix in etcd, /apisix by default
log:
error_log:
level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal
file_path:
logs/error.log # supports relative path, absolute path, standard output
# such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr
access_log:
file_path:
logs/access.log # supports relative path, absolute path, standard output
# such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr
# log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []}
security:
# access_control_allow_origin: "http://httpbin.org"
# access_control_allow_credentials: true # support using custom cors configration
# access_control_allow_headers: "Authorization"
# access_control-allow_methods: "*"
# x_frame_options: "deny"
content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src *" # You can set frame-src to provide content for your grafana panel.
authentication:
secret:
secret # secret for jwt token generation.
# NOTE: Highly recommended to modify this value to protect `manager api`.
# if it's default value, when `manager api` start, it will generate a random string to replace it.
expire_time: 604800 # jwt token expire time, in second
users: # yamllint enable rule:comments-indentation
- username: admin # username and password for login `manager api`
password: admin
- username: user
password: user
plugins: # plugin list (sorted in alphabetical order)
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
# - dubbo-proxy
- echo
# - error-log-logger
# - example-plugin
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
# - log-rotate
# - node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
- skywalking
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- server-info
- traffic-split

101
docker-compose-apisix.yml Normal file
View File

@ -0,0 +1,101 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
version: "3"
services:
apisix-dashboard:
image: apache/apisix-dashboard:latest
container_name: 'apisix-dashboard'
hostname: 'apisix-dashboard'
restart: always
volumes:
- ./dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml
ports:
- "9000:9000"
networks:
apisix:
apisix:
image: apache/apisix:3.3.0-debian
container_name: 'apisix'
hostname: 'apisix'
restart: always
volumes:
- ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
depends_on:
- etcd
##network_mode: host
ports:
- "9180:9180/tcp"
- "9080:9080/tcp"
- "9091:9091/tcp"
- "9443:9443/tcp"
- "9092:9092/tcp"
networks:
apisix:
etcd:
image: bitnami/etcd:latest
container_name: 'apisix-etcd'
hostname: 'apisix-etcd'
restart: always
volumes:
- etcd_data:/bitnami/etcd
environment:
ETCD_ENABLE_V2: "true"
ALLOW_NONE_AUTHENTICATION: "yes"
ETCD_ADVERTISE_CLIENT_URLS: "http://etcd:2379"
ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
ports:
- "2379:2379/tcp"
networks:
apisix:
prometheus:
image: prom/prometheus:latest
container_name: 'apisix-prometheus'
hostname: 'apisix-prometheus'
restart: always
volumes:
- ./prometheus_conf/prometheus.yml:/etc/prometheus/prometheus.yml
ports:
- "9093:9090"
networks:
apisix:
grafana:
image: grafana/grafana:latest
container_name: 'apisix-grafana'
hostname: 'apisix-grafana'
restart: always
ports:
- "3010:3000"
volumes:
- "./grafana_conf/provisioning:/etc/grafana/provisioning"
- "./grafana_conf/dashboards:/var/lib/grafana/dashboards"
- "./grafana_conf/config/grafana.ini:/etc/grafana/grafana.ini"
networks:
apisix:
networks:
apisix:
driver: bridge
volumes:
etcd_data:
driver: local

157
etcd_conf/etcd.conf.yml Normal file
View File

@ -0,0 +1,157 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This is the configuration file for the etcd server.
# Human-readable name for this member.
name: 'default'
# Path to the data directory.
data-dir:
# Path to the dedicated wal directory.
wal-dir:
# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000
# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100
# Time (in milliseconds) for an election to timeout.
election-timeout: 1000
# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0
# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://localhost:2380
# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://localhost:2379
# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5
# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5
# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:
# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://localhost:2380
# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://localhost:2379
# Discovery URL used to bootstrap the cluster.
discovery:
# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'
# HTTP proxy to use for traffic to discovery service.
discovery-proxy:
# DNS domain used to bootstrap initial cluster.
discovery-srv:
# Initial cluster configuration for bootstrapping.
initial-cluster:
# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'
# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'
# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false
# Accept etcd V2 client requests
enable-v2: true
# Enable runtime profiling data via HTTP server
enable-pprof: true
# Valid values include 'on', 'readonly', 'off'
proxy: 'off'
# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000
# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000
# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000
# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000
# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0
client-transport-security:
# Path to the client server TLS cert file.
cert-file:
# Path to the client server TLS key file.
key-file:
# Enable client cert authentication.
client-cert-auth: false
# Path to the client server TLS trusted CA cert file.
trusted-ca-file:
# Client TLS using generated certificates
auto-tls: false
peer-transport-security:
# Path to the peer server TLS cert file.
cert-file:
# Path to the peer server TLS key file.
key-file:
# Enable peer client cert authentication.
client-cert-auth: false
# Path to the peer server TLS trusted CA cert file.
trusted-ca-file:
# Peer TLS using generated certificates.
auto-tls: false
# Enable debug-level logging for etcd.
debug: false
logger: zap
# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-outputs: [stderr]
# Force to create a new one member cluster.
force-new-cluster: false
auto-compaction-mode: periodic
auto-compaction-retention: "1"

756
grafana_conf/config/grafana.ini Normal file
View File

@ -0,0 +1,756 @@
##################### Grafana Configuration Example #####################
#
# Everything has defaults so you only need to uncomment things you want to
# change
# possible values : production, development
;app_mode = production
# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
;instance_name = ${HOSTNAME}
#################################### Paths ####################################
[paths]
# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
;data = /var/lib/grafana
# Temporary files in `data` directory older than given duration will be removed
;temp_data_lifetime = 24h
# Directory where grafana can store logs
;logs = /var/log/grafana
# Directory where grafana will automatically scan and look for plugins
;plugins = /var/lib/grafana/plugins
# folder that contains provisioning config files that grafana will apply on startup and while running.
;provisioning = conf/provisioning
#################################### Server ####################################
[server]
# Protocol (http, https, h2, socket)
;protocol = http
# The ip address to bind to, empty will bind to all interfaces
;http_addr =
# The http port to use
;http_port = 3000
# The public facing domain name used to access grafana from a browser
;domain = localhost
# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
;enforce_domain = false
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
;root_url = %(protocol)s://%(domain)s:%(http_port)s/
# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
;serve_from_sub_path = false
# Log web requests
;router_logging = false
# the path relative working path
;static_root_path = public
# enable gzip
;enable_gzip = false
# https certs & key file
;cert_file =
;cert_key =
# Unix socket path
;socket =
#################################### Database ####################################
[database]
# You can configure the database connection by specifying type, host, name, user and password
# as separate properties or as on string using the url properties.
# Either "mysql", "postgres" or "sqlite3", it's your choice
;type = sqlite3
;host = 127.0.0.1:3306
;name = grafana
;user = root
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
;password =
# Use either URL or the previous fields to configure the database
# Example: mysql://user:secret@host:port/database
;url =
# For "postgres" only, either "disable", "require" or "verify-full"
;ssl_mode = disable
;ca_cert_path =
;client_key_path =
;client_cert_path =
;server_cert_name =
# For "sqlite3" only, path relative to data_path setting
;path = grafana.db
# Max idle conn setting default is 2
;max_idle_conn = 2
# Max conn setting default is 0 (mean not set)
;max_open_conn =
# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
;conn_max_lifetime = 14400
# Set to true to log the sql calls and execution times.
;log_queries =
# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
;cache_mode = private
#################################### Cache server #############################
[remote_cache]
# Either "redis", "memcached" or "database" default is "database"
;type = database
# cache connectionstring options
# database: will use Grafana primary database.
# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'.
# memcache: 127.0.0.1:11211
;connstr =
#################################### Data proxy ###########################
[dataproxy]
# This enables data proxy logging, default is false
;logging = false
# How long the data proxy should wait before timing out default is 30 (seconds)
;timeout = 30
# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false.
;send_user_header = false
#################################### Analytics ####################################
[analytics]
# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
# No ip addresses are being tracked, only simple counters to track
# running instances, dashboard and error counts. It is very helpful to us.
# Change this option to false to disable reporting.
;reporting_enabled = true
# Set to false to disable all checks to https://grafana.net
# for new vesions (grafana itself and plugins), check is used
# in some UI views to notify that grafana or plugin update exists
# This option does not cause any auto updates, nor send any information
# only a GET request to http://grafana.com to get latest versions
;check_for_updates = true
# Google Analytics universal tracking code, only enabled if you specify an id here
;google_analytics_ua_id =
# Google Tag Manager ID, only enabled if you specify an id here
;google_tag_manager_id =
#################################### Security ####################################
[security]
# disable creation of admin user on first start of grafana
;disable_initial_admin_creation = false
# default admin user, created on startup
;admin_user = admin
# default admin password, can be changed before first start of grafana, or in profile settings
;admin_password = admin
# used for signing
;secret_key = SW2YcwTIb9zpOOhoPsMm
# disable gravatar profile images
;disable_gravatar = false
# data source proxy whitelist (ip_or_domain:port separated by spaces)
;data_source_proxy_whitelist =
# disable protection against brute force login attempts
;disable_brute_force_login_protection = false
# set to true if you host Grafana behind HTTPS. default is false.
;cookie_secure = false
# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled"
;cookie_samesite = none
# set to true if you want to allow browsers to render Grafana in a <frame>, <iframe>, <embed> or <object>. default is false.
allow_embedding = true
# Set to true if you want to enable http strict transport security (HSTS) response header.
# This is only sent when HTTPS is enabled in this configuration.
# HSTS tells browsers that the site should only be accessed using HTTPS.
# The default version will change to true in the next minor release, 6.3.
;strict_transport_security = false
# Sets how long a browser should cache HSTS. Only applied if strict_transport_security is enabled.
;strict_transport_security_max_age_seconds = 86400
# Set to true if to enable HSTS preloading option. Only applied if strict_transport_security is enabled.
;strict_transport_security_preload = false
# Set to true if to enable the HSTS includeSubDomains option. Only applied if strict_transport_security is enabled.
;strict_transport_security_subdomains = false
# Set to true to enable the X-Content-Type-Options response header.
# The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised
# in the Content-Type headers should not be changed and be followed. The default will change to true in the next minor release, 6.3.
;x_content_type_options = false
# Set to true to enable the X-XSS-Protection header, which tells browsers to stop pages from loading
# when they detect reflected cross-site scripting (XSS) attacks. The default will change to true in the next minor release, 6.3.
;x_xss_protection = false
#################################### Snapshots ###########################
[snapshots]
# snapshot sharing options
;external_enabled = true
;external_snapshot_url = https://snapshots-origin.raintank.io
;external_snapshot_name = Publish to snapshot.raintank.io
# Set to true to enable this Grafana instance act as an external snapshot server and allow unauthenticated requests for
# creating and deleting snapshots.
;public_mode = false
# remove expired snapshot
;snapshot_remove_expired = true
#################################### Dashboards History ##################
[dashboards]
# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1
;versions_to_keep = 20
# Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds.
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
;min_refresh_interval = 5s
#################################### Users ###############################
[users]
# disable user signup / registration
;allow_sign_up = true
# Allow non admin users to create organizations
;allow_org_create = true
# Set to true to automatically assign new users to the default organization (id 1)
;auto_assign_org = true
# Set this value to automatically add new users to the provided organization (if auto_assign_org above is set to true)
;auto_assign_org_id = 1
# Default role new users will be automatically assigned (if disabled above is set to true)
;auto_assign_org_role = Viewer
# Require email validation before sign up completes
;verify_email_enabled = false
# Background text for the user field on the login page
;login_hint = email or username
;password_hint = password
# Default UI theme ("dark" or "light")
;default_theme = dark
# External user management, these options affect the organization users view
;external_manage_link_url =
;external_manage_link_name =
;external_manage_info =
# Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard.
;viewers_can_edit = false
# Editors can administrate dashboard, folders and teams they create
;editors_can_admin = false
[auth]
# Login cookie name
;login_cookie_name = grafana_session
# The lifetime (days) an authenticated user can be inactive before being required to login at next visit. Default is 7 days,
;login_maximum_inactive_lifetime_days = 7
# The maximum lifetime (days) an authenticated user can be logged in since login time before being required to login. Default is 30 days.
;login_maximum_lifetime_days = 30
# How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
;token_rotation_interval_minutes = 10
# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
;disable_login_form = false
# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
;disable_signout_menu = false
# URL to redirect the user to after sign out
;signout_redirect_url =
# Set to true to attempt login with OAuth automatically, skipping the login screen.
# This setting is ignored if multiple OAuth providers are configured.
;oauth_auto_login = false
# OAuth state max age cookie duration. Defaults to 60 seconds.
;oauth_state_cookie_max_age = 60
# limit of api_key seconds to live before expiration
;api_key_max_seconds_to_live = -1
#################################### Anonymous Auth ######################
[auth.anonymous]
# enable anonymous access
enabled = true
# specify organization name that should be used for unauthenticated users
;org_name = Main Org.
# specify role for unauthenticated users
;org_role = Viewer
#################################### Github Auth ##########################
[auth.github]
;enabled = false
;allow_sign_up = true
;client_id = some_id
;client_secret = some_secret
;scopes = user:email,read:org
;auth_url = https://github.com/login/oauth/authorize
;token_url = https://github.com/login/oauth/access_token
;api_url = https://api.github.com/user
;allowed_domains =
;team_ids =
;allowed_organizations =
#################################### GitLab Auth #########################
[auth.gitlab]
;enabled = false
;allow_sign_up = true
;client_id = some_id
;client_secret = some_secret
;scopes = api
;auth_url = https://gitlab.com/oauth/authorize
;token_url = https://gitlab.com/oauth/token
;api_url = https://gitlab.com/api/v4
;allowed_domains =
;allowed_groups =
#################################### Google Auth ##########################
[auth.google]
;enabled = false
;allow_sign_up = true
;client_id = some_client_id
;client_secret = some_client_secret
;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
;auth_url = https://accounts.google.com/o/oauth2/auth
;token_url = https://accounts.google.com/o/oauth2/token
;api_url = https://www.googleapis.com/oauth2/v1/userinfo
;allowed_domains =
;hosted_domain =
#################################### Grafana.com Auth ####################
[auth.grafana_com]
;enabled = false
;allow_sign_up = true
;client_id = some_id
;client_secret = some_secret
;scopes = user:email
;allowed_organizations =
#################################### Azure AD OAuth #######################
[auth.azuread]
;name = Azure AD
;enabled = false
;allow_sign_up = true
;client_id = some_client_id
;client_secret = some_client_secret
;scopes = openid email profile
;auth_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize
;token_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
;allowed_domains =
;allowed_groups =
#################################### Okta OAuth #######################
[auth.okta]
;name = Okta
;enabled = false
;allow_sign_up = true
;client_id = some_id
;client_secret = some_secret
;scopes = openid profile email groups
;auth_url = https://<tenant-id>.okta.com/oauth2/v1/authorize
;token_url = https://<tenant-id>.okta.com/oauth2/v1/token
;api_url = https://<tenant-id>.okta.com/oauth2/v1/userinfo
;allowed_domains =
;allowed_groups =
;role_attribute_path =
#################################### Generic OAuth ##########################
[auth.generic_oauth]
;enabled = false
;name = OAuth
;allow_sign_up = true
;client_id = some_id
;client_secret = some_secret
;scopes = user:email,read:org
;email_attribute_name = email:primary
;email_attribute_path =
;auth_url = https://foo.bar/login/oauth/authorize
;token_url = https://foo.bar/login/oauth/access_token
;api_url = https://foo.bar/user
;allowed_domains =
;team_ids =
;allowed_organizations =
;role_attribute_path =
;tls_skip_verify_insecure = false
;tls_client_cert =
;tls_client_key =
;tls_client_ca =
#################################### Basic Auth ##########################
[auth.basic]
;enabled = true
#################################### Auth Proxy ##########################
[auth.proxy]
;enabled = false
;header_name = X-WEBAUTH-USER
;header_property = username
;auto_sign_up = true
;sync_ttl = 60
;whitelist = 192.168.1.1, 192.168.2.1
;headers = Email:X-User-Email, Name:X-User-Name
# Read the auth proxy docs for details on what the setting below enables
;enable_login_token = false
#################################### Auth LDAP ##########################
[auth.ldap]
;enabled = false
;config_file = /etc/grafana/ldap.toml
;allow_sign_up = true
# LDAP backround sync (Enterprise only)
# At 1 am every day
;sync_cron = "0 0 1 * * *"
;active_sync_enabled = true
#################################### SMTP / Emailing ##########################
[smtp]
;enabled = false
;host = localhost:25
;user =
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
;password =
;cert_file =
;key_file =
;skip_verify = false
;from_address = admin@grafana.localhost
;from_name = Grafana
# EHLO identity in SMTP dialog (defaults to instance_name)
;ehlo_identity = dashboard.example.com
[emails]
;welcome_email_on_sign_up = false
;templates_pattern = emails/*.html
#################################### Logging ##########################
[log]
# Either "console", "file", "syslog". Default is console and file
# Use space to separate multiple modes, e.g. "console file"
;mode = console file
# Either "debug", "info", "warn", "error", "critical", default is "info"
;level = info
# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
;filters =
# For "console" mode only
[log.console]
;level =
# log line format, valid options are text, console and json
;format = console
# For "file" mode only
[log.file]
;level =
# log line format, valid options are text, console and json
;format = text
# This enables automated log rotate(switch of following options), default is true
;log_rotate = true
# Max line number of single file, default is 1000000
;max_lines = 1000000
# Max size shift of single file, default is 28 means 1 << 28, 256MB
;max_size_shift = 28
# Segment log daily, default is true
;daily_rotate = true
# Expired days of log file(delete after max days), default is 7
;max_days = 7
[log.syslog]
;level =
# log line format, valid options are text, console and json
;format = text
# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used.
;network =
;address =
# Syslog facility. user, daemon and local0 through local7 are valid.
;facility =
# Syslog tag. By default, the process' argv[0] is used.
;tag =
#################################### Usage Quotas ########################
[quota]
; enabled = false
#### set quotas to -1 to make unlimited. ####
# limit number of users per Org.
; org_user = 10
# limit number of dashboards per Org.
; org_dashboard = 100
# limit number of data_sources per Org.
; org_data_source = 10
# limit number of api_keys per Org.
; org_api_key = 10
# limit number of orgs a user can create.
; user_org = 10
# Global limit of users.
; global_user = -1
# global limit of orgs.
; global_org = -1
# global limit of dashboards
; global_dashboard = -1
# global limit of api_keys
; global_api_key = -1
# global limit on number of logged in users.
; global_session = -1
#################################### Alerting ############################
[alerting]
# Disable alerting engine & UI features
;enabled = true
# Makes it possible to turn off alert rule execution but alerting UI is visible
;execute_alerts = true
# Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state)
;error_or_timeout = alerting
# Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok)
;nodata_or_nullvalues = no_data
# Alert notifications can include images, but rendering many images at the same time can overload the server
# This limit will protect the server from render overloading and make sure notifications are sent out quickly
;concurrent_render_limit = 5
# Default setting for alert calculation timeout. Default value is 30
;evaluation_timeout_seconds = 30
# Default setting for alert notification timeout. Default value is 30
;notification_timeout_seconds = 30
# Default setting for max attempts to sending alert notifications. Default value is 3
;max_attempts = 3
# Makes it possible to enforce a minimal interval between evaluations, to reduce load on the backend
;min_interval_seconds = 1
#################################### Explore #############################
[explore]
# Enable the Explore section
;enabled = true
#################################### Internal Grafana Metrics ##########################
# Metrics available at HTTP API Url /metrics
[metrics]
# Disable / Enable internal metrics
;enabled = true
# Graphite Publish interval
;interval_seconds = 10
# Disable total stats (stat_totals_*) metrics to be generated
;disable_total_stats = false
#If both are set, basic auth will be required for the metrics endpoint.
; basic_auth_username =
; basic_auth_password =
# Send internal metrics to Graphite
[metrics.graphite]
# Enable by setting the address setting (ex localhost:2003)
;address =
;prefix = prod.grafana.%(instance_name)s.
#################################### Grafana.com integration ##########################
# Url used to import dashboards directly from Grafana.com
[grafana_com]
;url = https://grafana.com
#################################### Distributed tracing ############
[tracing.jaeger]
# Enable by setting the address sending traces to jaeger (ex localhost:6831)
;address = localhost:6831
# Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2)
;always_included_tag = tag1:value1
# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
;sampler_type = const
# jaeger samplerconfig param
# for "const" sampler, 0 or 1 for always false/true respectively
# for "probabilistic" sampler, a probability between 0 and 1
# for "rateLimiting" sampler, the number of spans per second
# for "remote" sampler, param is the same as for "probabilistic"
# and indicates the initial sampling rate before the actual one
# is received from the mothership
;sampler_param = 1
# Whether or not to use Zipkin propagation (x-b3- HTTP headers).
;zipkin_propagation = false
# Setting this to true disables shared RPC spans.
# Not disabling is the most common setting when using Zipkin elsewhere in your infrastructure.
;disable_shared_zipkin_spans = false
#################################### External image storage ##########################
[external_image_storage]
# Used for uploading images to public servers so they can be included in slack/email messages.
# you can choose between (s3, webdav, gcs, azure_blob, local)
;provider =
[external_image_storage.s3]
;endpoint =
;path_style_access =
;bucket =
;region =
;path =
;access_key =
;secret_key =
[external_image_storage.webdav]
;url =
;public_url =
;username =
;password =
[external_image_storage.gcs]
;key_file =
;bucket =
;path =
[external_image_storage.azure_blob]
;account_name =
;account_key =
;container_name =
[external_image_storage.local]
# does not require any configuration
[rendering]
# Options to configure a remote HTTP image rendering service, e.g. using https://github.com/grafana/grafana-image-renderer.
# URL to a remote HTTP image renderer service, e.g. http://localhost:8081/render, will enable Grafana to render panels and dashboards to PNG-images using HTTP requests to an external service.
;server_url =
# If the remote HTTP image renderer service runs on a different server than the Grafana server you may have to configure this to a URL where Grafana is reachable, e.g. http://grafana.domain/.
;callback_url =
# Concurrent render request limit affects when the /render HTTP endpoint is used. Rendering many images at the same time can overload the server,
# which this setting can help protect against by only allowing a certain amount of concurrent requests.
;concurrent_render_request_limit = 30
[panels]
# If set to true Grafana will allow script tags in text panels. Not recommended as it enable XSS vulnerabilities.
;disable_sanitize_html = false
[plugins]
;enable_alpha = false
;app_tls_skip_verify_insecure = false
# Enter a comma-separated list of plugin identifiers to identify plugins that are allowed to be loaded even if they lack a valid signature.
;allow_loading_unsigned_plugins =
#################################### Grafana Image Renderer Plugin ##########################
[plugin.grafana-image-renderer]
# Instruct headless browser instance to use a default timezone when not provided by Grafana, e.g. when rendering panel image of alert.
# See ICUs metaZones.txt (https://cs.chromium.org/chromium/src/third_party/icu/source/data/misc/metaZones.txt) for a list of supported
# timezone IDs. Fallbacks to TZ environment variable if not set.
;rendering_timezone =
# Instruct headless browser instance to use a default language when not provided by Grafana, e.g. when rendering panel image of alert.
# Please refer to the HTTP header Accept-Language to understand how to format this value, e.g. 'fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5'.
;rendering_language =
# Instruct headless browser instance to use a default device scale factor when not provided by Grafana, e.g. when rendering panel image of alert.
# Default is 1. Using a higher value will produce more detailed images (higher DPI), but will require more disk space to store an image.
;rendering_viewport_device_scale_factor =
# Instruct headless browser instance whether to ignore HTTPS errors during navigation. Per default HTTPS errors are not ignored. Due to
# the security risk it's not recommended to ignore HTTPS errors.
;rendering_ignore_https_errors =
# Instruct headless browser instance whether to capture and log verbose information when rendering an image. Default is false and will
# only capture and log error messages. When enabled, debug messages are captured and logged as well.
# For the verbose information to be included in the Grafana server log you have to adjust the rendering log level to debug, configure
# [log].filter = rendering:debug.
;rendering_verbose_logging =
# Instruct headless browser instance whether to output its debug and error messages into running process of remote rendering service.
# Default is false. This can be useful to enable (true) when troubleshooting.
;rendering_dumpio =
# Additional arguments to pass to the headless browser instance. Default is --no-sandbox. The list of Chromium flags can be found
# here (https://peter.sh/experiments/chromium-command-line-switches/). Multiple arguments is separated with comma-character.
;rendering_args =
# You can configure the plugin to use a different browser binary instead of the pre-packaged version of Chromium.
# Please note that this is not recommended, since you may encounter problems if the installed version of Chrome/Chromium is not
# compatible with the plugin.
;rendering_chrome_bin =
# Instruct how headless browser instances are created. Default is 'default' and will create a new browser instance on each request.
# Mode 'clustered' will make sure that only a maximum of browsers/incognito pages can execute concurrently.
# Mode 'reusable' will have one browser instance and will create a new incognito page on each request.
;rendering_mode =
# When rendering_mode = clustered you can instruct how many browsers or incognito pages can execute concurrently. Default is 'browser'
# and will cluster using browser instances.
# Mode 'context' will cluster using incognito pages.
;rendering_clustering_mode =
# When rendering_mode = clustered you can define maximum number of browser instances/incognito pages that can execute concurrently..
;rendering_clustering_max_concurrency =
# Limit the maxiumum viewport width, height and device scale factor that can be requested.
;rendering_viewport_max_width =
;rendering_viewport_max_height =
;rendering_viewport_max_device_scale_factor =
# Change the listening host and port of the gRPC server. Default host is 127.0.0.1 and default port is 0 and will automatically assign
# a port not in use.
;grpc_host =
;grpc_port =
[enterprise]
# Path to a valid Grafana Enterprise license.jwt file
;license_path =
[feature_toggles]
# enable features, separated by spaces
;enable =

1782
grafana_conf/dashboards/apisix-grafana-dashboard.json Normal file
View File

File diff suppressed because it is too large Load Diff

27
grafana_conf/provisioning/dashboards/all.yaml Normal file
View File

@ -0,0 +1,27 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: false
options:
path: /var/lib/grafana/dashboards

25
grafana_conf/provisioning/datasources/all.yaml Normal file
View File

@ -0,0 +1,25 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
datasources:
- access: 'proxy'
editable: true
is_default: true
name: 'apisix'
org_id: 1
type: 'prometheus'
url: 'http://prometheus:9090'
version: 1

17
mkcert/README.md Normal file
View File

@ -0,0 +1,17 @@
### Ref
<https://github.com/FiloSottile/mkcert>
### Copy CA
```
cp $(mkcert -CAROOT)/rootCA.pem .
cp $(mkcert -CAROOT)/rootCA-key.pem .
```
### Create certificate
```
$ mkcert lvh.me "*.lvh.me"
```

28
mkcert/lvh.me+1-key.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCq5TJwEHgVNaft
kU+mytN8gNInFJCU05YfZO8w6yIbeYR4dvdUgfXhDjxb8ZcWfzC7qfpKFAeA0X0l
yHdOYmI6ONhuYW4C4ssaaiIJjnUI0ogHKYtCKPNppU0cRjdnSKWopv9QXZ9UHoRX
zDcHcUnRhL0I057tfZrPAr1X0eMVEKTSUoFVS/nRvuQiOYitiSnSONEpYEAdmGG3
vWxvW1BI9qi4UxXK6IcNF3HUwM20oAAF+5r+3vT+zG04tKfoJfwHoevWKS5V2Rz1
xVW/O8LWKzE1Hl5GHGPXuhZUVDEIIFIV8D67h6dT4BGMS6pUjm0HyfNAdIEHHB4d
RX+RDK75AgMBAAECggEBAKP0Lhabhkl657ghMBSqBIovIO+DaE6QTDekY2JAQ8Gu
LKxSHmmCIX4gZUIknrpjnkJ9CfZmDujEktdb4zJdazXGccY8TQoRwZ9+8VbPyHKF
YSHV9perqBPUFg2pQ+AgL2aFiO72UzSl7nw5HRZT1ule+ujr9k6MsagnTbZiVAVR
F0Lxi7QZc0PQH4tLItkAM3eujUUR+lM0pNhdVqvm2XrNANb423uz1TUvDCXe/1Wb
b7hRYIQEdXY4b3+Emi3SNMtGGBIOaNSQIgXC6s9AezTno5oWj3I5B+AGSD9VmWoK
89iQtFtW1xXjCWM0ZAqH+4b7pmlbUFuv40BqLpUYiAECgYEAw6HfyDoMXaU1q9Yg
xprSQQOrflk24ngCO5HISyEH2ZDeUWkqsOECFhkslJuJewkQfvjBza3Iee3IpJPQ
CnvOtSfnV0YQM7RctVVXmwwgVGd35GeqIM5un3r1LgRslBWpsBkOYQVrPSHnHy7v
f1t/RQHcil08pCl6kyzBS/EGefkCgYEA36Ez8vPjUoWyoFcpFJha/vC8o7Ay4SQ6
kSUhWOLQaA8Oy3BLIH0YI6EpZvHYTtQFTCFhMfTLJpD/M0hmFHQvbhGpvB4Zi6G6
+4GtIi+hgZ7DB86MdKRpQzELPy9JuxYavOUMlMsel2UTAPCfGn3SIJjEkfxo/t0E
8Ct0Z2sdHQECgYALosMmq500rLDmiZPlfCvpRgibOT80dSLc3Cznmw1WeXFfsjuh
zaBMJC8sn5urv7xFcRJF44I7DlOSxl/nX7nJuJff7wDjsmSZPHw7cpsxqf3NjgTm
cqDNx4hxtj2nCSrQmIzsZGAegLe4eRgxoQWO2y9841LKCNWLj2vn0mwqMQKBgQCr
/6qbBGYlBFvc4uzfwEbMqpAMPesEKv84v5wkZ17vihVQ929w74XvcXcMjJpYFs50
PYAqEiNl6EPAR8DrnmkUeVVZMLVpJd1Qr+5fys6niVpr2LtCw2mKmmASGubUlC3A
d1Lz5j4DJ2Q0Zt2YXImPNLCLr915mLjBmEqReFsOAQKBgQCtuwlhmOE43jGKP5RJ
Ow5KhZze1gX4EA3HQOYRUE3psuzIesUEcDOvoCE/iWo22uNieqpBbXKi0CrtR6/6
SopgMSPkNrrKDvbrM2azvdD85hoPmoYjEuyWTDJReqCzNxbHeri5Yo0/pcDqWSb3
49RDuXS9aIj3PjFtsqQFXbfugg==
-----END PRIVATE KEY-----

25
mkcert/lvh.me+1.pem Normal file
View File

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEKjCCApKgAwIBAgIQJ7+tTZRECIp1/rZvizFsADANBgkqhkiG9w0BAQsFADBl
MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExHTAbBgNVBAsMFHJvb3RA
dmtpbGwtYXJjaGxpbnV4MSQwIgYDVQQDDBtta2NlcnQgcm9vdEB2a2lsbC1hcmNo
bGludXgwHhcNMTkwNzE3MDA1NTMwWhcNMjkwNzE3MDA1NTMwWjBIMScwJQYDVQQK
Ex5ta2NlcnQgZGV2ZWxvcG1lbnQgY2VydGlmaWNhdGUxHTAbBgNVBAsMFHJvb3RA
dmtpbGwtYXJjaGxpbnV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
quUycBB4FTWn7ZFPpsrTfIDSJxSQlNOWH2TvMOsiG3mEeHb3VIH14Q48W/GXFn8w
u6n6ShQHgNF9Jch3TmJiOjjYbmFuAuLLGmoiCY51CNKIBymLQijzaaVNHEY3Z0il
qKb/UF2fVB6EV8w3B3FJ0YS9CNOe7X2azwK9V9HjFRCk0lKBVUv50b7kIjmIrYkp
0jjRKWBAHZhht71sb1tQSPaouFMVyuiHDRdx1MDNtKAABfua/t70/sxtOLSn6CX8
B6Hr1ikuVdkc9cVVvzvC1isxNR5eRhxj17oWVFQxCCBSFfA+u4enU+ARjEuqVI5t
B8nzQHSBBxweHUV/kQyu+QIDAQABo3MwcTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0l
BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSYvVgP4gOX
oeisL5WsQbGN4B9BZTAbBgNVHREEFDASggZsdmgubWWCCCoubHZoLm1lMA0GCSqG
SIb3DQEBCwUAA4IBgQBAuqUCOe4dYs5Wx6R99c2W+OoeyxN8RYLK8IJkUnuqzLIk
REzYuAzO99McMe61nc0s5obsVGOyhchj101Y22Roq9W6IMo5xMxtnjHBuFhMHUKL
np6U2hcd73u68q/dgq9+tQk1UhTJGVkZKr7E5FAr5Lh9ge3p+6xoc2czMGaoHKge
jcCT+nPE73Nec17LUSZhqcxlzzXIrLubi0W8IrkCoDWQYnV8HjuigpSuclAI2Pet
GD/fi6w0sERsSG2VFRA56j17l27LqFfHtz1GWMJGh7cQ+GOGe8Wviiskz5tZEQTw
y2q2CFwx9MxzBk5mO8zG4pnYhB/UMeLHiTJO4WeLP8uVkEyzckc1INsgw6Kit2oZ
hQDoHunZ7y/RfL/8xj78nya58YZ6oaf+EDVqA+JPhbAZEFC+U9+BYLmr5eB31DNc
NfeqlIybQ1xrj42QRUTGPIwfl6lwGu4L63WKVfSOOEWkx1yB/x5vUYmWK4Vub+Gs
rwqoluFp44oNMY+uy9w=
-----END CERTIFICATE-----

40
mkcert/rootCA-key.pem Normal file
View File

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCz/Ya3wSY9CAzL
78eJ6bugV8UEm9T/an0UDY+r9x8zSVsvz1rgqoxE1tFwc2KCdGoXe9qFc7M5HOuF
N7sbr1CusgoRbLO/zzmd/IUCkG6iLdo3dY6JcIFUQcerbSGLbqLQ54uixxsXG5l/
5K/rS0SboxQQWXRt/+FLB3TZpSA9eNiI9WGUdtEsiZIu0H7UFjgIEer7ucFXFJPn
Yfc6zZcY25mkraIJR6+e4DA8liTaC8MzLGgpvqlGr8z/5f5Fhi8LWGJbDZKvpCyW
lsWWE7tgk7yj8tTScFtjMHynT74YNUP2SaUvgDFFSf7hUyapSpkg9dtykELSO5HC
8yK+XAXhiwuk/lwh4y9CokiX2rldQvgiuvw3eSxGhGmfAOGbn2mhHI8t+xjHzXNr
ZgYH+PluFiZ2sC8Y0eY+OWdqU0+pMa+6/6fJbZVX1eCkKNNYyv+YJlbcmVEeFUwb
Bkx/K1lJIVwWvpaEOQja8CkOImxQ68KaisNF/RHC+OFkhUMXfmMCAwEAAQKCAYAt
/FA3Enoajbv3PsPUUItHZCVKECZTO3nJbc2POgwWpl9Nz8SAMhK0Y84O1OwOOIAC
j/o8rlrT9LeXya1cXWZXu9UmroceMmueGa5CAXTCqsRd9wL7ymrAhC3ndnJjlViz
1vSuGgCp3rtRGbR4gTp+KSQvKSu+DuoYqUcJdE7QZdes5kSQEetPXbajj1FYDnUy
WqGWvtbO0MsZCsaHl49LIpAWquYDSPVtugmY8SNpMiglIutZ/wRwsunFV5WnXaip
eXOlD85lbbRzIuuydGn15aD1svQMOKyiWuA3Fr2nG7uPxgb6O5KV/cTfaKNjrJzp
lo7RF1S6Y4piXlrzDFCKc6LGjAk41kMOpjkrRVSHBtvWCFX8vNOkq09mGnGMhzSR
bA4Qj11sbVM4IGy49FCHPCw9sLZWzpjtWXFipDkuzGRedGLjuURr5iKpA5B+jVkH
iGUHfbjfU/eWiHRuDSr3UzMJ8GiSpLbZ5x1+2lUSUksvZ5ACDHXUd31Z4uGI1UEC
gcEAyvPTSaC+e3SCfKpMazfTICh/nminglKud5y5d35lU3sezw94WIJ0DJSpYVXA
rR6n2MTIku44fr53Yq25jyxjnhQ273G9QVVDfnkpHnH2+9PTLaRF8xmFhPiQBKOX
rdJK3YDgJ96aHZ2/un+kqEJ9dWetioy8zie1zYlHq0H4fjbc0MwaUC+Oi8Ys84xX
H2W9OxhDhBqhwH6eP3XJgXf3ov6PznqKJtMOO9IMJNmN067U30mVulFcVNN40fLh
up9dAoHBAOMJPEkGRzhIOHXKPmAQMIDC9DHhHU15pDCRpNLBAbcBx4fUbiaT3Xz0
CVeqLuDlW/dKQ48t/8ftEXqt6B+KlFa5xzivulKuB5QSf3d5pDmhfksCtq3DkynF
w5CsbiYs/xNYqg+RlCJBUgCXiXimElyJ+FfxPJqU6TGpK+pH1Vkg79wAZ8y32Pkn
0cqw42xuzlYvB7pNgoWiEh2c0efISARYNl72lgrBsMQWS0x7kZsXigVVfaK4L7qC
lTIQT1N4vwKBwAl54P+rFbnF8uHHQdIvxRfXTD4lPM0E90h2dOJzcF+5e/LHEiNv
0+NSfaYhzuFGcSfZ6FOT8+dXFVPyMJvSwsP6xaXgdam7RW9+UMEvKQ0REucqqGl1
Y5qV0IOm78oZ64z0G4NBDYkceHtIwnNox1rYAG5bq+UkTYTPSB1i8ytRfHXzUbc0
wT8dfbPRda/tnCxKMbzVUYAfaVwlL8dvxoxBvo0xg4nUiPGaGR8PWWPs4dubH/aX
HeyIAzgqUwfXsQKBwA+12OUYuR7s6HNGLnDJTgHq+6jj8fole7YcrfIjhvHZ/quo
iILE4qO941OcpCfN10JSckBbJ4L3Jal+lTxxg3hI3L9Qca08+6tEaGulEDcotKuO
IYP+r5VJaRH+zJR5sqDtFr+DDGQebwU5dzrRCx46MeQr/kyYF1bnZPGOTPYg8Fgh
8wzYf/wlxD+pY+Nh+4c9M+SxbmG+6FACRQgr9MfQLtr9Zz6RTqETBdziBB5eT5+0
3b+/zRWz6Y0QUdzt0wKBwEqkBkMAdT/tKN9ZM9g/FseisAfwBtmqdvZsXj9Fx0A7
PHlEbh6G91nhXwg2zeBrakCU4YY4NY5qiz80ykwJ0uwbUUb628ai9OGqjS3LGhI3
kYIrxQpv9mdNkJsISsYfhvMjiPt5LvxdCynC3w2FGd/pgBZwi14zkusW86pPGjVc
o5UXcZLgR68O3tfsr8+EpWVCnS7Ln2UcrWfnrBHFRCiwFCFfwO9JfgnEXNquxBGX
2Hqwp0dr/cxfVFXcD8fa9Q==
-----END PRIVATE KEY-----

27
mkcert/rootCA.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEmTCCAwGgAwIBAgIQdbSoj8s/j7Hgten9A8CKBTANBgkqhkiG9w0BAQsFADBl
MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExHTAbBgNVBAsMFHJvb3RA
dmtpbGwtYXJjaGxpbnV4MSQwIgYDVQQDDBtta2NlcnQgcm9vdEB2a2lsbC1hcmNo
bGludXgwHhcNMTkwNzE1MTQ0MDA0WhcNMjkwNzE1MTQ0MDA0WjBlMR4wHAYDVQQK
ExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExHTAbBgNVBAsMFHJvb3RAdmtpbGwtYXJj
aGxpbnV4MSQwIgYDVQQDDBtta2NlcnQgcm9vdEB2a2lsbC1hcmNobGludXgwggGi
MA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCz/Ya3wSY9CAzL78eJ6bugV8UE
m9T/an0UDY+r9x8zSVsvz1rgqoxE1tFwc2KCdGoXe9qFc7M5HOuFN7sbr1CusgoR
bLO/zzmd/IUCkG6iLdo3dY6JcIFUQcerbSGLbqLQ54uixxsXG5l/5K/rS0SboxQQ
WXRt/+FLB3TZpSA9eNiI9WGUdtEsiZIu0H7UFjgIEer7ucFXFJPnYfc6zZcY25mk
raIJR6+e4DA8liTaC8MzLGgpvqlGr8z/5f5Fhi8LWGJbDZKvpCyWlsWWE7tgk7yj
8tTScFtjMHynT74YNUP2SaUvgDFFSf7hUyapSpkg9dtykELSO5HC8yK+XAXhiwuk
/lwh4y9CokiX2rldQvgiuvw3eSxGhGmfAOGbn2mhHI8t+xjHzXNrZgYH+PluFiZ2
sC8Y0eY+OWdqU0+pMa+6/6fJbZVX1eCkKNNYyv+YJlbcmVEeFUwbBkx/K1lJIVwW
vpaEOQja8CkOImxQ68KaisNF/RHC+OFkhUMXfmMCAwEAAaNFMEMwDgYDVR0PAQH/
BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJi9WA/iA5eh6Kwv
laxBsY3gH0FlMA0GCSqGSIb3DQEBCwUAA4IBgQAQajEfAgQHrjHCaVcFskq8p7sw
FRDMyWVBB7FdtXIwZELib2oqDh3dTOamCYbRzRy2GHYGRp2mqDpMIEeomL475pSl
/Kqk9vRZgNHoEzKChPnbYJpZXEqlvxQzmS5Pu4ijAcP/+DFxMo400WbpNB9YQeeP
x/aeOP4RqBdtBx+yXr9iHiaYH0ZKmvQiGOAGUhw1WPd1lvv5gmrXsAJ7/QGSAuWM
KHyYIx6pfO4fq3OFONrDWPBAEoW+ZvDVi0mBEhksBm5H6+APD3qfU6ZGI2kHGMR4
oL5+K6Qd8W8rljrtYW0yk3OHZ5ZlP3XhXs3dBnrXRzsQN2FCMJ+tV+iqcLll0Gzq
9Fnx0qKT8NQS1FkP49W1Zqeoxof9iruXpQ1cMTEy/XvkNGw76MBubZZ1ZQwKlG8/
3lTENUnr9nvwpwZpjjfut96KgpbcOnhM8q8dn60YWgARXa88uRVbw3IJ0T2A+RGu
KEYT0ZZQQMFUvobozBi3XdWM33FjHoMyCzth0DY=
-----END CERTIFICATE-----

40
prometheus_conf/prometheus.yml Normal file
View File

@ -0,0 +1,40 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
global:
scrape_interval: 1s # By default, scrape targets every 15 seconds.
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
external_labels:
stack: "apisix"
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: "prometheus"
# Override the global default and scrape targets from this job every 5 seconds.
scrape_interval: 5s
static_configs:
- targets: ["localhost:9090"]
- job_name: "apisix"
scrape_interval: 5s
metrics_path: "/apisix/prometheus/metrics"
static_configs:
- targets: ["apisix:9091"]