diff --git a/charts/matomo/Chart.yaml b/charts/matomo/Chart.yaml deleted file mode 100644 index 93e2e3e1..00000000 --- a/charts/matomo/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -appVersion: "5.3.2" -description: A Helm chart for Matomo -name: matomo -version: 11.0.53 diff --git a/charts/matomo/templates/NOTES.txt b/charts/matomo/templates/NOTES.txt deleted file mode 100644 index 8b291f1c..00000000 --- a/charts/matomo/templates/NOTES.txt +++ /dev/null @@ -1,26 +0,0 @@ -Thank you for installing {{ .Chart.Name }} from Digitalist. - -{{- if empty (.Values.matomo.dashboard.hostname) -}} -############################################################################### -### ERROR: You didn't provide a host for matomo dashboard ### -############################################################################### -{{- end -}} - -{{- if empty (.Values.matomo.tracker.hostname) -}} -############################################################################### -### ERROR: You didn't provide a host for matomo tracker ### -############################################################################### -{{- end -}} - -Your release is named {{ .Release.Name }}. - -At post install, job tuns on the install, and creates the first -site, this could fail a couple of times, but should succeed in the end. - -After installation is complete, you can access your website by this url: -{{ .Values.matomo.dashboard.hostname }} - -To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get all {{ .Release.Name }} \ No newline at end of file diff --git a/charts/matomo/templates/_helpers.tpl b/charts/matomo/templates/_helpers.tpl deleted file mode 100644 index f581face..00000000 --- a/charts/matomo/templates/_helpers.tpl +++ /dev/null @@ -1,91 +0,0 @@ -{{/* Generate basic labels */}} -{{- define "matomo.labels" }} - labels: - app.kubernetes.io/name: {{ .name }} - app.kubernetes.io/instance: {{ .instance }} - app.kubernetes.io/component: {{ .component }} - app.kubernetes.io/part-of: {{ .partOf }} - app.kubernetes.io/managed-by: {{ .managedBy }} -{{- end }} - -{{- define "matomo.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{- define "matomo.license" -}} - {{- if .Values.matomo.license }} -- name: MATOMO_LICENSE - valueFrom: - secretKeyRef: - name: {{ .Values.matomo.license.secretKeyRef.name }} - key: {{ .Values.matomo.license.secretKeyRef.key }} - {{- end -}} -{{- end -}} - -{{- define "matomo.init" -}} -initContainers: - - name: matomo-init - image: {{.Values.matomo.image}} - securityContext: - runAsUser: {{.Values.matomo.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - imagePullPolicy: Always - env: - - name: MATOMO_FIRST_USER_NAME - value: {{.Values.matomo.dashboard.firstuser.username}} - - name: MATOMO_FIRST_USER_EMAIL - value: {{.Values.matomo.dashboard.firstuser.email}} - - name: MATOMO_FIRST_USER_PASSWORD - value: {{.Values.matomo.dashboard.firstuser.password}} - - name: MATOMO_DB_HOST - value: {{.Values.db.hostname}} - - name: MATOMO_DB_NAME - value: {{.Values.db.name}} -{{ if .Values.db.prefix }} - - name: MATOMO_DB_PREFIX - value: {{.Values.db.prefix}} -{{ end }} - - name: MATOMO_DB_USERNAME - value: {{.Values.db.username}} - - name: MATOMO_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db.password.secretKeyRef.name }} - key: {{ .Values.db.password.secretKeyRef.key }} -{{ include "matomo.license" . | nindent 4 }} - command: [ 'sh' , '-c' , 'rsync -crlOt --no-owner --no-group --no-perms /usr/src/matomo/ /var/www/html/ && {{.Values.matomo.installCommand}}' ] - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi - volumeMounts: - - name: static-data - mountPath: /var/www/html - - name: matomo-configuration - mountPath: /tmp/matomo/ - readOnly: true - -{{- end -}} \ No newline at end of file diff --git a/charts/matomo/templates/configmap-matomo-cronjob-php.yaml b/charts/matomo/templates/configmap-matomo-cronjob-php.yaml deleted file mode 100644 index 8dfafa99..00000000 --- a/charts/matomo/templates/configmap-matomo-cronjob-php.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-cronjob-php - namespace: {{.Values.namespace}} -{{- if .Values.matomo.php }} -data: - zz-global.ini: | - expose_php={{ .Values.matomo.php.expose_php | default "Off" }} - opcache.memory_consumption={{ .Values.matomo.php.opcache_memory_consumption | default "512" }} - opcache.jit_buffer_size={{ .Values.matomo.php.opcache_jit_buffer_size | default "256M" }} - opcache.jit={{ .Values.matomo.php.opcache_jit | default "1235" }} - max_execution_time={{ .Values.matomo.php.max_execution_time | default "0" }} - post_max_size={{ .Values.matomo.php.post_max_size | default "1500M" }} - upload_max_filesize={{ .Values.matomo.php.upload_max_filesize | default "32M" }} - max_input_time={{ .Values.matomo.php.max_input_time | default "3600" }} - max_file_uploads={{ .Values.matomo.php.opcache_max_file_upload| default "300" }} - memory_limit={{ .Values.matomo.php.memory_limit | default "2G" }} - display_errors={{ .Values.matomo.php.display_errors | default "Off" }} - error_reporting={{ .Values.matomo.php.error_reporting | default "22527" }} - mysqli.reconnect={{ .Values.matomo.php.mysqli_reconnect | default "On" }} - mysqli.allow_local_infile={{ .Values.matomo.php.mysqli_allow_local_infile | default "On" }} - default_socket_timeout={{ .Values.matomo.php.default_socket_timeout | default "20" }} - max_input_vars={{ .Values.matomo.php.max_input_vars | default "2000" }} -{{ else }} -data: - zz-global.ini: | - expose_php=Off - opcache.memory_consumption=512 - opcache.jit_buffer_size=256M - opcache.jit=1235 - max_execution_time=0 - post_max_size=1500M - upload_max_filesize=32M - max_input_time=1800 - max_file_uploads="300" - memory_limit=2G - display_errors=Off - error_reporting="22527" - mysqli.reconnect=On - mysqli.allow_local_infile=On - default_socket_timeout=20 - max_input_vars=2000 -{{- end }} diff --git a/charts/matomo/templates/configmap-matomo-dashboard-php.yaml b/charts/matomo/templates/configmap-matomo-dashboard-php.yaml deleted file mode 100644 index cf38487d..00000000 --- a/charts/matomo/templates/configmap-matomo-dashboard-php.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-dashboard-php - namespace: {{.Values.namespace}} -{{- if .Values.matomo.php }} -data: - zz-global.ini: | - expose_php={{ .Values.matomo.php.expose_php | default "Off" }} - opcache.memory_consumption={{ .Values.matomo.php.opcache_memory_consumption | default "512" }} - opcache.interned_strings_buffer={{ .Values.matomo.php.opcache_interned_strings_buffer | default "16" }} - opcache.save_comments={{ .Values.matomo.php.opcache_save_comments | default "1" }} - opcache.jit_buffer_size={{ .Values.matomo.php.opcache_jit_buffer_size | default "256M" }} - opcache.jit={{ .Values.matomo.php.opcache_jit | default "1235" }} - max_execution_time={{ .Values.matomo.php.max_execution_time | default "300" }} - post_max_size={{ .Values.matomo.php.post_max_size | default "1500M" }} - upload_max_filesize={{ .Values.matomo.php.upload_max_filesize | default "32M" }} - max_input_time={{ .Values.matomo.php.max_input_time | default "3600" }} - max_file_uploads={{ .Values.matomo.php.opcache_max_file_upload| default "300" }} - memory_limit={{ .Values.matomo.php.memory_limit | default "2G" }} - display_errors={{ .Values.matomo.php.display_errors | default "Off" }} - error_reporting={{ .Values.matomo.php.error_reporting | default "22527" }} - mysqli.reconnect={{ .Values.matomo.php.mysqli_reconnect | default "On" }} - mysqli.allow_local_infile={{ .Values.matomo.php.mysqli_allow_local_infile | default "On" }} - default_socket_timeout={{ .Values.matomo.php.default_socket_timeout | default "20" }} -{{ else }} -data: - zz-global.ini: | - expose_php=Off - opcache.memory_consumption=512 - opcache.interned_strings_buffer=16 - opcache.save_comments=1 - opcache.jit_buffer_size=256M - opcache.jit=1235 - max_execution_time=300 - post_max_size=1500M - upload_max_filesize=32M - max_input_time=3600 - max_file_uploads="300" - memory_limit=2G - display_errors=Off - error_reporting="22527" - mysqli.reconnect="On" - mysqli.allow_local_infile="On" - default_socket_timeout="20" -{{- end }} diff --git a/charts/matomo/templates/configmap-matomo-disable-xdebug.yaml b/charts/matomo/templates/configmap-matomo-disable-xdebug.yaml deleted file mode 100644 index c8e4dfad..00000000 --- a/charts/matomo/templates/configmap-matomo-disable-xdebug.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-disable-xdebug - namespace: {{.Values.namespace}} -data: - docker-php-ext-xdebug.ini: | - ; turned off diff --git a/charts/matomo/templates/configmap-matomo-phpfpm-tracker.yaml b/charts/matomo/templates/configmap-matomo-phpfpm-tracker.yaml deleted file mode 100644 index 17746c70..00000000 --- a/charts/matomo/templates/configmap-matomo-phpfpm-tracker.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-phpfpm-tracker - namespace: {{.Values.namespace}} -{{- if .Values.matomo.tracker.phpfpm }} -data: - zz-global.conf: | - [www] - pm = {{ .Values.matomo.tracker.phpfpm.type | default "ondemand" }} - pm.max_children = {{ .Values.matomo.tracker.phpfpm.max_children | default 75 }} - pm.process_idle_timeout = {{ .Values.matomo.tracker.phpfpm.process_idle_timeout | default "600s" }} - pm.max_requests = {{ .Values.matomo.tracker.phpfpm.max_requests | default 500 }} - pm.start_servers = {{ .Values.matomo.tracker.phpfpm.start_servers | default 5 }} - pm.min_spare_servers = {{ .Values.matomo.tracker.phpfpm.min_spare_servers | default 5 }} - pm.max_spare_servers = {{ .Values.matomo.tracker.phpfpm.max_spare_servers | default 75 }} - php_admin_value[memory_limit] = {{ .Values.matomo.tracker.phpfpm.memory_limit | default "2048M" }} - pm.status_path = {{ .Values.matomo.tracker.phpfpm.status_path | default "/status" }} -{{ else }} -data: - zz-global.conf: | - [www] - pm = "ondemand" - pm.max_children = 75 - pm.process_idle_timeout = "10s" - pm.max_requests = 500 - pm.start_servers = 5 - pm.min_spare_servers = 5 - pm.max_spare_servers = 75 - php_admin_value[memory_limit] = "2048M" - pm.status_path = "/status" -{{- end }} \ No newline at end of file diff --git a/charts/matomo/templates/configmap-matomo-phpfpm.yaml b/charts/matomo/templates/configmap-matomo-phpfpm.yaml deleted file mode 100644 index f73bc49a..00000000 --- a/charts/matomo/templates/configmap-matomo-phpfpm.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-phpfpm - namespace: {{.Values.namespace}} -{{- if .Values.matomo.phpfpm }} -data: - zz-global.conf: | - [www] - pm = {{ .Values.matomo.phpfpm.type | default "ondemand" }} - pm.max_children = {{ .Values.matomo.phpfpm.max_children | default 100 }} - pm.start_servers = {{ .Values.matomo.phpfpm.start_servers | default 5 }} - pm.min_spare_servers = {{ .Values.matomo.phpfpm.min_spare_servers | default 5 }} - pm.max_spare_servers = {{ .Values.matomo.phpfpm.max_spare_servers | default 75 }} - pm.max_requests = {{ .Values.matomo.phpfpm.max_requests | default 500 }} - pm.process_idle_timeout = {{ .Values.matomo.phpfpm.process_idle_timeout | default "480s" }} - php_admin_value[memory_limit] = {{ .Values.matomo.phpfpm.memory_limit | default "2048M" }} - pm.status_path = {{ .Values.matomo.phpfpm.status_path | default "/status" }} -{{ else }} -data: - zz-global.conf: | - [www] - php_admin_value[memory_limit] = "2048M" - pm ="ondemand" - pm.max_children = 100 - pm.start_servers = 5 - pm.min_spare_servers = 5 - pm.max_spare_servers = 75 - pm.max_requests = 500 - pm.process_idle_timeout = "480s" - pm.status_path = "/status" -{{- end }} \ No newline at end of file diff --git a/charts/matomo/templates/configmap-matomo-scheduledtasks-php.yaml b/charts/matomo/templates/configmap-matomo-scheduledtasks-php.yaml deleted file mode 100644 index 9c7437a8..00000000 --- a/charts/matomo/templates/configmap-matomo-scheduledtasks-php.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-scheduledtasks-php - namespace: {{.Values.namespace}} -{{- if .Values.matomo.cronJobs.scheduledTasks.php }} -data: - zz-global.ini: | - expose_php={{ .Values.matomo.cronJobs.scheduledTasks.php.expose_php | default "Off" }} - opcache.memory_consumption={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_memory_consumption | default "512" }} - opcache.jit_buffer_size={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_jit_buffer_size | default "256M" }} - opcache.jit={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_jit | default "1235" }} - max_execution_time={{ .Values.matomo.cronJobs.scheduledTasks.php.max_execution_time | default "0" }} - post_max_size={{ .Values.matomo.cronJobs.scheduledTasks.php.post_max_size | default "1500M" }} - upload_max_filesize={{ .Values.matomo.cronJobs.scheduledTasks.php.upload_max_filesize | default "32M" }} - max_input_time={{ .Values.matomo.cronJobs.scheduledTasks.php.max_input_time | default "3600" }} - max_file_uploads={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_max_file_upload| default "300" }} - memory_limit={{ .Values.matomo.cronJobs.scheduledTasks.php.memory_limit | default "4G" }} - display_errors={{ .Values.matomo.cronJobs.scheduledTasks.php.display_errors | default "Off" }} - error_reporting={{ .Values.matomo.cronJobs.scheduledTasks.php.error_reporting | default "22527" }} - mysqli.reconnect={{ .Values.matomo.cronJobs.scheduledTasks.php.mysqli_reconnect | default "On" }} - mysqli.allow_local_infile={{ .Values.matomo.cronJobs.scheduledTasks.php.mysqli_allow_local_infile | default "On" }} - default_socket_timeout={{ .Values.matomo.cronJobs.scheduledTasks.php.default_socket_timeout | default "20" }} - max_input_vars={{ .Values.matomo.cronJobs.scheduledTasks.php.max_input_vars | default "2000" }} -{{ else }} -data: - zz-global.ini: | - expose_php=Off - opcache.memory_consumption=512 - opcache.jit_buffer_size=256M - opcache.jit=1235 - max_execution_time=0 - post_max_size=1500M - upload_max_filesize=32M - max_input_time=1800 - max_file_uploads="300" - memory_limit=4G - display_errors=Off - error_reporting="22527" - mysqli.reconnect=On - mysqli.allow_local_infile=On - default_socket_timeout=20 - max_input_vars=2000 -{{- end }} diff --git a/charts/matomo/templates/configmap-matomo.yaml b/charts/matomo/templates/configmap-matomo.yaml deleted file mode 100644 index 906d7438..00000000 --- a/charts/matomo/templates/configmap-matomo.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-configuration - namespace: {{.Values.namespace}} -{{- if .Values.matomo.config }} -data: - install.json: |- - {{ .Values.matomo.config | toJson }} -{{ else }} -data: - install.json: | - { - "PluginsInstalled": [ - "Diagnostics", - "DBStats", - "Login", - "CoreAdminHome", - "UsersManager", - "SitesManager", - "Installation", - "Monolog", - "Intl", - "CorePluginsAdmin", - "CoreHome", - "WebsiteMeasurable", - "CoreVisualizations", - "Proxy", - "API", - "Transitions", - "Actions", - "Referrers", - "UserLanguage", - "DevicesDetection", - "Goals", - "SEO", - "Events", - "UserCountry", - "GeoIp2", - "VisitsSummary", - "VisitFrequency", - "VisitTime", - "VisitorInterest", - "CoreUpdater", - "CoreConsole", - "UserCountryMap", - "Live", - "ImageGraph", - "Annotations", - "Insights", - "Morpheus", - "Contents", - "DevicePlugins", - "UserId", - "CustomJsTracker", - "ExtraTools", - "LanguagesManager", - "SegmentEditor", - "Dashboard", - "ScheduledReports", - "PrivacyManager", - "CustomVariables", - "IntranetMeasurable", - "Widgetize", - "MultiSites", - "Ecommerce", - "RssWidget", - "Feedback", - "TwoFactorAuth", - "MobileMessaging", - "Overlay", - "BulkTracking", - "Resolution", - "Heartbeat", - "Marketplace", - "ProfessionalServices", - "UserConsole" - ], - "Site": { - "name": "Localhost", - "url": "https://localhost" - }, - "Config": { - "log": { - "log_level": "ERROR" - }, - "General": { - "show_update_notification_to_superusers_only": 1, - "noreply_email_address": "noreply@digitalistgroup.com", - "enable_framed_pages": 1, - "enable_framed_settings": 1, - "enable_trusted_host_check": 0, - "enable_plugin_update_communication": 0, - "enable_auto_update": 0, - "enable_installer": 0, - "enable_internet_features": 0, - "enable_plugins_admin": 0, - "enable_plugin_upload": 0, - "enable_geolocation_admin": 1, - "proxy_client_headers[]": "HTTP_X_FORWARDED_FOR", - "browser_archiving_disabled_enforce": 1, - "enable_browser_archiving_triggering": 0, - "archiving_range_force_on_browser_request": 0, - "enable_sql_optimize_queries": 0, - "enabled_periods_UI": "day,week,month,year,range", - "enabled_periods_API": "day,week,month,year,range", - "session_save_handler": "dbtable", - "enable_marketplace": 0, - "enable_general_settings_admin": 0, - "piwik_pro_ads_enabled": 0, - "assume_secure_protocol": 1, - "cors_domains[]": "*", - "datatable_archiving_maximum_rows_referrers": 2000, - "datatable_archiving_maximum_rows_subtable_referrers": 2000, - "datatable_archiving_maximum_rows_actions": 2000, - "datatable_archiving_maximum_rows_subtable_actions": 2000, - "datatable_archiving_maximum_rows_events": 2000, - "datatable_archiving_maximum_rows_subtable_events": 2000, - "datatable_archiving_maximum_rows_custom_variables": 2000, - "datatable_archiving_maximum_rows_subtable_custom_variables": 2000, - "time_before_today_archive_considered_outdated": 2700, - "time_before_week_archive_considered_outdated": 10800, - "time_before_month_archive_considered_outdated": 32400, - "time_before_year_archive_considered_outdated": 64800, - "time_before_range_archive_considered_outdated": 10800 - } - } - } - -{{ end }} \ No newline at end of file diff --git a/charts/matomo/templates/configmap-nginx-matomo-dashboard.yaml b/charts/matomo/templates/configmap-nginx-matomo-dashboard.yaml deleted file mode 100644 index ffd9a69c..00000000 --- a/charts/matomo/templates/configmap-nginx-matomo-dashboard.yaml +++ /dev/null @@ -1,308 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-matomo-dashboard - namespace: {{.Values.namespace}} -data: - nginx.conf: | - worker_processes {{ .Values.matomo.dashboard.nginx.nginxWorkerProcesses | default 5 }}; - load_module modules/ngx_http_geoip2_module.so; - events { - worker_connections 768; - } - pid /tmp/nginx.pid; - http { - geoip2 /usr/share/geoip/GeoLite2-Country.mmdb { - $geoip2_data_country_code default=SE source=$http_x_forwarded_for country iso_code; - } - client_max_body_size 200M; - server_tokens off; - client_body_timeout 600s; - client_header_timeout 600s; - client_body_temp_path /tmp/client_temp; - proxy_temp_path /tmp/proxy_temp_path; - fastcgi_temp_path /tmp/fastcgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - scgi_temp_path /tmp/scgi_temp; - include /etc/nginx/mime.types; - default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - log_format main_geo '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" ' - '$geoip2_data_country_code'; - access_log /var/log/nginx/access.log main_geo; - sendfile on; - keepalive_timeout 0; - - server { - listen [::]:8080 default_server; - listen 8080 default_server; - server_name _; - root /var/www/html; - index index.php; - error_page 404 /404.html; - location = 404.html { - root /usr/share/nginx/html; - } - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - proxy_read_timeout 600s; - proxy_send_timeout 600s; - proxy_connect_timeout 600s; - ## Redirects all requests to index.php and Matomo. - location / { - try_files $uri $uri/ /index.php$is_args$args; - } - - location ~ js/container_.*_preview\.js$ { - expires off; - add_header Cache-Control 'private, no-cache, no-store'; - } - - location ~* /(js)/.*.(js|php)$ { - expires 30s; - add_header Cache-Control "public, no-transform"; - allow all; - } - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - ## Allow access to index.php to make dashboard work. - location ~ ^/(index).php { - try_files $uri =404; - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - proxy_read_timeout 600s; - proxy_send_timeout 600s; - proxy_connect_timeout 600s; - fastcgi_read_timeout 600s; - fastcgi_send_timeout 600s; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - - fastcgi_param HTTP_PROXY ""; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - fastcgi_param PHP_VALUE "max_execution_time=3600 - post_max_size=1500M - upload_max_filesize=32M - max_input_time=3600 - max_file_uploads=300"; - include fastcgi_params; - } - - ## Allow access to heatmapsessionsrecording plugin is needed to make it work. - location = /plugins/HeatmapSessionRecording/configs.php { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - fastcgi_read_timeout 120s; - fastcgi_send_timeout 120s; - fastcgi_param HTTP_PROXY ""; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - include fastcgi_params; - } - - ## Allow access to static media files. - location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ { - allow all; - ## Cache images,CSS,JS and webfonts for an hour - ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade - expires 1h; - add_header Pragma public; - add_header Cache-Control "public"; - } - # location ~ ^/(status)$ { - # access_log off; - - # # allow 127.0.0.1; - # # allow 1.2.3.4; - # # deny all; - - # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # fastcgi_index index.php; - # include fastcgi_params; - # ## Now the port or socket of the php-fpm pool we want the status of - # fastcgi_pass 127.0.0.1:9000; - # # fastcgi_pass unix:/run/php-fpm/your_socket.sock; - # } - ## Deny access to all other .php files. - location ~* ^.+\.php$ { - deny all; - return 403; - } - - ## Deny access to key matomo folders and files that dashboard should not serve. - location ~ /(config|tmp|core|lang|libs|vendor|plugins|misc/user|piwik.js|piwik.php|matomo.js|matomo.php) { - deny all; - return 403; - } - - ## Deny access to all files starting with ".ht" - location ~ /\.ht { - deny all; - return 403; - } - - ## Deny access to Markdown files - location ~* ^.+\.md$ { - deny all; - return 403; - } - ## Deny access to compose.json and package.json - location ~ ^/[^.]*\.json$ { - deny all; - return 403; - } - ## Deny access to compose.lock and other lock files in root - location ~ ^/[^.]*\.lock$ { - deny all; - return 403; - } - } - } - fastcgi_params: | - fastcgi_param COUNTRY_CODE $geoip2_data_country_code; - fastcgi_param QUERY_STRING $query_string; - fastcgi_param REQUEST_METHOD $request_method; - fastcgi_param CONTENT_TYPE $content_type; - fastcgi_param CONTENT_LENGTH $content_length; - - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; - fastcgi_param REQUEST_URI $request_uri; - fastcgi_param DOCUMENT_URI $document_uri; - fastcgi_param DOCUMENT_ROOT $document_root; - fastcgi_param SERVER_PROTOCOL $server_protocol; - - fastcgi_param GATEWAY_INTERFACE CGI/1.1; - fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - - fastcgi_param REMOTE_ADDR $remote_addr; - fastcgi_param REMOTE_PORT $remote_port; - fastcgi_param SERVER_ADDR $server_addr; - fastcgi_param SERVER_PORT $server_port; - fastcgi_param SERVER_NAME $server_name; - - fastcgi_param HTTPS $https; - - # PHP only, required if PHP was built with --enable-force-cgi-redirect - fastcgi_param REDIRECT_STATUS 200; - mime.types: | - types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - font/woff woff; - font/woff2 woff2; - - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; - } diff --git a/charts/matomo/templates/configmap-nginx-matomo-tracker.yaml b/charts/matomo/templates/configmap-nginx-matomo-tracker.yaml deleted file mode 100644 index de08053d..00000000 --- a/charts/matomo/templates/configmap-nginx-matomo-tracker.yaml +++ /dev/null @@ -1,289 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-matomo-tracker - namespace: {{.Values.namespace}} -data: - nginx.conf: | - worker_processes {{ .Values.matomo.tracker.nginx.nginxWorkerProcesses | default 5 }}; - load_module modules/ngx_http_geoip2_module.so; - events { - worker_connections 768; - } - pid /tmp/nginx.pid; - http { - geoip2 /usr/share/geoip/GeoLite2-Country.mmdb { - $geoip2_data_country_code default=SE source=$http_x_forwarded_for country iso_code; - } - client_max_body_size 200M; - server_tokens off; - client_body_temp_path /tmp/client_temp; - proxy_temp_path /tmp/proxy_temp_path; - fastcgi_temp_path /tmp/fastcgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - scgi_temp_path /tmp/scgi_temp; - include /etc/nginx/mime.types; - default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - log_format main_geo '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" ' - '$geoip2_data_country_code'; - access_log /var/log/nginx/access.log main_geo; - sendfile on; - keepalive_timeout 0; - - map $args $method { - default 0; - "~UserFeedback.saveFeedback" 1; - "~UserFeedback.getForm" 1; - } - server { - listen [::]:8080 default_server; - listen 8080 default_server; - server_name _; - root /var/www/html; - index matomo.php; - add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - - location ~ ^/(node_modules/jquery/dist/jquery)\.js$ { - proxy_ignore_headers Cache-Control; - allow all; - } - location ~ ^/(node_modules/jquery/dist/jquery)\.js$ { - proxy_ignore_headers Cache-Control; - allow all; - } - - location ~* \.(js|css)$ { - proxy_ignore_headers Cache-Control; - add_header Access-Control-Allow-Origin *; - allow all; - } - - location = /favicon.ico { - log_not_found off; - access_log off; - } - ## only allow accessing the following php files - location ~ ^/(matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ { - include fastcgi_params; - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - try_files $fastcgi_script_name =404; # protects against CVE-2019-11043. - fastcgi_pass 127.0.0.1:9000; - fastcgi_read_timeout 240s; - fastcgi_param HTTP_PROXY ""; - fastcgi_index matomo.php; - } - location ~ ^/(status)$ { - access_log off; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_pass 127.0.0.1:9000; - } - - ## serve all other files normally - location / { - try_files $uri $uri/ =404; - } - ## disable all access to the following directories - location ~ ^/(config|tmp|core|lang) { - deny all; - return 403; # replace with 404 to not show these directories exist - } - location ~ /\.ht { - deny all; - return 403; - } - location ~ js/container_.*_preview\.js$ { - expires off; - add_header Cache-Control 'private, no-cache, no-store'; - } - location ~ \.(gif|ico|jpg|png|svg|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ { - allow all; - ## Cache images,CSS and webfonts for an hour - ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade - expires 1h; - add_header Pragma public; - add_header Cache-Control "public"; - } - location ~ \.(js)$ { - allow all; - ## Cache JS for 5 minutes - ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade - expires 5m; - add_header Pragma public; - add_header Cache-Control "public"; - } - location ~ ^/(libs|vendor|plugins|misc|node_modules) { - deny all; - return 403; - } - ## properly display textfiles in root directory - location ~/(.*\.md|LEGALNOTICE|LICENSE) { - default_type text/plain; - } - - location ~* ^.+\.php$ { - try_files $uri =404; - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - proxy_read_timeout 600s; - proxy_send_timeout 600s; - proxy_connect_timeout 75s; - fastcgi_read_timeout 600s; - fastcgi_send_timeout 600s; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - fastcgi_param HTTP_PROXY ""; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - include fastcgi_params; - if ( $method = 0 ) { - return 403; - } - } - } - } - fastcgi_params: | - fastcgi_param COUNTRY_CODE $geoip2_data_country_code; - fastcgi_param QUERY_STRING $query_string; - fastcgi_param REQUEST_METHOD $request_method; - fastcgi_param CONTENT_TYPE $content_type; - fastcgi_param CONTENT_LENGTH $content_length; - - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; - fastcgi_param REQUEST_URI $request_uri; - fastcgi_param DOCUMENT_URI $document_uri; - fastcgi_param DOCUMENT_ROOT $document_root; - fastcgi_param SERVER_PROTOCOL $server_protocol; - - fastcgi_param GATEWAY_INTERFACE CGI/1.1; - fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - - fastcgi_param REMOTE_ADDR $remote_addr; - fastcgi_param REMOTE_PORT $remote_port; - fastcgi_param SERVER_ADDR $server_addr; - fastcgi_param SERVER_PORT $server_port; - fastcgi_param SERVER_NAME $server_name; - - fastcgi_param HTTPS $https; - - # PHP only, required if PHP was built with --enable-force-cgi-redirect - fastcgi_param REDIRECT_STATUS 200; - mime.types: | - types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - font/woff woff; - font/woff2 woff2; - - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; - } diff --git a/charts/matomo/templates/configmap-pre-upgrade-extras.yaml b/charts/matomo/templates/configmap-pre-upgrade-extras.yaml deleted file mode 100644 index fd95932d..00000000 --- a/charts/matomo/templates/configmap-pre-upgrade-extras.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ if .Values.extraConfigMaps.create -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-pre-upgrade-additional-config-maps - namespace: {{.Values.namespace}} - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - partOf: matomo - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "-6" - "helm.sh/hook-delete-policy": hook-succeeded -data: -{{- if and .Values.extraConfigMaps.create .Values.extraConfigMaps.data }} -{{- range $index, $content := .Values.extraConfigMaps.data }} - {{ $index }}: |- -{{ $content | indent 4 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/matomo/templates/configmap-supervisor-queuedtrackingmonitor.yaml b/charts/matomo/templates/configmap-supervisor-queuedtrackingmonitor.yaml deleted file mode 100644 index d00040fc..00000000 --- a/charts/matomo/templates/configmap-supervisor-queuedtrackingmonitor.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-supervisor-queuedtrackingmonitor - namespace: {{.Values.namespace}} -data: - queuedtracking-monitor.ini: | - [unix_http_server] - file = /home/www-data/supervisord.sock - - [program:queuedtracking-monitor] - startretries=100 - process_name=%(program_name)s_%(process_num)02d - command=sh -c 'while ( php /var/www/html/console queuedtracking:monitor --iterations=1 );do sleep 2; done' - autostart=true - autorestart=true - user=www-data - numprocs=1 - redirect_stderr=true - stdout_events_enabled=true - stderr_events_enabled=true - stdout_logfile_maxbytes=0 - stderr_logfile_maxbytes=0 - stdout_logfile=/dev/stdout - stderr_logfile=/dev/stderr diff --git a/charts/matomo/templates/configmap-supervisor-queuedtrackingprocess.yaml b/charts/matomo/templates/configmap-supervisor-queuedtrackingprocess.yaml deleted file mode 100644 index 6d1b0491..00000000 --- a/charts/matomo/templates/configmap-supervisor-queuedtrackingprocess.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-supervisor-queuedtrackingprocess - namespace: {{.Values.namespace}} -data: - queuedtracking-process.ini: | - [unix_http_server] - file = /home/www-data/supervisord.sock - - [program:queuedtracking-process] - startretries=100 - process_name=%(program_name)s_%(process_num)02d - command=sh -c 'while ( php /var/www/html/console queuedtracking:process );do sleep 5; done' - autostart=true - autorestart=true - user=www-data - numprocs={{ .Values.matomo.queuedTrackingProcess.numProcs | default 1 }} - redirect_stderr=true - stdout_events_enabled=true - stderr_events_enabled=true - stdout_logfile_maxbytes=0 - stderr_logfile_maxbytes=0 - stdout_logfile=/dev/stdout - stderr_logfile=/dev/stderr diff --git a/charts/matomo/templates/configmap-supervisor-tracker.yaml b/charts/matomo/templates/configmap-supervisor-tracker.yaml deleted file mode 100644 index 04dbf1a1..00000000 --- a/charts/matomo/templates/configmap-supervisor-tracker.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-supervisor-tracker - namespace: {{.Values.namespace}} -data: - regenerate-matomo-js.ini: | - [unix_http_server] - file = /home/www-data/supervisord.sock - [program:php-fpm] - priority=1 - process_name=%(program_name)s_%(process_num)02d - command=php-fpm - autostart=true - autorestart=true - user=www-data - redirect_stderr=true - stdout_events_enabled=true - stderr_events_enabled=true - startretries=100 - [program:regenerate-matomo-js] - priority=2 - process_name=%(program_name)s_%(process_num)02d - command=sh -c 'while ( php /var/www/html/console custom-matomo-js:update && php /var/www/html/console tagmanager:regenerate-released-containers );do sleep 120; done' - autostart=true - autorestart=true - user=www-data - redirect_stderr=true - stdout_events_enabled=true - stderr_events_enabled=true diff --git a/charts/matomo/templates/configmaps-extras.yaml b/charts/matomo/templates/configmaps-extras.yaml deleted file mode 100644 index 74e53ad6..00000000 --- a/charts/matomo/templates/configmaps-extras.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{ if .Values.extraConfigMaps.create -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: matomo-additional-config-maps - namespace: {{.Values.namespace}} -data: -{{- if and .Values.extraConfigMaps.create .Values.extraConfigMaps.data }} -{{- range $index, $content := .Values.extraConfigMaps.data }} - {{ $index }}: |- -{{ $content | indent 4 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/matomo/templates/cronjob-matomo-corearchive.yaml b/charts/matomo/templates/cronjob-matomo-corearchive.yaml deleted file mode 100644 index 485a370a..00000000 --- a/charts/matomo/templates/cronjob-matomo-corearchive.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -{{- if .Values.matomo.cronJobs.coreArchive.enabled }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: matomo-jobs-corearchive - namespace: {{.Values.namespace}} -spec: - schedule: {{quote .Values.matomo.cronJobs.coreArchive.schedule}} - concurrencyPolicy: {{.Values.matomo.cronJobs.coreArchive.concurrencyPolicy}} - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 - jobTemplate: - spec: - activeDeadlineSeconds: {{.Values.matomo.cronJobs.coreArchive.activeDeadlineSeconds}} - template: - spec: -{{ include "matomo.init" . | nindent 10 }} - containers: - - name: matomo-jobs-corearchive - image: {{.Values.matomo.image}} - imagePullPolicy: Always - {{- if .Values.matomo.cronJobs.coreArchive.resources }} - resources: -{{ toYaml .Values.matomo.cronJobs.coreArchive.resources | indent 14 }} - {{- end }} - securityContext: - runAsUser: {{.Values.matomo.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - command: [ 'sh' , '-c' , '{{.Values.matomo.cronJobs.coreArchive.command}}' ] - env: - - name: MARIADB_MATOMO_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db.password.secretKeyRef.name }} - key: {{ .Values.db.password.secretKeyRef.key }} - volumeMounts: - - name: static-data - mountPath: /var/www/html - - name: matomo-phpfpm - mountPath: /usr/local/etc/php-fpm.d/zz-global.conf - subPath: zz-global.conf - - name: matomo-cronjob-php - mountPath: /usr/local/etc/php/conf.d/zz-global.ini - subPath: zz-global.ini - restartPolicy: OnFailure -{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 10 }} - volumes: - - name: matomo-configuration - configMap: - name: matomo-configuration - - name: static-data - emptyDir: {} - - name: matomo-phpfpm - configMap: - name: matomo-phpfpm - - name: matomo-cronjob-php - configMap: - name: matomo-cronjob-php -{{- end -}} diff --git a/charts/matomo/templates/cronjob-matomo-scheduled-tasks.yaml b/charts/matomo/templates/cronjob-matomo-scheduled-tasks.yaml deleted file mode 100644 index 18a31afb..00000000 --- a/charts/matomo/templates/cronjob-matomo-scheduled-tasks.yaml +++ /dev/null @@ -1,57 +0,0 @@ ---- -{{- if .Values.matomo.cronJobs.scheduledTasks.enabled }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: matomo-jobs-scheduled-tasks - namespace: {{.Values.namespace}} - {{- template "matomo.labels" .Values.matomo.cronJobs.scheduledTasks.labels }} -spec: - schedule: {{quote .Values.matomo.cronJobs.scheduledTasks.schedule}} - concurrencyPolicy: Forbid - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 - jobTemplate: - spec: - activeDeadlineSeconds: {{.Values.matomo.cronJobs.scheduledTasks.activeDeadlineSeconds}} - template: - spec: -{{ include "matomo.init" . | nindent 10 }} - containers: - - name: matomo-jobs-scheduledtasks - image: {{.Values.matomo.image}} - imagePullPolicy: Always - securityContext: - runAsUser: {{.Values.matomo.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - command: [ 'sh' , '-c' , {{quote .Values.matomo.cronJobs.scheduledTasks.command}} ] - env: - - name: MARIADB_MATOMO_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db.password.secretKeyRef.name }} - key: {{ .Values.db.password.secretKeyRef.key }} -{{ include "matomo.license" . | nindent 12 }} - {{- if .Values.matomo.cronJobs.scheduledTasks.resources }} - resources: -{{ toYaml .Values.matomo.cronJobs.scheduledTasks.resources | indent 14 }} - {{- end }} - volumeMounts: - - name: static-data - mountPath: /var/www/html - - name: matomo-scheduledtasks-php - mountPath: /usr/local/etc/php/conf.d/zz-global.ini - subPath: zz-global.ini - restartPolicy: OnFailure -{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 10 }} - volumes: - - name: matomo-configuration - configMap: - name: matomo-configuration - - name: static-data - emptyDir: {} - - name: matomo-scheduledtasks-php - configMap: - name: matomo-scheduledtasks-php -{{- end -}} diff --git a/charts/matomo/templates/deployment-matomo-cli.yaml b/charts/matomo/templates/deployment-matomo-cli.yaml deleted file mode 100644 index 6fd8b134..00000000 --- a/charts/matomo/templates/deployment-matomo-cli.yaml +++ /dev/null @@ -1,79 +0,0 @@ ---- -{{- if .Values.matomo.cli.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: matomo-cli - namespace: {{.Values.namespace}} - labels: - app: matomo-cli -{{- if .Values.matomo.extralabels }} -{{ toYaml .Values.matomo.extralabels | indent 4 }} -{{- end }} -spec: - replicas: {{.Values.matomo.cli.replicas}} - selector: - matchLabels: - app: matomo-cli - template: - metadata: - labels: - app: matomo-cli -{{- if .Values.matomo.extralabels }} -{{ toYaml .Values.matomo.extralabels | indent 8 }} -{{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }} - spec: -{{ include "matomo.init" . | nindent 6 }} - containers: - - name: matomo - image: {{.Values.matomo.image}} - {{- if .Values.matomo.cli.resources }} - resources: -{{ toYaml .Values.matomo.cli.resources | indent 10 }} - {{- end }} - securityContext: - runAsUser: {{.Values.matomo.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - imagePullPolicy: Always - env: - - name: MATOMO_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db.password.secretKeyRef.name }} - key: {{ .Values.db.password.secretKeyRef.key }} -{{ include "matomo.license" . | nindent 8 }} - command: [ 'sh' , '-c' , 'supervisord -n' ] - volumeMounts: - - name: static-data - mountPath: /var/www/html - - name: matomo-supervisor-tracker - mountPath: /etc/supervisor.d - readOnly: true -{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }} - volumes: - - name: matomo-configuration - configMap: - name: matomo-configuration - - name: static-data - emptyDir: {} - - name: matomo-supervisor-tracker - configMap: - name: matomo-supervisor-tracker ---- -apiVersion: v1 -kind: Service -metadata: - name: matomo-cli - namespace: {{.Values.namespace}} - labels: - app: matomo-cli -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: matomo-cli -{{- end -}} diff --git a/charts/matomo/templates/deployment-matomo-dashboard.yaml b/charts/matomo/templates/deployment-matomo-dashboard.yaml deleted file mode 100644 index aa081412..00000000 --- a/charts/matomo/templates/deployment-matomo-dashboard.yaml +++ /dev/null @@ -1,204 +0,0 @@ ---- -{{- if .Values.matomo.dashboard.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: matomo-dashboard - namespace: {{.Values.namespace}} - labels: - app: matomo-dashboard -{{- if .Values.matomo.extralabels }} -{{ toYaml .Values.matomo.extralabels | indent 4 }} -{{- end }} -spec: - replicas: {{.Values.matomo.dashboard.replicas}} - selector: - matchLabels: - app: matomo-dashboard - template: - metadata: - labels: - app: matomo-dashboard -{{- if .Values.matomo.extralabels }} -{{ toYaml .Values.matomo.extralabels | indent 8 }} -{{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }} - spec: -{{ include "matomo.init" . | nindent 6 }} - containers: - {{- if .Values.matomo.dashboard.sidecars }} -{{ toYaml .Values.matomo.dashboard.sidecars | indent 6 }} - {{- end }} - - name: fpm-metrics - securityContext: - runAsUser: {{.Values.matomo.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - image: hipages/php-fpm_exporter:2.2.0 - imagePullPolicy: Always - env: - - name: PHP_FPM_FIX_PROCESS_COUNT - value: "true" - resources: - limits: - memory: 128Mi - requests: - cpu: 15m - memory: 32Mi - - name: nginx - image: {{.Values.nginx.image}} - {{- if .Values.nginx.resources }} - resources: -{{ toYaml .Values.nginx.resources | indent 10 }} - {{- end }} - # readinessProbe: - # httpGet: - # scheme: HTTP - # path: /index.php - # port: 8080 - livenessProbe: - exec: - command: - - /bin/sh - - -c - - "[ -f /tmp/nginx.pid ] && ps -A | grep nginx" - initialDelaySeconds: 10 - periodSeconds: 5 - securityContext: - runAsUser: {{.Values.nginx.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - readOnly: true - - name: fastcgi-params - mountPath: /etc/nginx/fastcgi_params - subPath: fastcgi_params - readOnly: true - - name: mime-types - mountPath: /etc/nginx/mime.types - subPath: mime.types - readOnly: true - - name: static-data - mountPath: /var/www/html - readOnly: true - ports: - - containerPort: 8080 - - name: matomo - image: {{.Values.matomo.image}} - {{- if .Values.matomo.resources }} - resources: -{{ toYaml .Values.matomo.resources | indent 10 }} - {{- end }} - securityContext: - runAsUser: {{.Values.matomo.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - imagePullPolicy: Always - env: - - name: MATOMO_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db.password.secretKeyRef.name }} - key: {{ .Values.db.password.secretKeyRef.key }} -{{ include "matomo.license" . | nindent 8 }} - ports: - - containerPort: 9000 - volumeMounts: - - name: static-data - mountPath: /var/www/html - - name: matomo-phpfpm - mountPath: /usr/local/etc/php-fpm.d/zz-global.conf - subPath: zz-global.conf - - name: matomo-dashboard-php - mountPath: /usr/local/etc/php/conf.d/zz-global.ini - subPath: zz-global.ini - {{- if .Values.xdebug.disabled }} - - name: matomo-disable-xdebug - mountPath: /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini - subPath: docker-php-ext-xdebug.ini - {{- end }} -{{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 10 }} -{{- end }} - {{- if .Values.matomo.livenessProbe }} - livenessProbe: - {{- if .Values.matomo.livenessProbe.exec }} - exec: - command: - - sh - - -c - - {{ .Values.matomo.livenessProbe.exec.command }} - initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 10 }} - periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 20 }} - timeoutSeconds: {{ .Values.matomo.livenessProbe.timeoutSeconds | default 10 }} - {{- end }} - {{- end }} - {{- if .Values.matomo.readinessProbe }} - readinessProbe: - httpGet: - path: {{ .Values.matomo.readinessProbe.httpGet.path }} - port: {{ .Values.matomo.readinessProbe.httpGet.port | default 80 }} - initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 30 }} - periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 30 }} - {{- end }} -{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }} - volumes: - - name: nginx-conf - configMap: - name: nginx-matomo-dashboard - items: - - key: nginx.conf - path: nginx.conf - - name: fastcgi-params - configMap: - name: nginx-matomo-dashboard - items: - - key: fastcgi_params - path: fastcgi_params - - name: mime-types - configMap: - name: nginx-matomo-dashboard - items: - - key: mime.types - path: mime.types - - name: matomo-configuration - configMap: - name: matomo-configuration - - name: matomo-phpfpm - configMap: - name: matomo-phpfpm - - name: matomo-dashboard-php - configMap: - name: matomo-dashboard-php - {{- if .Values.xdebug.disabled }} - - name: matomo-disable-xdebug - configMap: - name: matomo-disable-xdebug - {{- end }} - - name: static-data - emptyDir: {} -{{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6 }} -{{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: matomo-dashboard - namespace: {{.Values.namespace}} - labels: - app: matomo-dashboard -{{- if .Values.matomo.extralabels }} -{{ toYaml .Values.matomo.extralabels | indent 4 }} -{{- end }} -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: matomo-dashboard -{{- end -}} diff --git a/charts/matomo/templates/deployment-matomo-queuedtrackingmonitor.yaml b/charts/matomo/templates/deployment-matomo-queuedtrackingmonitor.yaml deleted file mode 100644 index bb8dac72..00000000 --- a/charts/matomo/templates/deployment-matomo-queuedtrackingmonitor.yaml +++ /dev/null @@ -1,68 +0,0 @@ ---- -{{- if .Values.matomo.queuedTrackingMonitor.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: matomo-queuedtracking-monitor - namespace: {{.Values.namespace}} - labels: - app: matomo-queuedtracking-monitor -{{- if .Values.matomo.extralabels }} -{{ toYaml .Values.matomo.extralabels | indent 4 }} -{{- end }} -spec: - replicas: {{.Values.matomo.queuedTrackingMonitor.replicas | default 1}} - selector: - matchLabels: - app: matomo-queuedtracking-monitor - template: - metadata: - labels: - app: matomo-queuedtracking-monitor -{{- if .Values.matomo.extralabels }} -{{ toYaml .Values.matomo.extralabels | indent 8 }} -{{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }} - spec: -{{ include "matomo.init" . | nindent 6 }} - containers: - - name: matomo - image: {{.Values.matomo.image}} - resources: - requests: - memory: "128Mi" - cpu: "300m" - limits: - memory: "180Mi" - cpu: "500m" - securityContext: - runAsUser: {{.Values.matomo.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - imagePullPolicy: Always - env: - - name: MATOMO_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db.password.secretKeyRef.name }} - key: {{ .Values.db.password.secretKeyRef.key }} -{{ include "matomo.license" . | nindent 8 }} - command: [ 'sh' , '-c' , 'supervisord -n' ] - volumeMounts: - - name: static-data - mountPath: /var/www/html - - name: matomo-supervisor-queuedtrackingmonitor - mountPath: /etc/supervisor.d - readOnly: true -{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }} - volumes: - - name: matomo-configuration - configMap: - name: matomo-configuration - - name: static-data - emptyDir: {} - - name: matomo-supervisor-queuedtrackingmonitor - configMap: - name: matomo-supervisor-queuedtrackingmonitor -{{- end -}} diff --git a/charts/matomo/templates/deployment-matomo-queuedtrackingprocess.yaml b/charts/matomo/templates/deployment-matomo-queuedtrackingprocess.yaml deleted file mode 100644 index 9daf4db1..00000000 --- a/charts/matomo/templates/deployment-matomo-queuedtrackingprocess.yaml +++ /dev/null @@ -1,68 +0,0 @@ ---- -{{- if .Values.matomo.queuedTrackingProcess.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: matomo-queuedtracking-process - namespace: {{.Values.namespace}} - labels: - app: matomo-queuedtracking-process -{{- if .Values.matomo.extralabels }} -{{ toYaml .Values.matomo.extralabels | indent 4 }} -{{- end }} -spec: - replicas: {{.Values.matomo.queuedTrackingProcess.replicas}} - selector: - matchLabels: - app: matomo-queuedtracking-process - template: - metadata: - labels: - app: matomo-queuedtracking-process -{{- if .Values.matomo.extralabels }} -{{ toYaml .Values.matomo.extralabels | indent 8 }} -{{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }} - spec: -{{ include "matomo.init" . | nindent 6 }} - containers: - - name: matomo - image: {{.Values.matomo.image}} - resources: - requests: - memory: "128Mi" - cpu: "250m" - limits: - memory: "220Mi" - cpu: "1" - securityContext: - runAsUser: {{.Values.matomo.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - imagePullPolicy: Always - env: - - name: MATOMO_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db.password.secretKeyRef.name }} - key: {{ .Values.db.password.secretKeyRef.key }} -{{ include "matomo.license" . | nindent 8 }} - command: [ 'sh' , '-c' , 'supervisord -n' ] - volumeMounts: - - name: static-data - mountPath: /var/www/html - - name: matomo-supervisor-queuedtrackingprocess - mountPath: /etc/supervisor.d - readOnly: true -{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }} - volumes: - - name: matomo-configuration - configMap: - name: matomo-configuration - - name: static-data - emptyDir: {} - - name: matomo-supervisor-queuedtrackingprocess - configMap: - name: matomo-supervisor-queuedtrackingprocess -{{- end -}} diff --git a/charts/matomo/templates/deployment-matomo-tracker.yaml b/charts/matomo/templates/deployment-matomo-tracker.yaml deleted file mode 100644 index cac0b535..00000000 --- a/charts/matomo/templates/deployment-matomo-tracker.yaml +++ /dev/null @@ -1,179 +0,0 @@ ---- -{{- if .Values.matomo.tracker.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: matomo-tracker - namespace: {{.Values.namespace}} - labels: - app: matomo-tracker -{{- if .Values.matomo.extralabels }} -{{ toYaml .Values.matomo.extralabels | indent 4 }} -{{- end }} -spec: - replicas: {{.Values.matomo.tracker.replicas}} - selector: - matchLabels: - app: matomo-tracker - template: - metadata: - labels: - app: matomo-tracker -{{- if .Values.matomo.extralabels }} -{{ toYaml .Values.matomo.extralabels | indent 8 }} -{{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }} - spec: -{{ include "matomo.init" . | nindent 6 }} - containers: - - name: fpm-metrics - securityContext: - runAsUser: {{.Values.matomo.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - image: hipages/php-fpm_exporter:2.2.0 - imagePullPolicy: Always - resources: - limits: - cpu: 40m - memory: 32Mi - requests: - cpu: 40m - memory: 32Mi - - name: nginx - image: {{.Values.nginx.image}} - {{- if .Values.matomo.tracker.nginx.resources }} - resources: -{{ toYaml .Values.matomo.tracker.nginx.resources | indent 10 }} - {{- end }} - # readinessProbe: - # httpGet: - # scheme: HTTP - # path: /matomo.js - # port: 8080 - # initialDelaySeconds: 10 - # periodSeconds: 5 - livenessProbe: - exec: - command: - - /bin/sh - - -c - - "[ -f /tmp/nginx.pid ] && ps -A | grep nginx" - initialDelaySeconds: 10 - periodSeconds: 5 - securityContext: - runAsUser: {{.Values.nginx.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - readOnly: true - - name: fastcgi-params - mountPath: /etc/nginx/fastcgi_params - subPath: fastcgi_params - readOnly: true - - name: mime-types - mountPath: /etc/nginx/mime.types - subPath: mime.types - readOnly: true - - name: static-data - mountPath: /var/www/html - readOnly: true - ports: - - containerPort: 8080 - - name: matomo - image: {{.Values.matomo.image}} - {{- if .Values.matomo.tracker.resources }} - resources: -{{ toYaml .Values.matomo.tracker.resources | indent 10 }} - {{- end }} - securityContext: - runAsUser: {{.Values.matomo.runAsUser}} - privileged: false - allowPrivilegeEscalation: false - imagePullPolicy: Always - env: - - name: MATOMO_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db.password.secretKeyRef.name }} - key: {{ .Values.db.password.secretKeyRef.key }} - command: [ 'sh' , '-c' , 'supervisord -n' ] - volumeMounts: - - name: static-data - mountPath: /var/www/html - - name: matomo-supervisor-tracker - mountPath: /etc/supervisor.d - readOnly: true - - name: matomo-phpfpm-tracker - mountPath: /usr/local/etc/php-fpm.d/zz-global.conf - subPath: zz-global.conf - {{- if .Values.matomo.livenessProbe }} - livenessProbe: - {{- if .Values.matomo.livenessProbe.exec }} - exec: - command: - - sh - - -c - - {{ .Values.matomo.livenessProbe.exec.command }} - initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 10 }} - periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 20 }} - timeoutSeconds: {{ .Values.matomo.livenessProbe.timeoutSeconds | default 10 }} - {{- end }} - {{- end }} - {{- if .Values.matomo.readinessProbe }} - readinessProbe: - httpGet: - path: {{ .Values.matomo.readinessProbe.httpGet.path }} - port: {{ .Values.matomo.readinessProbe.httpGet.port | default 80 }} - initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 5 }} - periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 5 }} - {{- end }} -{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }} - volumes: - - name: nginx-conf - configMap: - name: nginx-matomo-tracker - items: - - key: nginx.conf - path: nginx.conf - - name: fastcgi-params - configMap: - name: nginx-matomo-tracker - items: - - key: fastcgi_params - path: fastcgi_params - - name: mime-types - configMap: - name: nginx-matomo-tracker - items: - - key: mime.types - path: mime.types - - name: matomo-configuration - configMap: - name: matomo-configuration - - name: static-data - emptyDir: {} - - name: matomo-supervisor-tracker - configMap: - name: matomo-supervisor-tracker - - name: matomo-phpfpm-tracker - configMap: - name: matomo-phpfpm-tracker ---- -apiVersion: v1 -kind: Service -metadata: - name: matomo-tracker - labels: - app: matomo-tracker -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: matomo-tracker -{{- end -}} diff --git a/charts/matomo/templates/ingress-matomo-dashboard.yaml b/charts/matomo/templates/ingress-matomo-dashboard.yaml deleted file mode 100644 index e10ce6c3..00000000 --- a/charts/matomo/templates/ingress-matomo-dashboard.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.matomo.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - labels: - app: matomo-dashboard -{{- if .Values.matomo.ingress.extralabels }} -{{ toYaml .Values.matomo.ingress.extralabels | indent 4 }} -{{- end }} - name: matomo-dashboard - namespace: {{.Values.namespace}} - annotations: - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/client-body-timeout: 700s - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/proxy-body-size: 200m - nginx.ingress.kubernetes.io/proxy-read-timeout: 700s - {{- if .Values.matomo.ingress.annotations }} - {{- with .Values.matomo.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} - {{- if .Values.matomo.dashboard.whitelist }} - nginx.ingress.kubernetes.io/whitelist-source-range: {{.Values.matomo.dashboard.whitelist | toPrettyJson}} - {{ else }} - {{- end }} -spec: - {{- if .Values.matomo.dashboard.ingressClassName }} - ingressClassName: {{.Values.matomo.dashboard.ingressClassName}} - {{- end }} - rules: - - host: {{.Values.matomo.dashboard.hostname}} - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.dashboard.loadbalancer }} - name: matomo-dashboard-lb - port: - number: 80 - {{ else }} - name: matomo-dashboard - port: - number: 8080 - {{- end }} - - {{- if .Values.matomo.dashboard.tls }} - tls: - - hosts: - - {{.Values.matomo.dashboard.hostname}} - {{- if .Values.matomo.dashboard.secretName }} - secretName: {{.Values.matomo.dashboard.secretName}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/charts/matomo/templates/ingress-matomo-tracker.yaml b/charts/matomo/templates/ingress-matomo-tracker.yaml deleted file mode 100644 index 5ffc4c69..00000000 --- a/charts/matomo/templates/ingress-matomo-tracker.yaml +++ /dev/null @@ -1,193 +0,0 @@ -{{- if .Values.matomo.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - labels: - app: matomo-tracker -{{- if .Values.matomo.ingress.extralabels }} -{{ toYaml .Values.matomo.ingress.extralabels | indent 4 }} -{{- end }} - name: matomo-tracker - namespace: {{.Values.namespace}} - annotations: - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/server-snippet: | - gzip on; - gzip_disable "MSIE [1-6]\."; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 5; - gzip_min_length 512; - gzip_buffers 16 128k; - gzip_http_version 1.1; - gzip_types - application/json - application/javascript; - {{- if .Values.matomo.ingress.annotations }} - {{- with .Values.matomo.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -spec: - {{- if .Values.matomo.tracker.ingressClassName }} - ingressClassName: {{.Values.matomo.tracker.ingressClassName}} - {{- end }} - rules: - - host: {{.Values.matomo.tracker.hostname}} - http: - paths: - - path: /index.php - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.tracker.loadbalancer }} - name: matomo-tracker-lb - port: - number: 80 - {{ else }} - name: matomo-tracker - port: - number: 8080 - {{- end }} - - path: /piwik.php - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.tracker.loadbalancer }} - name: matomo-tracker-lb - port: - number: 80 - {{ else }} - name: matomo-tracker - port: - number: 8080 - {{- end }} - - path: /piwik.js - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.tracker.loadbalancer }} - name: matomo-tracker-lb - port: - number: 80 - {{ else }} - name: matomo-tracker - port: - number: 8080 - {{- end }} - - path: /matomo.php - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.tracker.loadbalancer }} - name: matomo-tracker-lb - port: - number: 80 - {{ else }} - name: matomo-tracker - port: - number: 8080 - {{- end }} - - path: /matomo.js - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.tracker.loadbalancer }} - name: matomo-tracker-lb - port: - number: 80 - {{ else }} - name: matomo-tracker - port: - number: 8080 - {{- end }} - - path: /js/.* - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.tracker.loadbalancer }} - name: matomo-tracker-lb - port: - number: 80 - {{ else }} - name: matomo-tracker - port: - number: 8080 - {{- end }} - - path: /plugins/HeatmapSessionRecording/.* - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.tracker.loadbalancer }} - name: matomo-tracker-lb - port: - number: 80 - {{ else }} - name: matomo-tracker - port: - number: 8080 - {{- end }} - - path: /plugins/Overlay/client/.* - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.tracker.loadbalancer }} - name: matomo-tracker-lb - port: - number: 80 - {{ else }} - name: matomo-tracker - port: - number: 8080 - {{- end }} - - path: /node_modules/jquery/dist/.* - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.tracker.loadbalancer }} - name: matomo-tracker-lb - port: - number: 80 - {{ else }} - name: matomo-tracker - port: - number: 8080 - {{- end }} - - - path: /plugins/UserFeedback/lib/.* - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.tracker.loadbalancer }} - name: matomo-tracker-lb - port: - number: 80 - {{ else }} - name: matomo-tracker - port: - number: 8080 - {{- end }} - - - path: /plugins/UserFeedback/css/.* - pathType: ImplementationSpecific - backend: - service: - {{- if .Values.matomo.tracker.loadbalancer }} - name: matomo-tracker-lb - port: - number: 80 - {{ else }} - name: matomo-tracker - port: - number: 8080 - {{- end }} - - {{- if .Values.matomo.tracker.tls }} - tls: - - hosts: - - {{.Values.matomo.tracker.hostname}} - {{- if .Values.matomo.tracker.secretName }} - secretName: {{.Values.matomo.tracker.secretName}} - {{- end -}} - {{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/matomo/templates/loadbalancer-matomo-dashboard.yaml b/charts/matomo/templates/loadbalancer-matomo-dashboard.yaml deleted file mode 100644 index 22b20b27..00000000 --- a/charts/matomo/templates/loadbalancer-matomo-dashboard.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.matomo.dashboard.loadbalancer }} -apiVersion: v1 -kind: Service -metadata: - name: matomo-dashboard-lb -spec: - selector: - app: matomo-dashboard - ports: - - port: 80 - targetPort: 8080 - type: LoadBalancer -{{- end -}} \ No newline at end of file diff --git a/charts/matomo/templates/loadbalancer-matomo-tracker.yaml b/charts/matomo/templates/loadbalancer-matomo-tracker.yaml deleted file mode 100644 index eb06ba05..00000000 --- a/charts/matomo/templates/loadbalancer-matomo-tracker.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.matomo.tracker.loadbalancer }} -apiVersion: v1 -kind: Service -metadata: - name: matomo-tracker-lb -spec: - selector: - app: matomo-tracker - ports: - - port: 80 - targetPort: 8080 - type: LoadBalancer -{{- end -}} \ No newline at end of file diff --git a/charts/matomo/templates/post-install-job.yaml b/charts/matomo/templates/post-install-job.yaml deleted file mode 100644 index b5e4d874..00000000 --- a/charts/matomo/templates/post-install-job.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- if .Values.matomo.postInstallCommand }} -apiVersion: batch/v1 -kind: Job -metadata: - name: matomo-post-install - namespace: {{.Values.namespace}} - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - partOf: matomo - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: "{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - spec: - restartPolicy: Never -{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }} - containers: - - name: post-install-matomo - image: {{.Values.matomo.image}} - lifecycle: - postStart: - exec: - command: [ 'sh' , '-c' , '{{.Values.matomo.installCommand}}' ] - # To do anything with Matomo, we first need to bootstrap it (curl). - command: [ 'bash' , '-c' , 'sleep {{.Values.matomo.postInstallSleepTime}}; curl -Il https://{{.Values.matomo.dashboard.hostname}}; {{.Values.matomo.postInstallCommand}}' ] - env: - - name: MATOMO_FIRST_USER_NAME - value: {{.Values.matomo.dashboard.firstuser.username}} - - name: MATOMO_FIRST_USER_EMAIL - value: {{.Values.matomo.dashboard.firstuser.email}} - - name: MATOMO_FIRST_USER_PASSWORD - value: {{.Values.matomo.dashboard.firstuser.password}} - - name: MATOMO_DB_HOST - value: {{.Values.db.hostname}} - - name: MATOMO_DB_NAME - value: {{.Values.db.name}} - {{ if .Values.db.prefix }} - - name: MATOMO_DB_PREFIX - value: {{.Values.db.prefix}} - {{ end }} - - name: MATOMO_DB_USERNAME - value: {{.Values.db.username}} - - name: MATOMO_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db.password.secretKeyRef.name }} - key: {{ .Values.db.password.secretKeyRef.key }} -{{ include "matomo.license" . | nindent 8 }} - volumeMounts: - - name: matomo-startup-config - mountPath: /var/www/html/config/config.ini.php - subPath: config.ini.php -{{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} -{{- end }} - volumes: - - name: matomo-startup-config - configMap: - name: matomo-startup-config -{{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 8 }} -{{- end }} -{{- end -}} - - diff --git a/charts/matomo/templates/pre-upgrade-job.yaml b/charts/matomo/templates/pre-upgrade-job.yaml deleted file mode 100644 index dafd7e4c..00000000 --- a/charts/matomo/templates/pre-upgrade-job.yaml +++ /dev/null @@ -1,72 +0,0 @@ -{{- if .Values.matomo.preUpgradeCommand }} -apiVersion: batch/v1 -kind: Job -metadata: - name: matomo-pre-upgrade - namespace: {{.Values.namespace}} - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - partOf: matomo - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: "{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - spec: - restartPolicy: Never -{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }} - containers: - - name: pre-upgrade-matomo - image: {{.Values.matomo.image}} - volumeMounts: - - name: matomo-startup-config - mountPath: /var/www/html/config/config.ini.php - subPath: config.ini.php - - name: matomo-pre-upgrade-additional-config-maps - mountPath: /var/www/html/config/common.config.ini.php - subPath: common.config.ini.php - # To do anything with Matomo, we first need to bootstrap it (curl). - command: [ 'bash' , '-c' , 'sleep {{.Values.matomo.preUpgradeSleepTime}}; curl -Il https://{{.Values.matomo.dashboard.hostname}}; {{.Values.matomo.preUpgradeCommand}}' ] - env: - - name: MATOMO_FIRST_USER_NAME - value: {{.Values.matomo.dashboard.firstuser.username}} - - name: MATOMO_FIRST_USER_EMAIL - value: {{.Values.matomo.dashboard.firstuser.email}} - - name: MATOMO_FIRST_USER_PASSWORD - value: {{.Values.matomo.dashboard.firstuser.password}} - - name: MATOMO_DB_HOST - value: {{.Values.db.hostname}} - - name: MATOMO_DB_NAME - value: {{.Values.db.name}} - {{ if .Values.db.prefix }} - - name: MATOMO_DB_PREFIX - value: {{.Values.db.prefix}} - {{ end }} - - name: MATOMO_DB_USERNAME - value: {{.Values.db.username}} - - name: MATOMO_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db.password.secretKeyRef.name }} - key: {{ .Values.db.password.secretKeyRef.key }} -{{ include "matomo.license" . | nindent 8 }} - volumes: - - name: matomo-startup-config - configMap: - name: matomo-startup-config -{{ if .Values.extraConfigMaps.create }} - - name: matomo-pre-upgrade-additional-config-maps - configMap: - name: matomo-pre-upgrade-additional-config-maps -{{- end }} -{{- end -}} diff --git a/charts/matomo/templates/secrets-extra.yaml b/charts/matomo/templates/secrets-extra.yaml deleted file mode 100644 index 97bad577..00000000 --- a/charts/matomo/templates/secrets-extra.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.extraSecrets.create -}} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: matomo-extra-secrets - namespace: {{.Values.namespace}} -data: -{{- if and .Values.extraSecrets.create .Values.extraSecrets.data }} -{{- range $index, $content := .Values.extraSecrets.data }} - {{ $index }}: |- -{{ $content | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/matomo/templates/services-extra.yaml b/charts/matomo/templates/services-extra.yaml deleted file mode 100644 index cdd2318a..00000000 --- a/charts/matomo/templates/services-extra.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- range $service := .Values.extraServices }} -apiVersion: v1 -kind: Service -metadata: - name: matomo-extra-{{ $service.name }} -spec: - type: {{ $service.type }} - ports: - - port: {{ $service.port }} - targetPort: {{ $service.name }} - protocol: {{ $service.protocol }} - name: {{ $service.name }} - {{- if and ( or (eq $service.type "LoadBalancer") (eq $service.type "NodePort") ) ($service.nodePort) }} - nodePort: {{ $service.nodePort }} - {{- end }} - {{- if and (eq $service.type "LoadBalancer") ($service.loadBalancerIP) }} - loadBalancerIP: {{ $service.loadBalancerIP }} - {{- end }} - {{- if $service.clusterIP }} - clusterIP: {{ $service.clusterIP }} - {{- end }} - selector: -{{- range $index, $content := $service.selector }} - {{ $index }}: {{ $content }} -{{- end }} ---- -{{- end }} \ No newline at end of file diff --git a/charts/matomo/values.yaml b/charts/matomo/values.yaml deleted file mode 100644 index f62bb38d..00000000 --- a/charts/matomo/values.yaml +++ /dev/null @@ -1,184 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - ## As: - ## imageRegistry: "docker.io" - imageRegistry: "" - ## As: - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] -namespace: matomo -matomo: - imageRegistry: "" - ## As: - ## imagePullSecrets: - ## - myRegistryKeySecretName - imagePullSecrets: [] - image: digitalist/matomo:5.2.1 - runAsUser: 82 - installCommand: ./console plugin:activate ExtraTools && ./console matomo:install --install-file=/tmp/matomo/install.json --force --do-not-drop-db - # Post install for helm chart. Starts a post-install-job. - postInstallSleepTime: 5 - postInstallCommand: "" - preUpgradeSleepTime: 5 - preUpgradeCommand: "" - extralabels: {} - ## If you have a premium license for plugins, set it here. - ## you need to create the secret before referring it. - ## As: - ## license: - ## secretKeyRef: - ## name: matomo-license - ## key: matomo-license - license: - ingress: - enabled: true - extralabels: {} - annotations: - digitalist.cloud/instance: "matomo" - cli: - replicas: 1 - enabled: true - cronJobs: - coreArchive: - enabled: true - labels: - name: matomo-jobs-corearchive - instance: matomo - component: cronjob - partOf: matomo - managedBy: helm - schedule: "*/60 * * * *" - concurrencyPolicy: Allow - activeDeadlineSeconds: 43200 - command: ./console core:archive --disable-scheduled-tasks - scheduledTasks: - php: - enabled: true - labels: - name: matomo-jobs-scheduled-tasks - instance: matomo - component: cronjob - partOf: matomo - managedBy: helm - schedule: "*/60 * * * *" - activeDeadlineSeconds: 43200 - command: ./console scheduled-tasks:run - dashboard: - sidecars: [] - ## added like this: - # sidecars: - # - name: fpm-metrics - # image: hipages/php-fpm_exporter:2.2.0 - # imagePullPolicy: IfNotPresent - # resources: - # limits: - # cpu: 500m - # memory: 256Mi - # requests: - # cpu: 40m - # memory: 32Mi - enabled: true - replicas: 1 - loadbalancer: false - hostname: my.host - tls: false - firstuser: - username: admin - password: admin123 - email: foo@example.com - nginx: - nginxWorkerProcesses: 5 - ingressClassName: "" - queuedTrackingMonitor: - enabled: true - queuedTrackingProcess: - replicas: 1 - tracker: - enabled: true - replicas: 1 - hostname: my.host - tls: false - loadbalancer: false - nginx: - resources: - nginxWorkerProcesses: 5 - phpfpm: - type: ondemand - max_children: 75 - process_idle_timeout: 600s - max_requests: 500 - ingressClassName: "" -nginx: - image: digitalist/nginx:1.21.6 - imagePullSecrets: [] - runAsUser: 100 -db: - hostname: matomo-db-mysql - password: - secretKeyRef: - name: matomo-db-mysql - key: mysql-root-password - name: matomo - username: root - prefix: matomo_ -xdebug: - disabled: 1 -extraSecrets: - create: false - data: {} -# * secrets need to base64 encoded. -# data: -# name: Zm9vCg== -# bar: YmFyCg== -extraServices: {} -# - name: foo - ## Service port type -# type: ClusterIP - ## Service protocol -# protocol: TCP - ## The container target port -# containerPort: 12001 - ## The service port -# port: 12001 -# selector: -# app: matomo-dashboard - ## The node port (only relevant for type LoadBalancer or NodePort) -# nodePort: - ## The cluster ip address (only relevant for type LoadBalancer or NodePort) -# clusterIP: - ## The loadbalancer ip address (only relevant for type LoadBalancer) -# loadBalancerIP: -extraConfigMaps: - create: true - data: {} -# data: -# my.ini: | -# extension=foo.so -# foo.socket=tcp://bar:9309 -extraVolumes: [] -# extraVolumes: -# - name: mySecretVolume -# secret: -# secretName: matomo-extra-secrets -# - name: my.ini -# configMap: -# name: matomo-additional-config-maps -# items: -# - key: "my.ini" -# path: "my.ini" -extraVolumeMounts: [] -# extraVolumeMounts: -# - name: mySecretVolume -# mountPath: /foo/secrets/mySecretVolume/ -# - name: my.ini -# mountPath: /usr/local/etc/php/conf.d/my.ini -# subPath: my.ini diff --git a/charts/sorcerer/templates/cluster.yaml b/charts/sorcerer/templates/cluster.yaml index 14ae12e1..496b029b 100644 --- a/charts/sorcerer/templates/cluster.yaml +++ b/charts/sorcerer/templates/cluster.yaml @@ -22,5 +22,3 @@ spec: storage: size: {{ .Values.cluster.size | default "5Gi" }} {{- end }} - - diff --git a/helmfile.d/matomo.yaml.gotmpl b/helmfile.d/umami.yaml.gotmpl similarity index 62% rename from helmfile.d/matomo.yaml.gotmpl rename to helmfile.d/umami.yaml.gotmpl index ae8a9584..d9e74391 100644 --- a/helmfile.d/matomo.yaml.gotmpl +++ b/helmfile.d/umami.yaml.gotmpl @@ -4,35 +4,35 @@ bases: - ../envs/environments.yaml.gotmpl repositories: -- name: bitnami - url: https://charts.bitnami.com/bitnami +- name: umami + url: https://charts.christianhuth.de commonLabels: tier: system releases: -- name: matomo +- name: umami namespace: analytics - chart: bitnami/matomo + chart: bitnami/umami version: 11.0.0 - condition: matomo.enabled + condition: umami.enabled values: - - ../values/matomo/values/values.yaml - - ../values/matomo/values/values-{{ .Environment.Name }}.yaml + - ../values/umami/values/values.yaml + - ../values/umami/values/values-{{ .Environment.Name }}.yaml postRenderer: ../bin/kustomizer postRendererArgs: - - ../values/matomo/kustomize/{{ .Environment.Name }} + - ../values/umami/kustomize/{{ .Environment.Name }} missingFileHandler: Info - name: manifests namespace: analytics chart: manifests - condition: matomo.enabled + condition: umami.enabled missingFileHandler: Info values: - ../values/env.yaml - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml - - ../values/matomo/env.yaml.gotmpl - - ../values/matomo/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl + - ../values/umami/env.yaml.gotmpl + - ../values/umami/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl hooks: - events: [ prepare, cleanup ] showlogs: true @@ -41,5 +41,5 @@ releases: - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' - '{{`{{ .Release.Chart }}`}}' - '{{`{{ .Environment.Name }}`}}' - - ../values/matomo/manifests + - ../values/umami/manifests - manifests diff --git a/values/matomo/README.md b/values/matomo/README.md deleted file mode 100644 index d768fc8f..00000000 --- a/values/matomo/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Matomo - -TO-DO: -- [ ] Move to Digitalist [Chart](https://github.com/Digitalist-Open-Cloud/matomo-kubernetes) diff --git a/values/matomo/values/values-prod.yaml b/values/matomo/values/values-prod.yaml deleted file mode 100644 index 7d2ff1a7..00000000 --- a/values/matomo/values/values-prod.yaml +++ /dev/null @@ -1,261 +0,0 @@ -global: - security: - ## @param global.security.allowInsecureImages Allows skipping image verification - allowInsecureImages: true - -usePasswordFiles: false - -image: - # repository: digitalist/matomo - repository: bitnamilegacy/matomo - pullPolicy: IfNotPresent - -replicaCount: 1 -matomoUsername: admin -matomoPassword: "en to tre fire" -matomoEmail: user@example.com -matomoWebsiteName: oceanbox -matomoWebsiteHost: https://matomo.adm.oceanbox.io -matomoSkipInstall: false - -allowEmptyPassword: false - -updateStrategy: - type: RollingUpdate - -existingSecret: "" -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/containers/tree/main/bitnami/matomo/#smtp-configuration -## @param smtpAuth SMTP authentication mechanism (options: Plain, Login, Cram-md5) -## @param smtpHost SMTP host -## @param smtpPort SMTP port -## @param smtpUser SMTP user -## @param smtpPassword SMTP password -## @param smtpProtocol SMTP Protocol (options: ssl,tls, nil) -## @param noreplyName Noreply name -## @param noreplyAddress Noreply address -## -smtpAuth: "" -smtpHost: "" -smtpPort: "" -smtpUser: "" -smtpPassword: "" -smtpProtocol: "" -noreplyName: "" -noreplyAddress: "" -## @param smtpExistingSecret The name of an existing secret with SMTP credentials -## NOTE: Must contain key `smtp-password` -## NOTE: When it's set, the `smtpPassword` parameter is ignored -## -smtpExistingSecret: "" -## @param containerPorts [object] Container ports -## -containerPorts: - http: 8080 - https: 8443 - -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.storageClass PVC Storage Class for Matomo volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessModes PVC Access Mode for Matomo volume - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for Matomo volume - ## - size: 8Gi - ## @param persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param persistence.existingClaim A manually managed Persistent Volume Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - ## @param persistence.hostPath If defined, the matomo-data volume will mount to the specified hostPath. - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" - ## @param persistence.annotations Persistent Volume Claim annotations - ## - annotations: {} - ## @param persistence.selector Selector to match an existing Persistent Volume for Matomo data PVC - ## If set, the PVC can't have a PV dynamically provisioned for it - ## E.g. - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: true - ## @param ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: nginx - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: "matomo.adm.oceanbox.io" - ## @param ingress.path The Path to Matomo. You may need to set this to '/*' in order to use this - ## with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/backend-protocol: HTTP - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/ssl-redirect: "true" - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: true - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## Example: - ## - name: matomo.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param ingress.extraRules Additional rules to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - ## e.g: - ## extraRules: - ## - host: example.local - ## http: - ## path: / - ## backend: - ## service: - ## name: example-svc - ## port: - ## name: http - ## - extraRules: [] -## @section Database parameters -## - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements - ## To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture (`standalone` or `replication`) - ## - architecture: standalone - ## MariaDB Authentication parameters - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## @param mariadb.auth.database Database name to create - ## @param mariadb.auth.username Database user to create - ## @param mariadb.auth.password Password for the database - ## - auth: - usePasswordFiles: false - # existingSecret: matomo-mariadb - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mariadb#setting-the-root-password-on-first-run - ## - rootPassword: en to tre fire - # ref: https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-on-first-run - ## - database: bitnami_matomo - ## ref: https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-user-on-first-run - ## - username: bn_matomo - password: test - # passwordUpdateJob: - # enabled: true - primary: - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class - ## @param mariadb.primary.persistence.accessModes Database Persistent Volume Access Modes - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production) - ## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas - ## - persistence: - enabled: true - ## mariadb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - accessModes: - - ReadWriteOnce - size: 8Gi - ## MariaDB primary container's resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param mariadb.primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - resourcesPreset: "micro" - ## @param mariadb.primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - -externalDatabase: - host: matomo-mariadb - port: 3306 - user: bn_matomo - database: bitnami_matomo - existingSecret: matomo-mariadb - # existingSecretPasswordKey: mariadb-password diff --git a/values/umami/README.md b/values/umami/README.md new file mode 100644 index 00000000..4a96d801 --- /dev/null +++ b/values/umami/README.md @@ -0,0 +1 @@ +# Umami diff --git a/values/matomo/env-oceanbox.yaml.gotmpl b/values/umami/env-oceanbox.yaml.gotmpl similarity index 92% rename from values/matomo/env-oceanbox.yaml.gotmpl rename to values/umami/env-oceanbox.yaml.gotmpl index ba66ea49..9652cefe 100644 --- a/values/matomo/env-oceanbox.yaml.gotmpl +++ b/values/umami/env-oceanbox.yaml.gotmpl @@ -1,3 +1,3 @@ -matomo: +umami: enabled: {{ if eq .Environment.Name "prod" }} true {{ else }} false {{ end }} env: prod diff --git a/values/matomo/env.yaml.gotmpl b/values/umami/env.yaml.gotmpl similarity index 94% rename from values/matomo/env.yaml.gotmpl rename to values/umami/env.yaml.gotmpl index 39206aa2..10fc168b 100644 --- a/values/matomo/env.yaml.gotmpl +++ b/values/umami/env.yaml.gotmpl @@ -1,4 +1,4 @@ -matomo: +umami: enabled: false autosync: {{ if eq .Environment.Name "prod" }} false {{ else }} true {{ end }} env: {{ .Environment.Name }} diff --git a/values/umami/manifests/cluster.yaml b/values/umami/manifests/cluster.yaml new file mode 100644 index 00000000..ef0c9d8e --- /dev/null +++ b/values/umami/manifests/cluster.yaml @@ -0,0 +1,14 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: prod-umami-db + namespace: analytics +spec: + instances: 1 + imageName: ghcr.io/cloudnative-pg/postgresql:17.2-27-bookworm + storage: + resizeInUseVolumes: true + size: 10Gi + backup: + retentionPolicy: 15d + target: prefer-standby diff --git a/values/matomo/manifests/policy.yaml b/values/umami/manifests/policy.yaml similarity index 100% rename from values/matomo/manifests/policy.yaml rename to values/umami/manifests/policy.yaml diff --git a/values/matomo/manifests/matomo.yaml b/values/umami/manifests/umami.yaml similarity index 88% rename from values/matomo/manifests/matomo.yaml rename to values/umami/manifests/umami.yaml index d49e2516..c94ef983 100644 --- a/values/matomo/manifests/matomo.yaml +++ b/values/umami/manifests/umami.yaml @@ -2,7 +2,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: matomo + name: umami namespace: argocd annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -23,9 +23,9 @@ spec: - name: CLUSTER_NAME value: {{ .Values.clusterConfig.cluster }} - name: HELMFILE_ENVIRONMENT - value: {{ .Values.matomo.env }} + value: {{ .Values.umami.env }} - name: HELMFILE_FILE_PATH - value: matomo.yaml.gotmpl + value: umami.yaml.gotmpl syncPolicy: managedNamespaceMetadata: labels: @@ -34,7 +34,7 @@ spec: - CreateNamespace=true - ApplyOutOfSyncOnly=true # - ServerSideApply=true - {{- if .Values.matomo.autosync }} + {{- if .Values.umami.autosync }} automated: prune: true # selfHeal: false diff --git a/values/umami/values/values-prod.yaml b/values/umami/values/values-prod.yaml new file mode 100644 index 00000000..caf145f4 --- /dev/null +++ b/values/umami/values/values-prod.yaml @@ -0,0 +1,149 @@ +image: + # -- image registry + # registry: ghcr.io + # -- image repository + repository: umami-software/umami + # -- image pull policy + # pullPolicy: + # -- Overrides the image tag + tag: "postgresql-v2.19.0" + +replicaCount: 1 + +revisionHistoryLimit: 10 + +# -- Resource limits and requests for the controller pods. +resources: + limits: + # cpu: 100m + # ephemeral-storage: 2Gi + memory: 150Mi + requests: + cpu: 100m + # ephemeral-storage: 50Mi + memory: 150Mi + +securityContext: + runAsGroup: 65533 + runAsNonRoot: true + runAsUser: 1001 + +serviceAccount: + create: true + automountServiceAccountToken: true + # annotations: {} + # name: "" + +service: + # -- Kubernetes service type + type: ClusterIP + # -- Kubernetes port where service is exposed + port: 3000 + +ingress: + # -- Enable ingress record generation + enabled: true + # -- IngressClass that will be be used to implement the Ingress + className: nginx + # -- Additional annotations for the Ingress resource + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/proxy-buffer-size: 128k + nginx.ingress.kubernetes.io/ssl-redirect: "true" + # -- An array with hosts and paths + # @default -- see [values.yaml](./values.yaml) + hosts: + - host: umami.srv.oceanbox.io + paths: + - path: / + pathType: ImplementationSpecific + # -- An array with the tls configuration + tls: + - secretName: umami-tls + hosts: + - umami.srv.oceanbox.io + +umami: + appSecret: + # -- Name of an existing secret containing the app secret under the key app-secret. + existingSecret: "" + # -- A random string used to generate unique values. + secret: "" + # -- HTTP header to check for the client's IP address. This is useful when you're behind a proxy that uses non-standard headers. + clientIpHeader: "" + # -- Disables users, teams, and websites settings page. + cloudMode: "0" + # -- Allows you to send metrics to a location different than the default `/api/send`. This is to help you avoid some ad-blockers. + collectApiEndpoint: "" + # -- How many seconds a CORS preflight should last. Default is 24 hours. + corsMaxAge: "86400" + customScript: + # -- Create and mount a ConfigMap with a custom script + enabled: false + # -- The custom script + data: "" + # -- Key in the ConfigMap + key: "script.js" + # -- The path to mount the custom script to + mountPath: "/app/public/script.js" + # -- Console logging for specific areas of the application. Values include `umami:auth`, `umami:clickhouse`, `umami:kafka`, `umami:middleware`, and `umami:prisma`. + debug: "" + # -- By default bots are excluded from statistics. This disables checking for bots. + disableBotCheck: "1" + # -- Disables the login page for the application + disableLogin: "1" + # -- Umami collects completely anonymous telemetry data in order help improve the application. You can choose to disable this if you don't want to participate. + disableTelemetry: "1" + # -- Disables the check for new versions of Umami + disableUpdates: "1" + # -- Enables the internal test page, {host}/console. Admin access is required. Users can manually fire pageviews and events to their websites. + enableTestConsole: "1" + # -- This will redirect all requests from http to https in the Umami application. Note, this does not apply to the tracking script. + forceSSL: "1" + # -- hostname under which Umami will be reached + hostname: "0.0.0.0" + # -- This will do a DNS lookup on a hostname and the resulting IP address will be ignored. This can be a comma delimited list of hostnames. + ignoreHostname: "" + # -- You can provide a comma-delimited list of IP address to exclude from data collection. + ignoredIpAddresses: "" + # -- If you are running in development mode, this will log database queries to the console for debugging. + logQuery: "1" + migration: + v1v2: + # -- enable a job that migrates database structure from v1 to v2 + enabled: false + # -- setting this to true removes the environment variable DISABLE_LOGIN defined in `umami.disableLogin` from the deployment as this caused errors in some setups + removeDisableLoginEnv: true + # -- Removes the trailing slash from all incoming urls. + removeTrailingSlash: "1" + # -- Allows you to assign a custom name to the tracker script different from the default umami. This is to help you avoid some ad-blockers. + trackerScriptName: "umami" + +postgresql: + enabled: false + +mysql: + enabled: false + +externalDatabase: + auth: + # -- Name of the database to use + database: app + # -- Password to use + # password: mychart + # -- Name of the user to use + username: app + # -- Hostname of the database + hostname: prod-umami-db-rw + # -- Port used to connect to database + port: 5432 + # -- Type of database + type: postgresql + +database: + # -- Key in the existing secret containing the database url + databaseUrlKey: database-url + # -- use an existing secret containing the database url. If none given, we will generate the database url by using the other values. The password for the database has to be set using `.Values.postgresql.auth.password`, `.Values.mysql.auth.password` or `.Values.externalDatabase.auth.password`. + existingSecret: umami-database-url