commit 05c4bc5400c751a027f1711abb43426557ff214e
Author: Supan Adit Pratama <email@supanadit.com>
Date:   Thu Jun 19 13:13:22 2025 +0700

    feat: prepare minio and traefik

diff --git a/docker/grafana/compose.yaml b/docker/grafana/compose.yaml
new file mode 100644
index 0000000..1c70d09
--- /dev/null
+++ b/docker/grafana/compose.yaml
@@ -0,0 +1,213 @@
+services:
+  grafana:
+    image: grafana/grafana:latest
+    restart: unless-stopped
+    volumes:
+      - ./data/grafana:/var/lib/grafana
+    environment:
+      - GF_SECURITY_ADMIN_PASSWORD=ZTWTWXeZhFs4wg6vMr7M
+      - GF_USERS_ALLOW_SIGN_UP=false
+      - GF_SERVER_DOMAIN=old.grafana.eigen.co.id
+      - GF_SERVER_ROOT_URL=https://old.grafana.eigen.co.id
+      - GF_INSTALL_PLUGINS=grafana-pyroscope-app
+      - GF_FEATURE_TOGGLES_ENABLE=traceToProfiles tracesEmbeddedFlameGraph
+      - GF_SMTP_ENABLED=false
+    ports:
+      - "3000:3000"
+
+  pyroscope:
+    image: grafana/pyroscope:latest
+    environment:
+      JAEGER_AGENT_HOST: distributor
+      JAEGER_SAMPLER_TYPE: const
+      JAEGER_SAMPLER_PARAM: 1
+    command: ["-config.file=/etc/pyroscope.yml"]
+    ports:
+      - "4040:4040"
+    volumes:
+      - ./config/pyroscope.yml:/etc/pyroscope.yml
+  
+  memcached:
+    image: bitnami/memcached:latest
+    container_name: memcached
+    ports:
+      - "11211:11211"
+    environment:
+      - MEMCACHED_CACHE_SIZE=128
+      - MEMCACHED_THREADS=4
+
+  init-tempo:
+    image: &tempoImage grafana/tempo:latest
+    user: root
+    entrypoint:
+      - "chown"
+      - "10001:10001"
+      - "/var/tempo"
+    volumes:
+      - ./data/tempo:/var/tempo
+
+  tempo:
+    image: *tempoImage
+    command: [ "-config.file=/etc/tempo.yaml" ]
+    volumes:
+      - ./config/tempo-standalone.yaml:/etc/tempo.yaml
+      - ./data/tempo:/var/tempo
+    ports:
+      - "14268:14268"  # jaeger ingest
+      - "3200:3200"   # tempo
+      - "9095:9095" # tempo grpc
+      - "9411:9411"   # zipkin
+    depends_on:
+      - init-tempo
+      - memcached
+
+  alloy:
+    image: grafana/alloy:latest
+    restart: on-failure
+    volumes:
+      - ./config/config.alloy:/etc/alloy/config.alloy
+    environment:
+      REMOTE_WRITE_HOST: 172.10.10.6:30291
+      LOKI_HOST: 172.10.10.6:30501
+      TEMPO_HOST: 172.10.10.6:30641
+      PYROSCOPE_HOST: pyroscope:4040
+    depends_on:
+    #  - thanos-receiver
+    #  - loki
+    #  - tempo
+      - pyroscope
+    command:
+      - run
+      - /etc/alloy/config.alloy
+      - --storage.path=/var/lib/alloy/data
+      - --server.http.listen-addr=0.0.0.0:12345
+      - --stability.level=experimental
+    ports:
+      - "12345:12345"
+      - "4319:4319"
+      - "4017:4017"
+      - "4018:4018"
+
+  loki:
+    image: grafana/loki:3.0.0
+    container_name: loki
+    volumes:
+      - ./config/loki:/mnt/config
+    ports:
+      - "3100:3100"
+    command: -config.file=/mnt/config/loki-config.yaml
+
+  promtail:
+    image: grafana/promtail:3.0.0
+    container_name: promtail
+    volumes:
+      - ./config/loki:/mnt/config
+      - /var/log:/var/log
+    depends_on:
+      - loki
+    command: -config.file=/mnt/config/promtail-config.yaml
+
+  prometheus:
+    image: prom/prometheus:latest
+    restart: unless-stopped
+    user: root
+    volumes:
+      - ./config/prometheus.yml:/etc/prometheus/prometheus.yml
+      - ./data/prometheus:/prometheus
+      # Credentials
+      - ./credentials/kubernetes-eigen-core:/credentials/kubernetes-eigen-core
+      - ./credentials/kubernetes-eigen-internal:/credentials/kubernetes-eigen-internal
+      - ./credentials/kubernetes-eigen-external:/credentials/kubernetes-eigen-external
+      - ./credentials/kubernetes-pmps-local:/credentials/kubernetes-pmps-local
+      - ./credentials/kubernetes-ifgf-jakarta:/credentials/kubernetes-ifgf-jakarta
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.retention.time=60d'
+      - '--storage.tsdb.min-block-duration=2h'
+      - '--storage.tsdb.max-block-duration=2h'
+      - '--storage.tsdb.path=/prometheus'
+      - '--web.console.libraries=/etc/prometheus/console_libraries'
+      - '--web.console.templates=/etc/prometheus/consoles'
+      - '--web.enable-lifecycle'
+      - '--web.enable-admin-api'
+      - '--web.enable-remote-write-receiver'
+      - '--enable-feature=native-histograms'
+    ports:
+      - "9090:9090"
+    #depends_on:
+    #  - thanos-receiver
+
+  thanos-query:
+    image: thanosio/thanos:v0.36.1
+    user: root
+    command:
+      - query
+      - --http-address=:19192
+      - --grpc-address=:19092
+      - --endpoint=thanos-store:19090
+      - --endpoint=thanos-receiver:10907
+      #- --query.auto-downsampling
+      #- --query.max-concurrent-select=10
+      #- --query.max-concurrent=50
+      #- --query.timeout=1440m
+      #- --query.partial-response
+
+  thanos-store:
+    image: thanosio/thanos:v0.36.1
+    user: root
+    command:
+      - store
+      - --data-dir=/data
+      - --objstore.config-file=/etc/thanos/bucket.yaml
+      - --http-address=:19191
+      - --grpc-address=:19090
+    volumes:
+      - ./data/thanos/store:/data
+      - ./config/bucket.yaml:/etc/thanos/bucket.yaml
+
+  thanos-compactor:
+    image: thanosio/thanos:v0.36.1
+    user: root
+    command:
+      - compact
+      - --data-dir=/data
+      - --objstore.config-file=/etc/thanos/bucket.yaml
+      - --wait
+      - --wait-interval=5m
+    volumes:
+      - ./data/thanos/compactor:/data
+      - ./config/bucket.yaml:/etc/thanos/bucket.yaml
+
+  thanos-receiver:
+    image: thanosio/thanos:v0.36.1
+    user: root
+    command:
+      - receive
+      - --grpc-address=:10907
+      - --http-address=:10909
+      - --tsdb.path=/data
+      - --receive.local-endpoint=127.0.0.1:10907
+      - --objstore.config-file=/etc/thanos/bucket.yaml
+      - --label=receive_instance_id="thanos-receiver-1"
+      - --remote-write.address=:10908
+    ports:
+      - "10908:10908"
+    volumes:
+      - ./data/thanos/receiver:/data/default-tenant
+      - ./config/bucket.yaml:/etc/thanos/bucket.yaml
+
+  cadvisor:
+    image: "gcr.io/cadvisor/cadvisor:v0.49.1"
+    container_name: cadvisor
+    privileged: true
+    devices:
+      - "/dev/kmsg:/dev/kmsg"
+    volumes:
+      - "/:/rootfs:ro"
+      - "/var/run:/var/run:ro"
+      - "/sys:/sys:ro"
+      - "/var/lib/docker/:/var/lib/docker:ro"
+      - "/dev/disk/:/dev/disk:ro"
+    ports:
+      - "9070:8080"
+    restart: always
\ No newline at end of file
diff --git a/docker/minio/compose.yaml b/docker/minio/compose.yaml
new file mode 100644
index 0000000..8011f4d
--- /dev/null
+++ b/docker/minio/compose.yaml
@@ -0,0 +1,35 @@
+networks:
+  default:
+    name: eigen-monitoring
+    external: true
+
+services:
+  minio:
+    image: quay.io/minio/minio:RELEASE.2024-09-13T20-26-02Z
+    container_name: minio
+    restart: always
+    command: server /data --console-address ":9001"
+    labels:
+      - "traefik.enable=true"
+      # Console
+      - "traefik.http.services.minio-console.loadbalancer.server.port=9001"
+      - "traefik.http.routers.minio-console.rule=Host(`console.eigen.research`)"
+      - "traefik.http.routers.minio-console.tls=true"
+      - "traefik.http.routers.minio-console.service=minio-console"
+      - "traefik.http.routers.minio-console.entryPoints=web,websecure"
+      # API
+      - "traefik.http.services.minio-api.loadbalancer.server.port=9000"
+      - "traefik.http.routers.minio-api.rule=Host(`minio.eigen.research`)"
+      - "traefik.http.routers.minio-api.tls=true"
+      - "traefik.http.routers.minio-api.service=minio-api"
+      - "traefik.http.routers.minio-api.entryPoints=web,websecure"
+    volumes:
+      - "./.data:/data"
+    environment:
+      MINIO_ROOT_USER: eigen
+      MINIO_ROOT_PASSWORD: Eigen3m!
+      MINIO_SERVER_URL: http://minio:9000
+      MINIO_BROWSER_REDIRECT_URL: http://console.eigen.research
+      MINIO_SITE_REGION: ap-indonesia-1
+      MINIO_SITE_NAME: instance-1
+      MINIO_PROMETHEUS_AUTH_TYPE: public
diff --git a/docker/traefik/compose.yaml b/docker/traefik/compose.yaml
new file mode 100644
index 0000000..fe2f814
--- /dev/null
+++ b/docker/traefik/compose.yaml
@@ -0,0 +1,16 @@
+networks:
+  default:
+    name: eigen-monitoring
+    external: true
+
+services:
+  traefik:
+    image: "traefik:v3"
+    container_name: traefik
+    restart: "always"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./config:/etc/traefik
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
\ No newline at end of file
diff --git a/docker/traefik/config/dynamic.toml b/docker/traefik/config/dynamic.toml
new file mode 100644
index 0000000..ac1a7f8
--- /dev/null
+++ b/docker/traefik/config/dynamic.toml
@@ -0,0 +1,5 @@
+[http.routers]
+  [http.routers.api]
+    rule = "Host(`traefik.eigen.research`)"
+    entrypoints = ["web"]
+    service = "api@internal"
\ No newline at end of file
diff --git a/docker/traefik/config/traefik.toml b/docker/traefik/config/traefik.toml
new file mode 100644
index 0000000..63db134
--- /dev/null
+++ b/docker/traefik/config/traefik.toml
@@ -0,0 +1,24 @@
+[providers.docker]
+  watch = true
+  exposedByDefault = false
+
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+    [entryPoints.web.forwardedHeaders]
+      insecure = true
+
+  [entryPoints.websecure]
+    address = ":443"
+
+[api]
+  dashboard = true
+  insecure = true
+
+[providers.file]
+  directory = "/etc/traefik"
+  filename = "dynamic.toml"
+  watch = true
+
+[serversTransport]
+  insecureSkipVerify = true
\ No newline at end of file