https://github.com/tiennm99/alloy-docker-compose
Single-container Grafana Alloy shipping host + Docker metrics/logs to Grafana Cloud Free. Env-driven, low-cardinality.
https://github.com/tiennm99/alloy-docker-compose
cadvisor docker-compose grafana-alloy grafana-cloud loki monitoring node-exporter observability prometheus self-hosted
Last synced: 4 days ago
JSON representation
Single-container Grafana Alloy shipping host + Docker metrics/logs to Grafana Cloud Free. Env-driven, low-cardinality.
- Host: GitHub
- URL: https://github.com/tiennm99/alloy-docker-compose
- Owner: tiennm99
- License: apache-2.0
- Created: 2026-04-24T02:20:57.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2026-05-31T03:41:58.000Z (about 1 month ago)
- Last Synced: 2026-05-31T05:16:46.844Z (about 1 month ago)
- Topics: cadvisor, docker-compose, grafana-alloy, grafana-cloud, loki, monitoring, node-exporter, observability, prometheus, self-hosted
- Size: 60.5 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# alloy-docker-compose
One-file [Grafana Alloy](https://grafana.com/docs/alloy/latest/) setup that ships host (linux) and container (docker) telemetry to Grafana Cloud, plus pulls remote config from Grafana Fleet Management.
- **Single container** running both `node_exporter` (host) and `cadvisor` (containers) collectors.
- **Config embedded inline** via Compose `configs:` — no sidecar `config.alloy` file on disk.
- **Env-driven** — nine shell variables, no `.env` file.
- **Remote config** via `remotecfg` block (Grafana Fleet Management).
## What it collects
| Source | Component | Notes |
|---|---|---|
| Host metrics | `prometheus.exporter.unix` | CPU, memory, load, disk I/O, filesystem, network, uname, boot time, systemd, vmstat, sockstat — full default-collector set minus `ipvs/btrfs/infiniband/xfs/zfs` |
| Container metrics | `prometheus.exporter.cadvisor` | CPU, memory, fs usage/limit, network, `last_seen` |
| Container logs | `loki.source.docker` | all running containers, labeled with `container`, `stream`, `instance` |
| System logs (journal) | `loki.source.journal` (via `journal_module`) | systemd journal with `unit`, `boot_id`, `transport`, `level` labels |
| System logs (files) | `loki.source.file` | `/var/log/syslog`, `/var/log/messages`, `/var/log/*.log` |
| Remote config | `remotecfg` | polls Grafana Fleet Management every 60s |
Filtering follows the upstream Grafana Cloud integration configs verbatim — `keep`-lists copied from each integration's **Metrics** section ([Linux Node](https://grafana.com/docs/grafana-cloud/monitor-infrastructure/integrations/integration-reference/integration-linux-node/#metrics), [Docker](https://grafana.com/docs/grafana-cloud/monitor-infrastructure/integrations/integration-reference/integration-docker/#metrics)). Logs are unfiltered.
> **Log duplication caveat.** On systems where rsyslog mirrors journald to `/var/log/syslog` (e.g. Debian/Ubuntu defaults), enabling both pipelines double-ships the same lines. If that's the case for your hosts, drop one source — typically the file-based one is redundant on systemd-only stacks.
## Quick start
```bash
export ALLOY_HOSTNAME=miti-jp # also used as Loki/Prometheus instance label
export REMOTECFG_URL=https://fleet-management-prod-013.grafana.net
export REMOTECFG_ID=miti-jp # fleet-management agent id
export REMOTECFG_USER=1431677 # fleet-management user id
export PROM_URL=https://prometheus-prod-XX-.grafana.net/api/prom/push
export PROM_USER=
export LOKI_URL=https://logs-prod-XXX.grafana.net/loki/api/v1/push
export LOKI_USER=
export GRAFANA_TOKEN=glc_... # one Cloud Access Policy token, scopes: metrics:write + logs:write + fleet-management:read
docker compose up -d
```
Find the `PROM_*` / `LOKI_*` / `REMOTECFG_*` values under Grafana Cloud → your stack → **Details** on each data source / Fleet Management. The same token is reused for `remotecfg`, Prometheus, and Loki basic-auth.
Any unset required variable makes `docker compose up` fail fast.
## Multi-host
Same compose file on every host — change `ALLOY_HOSTNAME` and `REMOTECFG_ID` per host. Filter in Grafana with `instance=~"..."`.
## Security note
Runs `privileged: true` + `network_mode: host`, matching the upstream Grafana Cloud docker integration. `network_mode: host` is required so `prometheus.exporter.unix` reports the host's real network interfaces (eth0…) instead of the alloy container's veth pair. If you need least-privilege, see the upstream Alloy docker integration docs and tighten capabilities.
## Mounts
| Mount | Why |
|---|---|
| `/proc:/rootproc:ro` | node-exporter cpu/mem/load (referenced via `procfs_path`) |
| `/sys:/sys:ro` | node-exporter + cadvisor cgroups |
| `/:/rootfs:ro` | filesystem collector (referenced via `rootfs_path`) |
| `/dev/disk/:/dev/disk:ro` | node-exporter diskstats device labels |
| `/var/run/docker.sock` | `discovery.docker` + `loki.source.docker` |
| `/var/lib/docker:ro` | cadvisor container metadata |
| `/var/log:/var/log:ro` | `loki.source.journal` (`/var/log/journal`) + `loki.source.file` (syslog/messages/*.log) |
| `/etc/machine-id:ro` | stable host id for the journal reader |
| `alloy-data` (named volume) | WAL + remotecfg cache |
## Design
- [Upstream sources of truth](docs/upstream-sources-of-truth.md) — what we follow, what's in scope, how to audit dashboard metric needs.
## Known noise (special cases)
- [Coolify SSH session spam](docs/known-noise-coolify-ssh-sessions.md) — only relevant if Coolify manages the host. Safe to ignore otherwise.
## License
Apache 2.0 — see [LICENSE](LICENSE).