feat: add plausible helmfile setup

2025-06-23 10:56:57 +02:00
parent e533015e38
commit 3b8c286842
8 changed files with 147 additions and 0 deletions
@@ -0,0 +1,31 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+repositories:
+- name: plausible
+  url: https://imio.github.io/helm-charts
+
+commonLabels:
+  tier: system
+
+releases:
+- name: manifests
+  namespace: plausible
+  chart: manifests
+  condition: nginx.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/env.yaml
+  - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
+  - ../values/plausible/env.yaml.gotmpl
+  - ../values/plausible/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/plausible/manifests
+    - manifests
@@ -0,0 +1,13 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: plausible-db
+  namespace: plausible
+spec:
+  imageName: ghcr.io/cloudnative-pg/postgresql:16.3
+  primaryUpdateStrategy: unsupervised
+  instances: 1
+  monitoring:
+    enablePodMonitor: true
+  storage:
+    size: 10Gi
@@ -0,0 +1,3 @@
+plausible:
+  enabled: true
+
@@ -0,0 +1,4 @@
+plausible:
+  enabled: false
+  autosync: false
+
@@ -0,0 +1,14 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-plausible-secure-external
+  namespace: plausible
+spec:
+  description: Allow Plausible External
+  egress:
+    - toFQDNs:
+        - matchName: data.iana.org
+        - matchName: raw.githubusercontent.com
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: plausible-analytics
@@ -0,0 +1,15 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-plausible-secure-gravatar
+  namespace: plausible
+spec:
+  description: Allow Plausible Gravatar
+  egress:
+    - toFQDNs:
+        - matchName: secure.gravatar.com
+        - matchName: gravatar.com
+        - matchName: www.gravatar.com
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: plausible-analytics
@@ -0,0 +1,41 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: plausible-analytics
+  namespace: argocd
+spec:
+  destination:
+    namespace: plausible
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: 'https://imio.github.io/helm-charts'
+    targetRevision: 0.4.0
+    chart: plausible-analytics
+    helm:
+      valueFiles:
+        - $values/values/plausible/values/values.yaml
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: main
+    ref: values
+  project: aux
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    {{- if .Values.plausible.autosync }}
+    automated:
+      prune: true
+      selfHeal: true
+    {{- end }}
+  ignoreDifferences:
+    - kind: Secret
+      name: plausible-analytics
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+{{- end }}
@@ -0,0 +1,26 @@
+baseURL: https://plausible.adm.oceanbox.io
+databaseURL: postgres://app:password@plausible-db-rw:5432/app
+clickhouse:
+  resources:
+    requests:
+      cpu: 500m
+      ephemeral-storage: 50Mi
+      memory: 512Mi
+postgresql:
+  enabled: false
+ingress:
+  enabled: true
+  ingressClassName: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    oceanbox.io/expose: internal
+  hosts:
+    - plausible.adm.oceanbox.io
+  paths:
+  - /
+  pathType: ImplementationSpecific
+  tls:
+  - secretName: plausible-tls
+    hosts:
+    - plausible.adm.oceanbox.io