Anyway to make the node-exporter and cadvisor local only to the prometheus container?

+1 vote

I am using prometheus, node-exporter, and cadvisor services successfully inside a docker container, all on different ports of the same hosts. I'm using docker compose for all the services:

version: '2'


volumes:
    grafana_data: {}

services:

    prometheus:
        image: prom/prometheus
        privileged: true
        volumes:
            - ./prometheus.yml:/etc/prometheus/prometheus.yml
            - ./alertmanager/alert.rules:/alertmanager/alert.rules
        command:
            - '--config.file=/etc/prometheus/prometheus.yml'
        ports:
            - '9090:9090'

    node-exporter:
        image: prom/node-exporter
        ports:
            - '9100:9100'
    cadvisor:
        image: google/cadvisor:latest 
        privileged: true
        volumes:
            - /:/rootfs:ro
            - /var/run:/var/run:rw
            - /var/lib/docker/:/var/lib/docker:ro
            - /dev/disk/:/dev/disk:ro
            - /cgroup:/sys/fs/cgroup:ro
        ports:
            - '8080:8080'

I need only prometheus to access cadvisor. I want to know if there's any way to make the cadvisor service local only to the container because at the moment it is accessible outside of the contatiner.

Apr 6, 2018 in DevOps & Agile by DragonLord999
• 8,380 points
253 views

2 answers to this question.

+1 vote
The simple solution to your problem would be to close the ports for that service. Just delete the ports section for each of those services. Also, you for container to container communication you could use container ports instead of your service ports. You can reference the target container by its service name.
answered Apr 6, 2018 by ajs3033
• 7,280 points
0 votes

If you don't want to access the service externally, don't publish the ports for that service, delete the ports section from each of those services. The resulting compose file will look like:

version: '2'
volumes:
    grafana_data: {}
services:
    prometheus:
        image: prom/prometheus
        privileged: true
        volumes:
            - ./prometheus.yml:/etc/prometheus/prometheus.yml
            - ./alertmanager/alert.rules:/alertmanager/alert.rules
        command:
            - '--config.file=/etc/prometheus/prometheus.yml'
        ports:
            - '9090:9090'

    node-exporter:
        image: prom/node-exporter
        # removed "ports" from here

    cadvisor:
        image: google/cadvisor:latest 
        privileged: true
        volumes:
            - /:/rootfs:ro
            - /var/run:/var/run:rw
            - /var/lib/docker/:/var/lib/docker:ro
            - /dev/disk/:/dev/disk:ro
            - /cgroup:/sys/fs/cgroup:ro
        # removed "ports" from here
answered Oct 18, 2018 by Nilesh
• 6,920 points

Related Questions In DevOps & Agile

+5 votes
2 answers

How to program and get the Digital Ocean ID of the current Droplet from within the Droplet?

You can run curl http://169.254.169.254/metadata/v1/id within the ...READ MORE

answered Mar 26, 2018 in DevOps & Agile by Atul
• 10,240 points
323 views
+13 votes
2 answers
+2 votes
1 answer

What is the difference between a container and an image in Docker?

 Below is reference which you can follow to know ...READ MORE

answered Sep 20, 2018 in DevOps & Agile by shubham
• 6,890 points
71 views
0 votes
1 answer
0 votes
1 answer

Deploy Docker Containers from Docker Cloud

To solve this problem, I followed advice ...READ MORE

answered Sep 3, 2018 in AWS by Priyaj
• 57,300 points
263 views
+3 votes
1 answer

Unable to find the TargetArguments path While configuring dot cover in VSTS

For your unable to find the TargetArguments ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by ajs3033
• 7,280 points
114 views
+1 vote
2 answers

Should I commit Terraform State files to the git repository?

Its better not to commit it to ...READ MORE

answered Aug 3, 2018 in DevOps & Agile by Nilesh
• 6,920 points
613 views