added plausible init container, security context's & events-db configuration into configmap

This commit is contained in:
Oscar Beaumont 2021-07-19 15:28:44 +08:00
parent aa9f96cd12
commit 46f050f54c
4 changed files with 105 additions and 5 deletions

View File

@ -34,5 +34,5 @@ When you first log in with your admin credentials, you will be prompted to enter
Otherwise, run this command to verify all users in the database: Otherwise, run this command to verify all users in the database:
```bash ```bash
kubectl -n plausible exec deploy/plausible-db -- /bin/bash -c 'psql -U $POSTGRES_USER -d $POSTGRES_DB -c "UPDATE users SET email_verified = true;"' kubectl -n plausible exec statefulset/plausible-db -- /bin/bash -c 'psql -U $POSTGRES_USER -d $POSTGRES_DB -c "UPDATE users SET email_verified = true;"'
``` ```

View File

@ -42,6 +42,11 @@ spec:
app.kubernetes.io/part-of: plausible app.kubernetes.io/part-of: plausible
spec: spec:
restartPolicy: Always restartPolicy: Always
# see https://github.com/docker-library/postgres/blob/6bbf1c7b308d1c4288251d73c37f6caf75f8a3d4/14/buster/Dockerfile
securityContext:
runAsUser: 999
runAsGroup: 999
fsGroup: 999
containers: containers:
- name: plausible-db - name: plausible-db
image: postgres:latest image: postgres:latest

View File

@ -18,6 +18,36 @@ spec:
app.kubernetes.io/component: database app.kubernetes.io/component: database
app.kubernetes.io/part-of: plausible app.kubernetes.io/part-of: plausible
--- ---
apiVersion: v1
kind: ConfigMap
metadata:
name: plausible-events-db-config
data:
clickhouse-config.xml: |
<yandex>
<logger>
<level>warning</level>
<console>true</console>
</logger>
<!-- Stop all the unnecessary logging -->
<query_thread_log remove="remove"/>
<query_log remove="remove"/>
<text_log remove="remove"/>
<trace_log remove="remove"/>
<metric_log remove="remove"/>
<asynchronous_metric_log remove="remove"/>
</yandex>
clickhouse-user-config.xml: |
<yandex>
<profiles>
<default>
<log_queries>0</log_queries>
<log_query_threads>0</log_query_threads>
</default>
</profiles>
</yandex>
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: StatefulSet kind: StatefulSet
metadata: metadata:
@ -42,6 +72,11 @@ spec:
app.kubernetes.io/part-of: plausible app.kubernetes.io/part-of: plausible
spec: spec:
restartPolicy: Always restartPolicy: Always
# see https://github.com/ClickHouse/ClickHouse/blob/master/docker/server/Dockerfile
securityContext:
runAsUser: 101
runAsGroup: 101
fsGroup: 101
containers: containers:
- name: plausible-events-db - name: plausible-events-db
image: yandex/clickhouse-server:latest image: yandex/clickhouse-server:latest
@ -51,6 +86,14 @@ spec:
volumeMounts: volumeMounts:
- name: data - name: data
mountPath: /var/lib/clickhouse mountPath: /var/lib/clickhouse
- name: config
mountPath: /etc/clickhouse-server/config.d/logging.xml
subPath: clickhouse-config.xml
readOnly: true
- name: config
mountPath: /etc/clickhouse-server/users.d/logging.xml"
subPath: clickhouse-user-config.xml
readOnly: true
env: env:
- name: CLICKHOUSE_DB - name: CLICKHOUSE_DB
value: plausible value: plausible
@ -87,6 +130,10 @@ spec:
initialDelaySeconds: 30 initialDelaySeconds: 30
failureThreshold: 3 failureThreshold: 3
periodSeconds: 10 periodSeconds: 10
volumes:
- name: config
configMap:
name: plausible-events-db-config
volumeClaimTemplates: volumeClaimTemplates:
- metadata: - metadata:
name: data name: data

View File

@ -36,14 +36,62 @@ spec:
app.kubernetes.io/component: server app.kubernetes.io/component: server
spec: spec:
restartPolicy: Always restartPolicy: Always
# see https://github.com/plausible/analytics/blob/master/Dockerfile
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
initContainers:
- name: plausible-init
image: plausible/analytics:latest
command:
- "/bin/sh"
- "-c"
args:
- sleep 30 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin
envFrom:
- configMapRef:
name: plausible-config
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: plausible-db-user
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: plausible-db-user
key: password
- name: CLICKHOUSE_USER
valueFrom:
secretKeyRef:
name: plausible-events-db-user
key: username
- name: CLICKHOUSE_PASSWORD
valueFrom:
secretKeyRef:
name: plausible-events-db-user
key: password
- name: DATABASE_URL
value: postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(PLAUSIBLE_DB_SERVICE_HOST):$(PLAUSIBLE_DB_SERVICE_PORT)/plausible
- name: CLICKHOUSE_DATABASE_URL
value: http://$(CLICKHOUSE_USER):$(CLICKHOUSE_PASSWORD)@$(PLAUSIBLE_EVENTS_DB_SERVICE_HOST):$(PLAUSIBLE_EVENTS_DB_SERVICE_PORT)/plausible
- name: SMTP_HOST_ADDR
value: $(PLAUSIBLE_SMTP_SERVICE_HOST)
securityContext:
allowPrivilegeEscalation: false
resources:
limits:
memory: 2Gi
cpu: 1500m
requests:
memory: 50Mi
cpu: 10m
containers: containers:
- name: plausible - name: plausible
image: plausible/analytics:latest image: plausible/analytics:latest
imagePullPolicy: Always imagePullPolicy: Always
args:
- /bin/sh
- -c
- sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run
ports: ports:
- containerPort: 8000 - containerPort: 8000
envFrom: envFrom: