#+TITLE: Helm chart * Configuration | Parameter | Description | Default | |-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------| | disableAuth | Disables authentication completely, no registration, login will be shown | ~false~ | | disableRegistration | Disables registration of new users, keep your admin credentials handy | ~false~ | | adminUser.email | The default ("admin") user email | ~""~ | | adminUser.name | Admin user's name | ~""~ | | adminUser.password | The default ("admin") user password | ~""~ | | database.enabled | Set database URL in env | ~true~ | | database.url | The database URL as dictated [[https://hexdocs.pm/ecto/Ecto.Repo.html#module-urls][here]] | ~postgres://postgres:postgres@postgres/plausible?ssl=off~ | | clickhouse.enabled | Set clickhouse URL in env | ~true~ | | clickhouse.url | Connection string for Clickhouse in the same format | ~http://plausible-events-db:8123/plausible~ | | smtp.enabled | Set SMTP configuration in env | ~true~ | | smtp.mailer.emailAddress | The email id to use for as from address of all communications from Plausible | ~""~ | | smtp.mailer.adapter | Instead of the default, replace this with Bamboo.PostmarkAdapter | ~""~ | | smtp.host | The host address of your smtp server | ~""~ | | smtp.port | The port of your smtp server | ~""~ | | smtp.username | The username/email in case SMTP auth is enabled | ~""~ | | smtp.password | The password in case SMTP auth is enabled | ~""~ | | smtp.ssl.enabled | If SSL is enabled for SMTP connection | ~false~ | | smtp.retries | Number of retries to make until mailer gives up | ~2~ | | postmark.apiKey | Enter your API key | ~""~ | | geoliteCountryDB | Path to your IP geolocation database in MaxMind's format | ~""~ | | google.clientID | The Client ID from the Google API Console for your Plausible Analytics project | ~""~ | | google.clientSecret | The Client Secret from the Google API Console for your Plausible Analytics project | ~""~ | | twitter.consumer.key | The API key from the Twitter Developer Portal | ~""~ | | twitter.consumer.secret | The API key secret from the Twitter Developer Portal | ~""~ | | twitter.access.token | The access token you generated in the steps above | ~""~ | | twitter.access.secret | The access token secret you generated in the steps above | ~""~ | | labels | Extra labels to add to all managed resources | ~{}~ | | extraEnv | Declare extra environment variables | ~[]~ | | image.repository | The repo where the image lives | ~plausible/analytics~ | | image.tag | Specifies a tag of from the image to use | ~""~ | | image.pullPolicy | Pod container pull policy | ~IfNotPresent~ | | imagePullSecrets | References for the registry secrets to pull the container images in the Pod with | ~[]~ | | nameOverride | Expand the name of the chart | ~""~ | | fullNameOverride | Create a FQDN for the app name | ~""~ | | serviceAccount.create | Whether a serviceAccount should be created for the Pod to use | ~false~ | | serviceAccount.name | A name to give the servce account | ~nil~ | | podAnnotations | Annotations to assign Pods | ~{}~ | | podSecurityContext | Set a security context for the Pod | ~{}~ | | securityContext.readOnlyRootFilesystem | Mount container filesytem as read only | ~true~ | | securityContext.runAsNonRoot | Don't allow the container in the Pod to run as root | ~true~ | | securityContext.runAsUser | The user ID to run the container in the Pod as | ~1000~ | | securityContext.runAsGroup | The group ID to run the container in the Pod as | ~1000~ | | service.type | The service type to create | ~ClusterIP~ | | service.port | The port to bind the app on and for the service to be set to | ~8000~ | | ingress.enabled | Create an ingress manifests | ~false~ | | ingress.realIPHeader | A header to forward, which contains the real client IP address | ~""~ | | ingress.annotations | Set annotations for the ingress manifest | ~{}~ | | ingress.hosts | The hosts which the ingress endpoint should be accessed from | | | ingress.tls | References to TLS secrets | ~[]~ | | resources | Limits and requests for the Pods | ~{}~ | | autoscaling.enabled | Enable autoscaling for the deployment | ~false~ | | autoscaling.minReplicas | The minimum amount of Pods to run | ~1~ | | autoscaling.maxReplicas | The maximum amount of Pods to run | ~1~ | | autoscaling.targetCPUUtilizationPercentage | The individual Pod CPU amount until autoscaling occurs | ~80~ | | autoscaling.targetMemoryUtilizationPercentage | The individual Pod Memory amount until autoscaling occurs | | | nodeSelector | Declare the node labels for Pod scheduling | ~{}~ | | tolerations | Declare the toleration labels for Pod scheduling | ~[]~ | | affinity | Declare the affinity settings for the Pod scheduling | ~{}~ | * Installation #+begin_src shell :pwd ./ :results silent helm install plausible -n plausible \ --debug \ --set adminUser.email=myemail@example.com \ --set adminUser.name="Test User" \ --set adminUser.password="password" \ --set database.url="postgres://plausible:plausible@postgres/plausible?ssl=false" \ --set clickhouse.url="http://plausible-events-db:8123/plausible" \ --set disableRegistration=true \ --set disableAuth=true \ --set image.tag=dev \ plausible-analytics #+end_src #+begin_src shell :pwd ./ kubectl -n plausible get pods,svc #+end_src #+begin_src shell :pwd ./ :results silent helm uninstall plausible -n plausible #+end_src #+BEGIN_SRC yaml :tangle /tmp/postgres-operator.yaml apiVersion: helm.fluxcd.io/v1 kind: HelmRelease metadata: name: postgres-operator namespace: postgres-operator spec: releaseName: postgres-operator chart: git: https://github.com/zalando/postgres-operator.git ref: v1.6.1 path: charts/postgres-operator values: configKubernetes: enable_pod_antiaffinity: "true" #+END_SRC #+BEGIN_SRC tmate :window plausible-setup kubectl create ns postgres-operator kubectl apply -f /tmp/postgres-operator.yaml #+END_SRC #+BEGIN_SRC yaml :tangle /tmp/postgresql.yaml apiVersion: "acid.zalan.do/v1" kind: postgresql metadata: name: plausible-db namespace: plausible spec: enableConnectionPooler: true connectionPooler: mode: session resources: requests: cpu: 250m memory: 100Mi limits: cpu: "1" memory: 100Mi teamId: "plausible" volume: size: 3Gi numberOfInstances: 3 users: plausible: # database owner - superuser - createdb databases: plausible: plausible # dbname: owner postgresql: version: "12" #+END_SRC #+BEGIN_SRC tmate :window plausible-setup kubectl -n plausible create secret generic plausible.plausible-db.credentials.postgresql.acid.zalan.do --from-literal=password=plausible --from-literal=username=plausible --dry-run=client -o yaml | kubectl apply -f - kubectl apply -f /tmp/postgresql.yaml #+END_SRC * Deploying with Helm-Operator #+BEGIN_SRC yaml :tangle /tmp/plausible.yaml apiVersion: helm.fluxcd.io/v1 kind: HelmRelease metadata: name: plausible namespace: plausible spec: chart: git: https://github.com/BobyMCbobs/plausible-hosting path: chart/plausible-analytics ref: fffcb3e87395d42e73ccd6034d8008ba68c216b2 releaseName: plausible values: replicaCount: 3 adminUser: name: "My Name Here" email: "my-email@address.here" password: "a-secure-password-here" database: url: "postgres://plausible:plausible@plausible-db-pooler.plausible/plausible?ssl=true" clickhouse: url: "http://plausible-events-db:8123/plausible" secretKeyBase: "hello-this-is-plausible-analytics-this-value-must-be-at-least-64-bytes-long" extraVolumes: - name: tmptmp emptyDir: {} extraVolumeMounts: - name: tmptmp mountPath: /tmp/tmp ingress: enabled: true hosts: - host: plausible.bobymcbobs-weekend.pair.sharing.io paths: - / realIPHeader: X-Real-Ip tls: - hosts: - plausible.bobymcbobs-weekend.pair.sharing.io secretName: letsencrypt-prod #+END_SRC #+BEGIN_SRC tmate :window plausible-setup kubectl apply -f /tmp/plausible.yaml #+END_SRC #+BEGIN_SRC tmate :window plausible-setup kubectl psql -n plausible plausible-db plausible psql -c "UPDATE users SET email_verified = true;" #+END_SRC