fix: Switch from matomo to umami

values/umami/README.md

@@ -0,0 +1 @@
+# Umami

values/umami/env-oceanbox.yaml.gotmpl

@@ -0,0 +1,3 @@
+umami:
+  enabled: {{ if eq .Environment.Name "prod" }} true {{ else }} false {{ end }}
+  env: prod

values/umami/env.yaml.gotmpl

@@ -0,0 +1,4 @@
+umami:
+  enabled: false
+  autosync: {{ if eq .Environment.Name "prod" }} false {{ else }} true {{ end }}
+  env: {{ .Environment.Name }}

values/umami/manifests/cluster.yaml

@@ -0,0 +1,14 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: prod-umami-db
+  namespace: analytics
+spec:
+  instances: 1
+  imageName: ghcr.io/cloudnative-pg/postgresql:17.2-27-bookworm
+  storage:
+    resizeInUseVolumes: true
+    size: 10Gi
+  backup:
+    retentionPolicy: 15d
+    target: prefer-standby

values/umami/manifests/policy.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-api-matomo
+  namespace: analytics
+spec:
+  description: Allow matomo api
+  egress:
+    - toFQDNs:
+        - matchPattern: api.matomo.org
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/instance: matomo
+{{- end }}

values/umami/manifests/umami.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: umami
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: analytics
+    server: https://kubernetes.default.svc
+  project: aux
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfile.d
+    plugin:
+      name: helmfile-cmp
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+      - name: HELMFILE_ENVIRONMENT
+        value: {{ .Values.umami.env }}
+      - name: HELMFILE_FILE_PATH
+        value: umami.yaml.gotmpl
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      # - ServerSideApply=true
+    {{- if .Values.umami.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+{{- end }}

values/umami/values/values-prod.yaml

@@ -0,0 +1,149 @@
+image:
+  # -- image registry
+  # registry: ghcr.io
+  # -- image repository
+  repository: umami-software/umami
+  # -- image pull policy
+  # pullPolicy:
+  # -- Overrides the image tag
+  tag: "postgresql-v2.19.0"
+
+replicaCount: 1
+
+revisionHistoryLimit: 10
+
+# -- Resource limits and requests for the controller pods.
+resources:
+  limits:
+    # cpu: 100m
+    # ephemeral-storage: 2Gi
+    memory: 150Mi
+  requests:
+    cpu: 100m
+    # ephemeral-storage: 50Mi
+    memory: 150Mi
+
+securityContext:
+  runAsGroup: 65533
+  runAsNonRoot: true
+  runAsUser: 1001
+
+serviceAccount:
+  create: true
+  automountServiceAccountToken: true
+  # annotations: {}
+  # name: ""
+
+service:
+  # -- Kubernetes service type
+  type: ClusterIP
+  # -- Kubernetes port where service is exposed
+  port: 3000
+
+ingress:
+  # -- Enable ingress record generation
+  enabled: true
+  # -- IngressClass that will be be used to implement the Ingress
+  className: nginx
+  # -- Additional annotations for the Ingress resource
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  # -- An array with hosts and paths
+  # @default -- see [values.yaml](./values.yaml)
+  hosts:
+    - host: umami.srv.oceanbox.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  # -- An array with the tls configuration
+  tls:
+   - secretName: umami-tls
+     hosts:
+       - umami.srv.oceanbox.io
+
+umami:
+  appSecret:
+    # -- Name of an existing secret containing the app secret under the key app-secret.
+    existingSecret: ""
+    # -- A random string used to generate unique values.
+    secret: ""
+  # -- HTTP header to check for the client's IP address. This is useful when you're behind a proxy that uses non-standard headers.
+  clientIpHeader: ""
+  # -- Disables users, teams, and websites settings page.
+  cloudMode: "0"
+  # -- Allows you to send metrics to a location different than the default `/api/send`. This is to help you avoid some ad-blockers.
+  collectApiEndpoint: ""
+  # -- How many seconds a CORS preflight should last. Default is 24 hours.
+  corsMaxAge: "86400"
+  customScript:
+    # -- Create and mount a ConfigMap with a custom script
+    enabled: false
+    # -- The custom script
+    data: ""
+    # -- Key in the ConfigMap
+    key: "script.js"
+    # -- The path to mount the custom script to
+    mountPath: "/app/public/script.js"
+  # -- Console logging for specific areas of the application. Values include `umami:auth`, `umami:clickhouse`, `umami:kafka`, `umami:middleware`, and `umami:prisma`.
+  debug: ""
+  # -- By default bots are excluded from statistics. This disables checking for bots.
+  disableBotCheck: "1"
+  # -- Disables the login page for the application
+  disableLogin: "1"
+  # -- Umami collects completely anonymous telemetry data in order help improve the application. You can choose to disable this if you don't want to participate.
+  disableTelemetry: "1"
+  # -- Disables the check for new versions of Umami
+  disableUpdates: "1"
+  # -- Enables the internal test page, {host}/console. Admin access is required. Users can manually fire pageviews and events to their websites.
+  enableTestConsole: "1"
+  # -- This will redirect all requests from http to https in the Umami application. Note, this does not apply to the tracking script.
+  forceSSL: "1"
+  # -- hostname under which Umami will be reached
+  hostname: "0.0.0.0"
+  # -- This will do a DNS lookup on a hostname and the resulting IP address will be ignored. This can be a comma delimited list of hostnames.
+  ignoreHostname: ""
+  # -- You can provide a comma-delimited list of IP address to exclude from data collection.
+  ignoredIpAddresses: ""
+  # -- If you are running in development mode, this will log database queries to the console for debugging.
+  logQuery: "1"
+  migration:
+    v1v2:
+      # -- enable a job that migrates database structure from v1 to v2
+      enabled: false
+  # -- setting this to true removes the environment variable DISABLE_LOGIN defined in `umami.disableLogin` from the deployment as this caused errors in some setups
+  removeDisableLoginEnv: true
+  # -- Removes the trailing slash from all incoming urls.
+  removeTrailingSlash: "1"
+  # -- Allows you to assign a custom name to the tracker script different from the default umami. This is to help you avoid some ad-blockers.
+  trackerScriptName: "umami"
+
+postgresql:
+  enabled: false
+
+mysql:
+  enabled: false
+
+externalDatabase:
+  auth:
+    # -- Name of the database to use
+    database: app
+    # -- Password to use
+    # password: mychart
+    # -- Name of the user to use
+    username: app
+  # -- Hostname of the database
+  hostname: prod-umami-db-rw
+  # -- Port used to connect to database
+  port: 5432
+  # -- Type of database
+  type: postgresql
+
+database:
+  # -- Key in the existing secret containing the database url
+  databaseUrlKey: database-url
+  # -- use an existing secret containing the database url. If none given, we will generate the database url by using the other values. The password for the database has to be set using `.Values.postgresql.auth.password`, `.Values.mysql.auth.password` or `.Values.externalDatabase.auth.password`.
+  existingSecret: umami-database-url