Pin monitoring stack images by digest
Reads live RepoDigests of each running monitoring container and freezes the compose to the exact image manifest. Brings the monitoring stack to the same digest-pin discipline as the stateful tier-1 services. influxdb3-core was already pinned. Affected: prometheus, alertmanager, alertmanager-ntfy-bridge, blackbox-exporter, loki, promtail, grafana, node-exporter, cadvisor (plus a second python:3.13-alpine for the bootstrap dashboard importer). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
prometheus:
|
prometheus:
|
||||||
image: prom/prometheus:v3.7.3
|
image: prom/prometheus:v3.7.3@sha256:49214755b6153f90a597adcbff0252cc61069f8ab69ce8411285cd4a560e8038
|
||||||
container_name: monitoring-prometheus
|
container_name: monitoring-prometheus
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command:
|
command:
|
||||||
@@ -25,7 +25,7 @@ services:
|
|||||||
- cadvisor
|
- cadvisor
|
||||||
|
|
||||||
alertmanager:
|
alertmanager:
|
||||||
image: prom/alertmanager:v0.28.1
|
image: prom/alertmanager:v0.28.1@sha256:27c475db5fb156cab31d5c18a4251ac7ed567746a2483ff264516437a39b15ba
|
||||||
container_name: monitoring-alertmanager
|
container_name: monitoring-alertmanager
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command:
|
command:
|
||||||
@@ -42,7 +42,7 @@ services:
|
|||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
|
|
||||||
alertmanager-ntfy-bridge:
|
alertmanager-ntfy-bridge:
|
||||||
image: python:3.13-alpine
|
image: python:3.13-alpine@sha256:420cd0bf0f3998275875e02ecd5808168cf0843cbb4d3c536432f729247b2acc
|
||||||
container_name: monitoring-alertmanager-ntfy-bridge
|
container_name: monitoring-alertmanager-ntfy-bridge
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
dns:
|
dns:
|
||||||
@@ -63,7 +63,7 @@ services:
|
|||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
|
|
||||||
blackbox-exporter:
|
blackbox-exporter:
|
||||||
image: prom/blackbox-exporter:v0.27.0
|
image: prom/blackbox-exporter:v0.27.0@sha256:a50c4c0eda297baa1678cd4dc4712a67fdea713b832d43ce7fcc5f9bea05094d
|
||||||
container_name: monitoring-blackbox-exporter
|
container_name: monitoring-blackbox-exporter
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
dns:
|
dns:
|
||||||
@@ -81,7 +81,7 @@ services:
|
|||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
|
|
||||||
loki:
|
loki:
|
||||||
image: grafana/loki:3.7.2
|
image: grafana/loki:3.7.2@sha256:191d4fdfb7264f16989f0a57f320872620a5a7c2ceeec6229212c4190ec49b86
|
||||||
container_name: monitoring-loki
|
container_name: monitoring-loki
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command:
|
command:
|
||||||
@@ -97,7 +97,7 @@ services:
|
|||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
|
|
||||||
promtail:
|
promtail:
|
||||||
image: grafana/promtail:3.6.10
|
image: grafana/promtail:3.6.10@sha256:2a0f5e3e160ee5d549c585f6cc4f4e1c566ff783324a424bd75bc16503fc660e
|
||||||
container_name: monitoring-promtail
|
container_name: monitoring-promtail
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command:
|
command:
|
||||||
@@ -115,7 +115,7 @@ services:
|
|||||||
- loki
|
- loki
|
||||||
|
|
||||||
grafana:
|
grafana:
|
||||||
image: grafana/grafana:12.4.3
|
image: grafana/grafana:12.4.3@sha256:2e986801428cd689c2358605289c90ab37d2b39e24808874971f54c99bcdc412
|
||||||
container_name: monitoring-grafana
|
container_name: monitoring-grafana
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
dns:
|
dns:
|
||||||
@@ -273,7 +273,7 @@ services:
|
|||||||
echo "Dashboard import complete."
|
echo "Dashboard import complete."
|
||||||
|
|
||||||
node-exporter:
|
node-exporter:
|
||||||
image: prom/node-exporter:v1.9.1
|
image: prom/node-exporter:v1.9.1@sha256:d00a542e409ee618a4edc67da14dd48c5da66726bbd5537ab2af9c1dfc442c8a
|
||||||
container_name: monitoring-node-exporter
|
container_name: monitoring-node-exporter
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command:
|
command:
|
||||||
@@ -295,7 +295,7 @@ services:
|
|||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
|
|
||||||
cadvisor:
|
cadvisor:
|
||||||
image: ghcr.io/google/cadvisor:v0.53.0
|
image: ghcr.io/google/cadvisor:v0.53.0@sha256:c3770bd6fc6c6a9cb2b47143e6b3cc3fdd9d20a8453dffbb7e09a145e7e0c4e4
|
||||||
container_name: monitoring-cadvisor
|
container_name: monitoring-cadvisor
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command:
|
command:
|
||||||
|
|||||||
Reference in New Issue
Block a user