limit docker socket api access to alloy

2026-03-22 12:19:10 +01:00
parent 9771fc620e
commit ce9dba4923
3 changed files with 34 additions and 4 deletions
--- a/monitoring/docker-compose.yml
+++ b/monitoring/docker-compose.yml
@@ -1,12 +1,42 @@
 services:
+  docker-socket-proxy:
+    image: tecnativa/docker-socket-proxy:0.3
+    container_name: docker-socket-proxy
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - CONTAINERS=1
+      - LOG=1
+      - POST=0
+      - BUILD=0
+      - COMMIT=0
+      - CONFIGS=0
+      - DISTRIBUTION=0
+      - EXEC=0
+      - IMAGES=0
+      - INFO=0
+      - NETWORKS=0
+      - NODES=0
+      - PLUGINS=0
+      - SERVICES=0
+      - SESSION=0
+      - SWARM=0
+      - SYSTEM=0
+      - TASKS=0
+      - VOLUMES=0
+    networks:
+      - monitoring
+
  alloy:
    image: grafana/alloy:latest
    container_name: alloy
    restart: unless-stopped
+    depends_on:
+      - docker-socket-proxy
    env_file: .env
    volumes:
      - ./config.alloy:/etc/alloy/config.alloy:ro
-      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /:/host/root:ro