ansible-collection-prometheus/roles/cadvisor/templates/cadvisor.service.j2

{{ ansible_managed | comment }}

[Unit]
Description=cAdvisor cgroup/container metrics server
After=network-online.target

[Service]
Type=simple
User={{ cadvisor_system_user }}
Group={{ cadvisor_system_group }}
ExecStart={{ cadvisor_binary_install_dir }}/cadvisor \
{% if cadvisor_disable_metrics | length > 0 %}
    '--disable_metrics={{ cadvisor_disable_metrics | join(',') }}' \
{% endif -%}
{% if cadvisor_enable_metrics | length > 0 %}
    '--enable_metrics={{ cadvisor_enable_metrics | join(',') }}' \
{% endif -%}
{% if cadvisor_docker_only %}
    '--docker_only={{ cadvisor_docker_only | lower }}' \
{% endif -%}
{% if cadvisor_whitelisted_container_labels | length > 0 %}
    '--whitelisted_container_labels={{ cadvisor_whitelisted_container_labels | join(',') }}' \
{% endif -%}
{% if cadvisor_env_metadata_whitelist | length > 0 %}
    '--env_metadata_whitelist={{ cadvisor_env_metadata_whitelist | join(',') }}' \
{% endif %}
    '--store_container_labels={{ cadvisor_store_container_labels | lower }}' \
    '--listen_ip={{ cadvisor_listen_ip }}' \
    '--port={{ cadvisor_port }}' \
    '--prometheus_endpoint={{ cadvisor_prometheus_endpoint }}'

SyslogIdentifier=cadvisor
Restart=always
RestartSec=1
StartLimitInterval=0

ProtectHome=yes
NoNewPrivileges=yes

{% if (ansible_facts.packages.systemd | first).version is version('232', '>=') %}
ProtectSystem=strict
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=yes
{% else %}
ProtectSystem=full
{% endif %}

[Install]
WantedBy=multi-user.target