diff --git a/chart/README.org b/chart/README.org deleted file mode 100644 index fb27c93..0000000 --- a/chart/README.org +++ /dev/null @@ -1,198 +0,0 @@ -#+TITLE: Helm chart - -* Configuration - -| Parameter | Description | Default | -|-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------| -| disableAuth | Disables authentication completely, no registration, login will be shown | ~false~ | -| disableRegistration | Disables registration of new users, keep your admin credentials handy | ~false~ | -| adminUser.email | The default ("admin") user email | ~""~ | -| adminUser.name | Admin user's name | ~""~ | -| adminUser.password | The default ("admin") user password | ~""~ | -| database.enabled | Set database URL in env | ~true~ | -| database.url | The database URL as dictated [[https://hexdocs.pm/ecto/Ecto.Repo.html#module-urls][here]] | ~postgres://postgres:postgres@postgres/plausible?ssl=off~ | -| clickhouse.enabled | Set clickhouse URL in env | ~true~ | -| clickhouse.url | Connection string for Clickhouse in the same format | ~http://plausible-events-db:8123/plausible~ | -| smtp.enabled | Set SMTP configuration in env | ~true~ | -| smtp.mailer.emailAddress | The email id to use for as from address of all communications from Plausible | ~""~ | -| smtp.mailer.adapter | Instead of the default, replace this with Bamboo.PostmarkAdapter | ~""~ | -| smtp.host | The host address of your smtp server | ~""~ | -| smtp.port | The port of your smtp server | ~""~ | -| smtp.username | The username/email in case SMTP auth is enabled | ~""~ | -| smtp.password | The password in case SMTP auth is enabled | ~""~ | -| smtp.ssl.enabled | If SSL is enabled for SMTP connection | ~false~ | -| smtp.retries | Number of retries to make until mailer gives up | ~2~ | -| postmark.apiKey | Enter your API key | ~""~ | -| geoliteCountryDB | Path to your IP geolocation database in MaxMind's format | ~""~ | -| google.clientID | The Client ID from the Google API Console for your Plausible Analytics project | ~""~ | -| google.clientSecret | The Client Secret from the Google API Console for your Plausible Analytics project | ~""~ | -| twitter.consumer.key | The API key from the Twitter Developer Portal | ~""~ | -| twitter.consumer.secret | The API key secret from the Twitter Developer Portal | ~""~ | -| twitter.access.token | The access token you generated in the steps above | ~""~ | -| twitter.access.secret | The access token secret you generated in the steps above | ~""~ | -| labels | Extra labels to add to all managed resources | ~{}~ | -| extraEnv | Declare extra environment variables | ~[]~ | -| image.repository | The repo where the image lives | ~plausible/analytics~ | -| image.tag | Specifies a tag of from the image to use | ~""~ | -| image.pullPolicy | Pod container pull policy | ~IfNotPresent~ | -| imagePullSecrets | References for the registry secrets to pull the container images in the Pod with | ~[]~ | -| nameOverride | Expand the name of the chart | ~""~ | -| fullNameOverride | Create a FQDN for the app name | ~""~ | -| serviceAccount.create | Whether a serviceAccount should be created for the Pod to use | ~false~ | -| serviceAccount.name | A name to give the servce account | ~nil~ | -| podAnnotations | Annotations to assign Pods | ~{}~ | -| podSecurityContext | Set a security context for the Pod | ~{}~ | -| securityContext.readOnlyRootFilesystem | Mount container filesytem as read only | ~true~ | -| securityContext.runAsNonRoot | Don't allow the container in the Pod to run as root | ~true~ | -| securityContext.runAsUser | The user ID to run the container in the Pod as | ~1000~ | -| securityContext.runAsGroup | The group ID to run the container in the Pod as | ~1000~ | -| service.type | The service type to create | ~ClusterIP~ | -| service.port | The port to bind the app on and for the service to be set to | ~8000~ | -| ingress.enabled | Create an ingress manifests | ~false~ | -| ingress.realIPHeader | A header to forward, which contains the real client IP address | ~""~ | -| ingress.annotations | Set annotations for the ingress manifest | ~{}~ | -| ingress.hosts | The hosts which the ingress endpoint should be accessed from | | -| ingress.tls | References to TLS secrets | ~[]~ | -| resources | Limits and requests for the Pods | ~{}~ | -| autoscaling.enabled | Enable autoscaling for the deployment | ~false~ | -| autoscaling.minReplicas | The minimum amount of Pods to run | ~1~ | -| autoscaling.maxReplicas | The maximum amount of Pods to run | ~1~ | -| autoscaling.targetCPUUtilizationPercentage | The individual Pod CPU amount until autoscaling occurs | ~80~ | -| autoscaling.targetMemoryUtilizationPercentage | The individual Pod Memory amount until autoscaling occurs | | -| nodeSelector | Declare the node labels for Pod scheduling | ~{}~ | -| tolerations | Declare the toleration labels for Pod scheduling | ~[]~ | -| affinity | Declare the affinity settings for the Pod scheduling | ~{}~ | - - -* Installation - -#+begin_src shell :pwd ./ :results silent - helm install plausible -n plausible \ - --debug \ - --set adminUser.email=myemail@example.com \ - --set adminUser.name="Test User" \ - --set adminUser.password="password" \ - --set database.url="postgres://plausible:plausible@postgres/plausible?ssl=false" \ - --set clickhouse.url="http://plausible-events-db:8123/plausible" \ - --set disableRegistration=true \ - --set disableAuth=true \ - --set image.tag=dev \ - plausible-analytics -#+end_src - -#+begin_src shell :pwd ./ - kubectl -n plausible get pods,svc -#+end_src - -#+begin_src shell :pwd ./ :results silent - helm uninstall plausible -n plausible -#+end_src - -#+BEGIN_SRC yaml :tangle /tmp/postgres-operator.yaml -apiVersion: helm.fluxcd.io/v1 -kind: HelmRelease -metadata: - name: postgres-operator - namespace: postgres-operator -spec: - releaseName: postgres-operator - chart: - git: https://github.com/zalando/postgres-operator.git - ref: v1.6.1 - path: charts/postgres-operator - values: - configKubernetes: - enable_pod_antiaffinity: "true" -#+END_SRC - -#+BEGIN_SRC tmate :window plausible-setup -kubectl create ns postgres-operator -kubectl apply -f /tmp/postgres-operator.yaml -#+END_SRC - -#+BEGIN_SRC yaml :tangle /tmp/postgresql.yaml -apiVersion: "acid.zalan.do/v1" -kind: postgresql -metadata: - name: plausible-db - namespace: plausible -spec: - enableConnectionPooler: true - connectionPooler: - mode: session - resources: - requests: - cpu: 250m - memory: 100Mi - limits: - cpu: "1" - memory: 100Mi - teamId: "plausible" - volume: - size: 3Gi - numberOfInstances: 3 - users: - plausible: # database owner - - superuser - - createdb - databases: - plausible: plausible # dbname: owner - postgresql: - version: "12" -#+END_SRC - -#+BEGIN_SRC tmate :window plausible-setup -kubectl -n plausible create secret generic plausible.plausible-db.credentials.postgresql.acid.zalan.do --from-literal=password=plausible --from-literal=username=plausible --dry-run=client -o yaml | kubectl apply -f - -kubectl apply -f /tmp/postgresql.yaml -#+END_SRC - -* Deploying with Helm-Operator -#+BEGIN_SRC yaml :tangle /tmp/plausible.yaml -apiVersion: helm.fluxcd.io/v1 -kind: HelmRelease -metadata: - name: plausible - namespace: plausible -spec: - chart: - git: https://github.com/BobyMCbobs/plausible-hosting - path: chart/plausible-analytics - ref: fffcb3e87395d42e73ccd6034d8008ba68c216b2 - releaseName: plausible - values: - replicaCount: 3 - adminUser: - name: "My Name Here" - email: "my-email@address.here" - password: "a-secure-password-here" - database: - url: "postgres://plausible:plausible@plausible-db-pooler.plausible/plausible?ssl=true" - clickhouse: - url: "http://plausible-events-db:8123/plausible" - secretKeyBase: "hello-this-is-plausible-analytics-this-value-must-be-at-least-64-bytes-long" - extraVolumes: - - name: tmptmp - emptyDir: {} - extraVolumeMounts: - - name: tmptmp - mountPath: /tmp/tmp - ingress: - enabled: true - hosts: - - host: plausible.bobymcbobs-weekend.pair.sharing.io - paths: - - / - realIPHeader: X-Real-Ip - tls: - - hosts: - - plausible.bobymcbobs-weekend.pair.sharing.io - secretName: letsencrypt-prod -#+END_SRC - -#+BEGIN_SRC tmate :window plausible-setup -kubectl apply -f /tmp/plausible.yaml -#+END_SRC - -#+BEGIN_SRC tmate :window plausible-setup -kubectl psql -n plausible plausible-db plausible psql -c "UPDATE users SET email_verified = true;" -#+END_SRC diff --git a/k8s-manifests/README.org b/k8s-manifests/README.org deleted file mode 100644 index 712f51a..0000000 --- a/k8s-manifests/README.org +++ /dev/null @@ -1,78 +0,0 @@ -#+TITLE: Setup Plausible - -* Prelimiary requirements - -** Notes -- Postgres manifests are also included, in case you don't want to deploy a highly available Postgres database locally (~DATABASE_URL~ will need to be updated also) - -* Setup - -#+NAME: create namespace -#+begin_src tmate :window plausible-setup -kubectl create ns plausible -#+end_src - -#+NAME: label the namespace -#+BEGIN_SRC tmate :window plausible-setup -kubectl label ns plausible cert-manager-tls=sync --overwrite -#+END_SRC - -#+NAME: create the database secrets -#+begin_src tmate :window plausible-setup -kubectl -n plausible create secret generic postgres-configuration \ - --from-literal=POSTGRES_DB=plausible \ - --from-literal=POSTGRES_USER=plausible \ - --from-literal=POSTGRES_PASSWORD=plausible \ - --from-literal=PGUSER=plausible \ - --from-literal=PGPASSWORD=plausible \ - --from-literal=PGDATABASE=plausible \ - --dry-run=client \ - -o yaml | kubectl apply -f - -#+end_src - -#+NAME: install Postgres -#+begin_src tmate :window plausible-setup -kubectl -n plausible apply -f postgres.yaml -#+end_src - -#+NAME: create secrets -#+begin_src tmate :window plausible-setup -kubectl -n plausible create secret generic plausible \ - --from-literal=ADMIN_USER_EMAIL="$GIT_AUTHOR_EMAIL" \ - --from-literal=ADMIN_USER_NAME="$GIT_AUTHOR_NAME" \ - --from-literal=ADMIN_USER_PWD="password" \ - --from-literal=SECRET_KEY_BASE="$(openssl rand -base64 64)" \ - --from-literal=DATABASE_URL="postgres://plausible:plausible@postgres/plausible?ssl=false" \ - --from-literal=CLICKHOUSE_DATABASE_URL=http://plausible-events-db:8123/plausible \ - --dry-run=client \ - -o yaml | kubectl apply -f - -#+end_src - -#+NAME: create configuration -#+begin_src tmate :window plausible-setup -kubectl -n plausible create configmap plausible \ - --from-literal=BASE_URL=https://plausible.$SHARINGIO_PAIR_BASE_DNS_NAME \ - --dry-run=client \ - -o yaml | kubectl apply -f - -#+end_src - -#+NAME: install Plausible -#+begin_src tmate :window plausible-setup -kubectl -n plausible apply \ - -f event-data-persistentvolumeclaim.yaml \ - -f mail-deployment.yaml \ - -f mail-service.yaml \ - -f plausible-deployment.yaml \ - -f plausible-service.yaml \ - -f plausible-ingress.yaml \ - -f plausible-events-db-deployment.yaml \ - -f plausible-events-db-service.yaml -#+end_src - -#+BEGIN_SRC tmate :window plausible-setup -kubectl -n plausible exec -it statefulset/postgres -- psql -c "UPDATE users SET email_verified = true;" -#+END_SRC - -* Notes and references -- https://docs.plausible.io/self-hosting-configuration/ -- https://github.com/plausible/hosting/blob/c5146231aa0bf8d7a0da11370845e11a4973373e/docker-compose.yml diff --git a/k8s-manifests/event-data-persistentvolumeclaim.yaml b/k8s-manifests/event-data-persistentvolumeclaim.yaml deleted file mode 100644 index 6154772..0000000 --- a/k8s-manifests/event-data-persistentvolumeclaim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app: event-data - name: event-data -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi diff --git a/k8s-manifests/mail-deployment.yaml b/k8s-manifests/mail-deployment.yaml deleted file mode 100644 index 3ad215e..0000000 --- a/k8s-manifests/mail-deployment.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: mail - name: mail -spec: - replicas: 1 - selector: - matchLabels: - app: mail - strategy: {} - template: - metadata: - labels: - app: mail - spec: - containers: - - image: bytemark/smtp - imagePullPolicy: IfNotPresent - name: mail - resources: {} - ports: - - name: mail - containerPort: 25 - restartPolicy: Always diff --git a/k8s-manifests/mail-service.yaml b/k8s-manifests/mail-service.yaml deleted file mode 100644 index c957e46..0000000 --- a/k8s-manifests/mail-service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: mail - name: mail -spec: - ports: - - name: http - port: 25 - targetPort: 25 - selector: - app: mail diff --git a/k8s-manifests/plausible-deployment.yaml b/k8s-manifests/plausible-deployment.yaml deleted file mode 100644 index 089cdae..0000000 --- a/k8s-manifests/plausible-deployment.yaml +++ /dev/null @@ -1,124 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: plausible -spec: - replicas: 1 - selector: - matchLabels: - app: plausible - template: - metadata: - labels: - app: plausible - spec: - containers: - - name: plausible - image: plausible/analytics:v1.3.0 - imagePullPolicy: Always - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - command: - - /app/bin/plausible - - start - env: - - name: ADMIN_USER_EMAIL - valueFrom: - secretKeyRef: - key: ADMIN_USER_EMAIL - name: plausible - - name: ADMIN_USER_NAME - valueFrom: - secretKeyRef: - key: ADMIN_USER_NAME - name: plausible - - name: ADMIN_USER_PWD - valueFrom: - secretKeyRef: - key: ADMIN_USER_PWD - name: plausible - - name: DATABASE_URL - valueFrom: - secretKeyRef: - key: DATABASE_URL - name: plausible - - name: SECRET_KEY_BASE - valueFrom: - secretKeyRef: - key: SECRET_KEY_BASE - name: plausible - - name: CLICKHOUSE_DATABASE_URL - valueFrom: - secretKeyRef: - key: CLICKHOUSE_DATABASE_URL - name: plausible - - name: BASE_URL - valueFrom: - configMapKeyRef: - key: BASE_URL - name: plausible - volumeMounts: - - name: app-tmp - mountPath: /app/tmp - ports: - - name: http - containerPort: 8000 - resources: {} - initContainers: - - name: plausible-init - image: plausible/analytics:v1.3.0 - imagePullPolicy: Always - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - command: - - sh - - -c - - /app/createdb.sh && /app/migrate.sh && /app/init-admin.sh - env: - - name: ADMIN_USER_EMAIL - valueFrom: - secretKeyRef: - key: ADMIN_USER_EMAIL - name: plausible - - name: ADMIN_USER_NAME - valueFrom: - secretKeyRef: - key: ADMIN_USER_NAME - name: plausible - - name: ADMIN_USER_PWD - valueFrom: - secretKeyRef: - key: ADMIN_USER_PWD - name: plausible - - name: SECRET_KEY_BASE - valueFrom: - secretKeyRef: - key: SECRET_KEY_BASE - name: plausible - - name: DATABASE_URL - valueFrom: - secretKeyRef: - key: DATABASE_URL - name: plausible - - name: CLICKHOUSE_DATABASE_URL - valueFrom: - secretKeyRef: - key: CLICKHOUSE_DATABASE_URL - name: plausible - - name: BASE_URL - valueFrom: - configMapKeyRef: - key: BASE_URL - name: plausible - volumeMounts: - - name: app-tmp - mountPath: /app/tmp - volumes: - - name: app-tmp - emptyDir: {} diff --git a/k8s-manifests/plausible-events-db-deployment.yaml b/k8s-manifests/plausible-events-db-deployment.yaml deleted file mode 100644 index e9f2d7e..0000000 --- a/k8s-manifests/plausible-events-db-deployment.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: plausible-events-db -spec: - replicas: 1 - selector: - matchLabels: - app: plausible-events-db - strategy: - type: Recreate - template: - metadata: - labels: - app: plausible-events-db - spec: - containers: - - image: yandex/clickhouse-server:latest - imagePullPolicy: IfNotPresent - name: plausible-events-db - ports: - - containerPort: 8123 - resources: {} - volumeMounts: - - mountPath: /var/lib/clickhouse - name: event-data - restartPolicy: Always - volumes: - - name: event-data - persistentVolumeClaim: - claimName: event-data diff --git a/k8s-manifests/plausible-events-db-service.yaml b/k8s-manifests/plausible-events-db-service.yaml deleted file mode 100644 index b64cf70..0000000 --- a/k8s-manifests/plausible-events-db-service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: plausible-events-db - name: plausible-events-db -spec: - ports: - - name: "8123" - port: 8123 - targetPort: 8123 - selector: - app: plausible-events-db diff --git a/k8s-manifests/plausible-ingress.yaml b/k8s-manifests/plausible-ingress.yaml deleted file mode 100644 index fb188f1..0000000 --- a/k8s-manifests/plausible-ingress.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: plausible -spec: - rules: - - host: plausible.bobymcbobs-weekend.pair.sharing.io - http: - paths: - - backend: - service: - name: plausible - port: - number: 8000 - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - plausible.bobymcbobs-weekend.pair.sharing.io - secretName: letsencrypt-prod diff --git a/k8s-manifests/plausible-service.yaml b/k8s-manifests/plausible-service.yaml deleted file mode 100644 index b03417f..0000000 --- a/k8s-manifests/plausible-service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: plausible - name: plausible -spec: - ports: - - name: http - port: 8000 - targetPort: 8000 - selector: - app: plausible diff --git a/k8s-manifests/postgres.yaml b/k8s-manifests/postgres.yaml deleted file mode 100644 index 9b007db..0000000 --- a/k8s-manifests/postgres.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: postgres -spec: - type: ClusterIP - ports: - - port: 5432 - targetPort: 5432 - protocol: TCP - name: postgres - selector: - app: postgres ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: postgres -spec: - replicas: 1 - serviceName: "postgres" - selector: - matchLabels: - app: postgres - template: - metadata: - labels: - app: postgres - spec: - securityContext: - fsGroup: 70 - containers: - - name: snoopdb - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 70 - runAsUser: 70 - image: postgres:12 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 5432 - env: - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: postgres-configuration - key: POSTGRES_DB - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: postgres-configuration - key: POSTGRES_USER - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: postgres-configuration - key: POSTGRES_PASSWORD - - name: PGDATABASE - valueFrom: - secretKeyRef: - name: postgres-configuration - key: PGDATABASE - - name: PGUSER - valueFrom: - secretKeyRef: - name: postgres-configuration - key: POSTGRES_USER - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: postgres-configuration - key: POSTGRES_PASSWORD - - name: PGDATA - value: /var/lib/postgresql/data/pgdata - livenessProbe: - exec: - command: - - "sh" - - "-c" - - "pg_isready" - - "-U" - - "$POSTGRES_USER" - failureThreshold: 5 - periodSeconds: 10 - timeoutSeconds: 5 - resources: - {} - volumeMounts: - - name: tmp - mountPath: /tmp - - name: var-lib-postgresql - mountPath: /var/lib/postgresql - - name: var-run-postgresql - mountPath: /var/run/postgresql - volumes: - - name: tmp - emptyDir: {} - - name: var-lib-postgresql - emptyDir: {} - - name: var-run-postgresql - emptyDir: {} diff --git a/k8s-manifests/postgresql.yaml b/k8s-manifests/postgresql.yaml deleted file mode 100644 index 7b949db..0000000 --- a/k8s-manifests/postgresql.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: "acid.zalan.do/v1" -kind: postgresql -metadata: - name: plausible-db -spec: - enableConnectionPooler: true - connectionPooler: - mode: session - resources: - requests: - cpu: 250m - memory: 100Mi - limits: - cpu: "1" - memory: 100Mi - teamId: "plausible" - volume: - size: 1Gi - numberOfInstances: 1 - users: - plausible: # database owner - - superuser - - createdb - databases: - plausible: plausible # dbname: owner - postgresql: - version: "12" - resources: - requests: - cpu: "100m" - memory: "1024Mi" - limits: - cpu: "1" - memory: "1024Mi"