diff --git a/charts/plausible/Chart.yaml b/charts/plausible/Chart.yaml index 9fdc4cb5..75c1689e 100644 --- a/charts/plausible/Chart.yaml +++ b/charts/plausible/Chart.yaml @@ -2,16 +2,16 @@ apiVersion: v2 type: application name: plausible -description: A Helm chart for Plausible -version: 1.1.0 -# renovate: image=plausible/analytics -appVersion: "v2.0.0" +description: A Helm chart for Plausible Community Edition +version: 2.0.0 +# renovate: image=ghcr.io/plausible/community-edition +appVersion: "v2.1.5" home: https://charts.pascaliske.dev/charts/plausible/ sources: - https://github.com/pascaliske/helm-charts + - https://github.com/plausible/community-edition - https://github.com/plausible/analytics - - https://github.com/plausible/hosting - https://plausible.io keywords: - plausible @@ -30,5 +30,9 @@ dependencies: annotations: # possible kinds: added, changed, deprecated, removed, fixed, security artifacthub.io/changes: | + - kind: changed + description: 'Update to Plausible Community Edition v2.1.5.' - kind: added - description: 'Add support for customizing the mount path of the GeoIP database.' + description: 'Add support for automatically creating a custom ServiceAccount.' + - kind: added + description: 'Add support for automatically creating a Secret.' diff --git a/charts/plausible/README.md b/charts/plausible/README.md index 6c6050a6..5ad0c385 100644 --- a/charts/plausible/README.md +++ b/charts/plausible/README.md @@ -1,12 +1,12 @@ # [`plausible`](https://charts.pascaliske.dev/charts/plausible/) -> A Helm chart for Plausible +> A Helm chart for Plausible Community Edition -[![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/plausible/)[![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/plausible/)[![AppVersion: v2.0.0](https://img.shields.io/badge/AppVersion-v2.0.0-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/plausible/) +[![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/plausible/)[![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/plausible/)[![AppVersion: v2.1.5](https://img.shields.io/badge/AppVersion-v2.1.5-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/plausible/) * +* * -* * ## Requirements @@ -60,11 +60,12 @@ The following values can be used to adjust the helm chart. | geoip.enabled | bool | `false` | Enable support for MaxMinds GeoLite2 database. | | geoip.frequency | int | `168` | Optional. Database update frequency. Defaults to "168" which equals 7 days. | | geoip.image.repository | string | `"ghcr.io/maxmind/geoipupdate"` | The repository for the geoip image. | -| geoip.image.tag | string | `"v6.0.0"` | The docker tag for the geoip image. | +| geoip.image.tag | string | `"v7.1.0"` | The docker tag for the geoip image. | | geoip.licenseKey | string | `""` | Required. Case-sensitive MaxMind license key. | | geoip.mountPath | string | `"/geoip"` | Optional. Specify the database mount path inside the containers. | | image.pullPolicy | string | `"IfNotPresent"` | The pull policy for the controller. | -| image.repository | string | `"plausible/analytics"` | The repository to pull the image from. | +| image.registry | string | `"ghcr.io"` | The registry to pull the image from. | +| image.repository | string | `"plausible/community-edition"` | The repository to pull the image from. | | image.tag | string | `.Chart.AppVersion` | The docker tag, if left empty chart's appVersion will be used. | | ingressRoute.annotations | object | `{}` | Additional annotations for the ingress route object. | | ingressRoute.create | bool | `false` | Create an IngressRoute object for exposing this chart. | @@ -79,6 +80,13 @@ The following values can be used to adjust the helm chart. | ports.http.port | int | `8000` | The port used as internal port and cluster-wide port if `.service.type` == `ClusterIP`. | | ports.http.protocol | string | `"TCP"` | The protocol used for the service. | | resources | object | `{}` | Compute resources used by the container. More info [here](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). | +| secret.annotations | object | `{}` | Additional annotations for the secret object. | +| secret.create | bool | `true` | Create a new secret object. | +| secret.existingSecret | string | `""` | Use an existing secret object. | +| secret.labels | object | `{}` | Additional labels for the secret object. | +| secret.values | object | `{"SECRET_KEY_BASE":"{{ randAlphaNum 42 | b64enc }}","TOTP_VAULT_KEY":"{{ randAlphaNum 32 | b64enc }}"}` | Secret values used when not using an existing secret. Helm templates are supported for values. | +| secret.values.SECRET_KEY_BASE | string | `"{{ randAlphaNum 42 | b64enc }}"` | Secret key for session tokens. | +| secret.values.TOTP_VAULT_KEY | string | `"{{ randAlphaNum 32 | b64enc }}"` | Encryption token for TOTP secrets. | | securityContext | object | `{}` | Pod-level security attributes. More info [here](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context). | | service.annotations | object | `{}` | Additional annotations for the service object. | | service.clusterIP | string | `""` | ClusterIP used if service type is `ClusterIP`. | @@ -87,6 +95,9 @@ The following values can be used to adjust the helm chart. | service.loadBalancerIP | string | `""` | LoadBalancerIP if service type is `LoadBalancer`. | | service.loadBalancerSourceRanges | list | `[]` | Allowed addresses when service type is `LoadBalancer`. | | service.type | string | `"ClusterIP"` | The service type used. | +| serviceAccount.annotations | object | `{}` | Additional annotations for the service account object. | +| serviceAccount.create | bool | `true` | Create a `ServiceAccount` object. | +| serviceAccount.labels | object | `{}` | Additional labels for the service account object. | | serviceAccount.name | string | `""` | Specify the service account used for the controller. | | serviceMonitor.annotations | object | `{}` | Additional annotations for the service monitor object. | | serviceMonitor.enabled | bool | `false` | Create a service monitor for prometheus operator. | @@ -103,4 +114,4 @@ The following values can be used to adjust the helm chart. ## License -[MIT](../LICENSE.md) – © 2023 [Pascal Iske](https://pascaliske.dev) +[MIT](../LICENSE.md) – © 2025 [Pascal Iske](https://pascaliske.dev) diff --git a/charts/plausible/ci/ct-values.yaml b/charts/plausible/ci/ct-values.yaml new file mode 100644 index 00000000..d9de3d1f --- /dev/null +++ b/charts/plausible/ci/ct-values.yaml @@ -0,0 +1,7 @@ +env: + - name: BASE_URL + value: http://plausible-web:8000 + +ports: + http: + port: 8000 diff --git a/charts/plausible/templates/NOTES.txt b/charts/plausible/templates/NOTES.txt index e1d3f69b..93c2f804 100644 --- a/charts/plausible/templates/NOTES.txt +++ b/charts/plausible/templates/NOTES.txt @@ -11,6 +11,6 @@ {{- else if contains "ClusterIP" .Values.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "plausible.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT + echo "Visit http://127.0.0.1:8000 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8000:$CONTAINER_PORT {{- end }} diff --git a/charts/plausible/templates/controller.yaml b/charts/plausible/templates/controller.yaml index 51625149..6d1f61a0 100644 --- a/charts/plausible/templates/controller.yaml +++ b/charts/plausible/templates/controller.yaml @@ -31,13 +31,13 @@ spec: serviceAccountName: {{ include "plausible.serviceAccountName" . }} initContainers: - name: init-database - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /bin/sh - -c args: - - sleep 30 && /entrypoint.sh db createdb && /entrypoint.sh db migrate + - sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate env: {{- range $i, $val := .Values.env }} {{- if $val.value }} @@ -49,13 +49,28 @@ spec: {{- toYaml $val.valueFrom | nindent 16 }} {{- end }} {{- end }} + {{- if or .Values.secret.create (not (empty .Values.secret.existingSecret)) }} + {{- range $key, $val := .Values.secret.values }} + {{- if and $key $val }} + - name: {{ $key }} + valueFrom: + secretKeyRef: + {{- if $.Values.secret.existingSecret }} + name: {{ $.Values.secret.existingSecret }} + {{- else }} + name: {{ printf "%s-secrets" (include "plausible.fullname" $ ) }} + {{- end }} + key: {{ $key }} + {{- end }} + {{- end }} + {{- end }} resources: {{ if not .Values.resources -}}{}{{- end }} {{- if .Values.resources }} {{- toYaml .Values.resources | nindent 12 }} {{- end }} containers: - name: {{ template "plausible.name" . }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: {{- if .Values.ports.http.enabled }} @@ -74,10 +89,29 @@ spec: {{- toYaml $val.valueFrom | nindent 16 }} {{- end }} {{- end }} + {{- if .Values.ports.http.enabled }} + - name: HTTP_PORT + value: {{ quote .Values.ports.http.port }} + {{- end }} {{- if .Values.geoip.enabled }} - name: GEOLITE2_COUNTRY_DB value: {{ default "/geoip" .Values.geoip.mountPath }}/GeoLite2-Country.mmdb {{- end }} + {{- if or .Values.secret.create (not (empty .Values.secret.existingSecret)) }} + {{- range $key, $val := .Values.secret.values }} + {{- if and $key $val }} + - name: {{ $key }} + valueFrom: + secretKeyRef: + {{- if $.Values.secret.existingSecret }} + name: {{ $.Values.secret.existingSecret }} + {{- else }} + name: {{ printf "%s-secrets" (include "plausible.fullname" $ ) }} + {{- end }} + key: {{ $key }} + {{- end }} + {{- end }} + {{- end }} {{- if .Values.geoip.enabled }} volumeMounts: - name: geoip-volume diff --git a/charts/plausible/templates/secret.yaml b/charts/plausible/templates/secret.yaml new file mode 100644 index 00000000..7315b62e --- /dev/null +++ b/charts/plausible/templates/secret.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.secret.create (empty .Values.secret.existingSecret) -}} +{{- if .Values.secret.values -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-secrets" (include "plausible.fullname" .) }} + labels: + {{- include "plausible.labels" . | nindent 4 }} + {{- with .Values.secret.labels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.secret.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.secret.values }} + {{- if and $key $val }} + {{ $key }}: {{ tpl $val $ | b64enc }} + {{- end }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/charts/plausible/templates/serviceaccount.yaml b/charts/plausible/templates/serviceaccount.yaml new file mode 100644 index 00000000..ebdd22c7 --- /dev/null +++ b/charts/plausible/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "plausible.serviceAccountName" . }} + labels: + {{- include "plausible.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/plausible/values.yaml b/charts/plausible/values.yaml index d7e5b107..b7a51692 100644 --- a/charts/plausible/values.yaml +++ b/charts/plausible/values.yaml @@ -1,6 +1,8 @@ image: + # -- The registry to pull the image from. + registry: ghcr.io # -- The repository to pull the image from. - repository: plausible/analytics + repository: plausible/community-edition # -- The docker tag, if left empty chart's appVersion will be used. # @default -- `.Chart.AppVersion` tag: '' @@ -99,6 +101,22 @@ ports: # -- The protocol used for the service. protocol: TCP +secret: + # -- Create a new secret object. + create: true + # -- Use an existing secret object. + existingSecret: '' + # -- Secret values used when not using an existing secret. Helm templates are supported for values. + values: + # -- Secret key for session tokens. + SECRET_KEY_BASE: '{{ randAlphaNum 42 | b64enc }}' + # -- Encryption token for TOTP secrets. + TOTP_VAULT_KEY: '{{ randAlphaNum 32 | b64enc }}' + # -- Additional annotations for the secret object. + annotations: {} + # -- Additional labels for the secret object. + labels: {} + geoip: # -- Enable support for MaxMinds GeoLite2 database. enabled: false @@ -117,8 +135,14 @@ geoip: mountPath: /geoip serviceAccount: + # -- Create a `ServiceAccount` object. + create: true # -- Specify the service account used for the controller. name: '' + # -- Additional annotations for the service account object. + annotations: {} + # -- Additional labels for the service account object. + labels: {} # -- Pod-level security attributes. More info [here](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context). securityContext: {}