11notes/prometheus Docker 镜像 - 轩辕镜像 | Docker 镜像高效稳定拉取服务
11notes/prometheus11notes
run prometheus rootless and distroless
下载次数: 0状态:社区镜像维护者:11notes仓库类型:镜像最近更新:1 天前
!banner
PROMETHEUS
!size!5px!pulls!5px[]([***]
run prometheus rootless and distroless
INTRODUCTION 📢
Prometheus, a Cloud Native Computing Foundation project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts when specified conditions are observed.
!GRAPH
SYNOPSIS 📖
What can I do with this? This image will run Prometheus rootless and distroless, for maximum security and performance. You can either provide your own config file or configure Prometheus directly inline in your compose. If you run the compose example, you can open the following URL to see the statistics of your DNS benchmark just like in the screenshot.
UNIQUE VALUE PROPOSITION 💶
Why should I run this image and not the other image(s) that already exist? Good question! Because ...
- ... this image runs rootless as 1000:1000
- ... this image has no shell since it is distroless
- ... this image is auto updated to the latest version via CI/CD
- ... this image has a health check
- ... this image runs read-only
- ... this image is automatically scanned for CVEs before and after publishing
- ... this image is created via a secure and pinned CI/CD process
- ... this image is very small
- ... this image supports inline configs
If you value security, simplicity and optimizations to the extreme, then this image might be for you.
COMPARISON 🏁
Below you find a comparison between this image and the most used or original one.
| image | size on disk | init default as | distroless | supported architectures |
|---|---|---|---|---|
| 11notes/prometheus | 66MB | 1000:1000 | ✅ | amd64, arm64, armv7 |
| prom/prometheus | 390MB | 65534:65534 | ❌ | amd64, arm64, armv7, ppc64le, riscv64, s390x |
DEFAULT CONFIG 📑
yamlglobal: scrape_interval: 10s scrape_configs: - job_name: "prometheus" static_configs: - targets: ["localhost:3000"]
VOLUMES 📁
- /prometheus/etc - Directory of your config
- /prometheus/var - Directory of all dynamic data and database
COMPOSE ✂️
yamlname: "monitoring" x-lockdown: &lockdown # prevents write access to the image itself read_only: true # prevents any process within the container to gain more privileges security_opt: - "no-new-privileges=true" services: prometheus: depends_on: adguard: condition: "service_healthy" restart: true image: "11notes/prometheus:3.10.0" <<: *lockdown environment: TZ: "Europe/Zurich" PROMETHEUS_CONFIG: |- global: scrape_interval: 1s scrape_configs: - job_name: "dnspyre" static_configs: - targets: ["dnspyre:3000"] volumes: - "prometheus.etc:/prometheus/etc" - "prometheus.var:/prometheus/var" ports: - "3000:9090/tcp" networks: frontend: restart: "always" dnspyre: # for more information about this image checkout: # [***] # # this image will execute 100k (10 x ***) queries # against adguard to fill your Prometheus with some data depends_on: prometheus: condition: "service_healthy" restart: true image: "***:dnspyre" <<: *lockdown command: "--server adguard -c 10 -n 3 -t A --prometheus ':3000' [***]" environment: TZ: "Europe/Zurich" networks: frontend: adguard: # for more information about this image checkout: # [***] image: "11notes/adguard:0.107.64" <<: *lockdown environment: TZ: "Europe/Zurich" volumes: - "adguard.etc:/adguard/etc" - "adguard.var:/adguard/var" tmpfs: - "/adguard/run:uid=1000,gid=1000" ports: - "53:53/udp" - "53:53/tcp" - "3010:3000/tcp" networks: frontend: sysctls: net.ipv4.ip_unprivileged_port_start: 53 restart: "always" volumes: prometheus.etc: prometheus.var: adguard.etc: adguard.var: networks: frontend:
To find out how you can change the default UID/GID of this container image, consult the RTFM.
DEFAULT SETTINGS 🗃️
| Parameter | Value | Description |
|---|---|---|
user | docker | user name |
uid | 1000 | user identifier |
gid | 1000 | group identifier |
home | /prometheus | home directory of user docker |
ENVIRONMENT 📝
| Parameter | Value | Default |
|---|---|---|
TZ | Time Zone | |
DEBUG | Will activate debug option for container image and app (if available) | |
PROMETHEUS_CONFIG (optional) | Will overwrite the default config with the value of this variable if set (inline config) |
MAIN TAGS 🏷️
These are the main tags for the image. There is also a tag for each commit and its shorthand sha256 value.
- 3.10.0
- 3.10.0-unraid
- 3.10.0-nobody
There is no latest tag, what am I supposed to do about updates?
It is my opinion that the :latest tag is a bad habbit and should not be used at all. Many developers introduce breaking changes in new releases. This would messed up everything for people who use :latest. If you don’t want to change the tag to the latest semver, simply use the short versions of semver. Instead of using :3.10.0 you can use :3 or :3.10. Since on each new version these tags are updated to the latest version of the software, using them is identical to using :latest but at least fixed to a major or minor version. Which in theory should not introduce breaking changes.
If you still insist on having the bleeding edge release of this app, simply use the :rolling tag, but be warned! You will get the latest version of the app instantly, regardless of breaking changes or security issues or what so ever. You do this at your own risk!
REGISTRIES ☁️
docker pull 11notes/prometheus:3.10.0 docker pull ghcr.io/11notes/prometheus:3.10.0 docker pull quay.io/11notes/prometheus:3.10.0
UNRAID VERSION 🟠
This image supports unraid by default. Simply add -unraid to any tag and the image will run as 99:100 instead of 1000:1000.
NOBODY VERSION 👻
This image supports nobody by default. Simply add -nobody to any tag and the image will run as 65534:65534 instead of 1000:1000.
SOURCE 💾
- 11notes/prometheus
PARENT IMAGE 🏛️
This image is not based on another image but uses scratch as the starting layer. The image consists of the following distroless layers that were added:
- *** - contains users, timezones and Root CA certificates, nothing else
- ***:curl - app to execute HTTP requests
BUILT WITH 🧰
- prometheus
GENERAL TIPS 📌
- Use a reverse proxy like Traefik, Nginx, HAproxy to terminate TLS and to protect your endpoints
- Use Let’s Encrypt DNS-01 challenge to obtain valid SSL certificates for your services
ElevenNotes™️
This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the releases for breaking changes. If you have any problems with using this image simply raise an issue, thanks. If you have a question or inputs please create a new discussion instead of an issue. You can find all my other repositories on github.
created 11.03.2026, 21:10:44 (CET)
11notes/socket-proxy
11notes
安全访问Docker socket的代理镜像,提供只读权限、非root用户(1000:1000)运行及无发行版(distroless)特性,增强容器环境安全性。
1万+ 次下载
23 天前更新
11notes/unifi
11notes
包含MongoDB的Unifi控制器镜像,无需单独数据库;默认以非root用户(1000:1000)运行,具备安全的CI/CD流程、应用级健康检查及自动更新功能,确保安全与稳定。
19 次收藏1万+ 次下载
17 天前更新
11notes/traefik
11notes
默认以无根、无发行版方式安全运行Traefik,这是一款现代HTTP反向代理和负载均衡器,便于部署微服务。
1万+ 次下载
17 天前更新
11notes/util
11notes
Docker镜像的Eleven工具库,提供一组简单实用的工具集,用于管理容器内的应用程序。
1万+ 次下载
17 天前更新
11notes/python
11notes
为容器镜像提供最佳实践默认设置的Python环境
1万+ 次下载
1 个月前更新
11notes/nginx
11notes
轻量级、无发行版的Nginx镜像,可用于反向代理后端或作为完整版本的代理服务器,具备高性能、安全性优化及精简特性。
1万+ 次下载
1 个月前更新
镜像拉取常见问题
使用与功能问题
错误码与失败问题
manifest unknown 错误:镜像不存在或标签错误
manifest unknown 错误
TLS/SSL 证书验证失败:Docker pull 时 HTTPS 证书错误
TLS 证书验证失败
DNS 解析超时:无法解析镜像仓库地址或连接超时
DNS 解析超时
410 Gone 错误:Docker 版本过低导致协议不兼容
410 错误:版本过低
402 Payment Required 错误:流量耗尽错误提示
402 错误:流量耗尽
401 UNAUTHORIZED 错误:身份认证失败或登录信息错误
身份认证失败错误
429 Too Many Requests 错误:请求频率超出专业版限制
429 限流错误
Docker login 凭证保存错误:Cannot autolaunch D-Bus(不影响登录)
凭证保存错误
账号 / 计费 / 权限
用户好评
来自真实用户的反馈,见证轩辕镜像的优质服务
oldzhang
运维工程师
Linux服务器
5
"Docker访问体验非常流畅,大镜像也能快速完成下载。"