Add WIP Kubernetes support
This commit is contained in:
Caleb Woodbine
parent
3adc80359b
commit
e59f03b970
|
|
@ -0,0 +1,51 @@
|
|||
#+TITLE: Setup Plausible
|
||||
|
||||
* Setup
|
||||
|
||||
#+NAME: create namespace
|
||||
#+begin_src shell :results silent
|
||||
kubectl create ns plausible
|
||||
#+end_src
|
||||
|
||||
#+NAME: create the database secrets
|
||||
#+begin_src shell :results silent
|
||||
kubectl -n plausible create secret generic postgres-configuration \
|
||||
--from-literal=POSTGRES_DB=plausible \
|
||||
--from-literal=POSTGRES_USER=plausible \
|
||||
--from-literal=POSTGRES_PASSWORD=plausible \
|
||||
--from-literal=PGUSER=plausible \
|
||||
--from-literal=PGPASSWORD=plausible \
|
||||
--from-literal=PGDATABASE=plausible
|
||||
#+end_src
|
||||
|
||||
#+NAME: install Postgres
|
||||
#+begin_src shell :pwd ./ :results silent
|
||||
kubectl -n plausible apply -f postgresql.yaml
|
||||
#+end_src
|
||||
|
||||
#+NAME: create secrets
|
||||
#+begin_src shell :results silent
|
||||
DATABASE_PWD="$(kubectl -n plausible get secret plausible.plausible-db.credentials.postgresql.acid.zalan.do -o=jsonpath='{.data.password}' | base64 --decode)"
|
||||
kubectl -n plausible create secret generic plausible \
|
||||
--from-literal=ADMIN_USER_EMAIL=myemail@example.com \
|
||||
--from-literal=ADMIN_USER_NAME="Example User" \
|
||||
--from-literal=ADMIN_USER_PWD="password" \
|
||||
--from-literal=SECRET_KEY_BASE="$(openssl rand -base64 64)" \
|
||||
--from-literal=DATABASE_URL="postgres://plausible:$DATABASE_PWD@plausible-db-pooler/plausible?ssl=true" \
|
||||
--from-literal=CLICKHOUSE_DATABASE_URL=http://plausible-events-db:8123/plausible
|
||||
#+end_src
|
||||
|
||||
#+NAME: create configuration
|
||||
#+begin_src shell :results silent
|
||||
kubectl -n plausible create configmap plausible \
|
||||
--from-literal=BASE_URL=http://192.168.39.97:31943
|
||||
#+end_src
|
||||
|
||||
#+NAME: install Plausible
|
||||
#+begin_src shell :results silent
|
||||
kubectl -n plausible apply -f .
|
||||
#+end_src
|
||||
|
||||
* Notes and references
|
||||
- https://docs.plausible.io/self-hosting-configuration/
|
||||
- https://github.com/plausible/hosting/blob/c5146231aa0bf8d7a0da11370845e11a4973373e/docker-compose.yml
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
labels:
|
||||
app: event-data
|
||||
name: event-data
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 100Mi
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: mail
|
||||
name: mail
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: mail
|
||||
strategy: {}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mail
|
||||
spec:
|
||||
containers:
|
||||
- image: bytemark/smtp
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: mail
|
||||
resources: {}
|
||||
restartPolicy: Always
|
||||
|
|
@ -0,0 +1,107 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: plausible
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: plausible
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: plausible
|
||||
spec:
|
||||
initContainers:
|
||||
- command:
|
||||
- bash
|
||||
- -c
|
||||
- /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin
|
||||
env:
|
||||
- name: ADMIN_USER_EMAIL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: ADMIN_USER_EMAIL
|
||||
name: plausible
|
||||
- name: ADMIN_USER_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: ADMIN_USER_NAME
|
||||
name: plausible
|
||||
- name: ADMIN_USER_PWD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: ADMIN_USER_PWD
|
||||
name: plausible
|
||||
- name: SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: SECRET_KEY_BASE
|
||||
name: plausible
|
||||
- name: DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: DATABASE_URL
|
||||
name: plausible
|
||||
- name: CLICKHOUSE_DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: CLICKHOUSE_DATABASE_URL
|
||||
name: plausible
|
||||
- name: BASE_URL
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: BASE_URL
|
||||
name: plausible
|
||||
image: plausible/analytics:dev
|
||||
imagePullPolicy: Always
|
||||
name: plausible-init
|
||||
containers:
|
||||
- command:
|
||||
- /bin/bash
|
||||
- -c
|
||||
- /entrypoint.sh run
|
||||
env:
|
||||
- name: ADMIN_USER_EMAIL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: ADMIN_USER_EMAIL
|
||||
name: plausible
|
||||
- name: ADMIN_USER_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: ADMIN_USER_NAME
|
||||
name: plausible
|
||||
- name: ADMIN_USER_PWD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: ADMIN_USER_PWD
|
||||
name: plausible
|
||||
- name: DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: DATABASE_URL
|
||||
name: plausible
|
||||
- name: SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: SECRET_KEY_BASE
|
||||
name: plausible
|
||||
- name: CLICKHOUSE_DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: CLICKHOUSE_DATABASE_URL
|
||||
name: plausible
|
||||
- name: BASE_URL
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: BASE_URL
|
||||
name: plausible
|
||||
image: plausible/analytics:dev
|
||||
imagePullPolicy: Always
|
||||
name: plausible
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8000
|
||||
resources: {}
|
||||
restartPolicy: Always
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: plausible-events-db
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: plausible-events-db
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: plausible-events-db
|
||||
spec:
|
||||
containers:
|
||||
- image: yandex/clickhouse-server:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: plausible-events-db
|
||||
ports:
|
||||
- containerPort: 8123
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- mountPath: /var/lib/clickhouse
|
||||
name: event-data
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: event-data
|
||||
persistentVolumeClaim:
|
||||
claimName: event-data
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: plausible-events-db
|
||||
name: plausible-events-db
|
||||
spec:
|
||||
ports:
|
||||
- name: "8123"
|
||||
port: 8123
|
||||
targetPort: 8123
|
||||
selector:
|
||||
app: plausible-events-db
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: plausible
|
||||
name: plausible
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 8000
|
||||
targetPort: 8000
|
||||
type: NodePort
|
||||
selector:
|
||||
app: plausible
|
||||
|
|
@ -0,0 +1,102 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: postgres
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 5432
|
||||
targetPort: 5432
|
||||
protocol: TCP
|
||||
name: postgres
|
||||
selector:
|
||||
app: postgres
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: postgres
|
||||
spec:
|
||||
replicas: 1
|
||||
serviceName: "postgres"
|
||||
selector:
|
||||
matchLabels:
|
||||
app: postgres
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: postgres
|
||||
spec:
|
||||
securityContext:
|
||||
fsGroup: 70
|
||||
containers:
|
||||
- name: snoopdb
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 70
|
||||
runAsUser: 70
|
||||
image: postgres:12
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
env:
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-configuration
|
||||
key: POSTGRES_DB
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-configuration
|
||||
key: POSTGRES_USER
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-configuration
|
||||
key: POSTGRES_PASSWORD
|
||||
- name: PGDATABASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-configuration
|
||||
key: PGDATABASE
|
||||
- name: PGUSER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-configuration
|
||||
key: POSTGRES_USER
|
||||
- name: PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-configuration
|
||||
key: POSTGRES_PASSWORD
|
||||
- name: PGDATA
|
||||
value: /var/lib/postgresql/data/pgdata
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- "sh"
|
||||
- "-c"
|
||||
- "pg_isready"
|
||||
- "-U"
|
||||
- "$POSTGRES_USER"
|
||||
failureThreshold: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
resources:
|
||||
{}
|
||||
volumeMounts:
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
- name: var-lib-postgresql
|
||||
mountPath: /var/lib/postgresql
|
||||
- name: var-run-postgresql
|
||||
mountPath: /var/run/postgresql
|
||||
volumes:
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
- name: var-lib-postgresql
|
||||
emptyDir: {}
|
||||
- name: var-run-postgresql
|
||||
emptyDir: {}
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
apiVersion: "acid.zalan.do/v1"
|
||||
kind: postgresql
|
||||
metadata:
|
||||
name: plausible-db
|
||||
spec:
|
||||
enableConnectionPooler: true
|
||||
connectionPooler:
|
||||
mode: session
|
||||
resources:
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: "1"
|
||||
memory: 100Mi
|
||||
teamId: "plausible"
|
||||
volume:
|
||||
size: 1Gi
|
||||
numberOfInstances: 1
|
||||
users:
|
||||
plausible: # database owner
|
||||
- superuser
|
||||
- createdb
|
||||
databases:
|
||||
plausible: plausible # dbname: owner
|
||||
postgresql:
|
||||
version: "12"
|
||||
resources:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
memory: "1024Mi"
|
||||
limits:
|
||||
cpu: "1"
|
||||
memory: "1024Mi"
|
||||
Loading…
Reference in New Issue