github.com/plausible-hosting
1
0
Fork 1
mirror of https://github.com/plausible/hosting.git synced 2025-07-03 18:47:29 -05:00
Code Issues Projects Releases Wiki Activity
Files
d7098650e75d04780bbeb921f6c6b05da78c70a9
plausible-hosting/chart/README.org
Caleb Woodbine 4189ec29ee Update chart/README.org
2021-05-15 12:05:01 +12:00

199 lines
17 KiB
Org Mode
Raw Blame History

#+TITLE: Helm chart
* Configuration
| Parameter | Description | Default |
|-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------|
| disableAuth | Disables authentication completely, no registration, login will be shown | ~false~ |
| disableRegistration | Disables registration of new users, keep your admin credentials handy | ~false~ |
| adminUser.email | The default ("admin") user email | ~""~ |
| adminUser.name | Admin user's name | ~""~ |
| adminUser.password | The default ("admin") user password | ~""~ |
| database.enabled | Set database URL in env | ~true~ |
| database.url | The database URL as dictated [[https://hexdocs.pm/ecto/Ecto.Repo.html#module-urls][here]] | ~postgres://postgres:postgres@postgres/plausible?ssl=off~ |
| clickhouse.enabled | Set clickhouse URL in env | ~true~ |
| clickhouse.url | Connection string for Clickhouse in the same format | ~http://plausible-events-db:8123/plausible~ |
| smtp.enabled | Set SMTP configuration in env | ~true~ |
| smtp.mailer.emailAddress | The email id to use for as from address of all communications from Plausible | ~""~ |
| smtp.mailer.adapter | Instead of the default, replace this with Bamboo.PostmarkAdapter | ~""~ |
| smtp.host | The host address of your smtp server | ~""~ |
| smtp.port | The port of your smtp server | ~""~ |
| smtp.username | The username/email in case SMTP auth is enabled | ~""~ |
| smtp.password | The password in case SMTP auth is enabled | ~""~ |
| smtp.ssl.enabled | If SSL is enabled for SMTP connection | ~false~ |
| smtp.retries | Number of retries to make until mailer gives up | ~2~ |
| postmark.apiKey | Enter your API key | ~""~ |
| geoliteCountryDB | Path to your IP geolocation database in MaxMind's format | ~""~ |
| google.clientID | The Client ID from the Google API Console for your Plausible Analytics project | ~""~ |
| google.clientSecret | The Client Secret from the Google API Console for your Plausible Analytics project | ~""~ |
| twitter.consumer.key | The API key from the Twitter Developer Portal | ~""~ |
| twitter.consumer.secret | The API key secret from the Twitter Developer Portal | ~""~ |
| twitter.access.token | The access token you generated in the steps above | ~""~ |
| twitter.access.secret | The access token secret you generated in the steps above | ~""~ |
| labels | Extra labels to add to all managed resources | ~{}~ |
| extraEnv | Declare extra environment variables | ~[]~ |
| image.repository | The repo where the image lives | ~plausible/analytics~ |
| image.tag | Specifies a tag of from the image to use | ~""~ |
| image.pullPolicy | Pod container pull policy | ~IfNotPresent~ |
| imagePullSecrets | References for the registry secrets to pull the container images in the Pod with | ~[]~ |
| nameOverride | Expand the name of the chart | ~""~ |
| fullNameOverride | Create a FQDN for the app name | ~""~ |
| serviceAccount.create | Whether a serviceAccount should be created for the Pod to use | ~false~ |
| serviceAccount.name | A name to give the servce account | ~nil~ |
| podAnnotations | Annotations to assign Pods | ~{}~ |
| podSecurityContext | Set a security context for the Pod | ~{}~ |
| securityContext.readOnlyRootFilesystem | Mount container filesytem as read only | ~true~ |
| securityContext.runAsNonRoot | Don't allow the container in the Pod to run as root | ~true~ |
| securityContext.runAsUser | The user ID to run the container in the Pod as | ~1000~ |
| securityContext.runAsGroup | The group ID to run the container in the Pod as | ~1000~ |
| service.type | The service type to create | ~ClusterIP~ |
| service.port | The port to bind the app on and for the service to be set to | ~8000~ |
| ingress.enabled | Create an ingress manifests | ~false~ |
| ingress.realIPHeader | A header to forward, which contains the real client IP address | ~""~ |
| ingress.annotations | Set annotations for the ingress manifest | ~{}~ |
| ingress.hosts | The hosts which the ingress endpoint should be accessed from | |
| ingress.tls | References to TLS secrets | ~[]~ |
| resources | Limits and requests for the Pods | ~{}~ |
| autoscaling.enabled | Enable autoscaling for the deployment | ~false~ |
| autoscaling.minReplicas | The minimum amount of Pods to run | ~1~ |
| autoscaling.maxReplicas | The maximum amount of Pods to run | ~1~ |
| autoscaling.targetCPUUtilizationPercentage | The individual Pod CPU amount until autoscaling occurs | ~80~ |
| autoscaling.targetMemoryUtilizationPercentage | The individual Pod Memory amount until autoscaling occurs | |
| nodeSelector | Declare the node labels for Pod scheduling | ~{}~ |
| tolerations | Declare the toleration labels for Pod scheduling | ~[]~ |
| affinity | Declare the affinity settings for the Pod scheduling | ~{}~ |
* Installation
#+begin_src shell :pwd ./ :results silent
helm install plausible -n plausible \
--debug \
--set adminUser.email=myemail@example.com \
--set adminUser.name="Test User" \
--set adminUser.password="password" \
--set database.url="postgres://plausible:plausible@postgres/plausible?ssl=false" \
--set clickhouse.url="http://plausible-events-db:8123/plausible" \
--set disableRegistration=true \
--set disableAuth=true \
--set image.tag=dev \
plausible-analytics
#+end_src
#+begin_src shell :pwd ./
kubectl -n plausible get pods,svc
#+end_src
#+begin_src shell :pwd ./ :results silent
helm uninstall plausible -n plausible
#+end_src
#+BEGIN_SRC yaml :tangle /tmp/postgres-operator.yaml
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
name: postgres-operator
namespace: postgres-operator
spec:
releaseName: postgres-operator
chart:
git: https://github.com/zalando/postgres-operator.git
ref: v1.6.1
path: charts/postgres-operator
values:
configKubernetes:
enable_pod_antiaffinity: "true"
#+END_SRC
#+BEGIN_SRC tmate :window plausible-setup
kubectl create ns postgres-operator
kubectl apply -f /tmp/postgres-operator.yaml
#+END_SRC
#+BEGIN_SRC yaml :tangle /tmp/postgresql.yaml
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
name: plausible-db
namespace: plausible
spec:
enableConnectionPooler: true
connectionPooler:
mode: session
resources:
requests:
cpu: 250m
memory: 100Mi
limits:
cpu: "1"
memory: 100Mi
teamId: "plausible"
volume:
size: 3Gi
numberOfInstances: 3
users:
plausible: # database owner
- superuser
- createdb
databases:
plausible: plausible # dbname: owner
postgresql:
version: "12"
#+END_SRC
#+BEGIN_SRC tmate :window plausible-setup
kubectl -n plausible create secret generic plausible.plausible-db.credentials.postgresql.acid.zalan.do --from-literal=password=plausible --from-literal=username=plausible --dry-run=client -o yaml | kubectl apply -f -
kubectl apply -f /tmp/postgresql.yaml
#+END_SRC
* Deploying with Helm-Operator
#+BEGIN_SRC yaml :tangle /tmp/plausible.yaml
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
name: plausible
namespace: plausible
spec:
chart:
git: https://github.com/BobyMCbobs/plausible-hosting
path: chart/plausible-analytics
ref: fffcb3e87395d42e73ccd6034d8008ba68c216b2
releaseName: plausible
values:
replicaCount: 3
adminUser:
name: "My Name Here"
email: "my-email@address.here"
password: "a-secure-password-here"
database:
url: "postgres://plausible:plausible@plausible-db-pooler.plausible/plausible?ssl=true"
clickhouse:
url: "http://plausible-events-db:8123/plausible"
secretKeyBase: "hello-this-is-plausible-analytics-this-value-must-be-at-least-64-bytes-long"
extraVolumes:
- name: tmptmp
emptyDir: {}
extraVolumeMounts:
- name: tmptmp
mountPath: /tmp/tmp
ingress:
enabled: true
hosts:
- host: plausible.bobymcbobs-weekend.pair.sharing.io
paths:
- /
realIPHeader: X-Real-Ip
tls:
- hosts:
- plausible.bobymcbobs-weekend.pair.sharing.io
secretName: letsencrypt-prod
#+END_SRC
#+BEGIN_SRC tmate :window plausible-setup
kubectl apply -f /tmp/plausible.yaml
#+END_SRC
#+BEGIN_SRC tmate :window plausible-setup
kubectl psql -n plausible plausible-db plausible psql -c "UPDATE users SET email_verified = true;"
#+END_SRC
Reference in New Issue View Git Blame Copy Permalink