erigon-pulse/docker-compose.yml
Marius d085bf9a7f
docker-compose with minimal PID namespace and non-root permissions (#2397)
* Feat: only share the erigon container PID namespace with rpcdaemon instead of the entire host PID namespace.

* Feat: remove host UID:GUID mapping from erigon and rpcdaemon containers in favour of erigon user in Dockerfile. Adapted Makefile to pre-create mounted volumes to avoid permission issues at runtime.

* Feat: docker volume directories should always be owned by erigon user(1000:1000) regardless of the user that invoked the make command.

* Fix: don't chown here which breaks docker volume mounts.

* Fix: remove ERIGON_HOME Makefile variable and simplify recipe.
2021-07-19 20:40:09 +07:00

51 lines
2.0 KiB
YAML

version: '2.2'
services:
erigon:
image: thorax/erigon:latest
build: .
command: erigon --datadir=/var/lib/erigon --metrics --metrics.addr=0.0.0.0 --metrics.port=6060 --private.api.addr=0.0.0.0:9090 --pprof --pprof.addr=0.0.0.0 --pprof.port=6061
volumes:
- ${XDG_DATA_HOME:-~/.local/share}/erigon:/var/lib/erigon
ports:
- "30303:30303/tcp"
- "30303:30303/udp"
- "30304:30304/tcp"
- "30304:30304/udp"
restart: unless-stopped
prometheus:
image: prom/prometheus:v2.28.1
user: 1000:1000 # Uses erigon user from Dockerfile
command: --log.level=warn --config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/prometheus --web.console.libraries=/usr/share/prometheus/console_libraries --web.console.templates=/usr/share/prometheus/consoles
ports:
- "9090:9090"
volumes:
- ${ERIGON_PROMETHEUS_CONFIG:-./cmd/prometheus/prometheus.yml}:/etc/prometheus/prometheus.yml
- ${XDG_DATA_HOME:-~/.local/share}/erigon-prometheus:/prometheus
restart: unless-stopped
grafana:
image: grafana/grafana:8.0.6
user: 1000:1000 # Uses erigon user from Dockerfile
ports:
- "3000:3000"
volumes:
- ${ERIGON_GRAFANA_CONFIG:-./cmd/prometheus/grafana.ini}:/etc/grafana/grafana.ini
- ./cmd/prometheus/datasources:/etc/grafana/provisioning/datasources
- ./cmd/prometheus/dashboards:/etc/grafana/provisioning/dashboards
- ${XDG_DATA_HOME:-~/.local/share}/erigon-grafana:/var/lib/grafana
restart: unless-stopped
rpcdaemon:
image: thorax/erigon:latest
command: rpcdaemon --datadir /var/lib/erigon --private.api.addr=erigon:9090 --http.addr=0.0.0.0 --http.vhosts=* --http.corsdomain=* --http.api=eth,debug,net
pid: service:erigon # Use erigon's PID namespace. It's required to open Erigon's DB from another process (RPCDaemon local-mode)
volumes:
- ${XDG_DATA_HOME:-~/.local/share}/erigon:/var/lib/erigon
ports:
- "8545:8545"
restart: unless-stopped