feat: add plausible helmfile setup

2025-06-23 10:56:57 +02:00
parent e533015e38
commit 3b8c286842
8 changed files with 147 additions and 0 deletions
@@ -0,0 +1,31 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 repositories:
 - name: plausible
  url: https://imio.github.io/helm-charts
 commonLabels:
  tier: system
 releases:
 - name: manifests
  namespace: plausible
  chart: manifests
  condition: nginx.enabled
  missingFileHandler: Info
  values:
  - ../values/env.yaml
  - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
  - ../values/plausible/env.yaml.gotmpl
  - ../values/plausible/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/plausible/manifests
    - manifests
@@ -0,0 +1,13 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: plausible-db
  namespace: plausible
 spec:
  imageName: ghcr.io/cloudnative-pg/postgresql:16.3
  primaryUpdateStrategy: unsupervised
  instances: 1
  monitoring:
    enablePodMonitor: true
  storage:
    size: 10Gi
@@ -0,0 +1,3 @@
 plausible:
  enabled: true
@@ -0,0 +1,4 @@
 plausible:
  enabled: false
  autosync: false
@@ -0,0 +1,14 @@
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
  name: allow-plausible-secure-external
  namespace: plausible
 spec:
  description: Allow Plausible External
  egress:
    - toFQDNs:
        - matchName: data.iana.org
        - matchName: raw.githubusercontent.com
  endpointSelector:
    matchLabels:
      app.kubernetes.io/name: plausible-analytics
@@ -0,0 +1,15 @@
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
  name: allow-plausible-secure-gravatar
  namespace: plausible
 spec:
  description: Allow Plausible Gravatar
  egress:
    - toFQDNs:
        - matchName: secure.gravatar.com
        - matchName: gravatar.com
        - matchName: www.gravatar.com
  endpointSelector:
    matchLabels:
      app.kubernetes.io/name: plausible-analytics
@@ -0,0 +1,41 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: plausible-analytics
  namespace: argocd
 spec:
  destination:
    namespace: plausible
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: 'https://imio.github.io/helm-charts'
    targetRevision: 0.4.0
    chart: plausible-analytics
    helm:
      valueFiles:
        - $values/values/plausible/values/values.yaml
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: main
    ref: values
  project: aux
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: aux
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
    {{- if .Values.plausible.autosync }}
    automated:
      prune: true
      selfHeal: true
    {{- end }}
  ignoreDifferences:
    - kind: Secret
      name: plausible-analytics
      jqPathExpressions:
        - '.data'
        - '.metadata.labels'
        - '.metadata.annotations'
 {{- end }}
@@ -0,0 +1,26 @@
 baseURL: https://plausible.adm.oceanbox.io
 databaseURL: postgres://app:password@plausible-db-rw:5432/app
 clickhouse:
  resources:
    requests:
      cpu: 500m
      ephemeral-storage: 50Mi
      memory: 512Mi
 postgresql:
  enabled: false
 ingress:
  enabled: true
  ingressClassName: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    oceanbox.io/expose: internal
  hosts:
    - plausible.adm.oceanbox.io
  paths:
  - /
  pathType: ImplementationSpecific
  tls:
  - secretName: plausible-tls
    hosts:
    - plausible.adm.oceanbox.io