platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

fix: Switch from matomo to umami

Browse Source
This commit is contained in:
Moritz Jörg
2025-09-11 15:28:11 +02:00
parent a7c541b28d
commit 7c7f756a0c
44 changed files with 182 additions and 2824 deletions
Download Patch File Download Diff File Expand all files Collapse all files
charts/matomo/Chart.yaml
-5
View File
@@ -1,5 +0,0 @@
apiVersion: v2
appVersion: "5.3.2"
description: A Helm chart for Matomo
name: matomo
version: 11.0.53
charts/matomo/templates/NOTES.txt
-26
View File
@@ -1,26 +0,0 @@
Thank you for installing {{ .Chart.Name }} from Digitalist.
{{- if empty (.Values.matomo.dashboard.hostname) -}}
###############################################################################
### ERROR: You didn't provide a host for matomo dashboard ###
###############################################################################
{{- end -}}
{{- if empty (.Values.matomo.tracker.hostname) -}}
###############################################################################
### ERROR: You didn't provide a host for matomo tracker ###
###############################################################################
{{- end -}}
Your release is named {{ .Release.Name }}.
At post install, job tuns on the install, and creates the first
site, this could fail a couple of times, but should succeed in the end.
After installation is complete, you can access your website by this url:
{{ .Values.matomo.dashboard.hostname }}
To learn more about the release, try:
$ helm status {{ .Release.Name }}
$ helm get all {{ .Release.Name }}
charts/matomo/templates/_helpers.tpl
-91
View File
@@ -1,91 +0,0 @@
{{/* Generate basic labels */}}
{{- define "matomo.labels" }}
labels:
app.kubernetes.io/name: {{ .name }}
app.kubernetes.io/instance: {{ .instance }}
app.kubernetes.io/component: {{ .component }}
app.kubernetes.io/part-of: {{ .partOf }}
app.kubernetes.io/managed-by: {{ .managedBy }}
{{- end }}
{{- define "matomo.images.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- if .global }}
{{- range .global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "matomo.license" -}}
{{- if .Values.matomo.license }}
- name: MATOMO_LICENSE
valueFrom:
secretKeyRef:
name: {{ .Values.matomo.license.secretKeyRef.name }}
key: {{ .Values.matomo.license.secretKeyRef.key }}
{{- end -}}
{{- end -}}
{{- define "matomo.init" -}}
initContainers:
- name: matomo-init
image: {{.Values.matomo.image}}
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_FIRST_USER_NAME
value: {{.Values.matomo.dashboard.firstuser.username}}
- name: MATOMO_FIRST_USER_EMAIL
value: {{.Values.matomo.dashboard.firstuser.email}}
- name: MATOMO_FIRST_USER_PASSWORD
value: {{.Values.matomo.dashboard.firstuser.password}}
- name: MATOMO_DB_HOST
value: {{.Values.db.hostname}}
- name: MATOMO_DB_NAME
value: {{.Values.db.name}}
{{ if .Values.db.prefix }}
- name: MATOMO_DB_PREFIX
value: {{.Values.db.prefix}}
{{ end }}
- name: MATOMO_DB_USERNAME
value: {{.Values.db.username}}
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 4 }}
command: [ 'sh' , '-c' , 'rsync -crlOt --no-owner --no-group --no-perms /usr/src/matomo/ /var/www/html/ && {{.Values.matomo.installCommand}}' ]
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-configuration
mountPath: /tmp/matomo/
readOnly: true
{{- end -}}
charts/matomo/templates/configmap-matomo-cronjob-php.yaml
-44
View File
@@ -1,44 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-cronjob-php
namespace: {{.Values.namespace}}
{{- if .Values.matomo.php }}
data:
zz-global.ini: |
expose_php={{ .Values.matomo.php.expose_php | default "Off" }}
opcache.memory_consumption={{ .Values.matomo.php.opcache_memory_consumption | default "512" }}
opcache.jit_buffer_size={{ .Values.matomo.php.opcache_jit_buffer_size | default "256M" }}
opcache.jit={{ .Values.matomo.php.opcache_jit | default "1235" }}
max_execution_time={{ .Values.matomo.php.max_execution_time | default "0" }}
post_max_size={{ .Values.matomo.php.post_max_size | default "1500M" }}
upload_max_filesize={{ .Values.matomo.php.upload_max_filesize | default "32M" }}
max_input_time={{ .Values.matomo.php.max_input_time | default "3600" }}
max_file_uploads={{ .Values.matomo.php.opcache_max_file_upload| default "300" }}
memory_limit={{ .Values.matomo.php.memory_limit | default "2G" }}
display_errors={{ .Values.matomo.php.display_errors | default "Off" }}
error_reporting={{ .Values.matomo.php.error_reporting | default "22527" }}
mysqli.reconnect={{ .Values.matomo.php.mysqli_reconnect | default "On" }}
mysqli.allow_local_infile={{ .Values.matomo.php.mysqli_allow_local_infile | default "On" }}
default_socket_timeout={{ .Values.matomo.php.default_socket_timeout | default "20" }}
max_input_vars={{ .Values.matomo.php.max_input_vars | default "2000" }}
{{ else }}
data:
zz-global.ini: |
expose_php=Off
opcache.memory_consumption=512
opcache.jit_buffer_size=256M
opcache.jit=1235
max_execution_time=0
post_max_size=1500M
upload_max_filesize=32M
max_input_time=1800
max_file_uploads="300"
memory_limit=2G
display_errors=Off
error_reporting="22527"
mysqli.reconnect=On
mysqli.allow_local_infile=On
default_socket_timeout=20
max_input_vars=2000
{{- end }}
charts/matomo/templates/configmap-matomo-dashboard-php.yaml
-46
View File
@@ -1,46 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-dashboard-php
namespace: {{.Values.namespace}}
{{- if .Values.matomo.php }}
data:
zz-global.ini: |
expose_php={{ .Values.matomo.php.expose_php | default "Off" }}
opcache.memory_consumption={{ .Values.matomo.php.opcache_memory_consumption | default "512" }}
opcache.interned_strings_buffer={{ .Values.matomo.php.opcache_interned_strings_buffer | default "16" }}
opcache.save_comments={{ .Values.matomo.php.opcache_save_comments | default "1" }}
opcache.jit_buffer_size={{ .Values.matomo.php.opcache_jit_buffer_size | default "256M" }}
opcache.jit={{ .Values.matomo.php.opcache_jit | default "1235" }}
max_execution_time={{ .Values.matomo.php.max_execution_time | default "300" }}
post_max_size={{ .Values.matomo.php.post_max_size | default "1500M" }}
upload_max_filesize={{ .Values.matomo.php.upload_max_filesize | default "32M" }}
max_input_time={{ .Values.matomo.php.max_input_time | default "3600" }}
max_file_uploads={{ .Values.matomo.php.opcache_max_file_upload| default "300" }}
memory_limit={{ .Values.matomo.php.memory_limit | default "2G" }}
display_errors={{ .Values.matomo.php.display_errors | default "Off" }}
error_reporting={{ .Values.matomo.php.error_reporting | default "22527" }}
mysqli.reconnect={{ .Values.matomo.php.mysqli_reconnect | default "On" }}
mysqli.allow_local_infile={{ .Values.matomo.php.mysqli_allow_local_infile | default "On" }}
default_socket_timeout={{ .Values.matomo.php.default_socket_timeout | default "20" }}
{{ else }}
data:
zz-global.ini: |
expose_php=Off
opcache.memory_consumption=512
opcache.interned_strings_buffer=16
opcache.save_comments=1
opcache.jit_buffer_size=256M
opcache.jit=1235
max_execution_time=300
post_max_size=1500M
upload_max_filesize=32M
max_input_time=3600
max_file_uploads="300"
memory_limit=2G
display_errors=Off
error_reporting="22527"
mysqli.reconnect="On"
mysqli.allow_local_infile="On"
default_socket_timeout="20"
{{- end }}
charts/matomo/templates/configmap-matomo-disable-xdebug.yaml
-8
View File
@@ -1,8 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-disable-xdebug
namespace: {{.Values.namespace}}
data:
docker-php-ext-xdebug.ini: |
; turned off
charts/matomo/templates/configmap-matomo-phpfpm-tracker.yaml
-32
View File
@@ -1,32 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-phpfpm-tracker
namespace: {{.Values.namespace}}
{{- if .Values.matomo.tracker.phpfpm }}
data:
zz-global.conf: |
[www]
pm = {{ .Values.matomo.tracker.phpfpm.type | default "ondemand" }}
pm.max_children = {{ .Values.matomo.tracker.phpfpm.max_children | default 75 }}
pm.process_idle_timeout = {{ .Values.matomo.tracker.phpfpm.process_idle_timeout | default "600s" }}
pm.max_requests = {{ .Values.matomo.tracker.phpfpm.max_requests | default 500 }}
pm.start_servers = {{ .Values.matomo.tracker.phpfpm.start_servers | default 5 }}
pm.min_spare_servers = {{ .Values.matomo.tracker.phpfpm.min_spare_servers | default 5 }}
pm.max_spare_servers = {{ .Values.matomo.tracker.phpfpm.max_spare_servers | default 75 }}
php_admin_value[memory_limit] = {{ .Values.matomo.tracker.phpfpm.memory_limit | default "2048M" }}
pm.status_path = {{ .Values.matomo.tracker.phpfpm.status_path | default "/status" }}
{{ else }}
data:
zz-global.conf: |
[www]
pm = "ondemand"
pm.max_children = 75
pm.process_idle_timeout = "10s"
pm.max_requests = 500
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 75
php_admin_value[memory_limit] = "2048M"
pm.status_path = "/status"
{{- end }}
charts/matomo/templates/configmap-matomo-phpfpm.yaml
-32
View File
@@ -1,32 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-phpfpm
namespace: {{.Values.namespace}}
{{- if .Values.matomo.phpfpm }}
data:
zz-global.conf: |
[www]
pm = {{ .Values.matomo.phpfpm.type | default "ondemand" }}
pm.max_children = {{ .Values.matomo.phpfpm.max_children | default 100 }}
pm.start_servers = {{ .Values.matomo.phpfpm.start_servers | default 5 }}
pm.min_spare_servers = {{ .Values.matomo.phpfpm.min_spare_servers | default 5 }}
pm.max_spare_servers = {{ .Values.matomo.phpfpm.max_spare_servers | default 75 }}
pm.max_requests = {{ .Values.matomo.phpfpm.max_requests | default 500 }}
pm.process_idle_timeout = {{ .Values.matomo.phpfpm.process_idle_timeout | default "480s" }}
php_admin_value[memory_limit] = {{ .Values.matomo.phpfpm.memory_limit | default "2048M" }}
pm.status_path = {{ .Values.matomo.phpfpm.status_path | default "/status" }}
{{ else }}
data:
zz-global.conf: |
[www]
php_admin_value[memory_limit] = "2048M"
pm ="ondemand"
pm.max_children = 100
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 75
pm.max_requests = 500
pm.process_idle_timeout = "480s"
pm.status_path = "/status"
{{- end }}
charts/matomo/templates/configmap-matomo-scheduledtasks-php.yaml
-44
View File
@@ -1,44 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-scheduledtasks-php
namespace: {{.Values.namespace}}
{{- if .Values.matomo.cronJobs.scheduledTasks.php }}
data:
zz-global.ini: |
expose_php={{ .Values.matomo.cronJobs.scheduledTasks.php.expose_php | default "Off" }}
opcache.memory_consumption={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_memory_consumption | default "512" }}
opcache.jit_buffer_size={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_jit_buffer_size | default "256M" }}
opcache.jit={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_jit | default "1235" }}
max_execution_time={{ .Values.matomo.cronJobs.scheduledTasks.php.max_execution_time | default "0" }}
post_max_size={{ .Values.matomo.cronJobs.scheduledTasks.php.post_max_size | default "1500M" }}
upload_max_filesize={{ .Values.matomo.cronJobs.scheduledTasks.php.upload_max_filesize | default "32M" }}
max_input_time={{ .Values.matomo.cronJobs.scheduledTasks.php.max_input_time | default "3600" }}
max_file_uploads={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_max_file_upload| default "300" }}
memory_limit={{ .Values.matomo.cronJobs.scheduledTasks.php.memory_limit | default "4G" }}
display_errors={{ .Values.matomo.cronJobs.scheduledTasks.php.display_errors | default "Off" }}
error_reporting={{ .Values.matomo.cronJobs.scheduledTasks.php.error_reporting | default "22527" }}
mysqli.reconnect={{ .Values.matomo.cronJobs.scheduledTasks.php.mysqli_reconnect | default "On" }}
mysqli.allow_local_infile={{ .Values.matomo.cronJobs.scheduledTasks.php.mysqli_allow_local_infile | default "On" }}
default_socket_timeout={{ .Values.matomo.cronJobs.scheduledTasks.php.default_socket_timeout | default "20" }}
max_input_vars={{ .Values.matomo.cronJobs.scheduledTasks.php.max_input_vars | default "2000" }}
{{ else }}
data:
zz-global.ini: |
expose_php=Off
opcache.memory_consumption=512
opcache.jit_buffer_size=256M
opcache.jit=1235
max_execution_time=0
post_max_size=1500M
upload_max_filesize=32M
max_input_time=1800
max_file_uploads="300"
memory_limit=4G
display_errors=Off
error_reporting="22527"
mysqli.reconnect=On
mysqli.allow_local_infile=On
default_socket_timeout=20
max_input_vars=2000
{{- end }}
charts/matomo/templates/configmap-matomo.yaml
-130
View File
@@ -1,130 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-configuration
namespace: {{.Values.namespace}}
{{- if .Values.matomo.config }}
data:
install.json: |-
{{ .Values.matomo.config | toJson }}
{{ else }}
data:
install.json: |
{
"PluginsInstalled": [
"Diagnostics",
"DBStats",
"Login",
"CoreAdminHome",
"UsersManager",
"SitesManager",
"Installation",
"Monolog",
"Intl",
"CorePluginsAdmin",
"CoreHome",
"WebsiteMeasurable",
"CoreVisualizations",
"Proxy",
"API",
"Transitions",
"Actions",
"Referrers",
"UserLanguage",
"DevicesDetection",
"Goals",
"SEO",
"Events",
"UserCountry",
"GeoIp2",
"VisitsSummary",
"VisitFrequency",
"VisitTime",
"VisitorInterest",
"CoreUpdater",
"CoreConsole",
"UserCountryMap",
"Live",
"ImageGraph",
"Annotations",
"Insights",
"Morpheus",
"Contents",
"DevicePlugins",
"UserId",
"CustomJsTracker",
"ExtraTools",
"LanguagesManager",
"SegmentEditor",
"Dashboard",
"ScheduledReports",
"PrivacyManager",
"CustomVariables",
"IntranetMeasurable",
"Widgetize",
"MultiSites",
"Ecommerce",
"RssWidget",
"Feedback",
"TwoFactorAuth",
"MobileMessaging",
"Overlay",
"BulkTracking",
"Resolution",
"Heartbeat",
"Marketplace",
"ProfessionalServices",
"UserConsole"
],
"Site": {
"name": "Localhost",
"url": "https://localhost"
},
"Config": {
"log": {
"log_level": "ERROR"
},
"General": {
"show_update_notification_to_superusers_only": 1,
"noreply_email_address": "noreply@digitalistgroup.com",
"enable_framed_pages": 1,
"enable_framed_settings": 1,
"enable_trusted_host_check": 0,
"enable_plugin_update_communication": 0,
"enable_auto_update": 0,
"enable_installer": 0,
"enable_internet_features": 0,
"enable_plugins_admin": 0,
"enable_plugin_upload": 0,
"enable_geolocation_admin": 1,
"proxy_client_headers[]": "HTTP_X_FORWARDED_FOR",
"browser_archiving_disabled_enforce": 1,
"enable_browser_archiving_triggering": 0,
"archiving_range_force_on_browser_request": 0,
"enable_sql_optimize_queries": 0,
"enabled_periods_UI": "day,week,month,year,range",
"enabled_periods_API": "day,week,month,year,range",
"session_save_handler": "dbtable",
"enable_marketplace": 0,
"enable_general_settings_admin": 0,
"piwik_pro_ads_enabled": 0,
"assume_secure_protocol": 1,
"cors_domains[]": "*",
"datatable_archiving_maximum_rows_referrers": 2000,
"datatable_archiving_maximum_rows_subtable_referrers": 2000,
"datatable_archiving_maximum_rows_actions": 2000,
"datatable_archiving_maximum_rows_subtable_actions": 2000,
"datatable_archiving_maximum_rows_events": 2000,
"datatable_archiving_maximum_rows_subtable_events": 2000,
"datatable_archiving_maximum_rows_custom_variables": 2000,
"datatable_archiving_maximum_rows_subtable_custom_variables": 2000,
"time_before_today_archive_considered_outdated": 2700,
"time_before_week_archive_considered_outdated": 10800,
"time_before_month_archive_considered_outdated": 32400,
"time_before_year_archive_considered_outdated": 64800,
"time_before_range_archive_considered_outdated": 10800
}
}
}
{{ end }}
charts/matomo/templates/configmap-nginx-matomo-dashboard.yaml
-308
View File
@@ -1,308 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-matomo-dashboard
namespace: {{.Values.namespace}}
data:
nginx.conf: |
worker_processes {{ .Values.matomo.dashboard.nginx.nginxWorkerProcesses | default 5 }};
load_module modules/ngx_http_geoip2_module.so;
events {
worker_connections 768;
}
pid /tmp/nginx.pid;
http {
geoip2 /usr/share/geoip/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=SE source=$http_x_forwarded_for country iso_code;
}
client_max_body_size 200M;
server_tokens off;
client_body_timeout 600s;
client_header_timeout 600s;
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format main_geo '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$geoip2_data_country_code';
access_log /var/log/nginx/access.log main_geo;
sendfile on;
keepalive_timeout 0;
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
root /var/www/html;
index index.php;
error_page 404 /404.html;
location = 404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_connect_timeout 600s;
## Redirects all requests to index.php and Matomo.
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ js/container_.*_preview\.js$ {
expires off;
add_header Cache-Control 'private, no-cache, no-store';
}
location ~* /(js)/.*.(js|php)$ {
expires 30s;
add_header Cache-Control "public, no-transform";
allow all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
## Allow access to index.php to make dashboard work.
location ~ ^/(index).php {
try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_connect_timeout 600s;
fastcgi_read_timeout 600s;
fastcgi_send_timeout 600s;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param PHP_VALUE "max_execution_time=3600
post_max_size=1500M
upload_max_filesize=32M
max_input_time=3600
max_file_uploads=300";
include fastcgi_params;
}
## Allow access to heatmapsessionsrecording plugin is needed to make it work.
location = /plugins/HeatmapSessionRecording/configs.php {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_read_timeout 120s;
fastcgi_send_timeout 120s;
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
## Allow access to static media files.
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
allow all;
## Cache images,CSS,JS and webfonts for an hour
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
# location ~ ^/(status)$ {
# access_log off;
# # allow 127.0.0.1;
# # allow 1.2.3.4;
# # deny all;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_index index.php;
# include fastcgi_params;
# ## Now the port or socket of the php-fpm pool we want the status of
# fastcgi_pass 127.0.0.1:9000;
# # fastcgi_pass unix:/run/php-fpm/your_socket.sock;
# }
## Deny access to all other .php files.
location ~* ^.+\.php$ {
deny all;
return 403;
}
## Deny access to key matomo folders and files that dashboard should not serve.
location ~ /(config|tmp|core|lang|libs|vendor|plugins|misc/user|piwik.js|piwik.php|matomo.js|matomo.php) {
deny all;
return 403;
}
## Deny access to all files starting with ".ht"
location ~ /\.ht {
deny all;
return 403;
}
## Deny access to Markdown files
location ~* ^.+\.md$ {
deny all;
return 403;
}
## Deny access to compose.json and package.json
location ~ ^/[^.]*\.json$ {
deny all;
return 403;
}
## Deny access to compose.lock and other lock files in root
location ~ ^/[^.]*\.lock$ {
deny all;
return 403;
}
}
}
fastcgi_params: |
fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
mime.types: |
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
charts/matomo/templates/configmap-nginx-matomo-tracker.yaml
-289
View File
@@ -1,289 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-matomo-tracker
namespace: {{.Values.namespace}}
data:
nginx.conf: |
worker_processes {{ .Values.matomo.tracker.nginx.nginxWorkerProcesses | default 5 }};
load_module modules/ngx_http_geoip2_module.so;
events {
worker_connections 768;
}
pid /tmp/nginx.pid;
http {
geoip2 /usr/share/geoip/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=SE source=$http_x_forwarded_for country iso_code;
}
client_max_body_size 200M;
server_tokens off;
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format main_geo '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$geoip2_data_country_code';
access_log /var/log/nginx/access.log main_geo;
sendfile on;
keepalive_timeout 0;
map $args $method {
default 0;
"~UserFeedback.saveFeedback" 1;
"~UserFeedback.getForm" 1;
}
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
root /var/www/html;
index matomo.php;
add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
location ~ ^/(node_modules/jquery/dist/jquery)\.js$ {
proxy_ignore_headers Cache-Control;
allow all;
}
location ~ ^/(node_modules/jquery/dist/jquery)\.js$ {
proxy_ignore_headers Cache-Control;
allow all;
}
location ~* \.(js|css)$ {
proxy_ignore_headers Cache-Control;
add_header Access-Control-Allow-Origin *;
allow all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
## only allow accessing the following php files
location ~ ^/(matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ {
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
try_files $fastcgi_script_name =404; # protects against CVE-2019-11043.
fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 240s;
fastcgi_param HTTP_PROXY "";
fastcgi_index matomo.php;
}
location ~ ^/(status)$ {
access_log off;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
## serve all other files normally
location / {
try_files $uri $uri/ =404;
}
## disable all access to the following directories
location ~ ^/(config|tmp|core|lang) {
deny all;
return 403; # replace with 404 to not show these directories exist
}
location ~ /\.ht {
deny all;
return 403;
}
location ~ js/container_.*_preview\.js$ {
expires off;
add_header Cache-Control 'private, no-cache, no-store';
}
location ~ \.(gif|ico|jpg|png|svg|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
allow all;
## Cache images,CSS and webfonts for an hour
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ \.(js)$ {
allow all;
## Cache JS for 5 minutes
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 5m;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ ^/(libs|vendor|plugins|misc|node_modules) {
deny all;
return 403;
}
## properly display textfiles in root directory
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
default_type text/plain;
}
location ~* ^.+\.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_connect_timeout 75s;
fastcgi_read_timeout 600s;
fastcgi_send_timeout 600s;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
if ( $method = 0 ) {
return 403;
}
}
}
}
fastcgi_params: |
fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
mime.types: |
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
charts/matomo/templates/configmap-pre-upgrade-extras.yaml
-24
View File
@@ -1,24 +0,0 @@
{{ if .Values.extraConfigMaps.create -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-pre-upgrade-additional-config-maps
namespace: {{.Values.namespace}}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
partOf: matomo
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-6"
"helm.sh/hook-delete-policy": hook-succeeded
data:
{{- if and .Values.extraConfigMaps.create .Values.extraConfigMaps.data }}
{{- range $index, $content := .Values.extraConfigMaps.data }}
{{ $index }}: |-
{{ $content | indent 4 }}
{{- end }}
{{- end }}
{{- end }}
charts/matomo/templates/configmap-supervisor-queuedtrackingmonitor.yaml
-25
View File
@@ -1,25 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-supervisor-queuedtrackingmonitor
namespace: {{.Values.namespace}}
data:
queuedtracking-monitor.ini: |
[unix_http_server]
file = /home/www-data/supervisord.sock
[program:queuedtracking-monitor]
startretries=100
process_name=%(program_name)s_%(process_num)02d
command=sh -c 'while ( php /var/www/html/console queuedtracking:monitor --iterations=1 );do sleep 2; done'
autostart=true
autorestart=true
user=www-data
numprocs=1
redirect_stderr=true
stdout_events_enabled=true
stderr_events_enabled=true
stdout_logfile_maxbytes=0
stderr_logfile_maxbytes=0
stdout_logfile=/dev/stdout
stderr_logfile=/dev/stderr
charts/matomo/templates/configmap-supervisor-queuedtrackingprocess.yaml
-25
View File
@@ -1,25 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-supervisor-queuedtrackingprocess
namespace: {{.Values.namespace}}
data:
queuedtracking-process.ini: |
[unix_http_server]
file = /home/www-data/supervisord.sock
[program:queuedtracking-process]
startretries=100
process_name=%(program_name)s_%(process_num)02d
command=sh -c 'while ( php /var/www/html/console queuedtracking:process );do sleep 5; done'
autostart=true
autorestart=true
user=www-data
numprocs={{ .Values.matomo.queuedTrackingProcess.numProcs | default 1 }}
redirect_stderr=true
stdout_events_enabled=true
stderr_events_enabled=true
stdout_logfile_maxbytes=0
stderr_logfile_maxbytes=0
stdout_logfile=/dev/stdout
stderr_logfile=/dev/stderr
charts/matomo/templates/configmap-supervisor-tracker.yaml
-30
View File
@@ -1,30 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-supervisor-tracker
namespace: {{.Values.namespace}}
data:
regenerate-matomo-js.ini: |
[unix_http_server]
file = /home/www-data/supervisord.sock
[program:php-fpm]
priority=1
process_name=%(program_name)s_%(process_num)02d
command=php-fpm
autostart=true
autorestart=true
user=www-data
redirect_stderr=true
stdout_events_enabled=true
stderr_events_enabled=true
startretries=100
[program:regenerate-matomo-js]
priority=2
process_name=%(program_name)s_%(process_num)02d
command=sh -c 'while ( php /var/www/html/console custom-matomo-js:update && php /var/www/html/console tagmanager:regenerate-released-containers );do sleep 120; done'
autostart=true
autorestart=true
user=www-data
redirect_stderr=true
stdout_events_enabled=true
stderr_events_enabled=true
charts/matomo/templates/configmaps-extras.yaml
-14
View File
@@ -1,14 +0,0 @@
{{ if .Values.extraConfigMaps.create -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-additional-config-maps
namespace: {{.Values.namespace}}
data:
{{- if and .Values.extraConfigMaps.create .Values.extraConfigMaps.data }}
{{- range $index, $content := .Values.extraConfigMaps.data }}
{{ $index }}: |-
{{ $content | indent 4 }}
{{- end }}
{{- end }}
{{- end }}
charts/matomo/templates/cronjob-matomo-corearchive.yaml
-61
View File
@@ -1,61 +0,0 @@
---
{{- if .Values.matomo.cronJobs.coreArchive.enabled }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: matomo-jobs-corearchive
namespace: {{.Values.namespace}}
spec:
schedule: {{quote .Values.matomo.cronJobs.coreArchive.schedule}}
concurrencyPolicy: {{.Values.matomo.cronJobs.coreArchive.concurrencyPolicy}}
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
activeDeadlineSeconds: {{.Values.matomo.cronJobs.coreArchive.activeDeadlineSeconds}}
template:
spec:
{{ include "matomo.init" . | nindent 10 }}
containers:
- name: matomo-jobs-corearchive
image: {{.Values.matomo.image}}
imagePullPolicy: Always
{{- if .Values.matomo.cronJobs.coreArchive.resources }}
resources:
{{ toYaml .Values.matomo.cronJobs.coreArchive.resources | indent 14 }}
{{- end }}
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
command: [ 'sh' , '-c' , '{{.Values.matomo.cronJobs.coreArchive.command}}' ]
env:
- name: MARIADB_MATOMO_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-phpfpm
mountPath: /usr/local/etc/php-fpm.d/zz-global.conf
subPath: zz-global.conf
- name: matomo-cronjob-php
mountPath: /usr/local/etc/php/conf.d/zz-global.ini
subPath: zz-global.ini
restartPolicy: OnFailure
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 10 }}
volumes:
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-phpfpm
configMap:
name: matomo-phpfpm
- name: matomo-cronjob-php
configMap:
name: matomo-cronjob-php
{{- end -}}
charts/matomo/templates/cronjob-matomo-scheduled-tasks.yaml
-57
View File
@@ -1,57 +0,0 @@
---
{{- if .Values.matomo.cronJobs.scheduledTasks.enabled }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: matomo-jobs-scheduled-tasks
namespace: {{.Values.namespace}}
{{- template "matomo.labels" .Values.matomo.cronJobs.scheduledTasks.labels }}
spec:
schedule: {{quote .Values.matomo.cronJobs.scheduledTasks.schedule}}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
activeDeadlineSeconds: {{.Values.matomo.cronJobs.scheduledTasks.activeDeadlineSeconds}}
template:
spec:
{{ include "matomo.init" . | nindent 10 }}
containers:
- name: matomo-jobs-scheduledtasks
image: {{.Values.matomo.image}}
imagePullPolicy: Always
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
command: [ 'sh' , '-c' , {{quote .Values.matomo.cronJobs.scheduledTasks.command}} ]
env:
- name: MARIADB_MATOMO_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 12 }}
{{- if .Values.matomo.cronJobs.scheduledTasks.resources }}
resources:
{{ toYaml .Values.matomo.cronJobs.scheduledTasks.resources | indent 14 }}
{{- end }}
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-scheduledtasks-php
mountPath: /usr/local/etc/php/conf.d/zz-global.ini
subPath: zz-global.ini
restartPolicy: OnFailure
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 10 }}
volumes:
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-scheduledtasks-php
configMap:
name: matomo-scheduledtasks-php
{{- end -}}
charts/matomo/templates/deployment-matomo-cli.yaml
-79
View File
@@ -1,79 +0,0 @@
---
{{- if .Values.matomo.cli.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: matomo-cli
namespace: {{.Values.namespace}}
labels:
app: matomo-cli
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
replicas: {{.Values.matomo.cli.replicas}}
selector:
matchLabels:
app: matomo-cli
template:
metadata:
labels:
app: matomo-cli
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }}
spec:
{{ include "matomo.init" . | nindent 6 }}
containers:
- name: matomo
image: {{.Values.matomo.image}}
{{- if .Values.matomo.cli.resources }}
resources:
{{ toYaml .Values.matomo.cli.resources | indent 10 }}
{{- end }}
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
command: [ 'sh' , '-c' , 'supervisord -n' ]
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-supervisor-tracker
mountPath: /etc/supervisor.d
readOnly: true
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
volumes:
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-supervisor-tracker
configMap:
name: matomo-supervisor-tracker
---
apiVersion: v1
kind: Service
metadata:
name: matomo-cli
namespace: {{.Values.namespace}}
labels:
app: matomo-cli
spec:
ports:
- port: 8080
protocol: TCP
selector:
app: matomo-cli
{{- end -}}
charts/matomo/templates/deployment-matomo-dashboard.yaml
-204
View File
@@ -1,204 +0,0 @@
---
{{- if .Values.matomo.dashboard.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: matomo-dashboard
namespace: {{.Values.namespace}}
labels:
app: matomo-dashboard
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
replicas: {{.Values.matomo.dashboard.replicas}}
selector:
matchLabels:
app: matomo-dashboard
template:
metadata:
labels:
app: matomo-dashboard
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }}
spec:
{{ include "matomo.init" . | nindent 6 }}
containers:
{{- if .Values.matomo.dashboard.sidecars }}
{{ toYaml .Values.matomo.dashboard.sidecars | indent 6 }}
{{- end }}
- name: fpm-metrics
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
image: hipages/php-fpm_exporter:2.2.0
imagePullPolicy: Always
env:
- name: PHP_FPM_FIX_PROCESS_COUNT
value: "true"
resources:
limits:
memory: 128Mi
requests:
cpu: 15m
memory: 32Mi
- name: nginx
image: {{.Values.nginx.image}}
{{- if .Values.nginx.resources }}
resources:
{{ toYaml .Values.nginx.resources | indent 10 }}
{{- end }}
# readinessProbe:
# httpGet:
# scheme: HTTP
# path: /index.php
# port: 8080
livenessProbe:
exec:
command:
- /bin/sh
- -c
- "[ -f /tmp/nginx.pid ] && ps -A | grep nginx"
initialDelaySeconds: 10
periodSeconds: 5
securityContext:
runAsUser: {{.Values.nginx.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
- name: fastcgi-params
mountPath: /etc/nginx/fastcgi_params
subPath: fastcgi_params
readOnly: true
- name: mime-types
mountPath: /etc/nginx/mime.types
subPath: mime.types
readOnly: true
- name: static-data
mountPath: /var/www/html
readOnly: true
ports:
- containerPort: 8080
- name: matomo
image: {{.Values.matomo.image}}
{{- if .Values.matomo.resources }}
resources:
{{ toYaml .Values.matomo.resources | indent 10 }}
{{- end }}
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
ports:
- containerPort: 9000
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-phpfpm
mountPath: /usr/local/etc/php-fpm.d/zz-global.conf
subPath: zz-global.conf
- name: matomo-dashboard-php
mountPath: /usr/local/etc/php/conf.d/zz-global.ini
subPath: zz-global.ini
{{- if .Values.xdebug.disabled }}
- name: matomo-disable-xdebug
mountPath: /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
subPath: docker-php-ext-xdebug.ini
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{ toYaml .Values.extraVolumeMounts | indent 10 }}
{{- end }}
{{- if .Values.matomo.livenessProbe }}
livenessProbe:
{{- if .Values.matomo.livenessProbe.exec }}
exec:
command:
- sh
- -c
- {{ .Values.matomo.livenessProbe.exec.command }}
initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 10 }}
periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 20 }}
timeoutSeconds: {{ .Values.matomo.livenessProbe.timeoutSeconds | default 10 }}
{{- end }}
{{- end }}
{{- if .Values.matomo.readinessProbe }}
readinessProbe:
httpGet:
path: {{ .Values.matomo.readinessProbe.httpGet.path }}
port: {{ .Values.matomo.readinessProbe.httpGet.port | default 80 }}
initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 30 }}
periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 30 }}
{{- end }}
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
volumes:
- name: nginx-conf
configMap:
name: nginx-matomo-dashboard
items:
- key: nginx.conf
path: nginx.conf
- name: fastcgi-params
configMap:
name: nginx-matomo-dashboard
items:
- key: fastcgi_params
path: fastcgi_params
- name: mime-types
configMap:
name: nginx-matomo-dashboard
items:
- key: mime.types
path: mime.types
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: matomo-phpfpm
configMap:
name: matomo-phpfpm
- name: matomo-dashboard-php
configMap:
name: matomo-dashboard-php
{{- if .Values.xdebug.disabled }}
- name: matomo-disable-xdebug
configMap:
name: matomo-disable-xdebug
{{- end }}
- name: static-data
emptyDir: {}
{{- if .Values.extraVolumes }}
{{ toYaml .Values.extraVolumes | indent 6 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: matomo-dashboard
namespace: {{.Values.namespace}}
labels:
app: matomo-dashboard
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
ports:
- port: 8080
protocol: TCP
selector:
app: matomo-dashboard
{{- end -}}
charts/matomo/templates/deployment-matomo-queuedtrackingmonitor.yaml
-68
View File
@@ -1,68 +0,0 @@
---
{{- if .Values.matomo.queuedTrackingMonitor.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: matomo-queuedtracking-monitor
namespace: {{.Values.namespace}}
labels:
app: matomo-queuedtracking-monitor
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
replicas: {{.Values.matomo.queuedTrackingMonitor.replicas | default 1}}
selector:
matchLabels:
app: matomo-queuedtracking-monitor
template:
metadata:
labels:
app: matomo-queuedtracking-monitor
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }}
spec:
{{ include "matomo.init" . | nindent 6 }}
containers:
- name: matomo
image: {{.Values.matomo.image}}
resources:
requests:
memory: "128Mi"
cpu: "300m"
limits:
memory: "180Mi"
cpu: "500m"
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
command: [ 'sh' , '-c' , 'supervisord -n' ]
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-supervisor-queuedtrackingmonitor
mountPath: /etc/supervisor.d
readOnly: true
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
volumes:
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-supervisor-queuedtrackingmonitor
configMap:
name: matomo-supervisor-queuedtrackingmonitor
{{- end -}}
charts/matomo/templates/deployment-matomo-queuedtrackingprocess.yaml
-68
View File
@@ -1,68 +0,0 @@
---
{{- if .Values.matomo.queuedTrackingProcess.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: matomo-queuedtracking-process
namespace: {{.Values.namespace}}
labels:
app: matomo-queuedtracking-process
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
replicas: {{.Values.matomo.queuedTrackingProcess.replicas}}
selector:
matchLabels:
app: matomo-queuedtracking-process
template:
metadata:
labels:
app: matomo-queuedtracking-process
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }}
spec:
{{ include "matomo.init" . | nindent 6 }}
containers:
- name: matomo
image: {{.Values.matomo.image}}
resources:
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "220Mi"
cpu: "1"
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
command: [ 'sh' , '-c' , 'supervisord -n' ]
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-supervisor-queuedtrackingprocess
mountPath: /etc/supervisor.d
readOnly: true
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
volumes:
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-supervisor-queuedtrackingprocess
configMap:
name: matomo-supervisor-queuedtrackingprocess
{{- end -}}
charts/matomo/templates/deployment-matomo-tracker.yaml
-179
View File
@@ -1,179 +0,0 @@
---
{{- if .Values.matomo.tracker.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: matomo-tracker
namespace: {{.Values.namespace}}
labels:
app: matomo-tracker
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
replicas: {{.Values.matomo.tracker.replicas}}
selector:
matchLabels:
app: matomo-tracker
template:
metadata:
labels:
app: matomo-tracker
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }}
spec:
{{ include "matomo.init" . | nindent 6 }}
containers:
- name: fpm-metrics
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
image: hipages/php-fpm_exporter:2.2.0
imagePullPolicy: Always
resources:
limits:
cpu: 40m
memory: 32Mi
requests:
cpu: 40m
memory: 32Mi
- name: nginx
image: {{.Values.nginx.image}}
{{- if .Values.matomo.tracker.nginx.resources }}
resources:
{{ toYaml .Values.matomo.tracker.nginx.resources | indent 10 }}
{{- end }}
# readinessProbe:
# httpGet:
# scheme: HTTP
# path: /matomo.js
# port: 8080
# initialDelaySeconds: 10
# periodSeconds: 5
livenessProbe:
exec:
command:
- /bin/sh
- -c
- "[ -f /tmp/nginx.pid ] && ps -A | grep nginx"
initialDelaySeconds: 10
periodSeconds: 5
securityContext:
runAsUser: {{.Values.nginx.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
- name: fastcgi-params
mountPath: /etc/nginx/fastcgi_params
subPath: fastcgi_params
readOnly: true
- name: mime-types
mountPath: /etc/nginx/mime.types
subPath: mime.types
readOnly: true
- name: static-data
mountPath: /var/www/html
readOnly: true
ports:
- containerPort: 8080
- name: matomo
image: {{.Values.matomo.image}}
{{- if .Values.matomo.tracker.resources }}
resources:
{{ toYaml .Values.matomo.tracker.resources | indent 10 }}
{{- end }}
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
command: [ 'sh' , '-c' , 'supervisord -n' ]
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-supervisor-tracker
mountPath: /etc/supervisor.d
readOnly: true
- name: matomo-phpfpm-tracker
mountPath: /usr/local/etc/php-fpm.d/zz-global.conf
subPath: zz-global.conf
{{- if .Values.matomo.livenessProbe }}
livenessProbe:
{{- if .Values.matomo.livenessProbe.exec }}
exec:
command:
- sh
- -c
- {{ .Values.matomo.livenessProbe.exec.command }}
initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 10 }}
periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 20 }}
timeoutSeconds: {{ .Values.matomo.livenessProbe.timeoutSeconds | default 10 }}
{{- end }}
{{- end }}
{{- if .Values.matomo.readinessProbe }}
readinessProbe:
httpGet:
path: {{ .Values.matomo.readinessProbe.httpGet.path }}
port: {{ .Values.matomo.readinessProbe.httpGet.port | default 80 }}
initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 5 }}
periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 5 }}
{{- end }}
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
volumes:
- name: nginx-conf
configMap:
name: nginx-matomo-tracker
items:
- key: nginx.conf
path: nginx.conf
- name: fastcgi-params
configMap:
name: nginx-matomo-tracker
items:
- key: fastcgi_params
path: fastcgi_params
- name: mime-types
configMap:
name: nginx-matomo-tracker
items:
- key: mime.types
path: mime.types
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-supervisor-tracker
configMap:
name: matomo-supervisor-tracker
- name: matomo-phpfpm-tracker
configMap:
name: matomo-phpfpm-tracker
---
apiVersion: v1
kind: Service
metadata:
name: matomo-tracker
labels:
app: matomo-tracker
spec:
ports:
- port: 8080
protocol: TCP
selector:
app: matomo-tracker
{{- end -}}
charts/matomo/templates/ingress-matomo-dashboard.yaml
-57
View File
@@ -1,57 +0,0 @@
{{- if .Values.matomo.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app: matomo-dashboard
{{- if .Values.matomo.ingress.extralabels }}
{{ toYaml .Values.matomo.ingress.extralabels | indent 4 }}
{{- end }}
name: matomo-dashboard
namespace: {{.Values.namespace}}
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/client-body-timeout: 700s
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 200m
nginx.ingress.kubernetes.io/proxy-read-timeout: 700s
{{- if .Values.matomo.ingress.annotations }}
{{- with .Values.matomo.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.matomo.dashboard.whitelist }}
nginx.ingress.kubernetes.io/whitelist-source-range: {{.Values.matomo.dashboard.whitelist | toPrettyJson}}
{{ else }}
{{- end }}
spec:
{{- if .Values.matomo.dashboard.ingressClassName }}
ingressClassName: {{.Values.matomo.dashboard.ingressClassName}}
{{- end }}
rules:
- host: {{.Values.matomo.dashboard.hostname}}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.dashboard.loadbalancer }}
name: matomo-dashboard-lb
port:
number: 80
{{ else }}
name: matomo-dashboard
port:
number: 8080
{{- end }}
{{- if .Values.matomo.dashboard.tls }}
tls:
- hosts:
- {{.Values.matomo.dashboard.hostname}}
{{- if .Values.matomo.dashboard.secretName }}
secretName: {{.Values.matomo.dashboard.secretName}}
{{- end -}}
{{- end -}}
{{- end -}}
charts/matomo/templates/ingress-matomo-tracker.yaml
-193
View File
@@ -1,193 +0,0 @@
{{- if .Values.matomo.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app: matomo-tracker
{{- if .Values.matomo.ingress.extralabels }}
{{ toYaml .Values.matomo.ingress.extralabels | indent 4 }}
{{- end }}
name: matomo-tracker
namespace: {{.Values.namespace}}
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/server-snippet: |
gzip on;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 16 128k;
gzip_http_version 1.1;
gzip_types
application/json
application/javascript;
{{- if .Values.matomo.ingress.annotations }}
{{- with .Values.matomo.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if .Values.matomo.tracker.ingressClassName }}
ingressClassName: {{.Values.matomo.tracker.ingressClassName}}
{{- end }}
rules:
- host: {{.Values.matomo.tracker.hostname}}
http:
paths:
- path: /index.php
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /piwik.php
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /piwik.js
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /matomo.php
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /matomo.js
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /js/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /plugins/HeatmapSessionRecording/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /plugins/Overlay/client/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /node_modules/jquery/dist/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /plugins/UserFeedback/lib/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /plugins/UserFeedback/css/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
{{- if .Values.matomo.tracker.tls }}
tls:
- hosts:
- {{.Values.matomo.tracker.hostname}}
{{- if .Values.matomo.tracker.secretName }}
secretName: {{.Values.matomo.tracker.secretName}}
{{- end -}}
{{- end -}}
{{- end -}}
charts/matomo/templates/loadbalancer-matomo-dashboard.yaml
-13
View File
@@ -1,13 +0,0 @@
{{- if .Values.matomo.dashboard.loadbalancer }}
apiVersion: v1
kind: Service
metadata:
name: matomo-dashboard-lb
spec:
selector:
app: matomo-dashboard
ports:
- port: 80
targetPort: 8080
type: LoadBalancer
{{- end -}}
charts/matomo/templates/loadbalancer-matomo-tracker.yaml
-13
View File
@@ -1,13 +0,0 @@
{{- if .Values.matomo.tracker.loadbalancer }}
apiVersion: v1
kind: Service
metadata:
name: matomo-tracker-lb
spec:
selector:
app: matomo-tracker
ports:
- port: 80
targetPort: 8080
type: LoadBalancer
{{- end -}}
charts/matomo/templates/post-install-job.yaml
-76
View File
@@ -1,76 +0,0 @@
{{- if .Values.matomo.postInstallCommand }}
apiVersion: batch/v1
kind: Job
metadata:
name: matomo-post-install
namespace: {{.Values.namespace}}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
partOf: matomo
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
metadata:
name: "{{ .Release.Name }}"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
restartPolicy: Never
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
containers:
- name: post-install-matomo
image: {{.Values.matomo.image}}
lifecycle:
postStart:
exec:
command: [ 'sh' , '-c' , '{{.Values.matomo.installCommand}}' ]
# To do anything with Matomo, we first need to bootstrap it (curl).
command: [ 'bash' , '-c' , 'sleep {{.Values.matomo.postInstallSleepTime}}; curl -Il https://{{.Values.matomo.dashboard.hostname}}; {{.Values.matomo.postInstallCommand}}' ]
env:
- name: MATOMO_FIRST_USER_NAME
value: {{.Values.matomo.dashboard.firstuser.username}}
- name: MATOMO_FIRST_USER_EMAIL
value: {{.Values.matomo.dashboard.firstuser.email}}
- name: MATOMO_FIRST_USER_PASSWORD
value: {{.Values.matomo.dashboard.firstuser.password}}
- name: MATOMO_DB_HOST
value: {{.Values.db.hostname}}
- name: MATOMO_DB_NAME
value: {{.Values.db.name}}
{{ if .Values.db.prefix }}
- name: MATOMO_DB_PREFIX
value: {{.Values.db.prefix}}
{{ end }}
- name: MATOMO_DB_USERNAME
value: {{.Values.db.username}}
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
volumeMounts:
- name: matomo-startup-config
mountPath: /var/www/html/config/config.ini.php
subPath: config.ini.php
{{- if .Values.extraVolumeMounts }}
{{ toYaml .Values.extraVolumeMounts | indent 8 }}
{{- end }}
volumes:
- name: matomo-startup-config
configMap:
name: matomo-startup-config
{{- if .Values.extraVolumes }}
{{ toYaml .Values.extraVolumes | indent 8 }}
{{- end }}
{{- end -}}
charts/matomo/templates/pre-upgrade-job.yaml
-72
View File
@@ -1,72 +0,0 @@
{{- if .Values.matomo.preUpgradeCommand }}
apiVersion: batch/v1
kind: Job
metadata:
name: matomo-pre-upgrade
namespace: {{.Values.namespace}}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
partOf: matomo
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
metadata:
name: "{{ .Release.Name }}"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
restartPolicy: Never
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
containers:
- name: pre-upgrade-matomo
image: {{.Values.matomo.image}}
volumeMounts:
- name: matomo-startup-config
mountPath: /var/www/html/config/config.ini.php
subPath: config.ini.php
- name: matomo-pre-upgrade-additional-config-maps
mountPath: /var/www/html/config/common.config.ini.php
subPath: common.config.ini.php
# To do anything with Matomo, we first need to bootstrap it (curl).
command: [ 'bash' , '-c' , 'sleep {{.Values.matomo.preUpgradeSleepTime}}; curl -Il https://{{.Values.matomo.dashboard.hostname}}; {{.Values.matomo.preUpgradeCommand}}' ]
env:
- name: MATOMO_FIRST_USER_NAME
value: {{.Values.matomo.dashboard.firstuser.username}}
- name: MATOMO_FIRST_USER_EMAIL
value: {{.Values.matomo.dashboard.firstuser.email}}
- name: MATOMO_FIRST_USER_PASSWORD
value: {{.Values.matomo.dashboard.firstuser.password}}
- name: MATOMO_DB_HOST
value: {{.Values.db.hostname}}
- name: MATOMO_DB_NAME
value: {{.Values.db.name}}
{{ if .Values.db.prefix }}
- name: MATOMO_DB_PREFIX
value: {{.Values.db.prefix}}
{{ end }}
- name: MATOMO_DB_USERNAME
value: {{.Values.db.username}}
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
volumes:
- name: matomo-startup-config
configMap:
name: matomo-startup-config
{{ if .Values.extraConfigMaps.create }}
- name: matomo-pre-upgrade-additional-config-maps
configMap:
name: matomo-pre-upgrade-additional-config-maps
{{- end }}
{{- end -}}
charts/matomo/templates/secrets-extra.yaml
-15
View File
@@ -1,15 +0,0 @@
{{- if .Values.extraSecrets.create -}}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: matomo-extra-secrets
namespace: {{.Values.namespace}}
data:
{{- if and .Values.extraSecrets.create .Values.extraSecrets.data }}
{{- range $index, $content := .Values.extraSecrets.data }}
{{ $index }}: |-
{{ $content | indent 4 }}
{{- end }}
{{- end }}
{{- end }}
charts/matomo/templates/services-extra.yaml
-27
View File
@@ -1,27 +0,0 @@
{{- range $service := .Values.extraServices }}
apiVersion: v1
kind: Service
metadata:
name: matomo-extra-{{ $service.name }}
spec:
type: {{ $service.type }}
ports:
- port: {{ $service.port }}
targetPort: {{ $service.name }}
protocol: {{ $service.protocol }}
name: {{ $service.name }}
{{- if and ( or (eq $service.type "LoadBalancer") (eq $service.type "NodePort") ) ($service.nodePort) }}
nodePort: {{ $service.nodePort }}
{{- end }}
{{- if and (eq $service.type "LoadBalancer") ($service.loadBalancerIP) }}
loadBalancerIP: {{ $service.loadBalancerIP }}
{{- end }}
{{- if $service.clusterIP }}
clusterIP: {{ $service.clusterIP }}
{{- end }}
selector:
{{- range $index, $content := $service.selector }}
{{ $index }}: {{ $content }}
{{- end }}
---
{{- end }}
charts/matomo/values.yaml
-184
View File
@@ -1,184 +0,0 @@
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
##
global:
## As:
## imageRegistry: "docker.io"
imageRegistry: ""
## As:
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
namespace: matomo
matomo:
imageRegistry: ""
## As:
## imagePullSecrets:
## - myRegistryKeySecretName
imagePullSecrets: []
image: digitalist/matomo:5.2.1
runAsUser: 82
installCommand: ./console plugin:activate ExtraTools && ./console matomo:install --install-file=/tmp/matomo/install.json --force --do-not-drop-db
# Post install for helm chart. Starts a post-install-job.
postInstallSleepTime: 5
postInstallCommand: ""
preUpgradeSleepTime: 5
preUpgradeCommand: ""
extralabels: {}
## If you have a premium license for plugins, set it here.
## you need to create the secret before referring it.
## As:
## license:
## secretKeyRef:
## name: matomo-license
## key: matomo-license
license:
ingress:
enabled: true
extralabels: {}
annotations:
digitalist.cloud/instance: "matomo"
cli:
replicas: 1
enabled: true
cronJobs:
coreArchive:
enabled: true
labels:
name: matomo-jobs-corearchive
instance: matomo
component: cronjob
partOf: matomo
managedBy: helm
schedule: "*/60 * * * *"
concurrencyPolicy: Allow
activeDeadlineSeconds: 43200
command: ./console core:archive --disable-scheduled-tasks
scheduledTasks:
php:
enabled: true
labels:
name: matomo-jobs-scheduled-tasks
instance: matomo
component: cronjob
partOf: matomo
managedBy: helm
schedule: "*/60 * * * *"
activeDeadlineSeconds: 43200
command: ./console scheduled-tasks:run
dashboard:
sidecars: []
## added like this:
# sidecars:
# - name: fpm-metrics
# image: hipages/php-fpm_exporter:2.2.0
# imagePullPolicy: IfNotPresent
# resources:
# limits:
# cpu: 500m
# memory: 256Mi
# requests:
# cpu: 40m
# memory: 32Mi
enabled: true
replicas: 1
loadbalancer: false
hostname: my.host
tls: false
firstuser:
username: admin
password: admin123
email: foo@example.com
nginx:
nginxWorkerProcesses: 5
ingressClassName: ""
queuedTrackingMonitor:
enabled: true
queuedTrackingProcess:
replicas: 1
tracker:
enabled: true
replicas: 1
hostname: my.host
tls: false
loadbalancer: false
nginx:
resources:
nginxWorkerProcesses: 5
phpfpm:
type: ondemand
max_children: 75
process_idle_timeout: 600s
max_requests: 500
ingressClassName: ""
nginx:
image: digitalist/nginx:1.21.6
imagePullSecrets: []
runAsUser: 100
db:
hostname: matomo-db-mysql
password:
secretKeyRef:
name: matomo-db-mysql
key: mysql-root-password
name: matomo
username: root
prefix: matomo_
xdebug:
disabled: 1
extraSecrets:
create: false
data: {}
# * secrets need to base64 encoded.
# data:
# name: Zm9vCg==
# bar: YmFyCg==
extraServices: {}
# - name: foo
## Service port type
# type: ClusterIP
## Service protocol
# protocol: TCP
## The container target port
# containerPort: 12001
## The service port
# port: 12001
# selector:
# app: matomo-dashboard
## The node port (only relevant for type LoadBalancer or NodePort)
# nodePort:
## The cluster ip address (only relevant for type LoadBalancer or NodePort)
# clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
# loadBalancerIP:
extraConfigMaps:
create: true
data: {}
# data:
# my.ini: |
# extension=foo.so
# foo.socket=tcp://bar:9309
extraVolumes: []
# extraVolumes:
# - name: mySecretVolume
# secret:
# secretName: matomo-extra-secrets
# - name: my.ini
# configMap:
# name: matomo-additional-config-maps
# items:
# - key: "my.ini"
# path: "my.ini"
extraVolumeMounts: []
# extraVolumeMounts:
# - name: mySecretVolume
# mountPath: /foo/secrets/mySecretVolume/
# - name: my.ini
# mountPath: /usr/local/etc/php/conf.d/my.ini
# subPath: my.ini
charts/sorcerer/templates/cluster.yaml
-2
View File
@@ -22,5 +22,3 @@ spec:
storage: storage:
size: {{ .Values.cluster.size | default "5Gi" }} size: {{ .Values.cluster.size | default "5Gi" }}
{{- end }} {{- end }}
helmfile.d/matomo.yaml.gotmpl → helmfile.d/umami.yaml.gotmpl
+12 -12
View File
@@ -4,35 +4,35 @@ bases:
- ../envs/environments.yaml.gotmpl - ../envs/environments.yaml.gotmpl
repositories: repositories:
- name: bitnami - name: umami
url: https://charts.bitnami.com/bitnami url: https://charts.christianhuth.de
commonLabels: commonLabels:
tier: system tier: system
releases: releases:
- name: matomo - name: umami
namespace: analytics namespace: analytics
chart: bitnami/matomo chart: bitnami/umami
version: 11.0.0 version: 11.0.0
condition: matomo.enabled condition: umami.enabled
values: values:
- ../values/matomo/values/values.yaml - ../values/umami/values/values.yaml
- ../values/matomo/values/values-{{ .Environment.Name }}.yaml - ../values/umami/values/values-{{ .Environment.Name }}.yaml
postRenderer: ../bin/kustomizer postRenderer: ../bin/kustomizer
postRendererArgs: postRendererArgs:
- ../values/matomo/kustomize/{{ .Environment.Name }} - ../values/umami/kustomize/{{ .Environment.Name }}
missingFileHandler: Info missingFileHandler: Info
- name: manifests - name: manifests
namespace: analytics namespace: analytics
chart: manifests chart: manifests
condition: matomo.enabled condition: umami.enabled
missingFileHandler: Info missingFileHandler: Info
values: values:
- ../values/env.yaml - ../values/env.yaml
- ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
- ../values/matomo/env.yaml.gotmpl - ../values/umami/env.yaml.gotmpl
- ../values/matomo/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl - ../values/umami/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
hooks: hooks:
- events: [ prepare, cleanup ] - events: [ prepare, cleanup ]
showlogs: true showlogs: true
@@ -41,5 +41,5 @@ releases:
- '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
- '{{`{{ .Release.Chart }}`}}' - '{{`{{ .Release.Chart }}`}}'
- '{{`{{ .Environment.Name }}`}}' - '{{`{{ .Environment.Name }}`}}'
- ../values/matomo/manifests - ../values/umami/manifests
- manifests - manifests
values/matomo/README.md
-4
View File
@@ -1,4 +0,0 @@
# Matomo
TO-DO:
- [ ] Move to Digitalist [Chart](https://github.com/Digitalist-Open-Cloud/matomo-kubernetes)
values/matomo/values/values-prod.yaml
-261
View File
@@ -1,261 +0,0 @@
global:
security:
## @param global.security.allowInsecureImages Allows skipping image verification
allowInsecureImages: true
usePasswordFiles: false
image:
# repository: digitalist/matomo
repository: bitnamilegacy/matomo
pullPolicy: IfNotPresent
replicaCount: 1
matomoUsername: admin
matomoPassword: "en to tre fire"
matomoEmail: user@example.com
matomoWebsiteName: oceanbox
matomoWebsiteHost: https://matomo.adm.oceanbox.io
matomoSkipInstall: false
allowEmptyPassword: false
updateStrategy:
type: RollingUpdate
existingSecret: ""
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/containers/tree/main/bitnami/matomo/#smtp-configuration
## @param smtpAuth SMTP authentication mechanism (options: Plain, Login, Cram-md5)
## @param smtpHost SMTP host
## @param smtpPort SMTP port
## @param smtpUser SMTP user
## @param smtpPassword SMTP password
## @param smtpProtocol SMTP Protocol (options: ssl,tls, nil)
## @param noreplyName Noreply name
## @param noreplyAddress Noreply address
##
smtpAuth: ""
smtpHost: ""
smtpPort: ""
smtpUser: ""
smtpPassword: ""
smtpProtocol: ""
noreplyName: ""
noreplyAddress: ""
## @param smtpExistingSecret The name of an existing secret with SMTP credentials
## NOTE: Must contain key `smtp-password`
## NOTE: When it's set, the `smtpPassword` parameter is ignored
##
smtpExistingSecret: ""
## @param containerPorts [object] Container ports
##
containerPorts:
http: 8080
https: 8443
persistence:
## @param persistence.enabled Enable persistence using PVC
##
enabled: true
## @param persistence.storageClass PVC Storage Class for Matomo volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.accessModes PVC Access Mode for Matomo volume
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
accessModes:
- ReadWriteOnce
## @param persistence.size PVC Storage Request for Matomo volume
##
size: 8Gi
## @param persistence.dataSource Custom PVC data source
##
dataSource: {}
## @param persistence.existingClaim A manually managed Persistent Volume Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
existingClaim: ""
## @param persistence.hostPath If defined, the matomo-data volume will mount to the specified hostPath.
## Requires persistence.enabled: true
## Requires persistence.existingClaim: nil|false
## Default: nil.
##
hostPath: ""
## @param persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## @param persistence.selector Selector to match an existing Persistent Volume for Matomo data PVC
## If set, the PVC can't have a PV dynamically provisioned for it
## E.g.
## selector:
## matchLabels:
## app: my-app
##
selector: {}
ingress:
## @param ingress.enabled Enable ingress controller resource
##
enabled: true
## @param ingress.pathType Ingress Path type
##
pathType: ImplementationSpecific
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: nginx
## @param ingress.hostname Default host for the ingress resource
##
hostname: "matomo.adm.oceanbox.io"
## @param ingress.path The Path to Matomo. You may need to set this to '/*' in order to use this
## with ALB ingress controllers.
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/ssl-redirect: "true"
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: true
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:
## - name: matomo.local-tls
## key:
## certificate:
##
secrets: []
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## @section Database parameters
##
## MariaDB chart configuration
## https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml
##
mariadb:
## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements
## To use an external database set this to false and configure the externalDatabase parameters
##
enabled: true
## @param mariadb.architecture MariaDB architecture (`standalone` or `replication`)
##
architecture: standalone
## MariaDB Authentication parameters
## @param mariadb.auth.rootPassword Password for the MariaDB `root` user
## @param mariadb.auth.database Database name to create
## @param mariadb.auth.username Database user to create
## @param mariadb.auth.password Password for the database
##
auth:
usePasswordFiles: false
# existingSecret: matomo-mariadb
## ref: https://github.com/bitnami/containers/tree/main/bitnami/mariadb#setting-the-root-password-on-first-run
##
rootPassword: en to tre fire
# ref: https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-on-first-run
##
database: bitnami_matomo
## ref: https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-user-on-first-run
##
username: bn_matomo
password: test
# passwordUpdateJob:
# enabled: true
primary:
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## @param mariadb.primary.persistence.enabled Enable database persistence using PVC
## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class
## @param mariadb.primary.persistence.accessModes Database Persistent Volume Access Modes
## @param mariadb.primary.persistence.size Database Persistent Volume Size
## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production)
## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas
##
persistence:
enabled: true
## mariadb data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
accessModes:
- ReadWriteOnce
size: 8Gi
## MariaDB primary container's resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param mariadb.primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
resourcesPreset: "micro"
## @param mariadb.primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
externalDatabase:
host: matomo-mariadb
port: 3306
user: bn_matomo
database: bitnami_matomo
existingSecret: matomo-mariadb
# existingSecretPasswordKey: mariadb-password
values/umami/README.md
+1
View File
@@ -0,0 +1 @@
# Umami
values/matomo/env-oceanbox.yaml.gotmpl → values/umami/env-oceanbox.yaml.gotmpl
+1 -1
View File
@@ -1,3 +1,3 @@
matomo: umami:
enabled: {{ if eq .Environment.Name "prod" }} true {{ else }} false {{ end }} enabled: {{ if eq .Environment.Name "prod" }} true {{ else }} false {{ end }}
env: prod env: prod
values/matomo/env.yaml.gotmpl → values/umami/env.yaml.gotmpl
+1 -1
View File
@@ -1,4 +1,4 @@
matomo: umami:
enabled: false enabled: false
autosync: {{ if eq .Environment.Name "prod" }} false {{ else }} true {{ end }} autosync: {{ if eq .Environment.Name "prod" }} false {{ else }} true {{ end }}
env: {{ .Environment.Name }} env: {{ .Environment.Name }}
values/umami/manifests/cluster.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: prod-umami-db
namespace: analytics
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:17.2-27-bookworm
storage:
resizeInUseVolumes: true
size: 10Gi
backup:
retentionPolicy: 15d
target: prefer-standby
values/matomo/manifests/policy.yaml → values/umami/manifests/policy.yaml
View File
values/matomo/manifests/matomo.yaml → values/umami/manifests/umami.yaml
+4 -4
View File
@@ -2,7 +2,7 @@
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
name: matomo name: umami
namespace: argocd namespace: argocd
annotations: annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
@@ -23,9 +23,9 @@ spec:
- name: CLUSTER_NAME - name: CLUSTER_NAME
value: {{ .Values.clusterConfig.cluster }} value: {{ .Values.clusterConfig.cluster }}
- name: HELMFILE_ENVIRONMENT - name: HELMFILE_ENVIRONMENT
value: {{ .Values.matomo.env }} value: {{ .Values.umami.env }}
- name: HELMFILE_FILE_PATH - name: HELMFILE_FILE_PATH
value: matomo.yaml.gotmpl value: umami.yaml.gotmpl
syncPolicy: syncPolicy:
managedNamespaceMetadata: managedNamespaceMetadata:
labels: labels:
@@ -34,7 +34,7 @@ spec:
- CreateNamespace=true - CreateNamespace=true
- ApplyOutOfSyncOnly=true - ApplyOutOfSyncOnly=true
# - ServerSideApply=true # - ServerSideApply=true
{{- if .Values.matomo.autosync }} {{- if .Values.umami.autosync }}
automated: automated:
prune: true prune: true
# selfHeal: false # selfHeal: false
values/umami/values/values-prod.yaml
+149
View File
@@ -0,0 +1,149 @@
image:
# -- image registry
# registry: ghcr.io
# -- image repository
repository: umami-software/umami
# -- image pull policy
# pullPolicy:
# -- Overrides the image tag
tag: "postgresql-v2.19.0"
replicaCount: 1
revisionHistoryLimit: 10
# -- Resource limits and requests for the controller pods.
resources:
limits:
# cpu: 100m
# ephemeral-storage: 2Gi
memory: 150Mi
requests:
cpu: 100m
# ephemeral-storage: 50Mi
memory: 150Mi
securityContext:
runAsGroup: 65533
runAsNonRoot: true
runAsUser: 1001
serviceAccount:
create: true
automountServiceAccountToken: true
# annotations: {}
# name: ""
service:
# -- Kubernetes service type
type: ClusterIP
# -- Kubernetes port where service is exposed
port: 3000
ingress:
# -- Enable ingress record generation
enabled: true
# -- IngressClass that will be be used to implement the Ingress
className: nginx
# -- Additional annotations for the Ingress resource
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/ssl-redirect: "true"
# -- An array with hosts and paths
# @default -- see [values.yaml](./values.yaml)
hosts:
- host: umami.srv.oceanbox.io
paths:
- path: /
pathType: ImplementationSpecific
# -- An array with the tls configuration
tls:
- secretName: umami-tls
hosts:
- umami.srv.oceanbox.io
umami:
appSecret:
# -- Name of an existing secret containing the app secret under the key app-secret.
existingSecret: ""
# -- A random string used to generate unique values.
secret: ""
# -- HTTP header to check for the client's IP address. This is useful when you're behind a proxy that uses non-standard headers.
clientIpHeader: ""
# -- Disables users, teams, and websites settings page.
cloudMode: "0"
# -- Allows you to send metrics to a location different than the default `/api/send`. This is to help you avoid some ad-blockers.
collectApiEndpoint: ""
# -- How many seconds a CORS preflight should last. Default is 24 hours.
corsMaxAge: "86400"
customScript:
# -- Create and mount a ConfigMap with a custom script
enabled: false
# -- The custom script
data: ""
# -- Key in the ConfigMap
key: "script.js"
# -- The path to mount the custom script to
mountPath: "/app/public/script.js"
# -- Console logging for specific areas of the application. Values include `umami:auth`, `umami:clickhouse`, `umami:kafka`, `umami:middleware`, and `umami:prisma`.
debug: ""
# -- By default bots are excluded from statistics. This disables checking for bots.
disableBotCheck: "1"
# -- Disables the login page for the application
disableLogin: "1"
# -- Umami collects completely anonymous telemetry data in order help improve the application. You can choose to disable this if you don't want to participate.
disableTelemetry: "1"
# -- Disables the check for new versions of Umami
disableUpdates: "1"
# -- Enables the internal test page, {host}/console. Admin access is required. Users can manually fire pageviews and events to their websites.
enableTestConsole: "1"
# -- This will redirect all requests from http to https in the Umami application. Note, this does not apply to the tracking script.
forceSSL: "1"
# -- hostname under which Umami will be reached
hostname: "0.0.0.0"
# -- This will do a DNS lookup on a hostname and the resulting IP address will be ignored. This can be a comma delimited list of hostnames.
ignoreHostname: ""
# -- You can provide a comma-delimited list of IP address to exclude from data collection.
ignoredIpAddresses: ""
# -- If you are running in development mode, this will log database queries to the console for debugging.
logQuery: "1"
migration:
v1v2:
# -- enable a job that migrates database structure from v1 to v2
enabled: false
# -- setting this to true removes the environment variable DISABLE_LOGIN defined in `umami.disableLogin` from the deployment as this caused errors in some setups
removeDisableLoginEnv: true
# -- Removes the trailing slash from all incoming urls.
removeTrailingSlash: "1"
# -- Allows you to assign a custom name to the tracker script different from the default umami. This is to help you avoid some ad-blockers.
trackerScriptName: "umami"
postgresql:
enabled: false
mysql:
enabled: false
externalDatabase:
auth:
# -- Name of the database to use
database: app
# -- Password to use
# password: mychart
# -- Name of the user to use
username: app
# -- Hostname of the database
hostname: prod-umami-db-rw
# -- Port used to connect to database
port: 5432
# -- Type of database
type: postgresql
database:
# -- Key in the existing secret containing the database url
databaseUrlKey: database-url
# -- use an existing secret containing the database url. If none given, we will generate the database url by using the other values. The password for the database has to be set using `.Values.postgresql.auth.password`, `.Values.mysql.auth.password` or `.Values.externalDatabase.auth.password`.
existingSecret: umami-database-url