From ee329a31385c05792617d969d7ca7fc82ae09706 Mon Sep 17 00:00:00 2001 From: Oscar Beaumont Date: Thu, 15 Jul 2021 17:36:49 +0800 Subject: [PATCH 1/6] added Kubernetes support --- kubernetes/README.md | 38 ++++++++++ kubernetes/plausible-db.yaml | 109 ++++++++++++++++++++++++++++ kubernetes/plausible-events-db.yaml | 103 ++++++++++++++++++++++++++ kubernetes/plausible-mail.yaml | 70 ++++++++++++++++++ kubernetes/plausible.yaml | 101 ++++++++++++++++++++++++++ 5 files changed, 421 insertions(+) create mode 100644 kubernetes/README.md create mode 100644 kubernetes/plausible-db.yaml create mode 100644 kubernetes/plausible-events-db.yaml create mode 100644 kubernetes/plausible-mail.yaml create mode 100644 kubernetes/plausible.yaml diff --git a/kubernetes/README.md b/kubernetes/README.md new file mode 100644 index 0000000..ffe7544 --- /dev/null +++ b/kubernetes/README.md @@ -0,0 +1,38 @@ +# Plausible Analytics in Kubernetes + +This guide is designed to extend the [normal self-hosting guide](https://plausible.io/docs/self-hosting), please refer to it before following this guide. + +## 1. Clone the hosting repo + +To deploy Plausible Analytics into Kubernetes first download the [plausible/hosting](https://github.com/plausible/hosting) repo. + +```bash +git clone https://github.com/plausible/hosting +cd hosting +``` + +## 2. Add required configuration + +Like the original self hosting guide configure your server in the `plausible-conf.env` file. + +## 3. Deploy the server + +Once you've entered your secret key base, base url and admin credentials, you're ready to deploy the server: + +```bash +kubectl create namespace plausible # Create a new namespace for all resources +kubectl -n plausible create configmap plausible-config --from-env-file=plausible-conf.env # Create a configmap from the plausible-conf.env file +# Please change the Postgres and Clickhouse passwords to something more secure here! +kubectl -n plausible create secret generic plausible-db-user --from-literal='username=postgres' --from-literal='password=postgres' # Create the Postgres user +kubectl -n plausible create secret generic plausible-events-db-user --from-literal='username=clickhouse' --from-literal='password=clickhouse' # Create the Clickhouse user +kubectl -n plausible apply -f ./kubernetes +``` + +You can now navigate to http://{hostname}:8000 and see the login screen. + +When you first log in with your admin credentials, you will be prompted to enter a verification code which has been sent to your email. Please configure your server for SMTP to receive this email. [Here are Plausible's SMTP configuration options](https://plausible.io/docs/self-hosting-configuration#mailersmtp-setup). +Otherwise, run this command to verify all users in the database: + +```bash +kubectl -n plausible exec deploy/plausible-db -- /bin/bash -c 'psql -U $POSTGRES_USER -d $POSTGRES_DB -c "UPDATE users SET email_verified = true;"' +``` diff --git a/kubernetes/plausible-db.yaml b/kubernetes/plausible-db.yaml new file mode 100644 index 0000000..ce5ecac --- /dev/null +++ b/kubernetes/plausible-db.yaml @@ -0,0 +1,109 @@ +apiVersion: v1 +kind: Service +metadata: + name: plausible-db + labels: + app.kubernetes.io/name: postgres + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible +spec: + type: ClusterIP + ports: + - name: db + port: 5432 + targetPort: 5432 + protocol: TCP + selector: + app.kubernetes.io/name: postgres + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: plausible-db-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plausible-db + labels: + app.kubernetes.io/name: postgres + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: postgres + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible + template: + metadata: + labels: + app.kubernetes.io/name: postgres + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible + spec: + restartPolicy: Always + volumes: + - name: pgdata + persistentVolumeClaim: + claimName: plausible-db-pvc + containers: + - name: plausible-db + image: postgres:latest + imagePullPolicy: Always + ports: + - containerPort: 5432 + volumeMounts: + - name: pgdata + mountPath: /var/lib/postgresql/data + env: + - name: POSTGRES_DB + value: plausible + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: plausible-db-user + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: plausible-db-user + key: password + securityContext: + allowPrivilegeEscalation: false + resources: + limits: + memory: 2Gi + cpu: 1500m + requests: + memory: 128Mi + cpu: 250m + readinessProbe: + exec: + command: + - /bin/sh + - -c + - pg_isready -U postgres + initialDelaySeconds: 20 + failureThreshold: 6 + periodSeconds: 10 + livenessProbe: + exec: + command: + - /bin/sh + - -c + - pg_isready -U postgres + initialDelaySeconds: 30 + failureThreshold: 3 + periodSeconds: 10 diff --git a/kubernetes/plausible-events-db.yaml b/kubernetes/plausible-events-db.yaml new file mode 100644 index 0000000..001f495 --- /dev/null +++ b/kubernetes/plausible-events-db.yaml @@ -0,0 +1,103 @@ +apiVersion: v1 +kind: Service +metadata: + name: plausible-events-db + labels: + app.kubernetes.io/name: clickhouse + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible +spec: + type: ClusterIP + ports: + - name: db + port: 8123 + targetPort: 8123 + protocol: TCP + selector: + app.kubernetes.io/name: clickhouse + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: plausible-events-db-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plausible-events-db + labels: + app.kubernetes.io/name: clickhouse + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: clickhouse + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible + template: + metadata: + labels: + app.kubernetes.io/name: clickhouse + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible + spec: + restartPolicy: Always + volumes: + - name: clickhousedata + persistentVolumeClaim: + claimName: plausible-db-pvc + containers: + - name: plausible-events-db + image: yandex/clickhouse-server:latest + imagePullPolicy: Always + ports: + - containerPort: 8123 + volumeMounts: + - name: clickhousedata + mountPath: /var/lib/clickhouse + env: + - name: CLICKHOUSE_DB + value: plausible + - name: CLICKHOUSE_USER + valueFrom: + secretKeyRef: + name: plausible-events-db-user + key: username + - name: CLICKHOUSE_PASSWORD + valueFrom: + secretKeyRef: + name: plausible-events-db-user + key: password + securityContext: + allowPrivilegeEscalation: false + resources: + limits: + memory: 2Gi + cpu: 1500m + requests: + memory: 200Mi + cpu: 250m + readinessProbe: + httpGet: + path: /ping + port: 8123 + initialDelaySeconds: 20 + failureThreshold: 6 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /ping + port: 8123 + initialDelaySeconds: 30 + failureThreshold: 3 + periodSeconds: 10 diff --git a/kubernetes/plausible-mail.yaml b/kubernetes/plausible-mail.yaml new file mode 100644 index 0000000..b10aec2 --- /dev/null +++ b/kubernetes/plausible-mail.yaml @@ -0,0 +1,70 @@ +apiVersion: v1 +kind: Service +metadata: + name: plausible-smtp + labels: + app.kubernetes.io/name: smtp + app.kubernetes.io/component: email + app.kubernetes.io/part-of: plausible +spec: + type: ClusterIP + ports: + - name: smtp + port: 25 + targetPort: 25 + protocol: TCP + selector: + app.kubernetes.io/name: smtp + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plausible-smtp + labels: + app.kubernetes.io/name: smtp + app.kubernetes.io/component: email + app.kubernetes.io/part-of: plausible +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: smtp + app.kubernetes.io/component: email + app.kubernetes.io/part-of: plausible + template: + metadata: + labels: + app.kubernetes.io/name: smtp + app.kubernetes.io/component: email + app.kubernetes.io/part-of: plausible + spec: + restartPolicy: Always + containers: + - name: plausible-smtp + image: bytemark/smtp:latest + imagePullPolicy: Always + ports: + - containerPort: 25 + securityContext: + allowPrivilegeEscalation: false + resources: + limits: + memory: 512Mi + cpu: 500m + requests: + memory: 5Mi + cpu: 100m + readinessProbe: + tcpSocket: + port: 25 + initialDelaySeconds: 20 + failureThreshold: 6 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 25 + initialDelaySeconds: 30 + failureThreshold: 3 + periodSeconds: 10 diff --git a/kubernetes/plausible.yaml b/kubernetes/plausible.yaml new file mode 100644 index 0000000..4045106 --- /dev/null +++ b/kubernetes/plausible.yaml @@ -0,0 +1,101 @@ +apiVersion: v1 +kind: Service +metadata: + name: plausible + labels: + app.kubernetes.io/name: plausible + app.kubernetes.io/component: server +spec: + type: LoadBalancer + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP + selector: + app.kubernetes.io/name: plausible + app.kubernetes.io/component: server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plausible + labels: + app.kubernetes.io/name: plausible + app.kubernetes.io/component: server +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: plausible + app.kubernetes.io/component: server + template: + metadata: + labels: + app.kubernetes.io/name: plausible + app.kubernetes.io/component: server + spec: + restartPolicy: Always + containers: + - name: plausible + image: plausible/analytics:latest + imagePullPolicy: Always + args: + - /bin/sh + - -c + - sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run + ports: + - containerPort: 8000 + envFrom: + - configMapRef: + name: plausible-config + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: plausible-db-user + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: plausible-db-user + key: password + - name: CLICKHOUSE_USER + valueFrom: + secretKeyRef: + name: plausible-events-db-user + key: username + - name: CLICKHOUSE_PASSWORD + valueFrom: + secretKeyRef: + name: plausible-events-db-user + key: password + - name: DATABASE_URL + value: postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(PLAUSIBLE_DB_SERVICE_HOST):$(PLAUSIBLE_DB_SERVICE_PORT)/plausible + - name: CLICKHOUSE_DATABASE_URL + value: http://$(CLICKHOUSE_USER):$(CLICKHOUSE_PASSWORD)@$(PLAUSIBLE_EVENTS_DB_SERVICE_HOST):$(PLAUSIBLE_EVENTS_DB_SERVICE_PORT)/plausible + - name: SMTP_HOST_ADDR + value: $(PLAUSIBLE_SMTP_SERVICE_HOST) + securityContext: + allowPrivilegeEscalation: false + resources: + limits: + memory: 2Gi + cpu: 1500m + requests: + memory: 200Mi + cpu: 250m + readinessProbe: + httpGet: + path: /api/health + port: 8000 + initialDelaySeconds: 35 + failureThreshold: 6 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /api/health + port: 8000 + initialDelaySeconds: 45 + failureThreshold: 3 + periodSeconds: 10 From 03919f11f11d3bec15eaf6238b61181b6af96935 Mon Sep 17 00:00:00 2001 From: Oscar Beaumont Date: Mon, 19 Jul 2021 13:54:58 +0800 Subject: [PATCH 2/6] changed databases to StatefulSet --- kubernetes/plausible-db.yaml | 34 ++++++++++++++--------------- kubernetes/plausible-events-db.yaml | 34 ++++++++++++++--------------- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/kubernetes/plausible-db.yaml b/kubernetes/plausible-db.yaml index ce5ecac..bcf0aa0 100644 --- a/kubernetes/plausible-db.yaml +++ b/kubernetes/plausible-db.yaml @@ -18,19 +18,8 @@ spec: app.kubernetes.io/component: database app.kubernetes.io/part-of: plausible --- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: plausible-db-pvc -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi ---- apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: plausible-db labels: @@ -39,6 +28,7 @@ metadata: app.kubernetes.io/part-of: plausible spec: replicas: 1 + serviceName: plausible-db selector: matchLabels: app.kubernetes.io/name: postgres @@ -52,10 +42,6 @@ spec: app.kubernetes.io/part-of: plausible spec: restartPolicy: Always - volumes: - - name: pgdata - persistentVolumeClaim: - claimName: plausible-db-pvc containers: - name: plausible-db image: postgres:latest @@ -63,7 +49,7 @@ spec: ports: - containerPort: 5432 volumeMounts: - - name: pgdata + - name: data mountPath: /var/lib/postgresql/data env: - name: POSTGRES_DB @@ -107,3 +93,17 @@ spec: initialDelaySeconds: 30 failureThreshold: 3 periodSeconds: 10 + volumeClaimTemplates: + - metadata: + name: data + labels: + app.kubernetes.io/name: postgres + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 128Mi + limits: + storage: 15Gi diff --git a/kubernetes/plausible-events-db.yaml b/kubernetes/plausible-events-db.yaml index 001f495..bd43865 100644 --- a/kubernetes/plausible-events-db.yaml +++ b/kubernetes/plausible-events-db.yaml @@ -18,19 +18,8 @@ spec: app.kubernetes.io/component: database app.kubernetes.io/part-of: plausible --- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: plausible-events-db-pvc -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi ---- apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: plausible-events-db labels: @@ -39,6 +28,7 @@ metadata: app.kubernetes.io/part-of: plausible spec: replicas: 1 + serviceName: plausible-events-db selector: matchLabels: app.kubernetes.io/name: clickhouse @@ -52,10 +42,6 @@ spec: app.kubernetes.io/part-of: plausible spec: restartPolicy: Always - volumes: - - name: clickhousedata - persistentVolumeClaim: - claimName: plausible-db-pvc containers: - name: plausible-events-db image: yandex/clickhouse-server:latest @@ -63,7 +49,7 @@ spec: ports: - containerPort: 8123 volumeMounts: - - name: clickhousedata + - name: data mountPath: /var/lib/clickhouse env: - name: CLICKHOUSE_DB @@ -101,3 +87,17 @@ spec: initialDelaySeconds: 30 failureThreshold: 3 periodSeconds: 10 + volumeClaimTemplates: + - metadata: + name: data + labels: + app.kubernetes.io/name: clickhouse + app.kubernetes.io/component: database + app.kubernetes.io/part-of: plausible + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 128Mi + limits: + storage: 20Gi From aa9f96cd12384f1198b683ca3d507ed27138fa3d Mon Sep 17 00:00:00 2001 From: Oscar Beaumont Date: Mon, 19 Jul 2021 14:05:07 +0800 Subject: [PATCH 3/6] lowered unreasonably high resource requirements --- kubernetes/plausible-db.yaml | 4 ++-- kubernetes/plausible-events-db.yaml | 4 ++-- kubernetes/plausible-mail.yaml | 2 +- kubernetes/plausible.yaml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/kubernetes/plausible-db.yaml b/kubernetes/plausible-db.yaml index bcf0aa0..ff72387 100644 --- a/kubernetes/plausible-db.yaml +++ b/kubernetes/plausible-db.yaml @@ -73,8 +73,8 @@ spec: memory: 2Gi cpu: 1500m requests: - memory: 128Mi - cpu: 250m + memory: 65Mi + cpu: 15m readinessProbe: exec: command: diff --git a/kubernetes/plausible-events-db.yaml b/kubernetes/plausible-events-db.yaml index bd43865..4f6b43c 100644 --- a/kubernetes/plausible-events-db.yaml +++ b/kubernetes/plausible-events-db.yaml @@ -71,8 +71,8 @@ spec: memory: 2Gi cpu: 1500m requests: - memory: 200Mi - cpu: 250m + memory: 80Mi + cpu: 10m readinessProbe: httpGet: path: /ping diff --git a/kubernetes/plausible-mail.yaml b/kubernetes/plausible-mail.yaml index b10aec2..b551ef7 100644 --- a/kubernetes/plausible-mail.yaml +++ b/kubernetes/plausible-mail.yaml @@ -55,7 +55,7 @@ spec: cpu: 500m requests: memory: 5Mi - cpu: 100m + cpu: 1m readinessProbe: tcpSocket: port: 25 diff --git a/kubernetes/plausible.yaml b/kubernetes/plausible.yaml index 4045106..434eb0c 100644 --- a/kubernetes/plausible.yaml +++ b/kubernetes/plausible.yaml @@ -83,8 +83,8 @@ spec: memory: 2Gi cpu: 1500m requests: - memory: 200Mi - cpu: 250m + memory: 140Mi + cpu: 10m readinessProbe: httpGet: path: /api/health From 46f050f54c9808980e5fdb04e4a7726ff1f8a747 Mon Sep 17 00:00:00 2001 From: Oscar Beaumont Date: Mon, 19 Jul 2021 15:28:44 +0800 Subject: [PATCH 4/6] added plausible init container, security context's & events-db configuration into configmap --- kubernetes/README.md | 2 +- kubernetes/plausible-db.yaml | 5 +++ kubernetes/plausible-events-db.yaml | 47 ++++++++++++++++++++++++ kubernetes/plausible.yaml | 56 ++++++++++++++++++++++++++--- 4 files changed, 105 insertions(+), 5 deletions(-) diff --git a/kubernetes/README.md b/kubernetes/README.md index ffe7544..8af4ffc 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -34,5 +34,5 @@ When you first log in with your admin credentials, you will be prompted to enter Otherwise, run this command to verify all users in the database: ```bash -kubectl -n plausible exec deploy/plausible-db -- /bin/bash -c 'psql -U $POSTGRES_USER -d $POSTGRES_DB -c "UPDATE users SET email_verified = true;"' +kubectl -n plausible exec statefulset/plausible-db -- /bin/bash -c 'psql -U $POSTGRES_USER -d $POSTGRES_DB -c "UPDATE users SET email_verified = true;"' ``` diff --git a/kubernetes/plausible-db.yaml b/kubernetes/plausible-db.yaml index ff72387..f1353d1 100644 --- a/kubernetes/plausible-db.yaml +++ b/kubernetes/plausible-db.yaml @@ -42,6 +42,11 @@ spec: app.kubernetes.io/part-of: plausible spec: restartPolicy: Always + # see https://github.com/docker-library/postgres/blob/6bbf1c7b308d1c4288251d73c37f6caf75f8a3d4/14/buster/Dockerfile + securityContext: + runAsUser: 999 + runAsGroup: 999 + fsGroup: 999 containers: - name: plausible-db image: postgres:latest diff --git a/kubernetes/plausible-events-db.yaml b/kubernetes/plausible-events-db.yaml index 4f6b43c..086d16d 100644 --- a/kubernetes/plausible-events-db.yaml +++ b/kubernetes/plausible-events-db.yaml @@ -18,6 +18,36 @@ spec: app.kubernetes.io/component: database app.kubernetes.io/part-of: plausible --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: plausible-events-db-config +data: + clickhouse-config.xml: | + + + warning + true + + + + + + + + + + + clickhouse-user-config.xml: | + + + + 0 + 0 + + + +--- apiVersion: apps/v1 kind: StatefulSet metadata: @@ -42,6 +72,11 @@ spec: app.kubernetes.io/part-of: plausible spec: restartPolicy: Always + # see https://github.com/ClickHouse/ClickHouse/blob/master/docker/server/Dockerfile + securityContext: + runAsUser: 101 + runAsGroup: 101 + fsGroup: 101 containers: - name: plausible-events-db image: yandex/clickhouse-server:latest @@ -51,6 +86,14 @@ spec: volumeMounts: - name: data mountPath: /var/lib/clickhouse + - name: config + mountPath: /etc/clickhouse-server/config.d/logging.xml + subPath: clickhouse-config.xml + readOnly: true + - name: config + mountPath: /etc/clickhouse-server/users.d/logging.xml" + subPath: clickhouse-user-config.xml + readOnly: true env: - name: CLICKHOUSE_DB value: plausible @@ -87,6 +130,10 @@ spec: initialDelaySeconds: 30 failureThreshold: 3 periodSeconds: 10 + volumes: + - name: config + configMap: + name: plausible-events-db-config volumeClaimTemplates: - metadata: name: data diff --git a/kubernetes/plausible.yaml b/kubernetes/plausible.yaml index 434eb0c..952cb6d 100644 --- a/kubernetes/plausible.yaml +++ b/kubernetes/plausible.yaml @@ -36,14 +36,62 @@ spec: app.kubernetes.io/component: server spec: restartPolicy: Always + # see https://github.com/plausible/analytics/blob/master/Dockerfile + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + initContainers: + - name: plausible-init + image: plausible/analytics:latest + command: + - "/bin/sh" + - "-c" + args: + - sleep 30 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin + envFrom: + - configMapRef: + name: plausible-config + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: plausible-db-user + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: plausible-db-user + key: password + - name: CLICKHOUSE_USER + valueFrom: + secretKeyRef: + name: plausible-events-db-user + key: username + - name: CLICKHOUSE_PASSWORD + valueFrom: + secretKeyRef: + name: plausible-events-db-user + key: password + - name: DATABASE_URL + value: postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(PLAUSIBLE_DB_SERVICE_HOST):$(PLAUSIBLE_DB_SERVICE_PORT)/plausible + - name: CLICKHOUSE_DATABASE_URL + value: http://$(CLICKHOUSE_USER):$(CLICKHOUSE_PASSWORD)@$(PLAUSIBLE_EVENTS_DB_SERVICE_HOST):$(PLAUSIBLE_EVENTS_DB_SERVICE_PORT)/plausible + - name: SMTP_HOST_ADDR + value: $(PLAUSIBLE_SMTP_SERVICE_HOST) + securityContext: + allowPrivilegeEscalation: false + resources: + limits: + memory: 2Gi + cpu: 1500m + requests: + memory: 50Mi + cpu: 10m containers: - name: plausible image: plausible/analytics:latest imagePullPolicy: Always - args: - - /bin/sh - - -c - - sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run ports: - containerPort: 8000 envFrom: From dabb3878232da19c476e1680809af24143cf7d5c Mon Sep 17 00:00:00 2001 From: Oscar Beaumont Date: Mon, 2 Aug 2021 15:01:55 +0800 Subject: [PATCH 5/6] fix: converted Plausible config to secret This was done as the Plausible configuration file contains the secret key base which is used to encrypt the cookies. --- kubernetes/README.md | 2 +- kubernetes/plausible.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes/README.md b/kubernetes/README.md index 8af4ffc..a1844f9 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -21,7 +21,7 @@ Once you've entered your secret key base, base url and admin credentials, you're ```bash kubectl create namespace plausible # Create a new namespace for all resources -kubectl -n plausible create configmap plausible-config --from-env-file=plausible-conf.env # Create a configmap from the plausible-conf.env file +kubectl -n plausible create secret generic plausible-config --from-env-file=plausible-conf.env # Create a configmap from the plausible-conf.env file # Please change the Postgres and Clickhouse passwords to something more secure here! kubectl -n plausible create secret generic plausible-db-user --from-literal='username=postgres' --from-literal='password=postgres' # Create the Postgres user kubectl -n plausible create secret generic plausible-events-db-user --from-literal='username=clickhouse' --from-literal='password=clickhouse' # Create the Clickhouse user diff --git a/kubernetes/plausible.yaml b/kubernetes/plausible.yaml index 952cb6d..ee64722 100644 --- a/kubernetes/plausible.yaml +++ b/kubernetes/plausible.yaml @@ -50,7 +50,7 @@ spec: args: - sleep 30 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin envFrom: - - configMapRef: + - secretRef: name: plausible-config env: - name: POSTGRES_USER @@ -95,7 +95,7 @@ spec: ports: - containerPort: 8000 envFrom: - - configMapRef: + - secretRef: name: plausible-config env: - name: POSTGRES_USER From 5ca6f3d0694cd44a158c4bd21e6e8bf8aa680c7b Mon Sep 17 00:00:00 2001 From: Oscar Beaumont Date: Wed, 4 Aug 2021 17:37:41 +0800 Subject: [PATCH 6/6] fix: added warning about multiple replicas --- kubernetes/plausible.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/plausible.yaml b/kubernetes/plausible.yaml index ee64722..994006f 100644 --- a/kubernetes/plausible.yaml +++ b/kubernetes/plausible.yaml @@ -24,6 +24,7 @@ metadata: app.kubernetes.io/name: plausible app.kubernetes.io/component: server spec: + # Plausible is not currently designed to run in a clustered scenario. Increasing the replicas of this deployment is highly NOT recommended! replicas: 1 selector: matchLabels: