egullickson/motovaultpro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Promtail, Loki, and Grafana log aggregation stack (#86) #93

Merged
egullickson merged 3 commits from issue-86-promtail-loki-grafana into main 2026-02-05 02:47:22 +00:00
Conversation 0 Commits 3 Files Changed 6 +155
egullickson commented 2026-02-05 02:17:09 +00:00
Owner
Copy Link

Summary

  • Add Promtail for Docker log scraping with automatic container discovery
  • Add Loki for centralized log storage with 30-day retention
  • Add Grafana with Loki datasource auto-provisioned
  • Add IP whitelist middleware restricting Grafana to RFC1918 private ranges only

Fixes #86

Changes

File Change
config/promtail/config.yml Promtail config with Docker service discovery
config/loki/config.yml Loki config with 30-day retention
config/grafana/datasources/loki.yml Grafana datasource provisioning
config/traefik/dynamic/grafana.yml IP whitelist middleware for RFC1918
docker-compose.yml 3 new services, 2 new volumes

Security

Grafana is protected by IP whitelist middleware (grafana-ipwhitelist@file) that only allows access from RFC1918 private network ranges:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

Public internet access returns 403 Forbidden.

Acceptance Criteria

  • Promtail scrapes all container logs
  • Loki stores logs with 30-day retention
  • Grafana accessible at https://logs.motovaultpro.com from RFC1918 IPs only
  • Loki datasource auto-provisioned in Grafana
  • docker-compose config validates
  • Container count: 6 → 9
## Summary - Add Promtail for Docker log scraping with automatic container discovery - Add Loki for centralized log storage with 30-day retention - Add Grafana with Loki datasource auto-provisioned - Add IP whitelist middleware restricting Grafana to RFC1918 private ranges only Fixes #86 ## Changes | File | Change | |------|--------| | `config/promtail/config.yml` | Promtail config with Docker service discovery | | `config/loki/config.yml` | Loki config with 30-day retention | | `config/grafana/datasources/loki.yml` | Grafana datasource provisioning | | `config/traefik/dynamic/grafana.yml` | IP whitelist middleware for RFC1918 | | `docker-compose.yml` | 3 new services, 2 new volumes | ## Security Grafana is protected by IP whitelist middleware (`grafana-ipwhitelist@file`) that only allows access from RFC1918 private network ranges: - `10.0.0.0/8` - `172.16.0.0/12` - `192.168.0.0/16` Public internet access returns 403 Forbidden. ## Acceptance Criteria - [x] Promtail scrapes all container logs - [x] Loki stores logs with 30-day retention - [x] Grafana accessible at https://logs.motovaultpro.com from RFC1918 IPs only - [x] Loki datasource auto-provisioned in Grafana - [x] docker-compose config validates - [x] Container count: 6 → 9
egullickson added 1 commit 2026-02-05 02:17:10 +00:00
feat: add Promtail, Loki, and Grafana log aggregation stack (refs #86)
All checks were successful
Deploy to Staging / Build Images (pull_request) Successful in 31s
Details
Deploy to Staging / Deploy to Staging (pull_request) Successful in 35s
Details
Deploy to Staging / Verify Staging (pull_request) Successful in 2m37s
Details
Deploy to Staging / Notify Staging Ready (pull_request) Successful in 8s
Details
Deploy to Staging / Notify Staging Failure (pull_request) Has been skipped
Details
1cf54fb254 
- Add Promtail for Docker log scraping with container discovery
- Add Loki for log storage with 30-day retention
- Add Grafana with Loki datasource auto-provisioned
- Add IP whitelist middleware restricting Grafana to RFC1918 ranges
- Container count: 6 → 9

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
egullickson added 1 commit 2026-02-05 02:19:33 +00:00
chore: use mirrored registry for logging stack images (refs #86)
Some checks failed
Deploy to Staging / Build Images (pull_request) Successful in 30s
Details
Deploy to Staging / Deploy to Staging (pull_request) Failing after 11s
Details
Deploy to Staging / Verify Staging (pull_request) Has been skipped
Details
Deploy to Staging / Notify Staging Ready (pull_request) Has been skipped
Details
Deploy to Staging / Notify Staging Failure (pull_request) Successful in 7s
Details
e83385d729 
- Update Loki, Promtail, Grafana to use REGISTRY_MIRRORS
- Add grafana/loki, grafana/promtail, grafana/grafana to mirror script

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
egullickson added 1 commit 2026-02-05 02:40:27 +00:00
fix: use correct grafana/ namespace in mirrored image paths (refs #86)
All checks were successful
Deploy to Staging / Build Images (pull_request) Successful in 33s
Details
Deploy to Staging / Deploy to Staging (pull_request) Successful in 19s
Details
Deploy to Staging / Verify Staging (pull_request) Successful in 2m30s
Details
Deploy to Staging / Notify Staging Ready (pull_request) Successful in 8s
Details
Deploy to Staging / Notify Staging Failure (pull_request) Has been skipped
Details
9aa1ad954f 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
egullickson merged commit 9c90a1ca84 into main 2026-02-05 02:47:22 +00:00
egullickson deleted branch issue-86-promtail-loki-grafana 2026-02-05 02:47:23 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
status
backlog
status/blocked
status
done
status
in-progress
status
ready
status
review
type
bug
type
chore
type
docs
type
feature
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
egullickson
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: egullickson/motovaultpro#93
Delete Branch "issue-86-promtail-loki-grafana"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?