From e59f03b9702da4424bbf91df58b3dab50e84408a Mon Sep 17 00:00:00 2001
From: Caleb Woodbine <calebwoodbine.public@gmail.com>
Date: Thu, 8 Oct 2020 22:07:58 +1300
Subject: [PATCH] Add WIP Kubernetes support

---
 k8s-manifests/README.org                      |  51 +++++++++
 .../event-data-persistentvolumeclaim.yaml     |  12 ++
 k8s-manifests/mail-deployment.yaml            |  23 ++++
 k8s-manifests/plausible-deployment.yaml       | 107 ++++++++++++++++++
 .../plausible-events-db-deployment.yaml       |  31 +++++
 .../plausible-events-db-service.yaml          |  13 +++
 k8s-manifests/plausible-service.yaml          |  14 +++
 k8s-manifests/postgres.yaml                   | 102 +++++++++++++++++
 k8s-manifests/postgresql.yaml                 |  34 ++++++
 9 files changed, 387 insertions(+)
 create mode 100644 k8s-manifests/README.org
 create mode 100644 k8s-manifests/event-data-persistentvolumeclaim.yaml
 create mode 100644 k8s-manifests/mail-deployment.yaml
 create mode 100644 k8s-manifests/plausible-deployment.yaml
 create mode 100644 k8s-manifests/plausible-events-db-deployment.yaml
 create mode 100644 k8s-manifests/plausible-events-db-service.yaml
 create mode 100644 k8s-manifests/plausible-service.yaml
 create mode 100644 k8s-manifests/postgres.yaml
 create mode 100644 k8s-manifests/postgresql.yaml

diff --git a/k8s-manifests/README.org b/k8s-manifests/README.org
new file mode 100644
index 0000000..a79e049
--- /dev/null
+++ b/k8s-manifests/README.org
@@ -0,0 +1,51 @@
+#+TITLE: Setup Plausible
+
+* Setup
+
+#+NAME: create namespace
+#+begin_src shell :results silent
+  kubectl create ns plausible
+#+end_src
+
+#+NAME: create the database secrets
+#+begin_src shell :results silent
+  kubectl -n plausible create secret generic postgres-configuration \
+    --from-literal=POSTGRES_DB=plausible \
+    --from-literal=POSTGRES_USER=plausible \
+    --from-literal=POSTGRES_PASSWORD=plausible \
+    --from-literal=PGUSER=plausible \
+    --from-literal=PGPASSWORD=plausible \
+    --from-literal=PGDATABASE=plausible
+#+end_src
+
+#+NAME: install Postgres
+#+begin_src shell :pwd ./ :results silent
+  kubectl -n plausible apply -f postgresql.yaml
+#+end_src
+
+#+NAME: create secrets
+#+begin_src shell :results silent
+  DATABASE_PWD="$(kubectl -n plausible get secret plausible.plausible-db.credentials.postgresql.acid.zalan.do -o=jsonpath='{.data.password}' | base64 --decode)"
+  kubectl -n plausible create secret generic plausible \
+    --from-literal=ADMIN_USER_EMAIL=myemail@example.com \
+    --from-literal=ADMIN_USER_NAME="Example User" \
+    --from-literal=ADMIN_USER_PWD="password" \
+    --from-literal=SECRET_KEY_BASE="$(openssl rand -base64 64)" \
+    --from-literal=DATABASE_URL="postgres://plausible:$DATABASE_PWD@plausible-db-pooler/plausible?ssl=true" \
+    --from-literal=CLICKHOUSE_DATABASE_URL=http://plausible-events-db:8123/plausible
+#+end_src
+
+#+NAME: create configuration
+#+begin_src shell :results silent
+  kubectl -n plausible create configmap plausible \
+    --from-literal=BASE_URL=http://192.168.39.97:31943
+#+end_src
+
+#+NAME: install Plausible
+#+begin_src shell :results silent
+  kubectl -n plausible apply -f .
+#+end_src
+
+* Notes and references
+- https://docs.plausible.io/self-hosting-configuration/
+- https://github.com/plausible/hosting/blob/c5146231aa0bf8d7a0da11370845e11a4973373e/docker-compose.yml
diff --git a/k8s-manifests/event-data-persistentvolumeclaim.yaml b/k8s-manifests/event-data-persistentvolumeclaim.yaml
new file mode 100644
index 0000000..6154772
--- /dev/null
+++ b/k8s-manifests/event-data-persistentvolumeclaim.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app: event-data
+  name: event-data
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
diff --git a/k8s-manifests/mail-deployment.yaml b/k8s-manifests/mail-deployment.yaml
new file mode 100644
index 0000000..087d459
--- /dev/null
+++ b/k8s-manifests/mail-deployment.yaml
@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: mail
+  name: mail
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mail
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: mail
+    spec:
+      containers:
+      - image: bytemark/smtp
+        imagePullPolicy: IfNotPresent
+        name: mail
+        resources: {}
+      restartPolicy: Always
diff --git a/k8s-manifests/plausible-deployment.yaml b/k8s-manifests/plausible-deployment.yaml
new file mode 100644
index 0000000..261b8ea
--- /dev/null
+++ b/k8s-manifests/plausible-deployment.yaml
@@ -0,0 +1,107 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: plausible
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: plausible
+  template:
+    metadata:
+      labels:
+        app: plausible
+    spec:
+      initContainers:
+      - command:
+        - bash
+        - -c
+        - /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin
+        env:
+        - name: ADMIN_USER_EMAIL
+          valueFrom:
+            secretKeyRef:
+              key: ADMIN_USER_EMAIL
+              name: plausible
+        - name: ADMIN_USER_NAME
+          valueFrom:
+            secretKeyRef:
+              key: ADMIN_USER_NAME
+              name: plausible
+        - name: ADMIN_USER_PWD
+          valueFrom:
+            secretKeyRef:
+              key: ADMIN_USER_PWD
+              name: plausible
+        - name: SECRET_KEY_BASE
+          valueFrom:
+            secretKeyRef:
+              key: SECRET_KEY_BASE
+              name: plausible
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              key: DATABASE_URL
+              name: plausible
+        - name: CLICKHOUSE_DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              key: CLICKHOUSE_DATABASE_URL
+              name: plausible
+        - name: BASE_URL
+          valueFrom:
+            configMapKeyRef:
+              key: BASE_URL
+              name: plausible
+        image: plausible/analytics:dev
+        imagePullPolicy: Always
+        name: plausible-init
+      containers:
+      - command:
+          - /bin/bash
+          - -c
+          - /entrypoint.sh run
+        env:
+        - name: ADMIN_USER_EMAIL
+          valueFrom:
+            secretKeyRef:
+              key: ADMIN_USER_EMAIL
+              name: plausible
+        - name: ADMIN_USER_NAME
+          valueFrom:
+            secretKeyRef:
+              key: ADMIN_USER_NAME
+              name: plausible
+        - name: ADMIN_USER_PWD
+          valueFrom:
+            secretKeyRef:
+              key: ADMIN_USER_PWD
+              name: plausible
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              key: DATABASE_URL
+              name: plausible
+        - name: SECRET_KEY_BASE
+          valueFrom:
+            secretKeyRef:
+              key: SECRET_KEY_BASE
+              name: plausible
+        - name: CLICKHOUSE_DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              key: CLICKHOUSE_DATABASE_URL
+              name: plausible
+        - name: BASE_URL
+          valueFrom:
+            configMapKeyRef:
+              key: BASE_URL
+              name: plausible
+        image: plausible/analytics:dev
+        imagePullPolicy: Always
+        name: plausible
+        ports:
+        - name: http
+          containerPort: 8000
+        resources: {}
+      restartPolicy: Always
diff --git a/k8s-manifests/plausible-events-db-deployment.yaml b/k8s-manifests/plausible-events-db-deployment.yaml
new file mode 100644
index 0000000..e9f2d7e
--- /dev/null
+++ b/k8s-manifests/plausible-events-db-deployment.yaml
@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: plausible-events-db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: plausible-events-db
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: plausible-events-db
+    spec:
+      containers:
+      - image: yandex/clickhouse-server:latest
+        imagePullPolicy: IfNotPresent
+        name: plausible-events-db
+        ports:
+        - containerPort: 8123
+        resources: {}
+        volumeMounts:
+        - mountPath: /var/lib/clickhouse
+          name: event-data
+      restartPolicy: Always
+      volumes:
+      - name: event-data
+        persistentVolumeClaim:
+          claimName: event-data
diff --git a/k8s-manifests/plausible-events-db-service.yaml b/k8s-manifests/plausible-events-db-service.yaml
new file mode 100644
index 0000000..b64cf70
--- /dev/null
+++ b/k8s-manifests/plausible-events-db-service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: plausible-events-db
+  name: plausible-events-db
+spec:
+  ports:
+  - name: "8123"
+    port: 8123
+    targetPort: 8123
+  selector:
+    app: plausible-events-db
diff --git a/k8s-manifests/plausible-service.yaml b/k8s-manifests/plausible-service.yaml
new file mode 100644
index 0000000..a9b3cb0
--- /dev/null
+++ b/k8s-manifests/plausible-service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: plausible
+  name: plausible
+spec:
+  ports:
+  - name: http
+    port: 8000
+    targetPort: 8000
+  type: NodePort
+  selector:
+    app: plausible
diff --git a/k8s-manifests/postgres.yaml b/k8s-manifests/postgres.yaml
new file mode 100644
index 0000000..9b007db
--- /dev/null
+++ b/k8s-manifests/postgres.yaml
@@ -0,0 +1,102 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+spec:
+  type: ClusterIP
+  ports:
+    - port: 5432
+      targetPort: 5432
+      protocol: TCP
+      name: postgres
+  selector:
+    app: postgres
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+spec:
+  replicas: 1
+  serviceName: "postgres"
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      securityContext:
+        fsGroup: 70
+      containers:
+        - name: snoopdb
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 70
+            runAsUser: 70
+          image: postgres:12
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 5432
+          env:
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-configuration
+                  key: POSTGRES_DB
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-configuration
+                  key: POSTGRES_USER
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-configuration
+                  key: POSTGRES_PASSWORD
+            - name: PGDATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-configuration
+                  key: PGDATABASE
+            - name: PGUSER
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-configuration
+                  key: POSTGRES_USER
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-configuration
+                  key: POSTGRES_PASSWORD
+            - name: PGDATA
+              value: /var/lib/postgresql/data/pgdata
+          livenessProbe:
+            exec:
+              command:
+                - "sh"
+                - "-c"
+                - "pg_isready"
+                - "-U"
+                - "$POSTGRES_USER"
+            failureThreshold: 5
+            periodSeconds: 10
+            timeoutSeconds: 5
+          resources:
+            {}
+          volumeMounts:
+          - name: tmp
+            mountPath: /tmp
+          - name: var-lib-postgresql
+            mountPath: /var/lib/postgresql
+          - name: var-run-postgresql
+            mountPath: /var/run/postgresql
+      volumes:
+        - name: tmp
+          emptyDir: {}
+        - name: var-lib-postgresql
+          emptyDir: {}
+        - name: var-run-postgresql
+          emptyDir: {}
diff --git a/k8s-manifests/postgresql.yaml b/k8s-manifests/postgresql.yaml
new file mode 100644
index 0000000..7b949db
--- /dev/null
+++ b/k8s-manifests/postgresql.yaml
@@ -0,0 +1,34 @@
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+  name: plausible-db
+spec:
+  enableConnectionPooler: true
+  connectionPooler:
+    mode: session
+    resources:
+      requests:
+        cpu: 250m
+        memory: 100Mi
+      limits:
+        cpu: "1"
+        memory: 100Mi
+  teamId: "plausible"
+  volume:
+    size: 1Gi
+  numberOfInstances: 1
+  users:
+    plausible:  # database owner
+    - superuser
+    - createdb
+  databases:
+    plausible: plausible  # dbname: owner
+  postgresql:
+    version: "12"
+  resources:
+    requests:
+      cpu: "100m"
+      memory: "1024Mi"
+    limits:
+      cpu: "1"
+      memory: "1024Mi"