platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

feat: Add Matomo Chart for analytics

Browse Source 
Also adds the Digitalist Chart as Backup in case the
bitnami one stops working.
This commit is contained in:
Moritz Jörg
2025-09-11 10:25:17 +02:00
parent e427af50ce
commit 8f46e45cfb
40 changed files with 3733 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
charts/matomo/Chart.yaml
+5
View File
@@ -0,0 +1,5 @@
apiVersion: v2
appVersion: "5.3.2"
description: A Helm chart for Matomo
name: matomo
version: 11.0.53
charts/matomo/templates/NOTES.txt
+26
View File
@@ -0,0 +1,26 @@
Thank you for installing {{ .Chart.Name }} from Digitalist.
{{- if empty (.Values.matomo.dashboard.hostname) -}}
###############################################################################
### ERROR: You didn't provide a host for matomo dashboard ###
###############################################################################
{{- end -}}
{{- if empty (.Values.matomo.tracker.hostname) -}}
###############################################################################
### ERROR: You didn't provide a host for matomo tracker ###
###############################################################################
{{- end -}}
Your release is named {{ .Release.Name }}.
At post install, job tuns on the install, and creates the first
site, this could fail a couple of times, but should succeed in the end.
After installation is complete, you can access your website by this url:
{{ .Values.matomo.dashboard.hostname }}
To learn more about the release, try:
$ helm status {{ .Release.Name }}
$ helm get all {{ .Release.Name }}
charts/matomo/templates/_helpers.tpl
+91
View File
@@ -0,0 +1,91 @@
{{/* Generate basic labels */}}
{{- define "matomo.labels" }}
labels:
app.kubernetes.io/name: {{ .name }}
app.kubernetes.io/instance: {{ .instance }}
app.kubernetes.io/component: {{ .component }}
app.kubernetes.io/part-of: {{ .partOf }}
app.kubernetes.io/managed-by: {{ .managedBy }}
{{- end }}
{{- define "matomo.images.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- if .global }}
{{- range .global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "matomo.license" -}}
{{- if .Values.matomo.license }}
- name: MATOMO_LICENSE
valueFrom:
secretKeyRef:
name: {{ .Values.matomo.license.secretKeyRef.name }}
key: {{ .Values.matomo.license.secretKeyRef.key }}
{{- end -}}
{{- end -}}
{{- define "matomo.init" -}}
initContainers:
- name: matomo-init
image: {{.Values.matomo.image}}
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_FIRST_USER_NAME
value: {{.Values.matomo.dashboard.firstuser.username}}
- name: MATOMO_FIRST_USER_EMAIL
value: {{.Values.matomo.dashboard.firstuser.email}}
- name: MATOMO_FIRST_USER_PASSWORD
value: {{.Values.matomo.dashboard.firstuser.password}}
- name: MATOMO_DB_HOST
value: {{.Values.db.hostname}}
- name: MATOMO_DB_NAME
value: {{.Values.db.name}}
{{ if .Values.db.prefix }}
- name: MATOMO_DB_PREFIX
value: {{.Values.db.prefix}}
{{ end }}
- name: MATOMO_DB_USERNAME
value: {{.Values.db.username}}
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 4 }}
command: [ 'sh' , '-c' , 'rsync -crlOt --no-owner --no-group --no-perms /usr/src/matomo/ /var/www/html/ && {{.Values.matomo.installCommand}}' ]
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-configuration
mountPath: /tmp/matomo/
readOnly: true
{{- end -}}
charts/matomo/templates/configmap-matomo-cronjob-php.yaml
+44
View File
@@ -0,0 +1,44 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-cronjob-php
namespace: {{.Values.namespace}}
{{- if .Values.matomo.php }}
data:
zz-global.ini: |
expose_php={{ .Values.matomo.php.expose_php | default "Off" }}
opcache.memory_consumption={{ .Values.matomo.php.opcache_memory_consumption | default "512" }}
opcache.jit_buffer_size={{ .Values.matomo.php.opcache_jit_buffer_size | default "256M" }}
opcache.jit={{ .Values.matomo.php.opcache_jit | default "1235" }}
max_execution_time={{ .Values.matomo.php.max_execution_time | default "0" }}
post_max_size={{ .Values.matomo.php.post_max_size | default "1500M" }}
upload_max_filesize={{ .Values.matomo.php.upload_max_filesize | default "32M" }}
max_input_time={{ .Values.matomo.php.max_input_time | default "3600" }}
max_file_uploads={{ .Values.matomo.php.opcache_max_file_upload| default "300" }}
memory_limit={{ .Values.matomo.php.memory_limit | default "2G" }}
display_errors={{ .Values.matomo.php.display_errors | default "Off" }}
error_reporting={{ .Values.matomo.php.error_reporting | default "22527" }}
mysqli.reconnect={{ .Values.matomo.php.mysqli_reconnect | default "On" }}
mysqli.allow_local_infile={{ .Values.matomo.php.mysqli_allow_local_infile | default "On" }}
default_socket_timeout={{ .Values.matomo.php.default_socket_timeout | default "20" }}
max_input_vars={{ .Values.matomo.php.max_input_vars | default "2000" }}
{{ else }}
data:
zz-global.ini: |
expose_php=Off
opcache.memory_consumption=512
opcache.jit_buffer_size=256M
opcache.jit=1235
max_execution_time=0
post_max_size=1500M
upload_max_filesize=32M
max_input_time=1800
max_file_uploads="300"
memory_limit=2G
display_errors=Off
error_reporting="22527"
mysqli.reconnect=On
mysqli.allow_local_infile=On
default_socket_timeout=20
max_input_vars=2000
{{- end }}
charts/matomo/templates/configmap-matomo-dashboard-php.yaml
+46
View File
@@ -0,0 +1,46 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-dashboard-php
namespace: {{.Values.namespace}}
{{- if .Values.matomo.php }}
data:
zz-global.ini: |
expose_php={{ .Values.matomo.php.expose_php | default "Off" }}
opcache.memory_consumption={{ .Values.matomo.php.opcache_memory_consumption | default "512" }}
opcache.interned_strings_buffer={{ .Values.matomo.php.opcache_interned_strings_buffer | default "16" }}
opcache.save_comments={{ .Values.matomo.php.opcache_save_comments | default "1" }}
opcache.jit_buffer_size={{ .Values.matomo.php.opcache_jit_buffer_size | default "256M" }}
opcache.jit={{ .Values.matomo.php.opcache_jit | default "1235" }}
max_execution_time={{ .Values.matomo.php.max_execution_time | default "300" }}
post_max_size={{ .Values.matomo.php.post_max_size | default "1500M" }}
upload_max_filesize={{ .Values.matomo.php.upload_max_filesize | default "32M" }}
max_input_time={{ .Values.matomo.php.max_input_time | default "3600" }}
max_file_uploads={{ .Values.matomo.php.opcache_max_file_upload| default "300" }}
memory_limit={{ .Values.matomo.php.memory_limit | default "2G" }}
display_errors={{ .Values.matomo.php.display_errors | default "Off" }}
error_reporting={{ .Values.matomo.php.error_reporting | default "22527" }}
mysqli.reconnect={{ .Values.matomo.php.mysqli_reconnect | default "On" }}
mysqli.allow_local_infile={{ .Values.matomo.php.mysqli_allow_local_infile | default "On" }}
default_socket_timeout={{ .Values.matomo.php.default_socket_timeout | default "20" }}
{{ else }}
data:
zz-global.ini: |
expose_php=Off
opcache.memory_consumption=512
opcache.interned_strings_buffer=16
opcache.save_comments=1
opcache.jit_buffer_size=256M
opcache.jit=1235
max_execution_time=300
post_max_size=1500M
upload_max_filesize=32M
max_input_time=3600
max_file_uploads="300"
memory_limit=2G
display_errors=Off
error_reporting="22527"
mysqli.reconnect="On"
mysqli.allow_local_infile="On"
default_socket_timeout="20"
{{- end }}
charts/matomo/templates/configmap-matomo-disable-xdebug.yaml
+8
View File
@@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-disable-xdebug
namespace: {{.Values.namespace}}
data:
docker-php-ext-xdebug.ini: |
; turned off
charts/matomo/templates/configmap-matomo-phpfpm-tracker.yaml
+32
View File
@@ -0,0 +1,32 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-phpfpm-tracker
namespace: {{.Values.namespace}}
{{- if .Values.matomo.tracker.phpfpm }}
data:
zz-global.conf: |
[www]
pm = {{ .Values.matomo.tracker.phpfpm.type | default "ondemand" }}
pm.max_children = {{ .Values.matomo.tracker.phpfpm.max_children | default 75 }}
pm.process_idle_timeout = {{ .Values.matomo.tracker.phpfpm.process_idle_timeout | default "600s" }}
pm.max_requests = {{ .Values.matomo.tracker.phpfpm.max_requests | default 500 }}
pm.start_servers = {{ .Values.matomo.tracker.phpfpm.start_servers | default 5 }}
pm.min_spare_servers = {{ .Values.matomo.tracker.phpfpm.min_spare_servers | default 5 }}
pm.max_spare_servers = {{ .Values.matomo.tracker.phpfpm.max_spare_servers | default 75 }}
php_admin_value[memory_limit] = {{ .Values.matomo.tracker.phpfpm.memory_limit | default "2048M" }}
pm.status_path = {{ .Values.matomo.tracker.phpfpm.status_path | default "/status" }}
{{ else }}
data:
zz-global.conf: |
[www]
pm = "ondemand"
pm.max_children = 75
pm.process_idle_timeout = "10s"
pm.max_requests = 500
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 75
php_admin_value[memory_limit] = "2048M"
pm.status_path = "/status"
{{- end }}
charts/matomo/templates/configmap-matomo-phpfpm.yaml
+32
View File
@@ -0,0 +1,32 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-phpfpm
namespace: {{.Values.namespace}}
{{- if .Values.matomo.phpfpm }}
data:
zz-global.conf: |
[www]
pm = {{ .Values.matomo.phpfpm.type | default "ondemand" }}
pm.max_children = {{ .Values.matomo.phpfpm.max_children | default 100 }}
pm.start_servers = {{ .Values.matomo.phpfpm.start_servers | default 5 }}
pm.min_spare_servers = {{ .Values.matomo.phpfpm.min_spare_servers | default 5 }}
pm.max_spare_servers = {{ .Values.matomo.phpfpm.max_spare_servers | default 75 }}
pm.max_requests = {{ .Values.matomo.phpfpm.max_requests | default 500 }}
pm.process_idle_timeout = {{ .Values.matomo.phpfpm.process_idle_timeout | default "480s" }}
php_admin_value[memory_limit] = {{ .Values.matomo.phpfpm.memory_limit | default "2048M" }}
pm.status_path = {{ .Values.matomo.phpfpm.status_path | default "/status" }}
{{ else }}
data:
zz-global.conf: |
[www]
php_admin_value[memory_limit] = "2048M"
pm ="ondemand"
pm.max_children = 100
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 75
pm.max_requests = 500
pm.process_idle_timeout = "480s"
pm.status_path = "/status"
{{- end }}
charts/matomo/templates/configmap-matomo-scheduledtasks-php.yaml
+44
View File
@@ -0,0 +1,44 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-scheduledtasks-php
namespace: {{.Values.namespace}}
{{- if .Values.matomo.cronJobs.scheduledTasks.php }}
data:
zz-global.ini: |
expose_php={{ .Values.matomo.cronJobs.scheduledTasks.php.expose_php | default "Off" }}
opcache.memory_consumption={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_memory_consumption | default "512" }}
opcache.jit_buffer_size={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_jit_buffer_size | default "256M" }}
opcache.jit={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_jit | default "1235" }}
max_execution_time={{ .Values.matomo.cronJobs.scheduledTasks.php.max_execution_time | default "0" }}
post_max_size={{ .Values.matomo.cronJobs.scheduledTasks.php.post_max_size | default "1500M" }}
upload_max_filesize={{ .Values.matomo.cronJobs.scheduledTasks.php.upload_max_filesize | default "32M" }}
max_input_time={{ .Values.matomo.cronJobs.scheduledTasks.php.max_input_time | default "3600" }}
max_file_uploads={{ .Values.matomo.cronJobs.scheduledTasks.php.opcache_max_file_upload| default "300" }}
memory_limit={{ .Values.matomo.cronJobs.scheduledTasks.php.memory_limit | default "4G" }}
display_errors={{ .Values.matomo.cronJobs.scheduledTasks.php.display_errors | default "Off" }}
error_reporting={{ .Values.matomo.cronJobs.scheduledTasks.php.error_reporting | default "22527" }}
mysqli.reconnect={{ .Values.matomo.cronJobs.scheduledTasks.php.mysqli_reconnect | default "On" }}
mysqli.allow_local_infile={{ .Values.matomo.cronJobs.scheduledTasks.php.mysqli_allow_local_infile | default "On" }}
default_socket_timeout={{ .Values.matomo.cronJobs.scheduledTasks.php.default_socket_timeout | default "20" }}
max_input_vars={{ .Values.matomo.cronJobs.scheduledTasks.php.max_input_vars | default "2000" }}
{{ else }}
data:
zz-global.ini: |
expose_php=Off
opcache.memory_consumption=512
opcache.jit_buffer_size=256M
opcache.jit=1235
max_execution_time=0
post_max_size=1500M
upload_max_filesize=32M
max_input_time=1800
max_file_uploads="300"
memory_limit=4G
display_errors=Off
error_reporting="22527"
mysqli.reconnect=On
mysqli.allow_local_infile=On
default_socket_timeout=20
max_input_vars=2000
{{- end }}
charts/matomo/templates/configmap-matomo.yaml
+130
View File
@@ -0,0 +1,130 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-configuration
namespace: {{.Values.namespace}}
{{- if .Values.matomo.config }}
data:
install.json: |-
{{ .Values.matomo.config | toJson }}
{{ else }}
data:
install.json: |
{
"PluginsInstalled": [
"Diagnostics",
"DBStats",
"Login",
"CoreAdminHome",
"UsersManager",
"SitesManager",
"Installation",
"Monolog",
"Intl",
"CorePluginsAdmin",
"CoreHome",
"WebsiteMeasurable",
"CoreVisualizations",
"Proxy",
"API",
"Transitions",
"Actions",
"Referrers",
"UserLanguage",
"DevicesDetection",
"Goals",
"SEO",
"Events",
"UserCountry",
"GeoIp2",
"VisitsSummary",
"VisitFrequency",
"VisitTime",
"VisitorInterest",
"CoreUpdater",
"CoreConsole",
"UserCountryMap",
"Live",
"ImageGraph",
"Annotations",
"Insights",
"Morpheus",
"Contents",
"DevicePlugins",
"UserId",
"CustomJsTracker",
"ExtraTools",
"LanguagesManager",
"SegmentEditor",
"Dashboard",
"ScheduledReports",
"PrivacyManager",
"CustomVariables",
"IntranetMeasurable",
"Widgetize",
"MultiSites",
"Ecommerce",
"RssWidget",
"Feedback",
"TwoFactorAuth",
"MobileMessaging",
"Overlay",
"BulkTracking",
"Resolution",
"Heartbeat",
"Marketplace",
"ProfessionalServices",
"UserConsole"
],
"Site": {
"name": "Localhost",
"url": "https://localhost"
},
"Config": {
"log": {
"log_level": "ERROR"
},
"General": {
"show_update_notification_to_superusers_only": 1,
"noreply_email_address": "noreply@digitalistgroup.com",
"enable_framed_pages": 1,
"enable_framed_settings": 1,
"enable_trusted_host_check": 0,
"enable_plugin_update_communication": 0,
"enable_auto_update": 0,
"enable_installer": 0,
"enable_internet_features": 0,
"enable_plugins_admin": 0,
"enable_plugin_upload": 0,
"enable_geolocation_admin": 1,
"proxy_client_headers[]": "HTTP_X_FORWARDED_FOR",
"browser_archiving_disabled_enforce": 1,
"enable_browser_archiving_triggering": 0,
"archiving_range_force_on_browser_request": 0,
"enable_sql_optimize_queries": 0,
"enabled_periods_UI": "day,week,month,year,range",
"enabled_periods_API": "day,week,month,year,range",
"session_save_handler": "dbtable",
"enable_marketplace": 0,
"enable_general_settings_admin": 0,
"piwik_pro_ads_enabled": 0,
"assume_secure_protocol": 1,
"cors_domains[]": "*",
"datatable_archiving_maximum_rows_referrers": 2000,
"datatable_archiving_maximum_rows_subtable_referrers": 2000,
"datatable_archiving_maximum_rows_actions": 2000,
"datatable_archiving_maximum_rows_subtable_actions": 2000,
"datatable_archiving_maximum_rows_events": 2000,
"datatable_archiving_maximum_rows_subtable_events": 2000,
"datatable_archiving_maximum_rows_custom_variables": 2000,
"datatable_archiving_maximum_rows_subtable_custom_variables": 2000,
"time_before_today_archive_considered_outdated": 2700,
"time_before_week_archive_considered_outdated": 10800,
"time_before_month_archive_considered_outdated": 32400,
"time_before_year_archive_considered_outdated": 64800,
"time_before_range_archive_considered_outdated": 10800
}
}
}
{{ end }}
charts/matomo/templates/configmap-nginx-matomo-dashboard.yaml
+308
View File
@@ -0,0 +1,308 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-matomo-dashboard
namespace: {{.Values.namespace}}
data:
nginx.conf: |
worker_processes {{ .Values.matomo.dashboard.nginx.nginxWorkerProcesses | default 5 }};
load_module modules/ngx_http_geoip2_module.so;
events {
worker_connections 768;
}
pid /tmp/nginx.pid;
http {
geoip2 /usr/share/geoip/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=SE source=$http_x_forwarded_for country iso_code;
}
client_max_body_size 200M;
server_tokens off;
client_body_timeout 600s;
client_header_timeout 600s;
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format main_geo '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$geoip2_data_country_code';
access_log /var/log/nginx/access.log main_geo;
sendfile on;
keepalive_timeout 0;
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
root /var/www/html;
index index.php;
error_page 404 /404.html;
location = 404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_connect_timeout 600s;
## Redirects all requests to index.php and Matomo.
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ js/container_.*_preview\.js$ {
expires off;
add_header Cache-Control 'private, no-cache, no-store';
}
location ~* /(js)/.*.(js|php)$ {
expires 30s;
add_header Cache-Control "public, no-transform";
allow all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
## Allow access to index.php to make dashboard work.
location ~ ^/(index).php {
try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_connect_timeout 600s;
fastcgi_read_timeout 600s;
fastcgi_send_timeout 600s;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param PHP_VALUE "max_execution_time=3600
post_max_size=1500M
upload_max_filesize=32M
max_input_time=3600
max_file_uploads=300";
include fastcgi_params;
}
## Allow access to heatmapsessionsrecording plugin is needed to make it work.
location = /plugins/HeatmapSessionRecording/configs.php {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_read_timeout 120s;
fastcgi_send_timeout 120s;
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
## Allow access to static media files.
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
allow all;
## Cache images,CSS,JS and webfonts for an hour
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
# location ~ ^/(status)$ {
# access_log off;
# # allow 127.0.0.1;
# # allow 1.2.3.4;
# # deny all;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_index index.php;
# include fastcgi_params;
# ## Now the port or socket of the php-fpm pool we want the status of
# fastcgi_pass 127.0.0.1:9000;
# # fastcgi_pass unix:/run/php-fpm/your_socket.sock;
# }
## Deny access to all other .php files.
location ~* ^.+\.php$ {
deny all;
return 403;
}
## Deny access to key matomo folders and files that dashboard should not serve.
location ~ /(config|tmp|core|lang|libs|vendor|plugins|misc/user|piwik.js|piwik.php|matomo.js|matomo.php) {
deny all;
return 403;
}
## Deny access to all files starting with ".ht"
location ~ /\.ht {
deny all;
return 403;
}
## Deny access to Markdown files
location ~* ^.+\.md$ {
deny all;
return 403;
}
## Deny access to compose.json and package.json
location ~ ^/[^.]*\.json$ {
deny all;
return 403;
}
## Deny access to compose.lock and other lock files in root
location ~ ^/[^.]*\.lock$ {
deny all;
return 403;
}
}
}
fastcgi_params: |
fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
mime.types: |
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
charts/matomo/templates/configmap-nginx-matomo-tracker.yaml
+289
View File
@@ -0,0 +1,289 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-matomo-tracker
namespace: {{.Values.namespace}}
data:
nginx.conf: |
worker_processes {{ .Values.matomo.tracker.nginx.nginxWorkerProcesses | default 5 }};
load_module modules/ngx_http_geoip2_module.so;
events {
worker_connections 768;
}
pid /tmp/nginx.pid;
http {
geoip2 /usr/share/geoip/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=SE source=$http_x_forwarded_for country iso_code;
}
client_max_body_size 200M;
server_tokens off;
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format main_geo '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$geoip2_data_country_code';
access_log /var/log/nginx/access.log main_geo;
sendfile on;
keepalive_timeout 0;
map $args $method {
default 0;
"~UserFeedback.saveFeedback" 1;
"~UserFeedback.getForm" 1;
}
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
root /var/www/html;
index matomo.php;
add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
location ~ ^/(node_modules/jquery/dist/jquery)\.js$ {
proxy_ignore_headers Cache-Control;
allow all;
}
location ~ ^/(node_modules/jquery/dist/jquery)\.js$ {
proxy_ignore_headers Cache-Control;
allow all;
}
location ~* \.(js|css)$ {
proxy_ignore_headers Cache-Control;
add_header Access-Control-Allow-Origin *;
allow all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
## only allow accessing the following php files
location ~ ^/(matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ {
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
try_files $fastcgi_script_name =404; # protects against CVE-2019-11043.
fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 240s;
fastcgi_param HTTP_PROXY "";
fastcgi_index matomo.php;
}
location ~ ^/(status)$ {
access_log off;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
## serve all other files normally
location / {
try_files $uri $uri/ =404;
}
## disable all access to the following directories
location ~ ^/(config|tmp|core|lang) {
deny all;
return 403; # replace with 404 to not show these directories exist
}
location ~ /\.ht {
deny all;
return 403;
}
location ~ js/container_.*_preview\.js$ {
expires off;
add_header Cache-Control 'private, no-cache, no-store';
}
location ~ \.(gif|ico|jpg|png|svg|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
allow all;
## Cache images,CSS and webfonts for an hour
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ \.(js)$ {
allow all;
## Cache JS for 5 minutes
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 5m;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ ^/(libs|vendor|plugins|misc|node_modules) {
deny all;
return 403;
}
## properly display textfiles in root directory
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
default_type text/plain;
}
location ~* ^.+\.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_connect_timeout 75s;
fastcgi_read_timeout 600s;
fastcgi_send_timeout 600s;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
if ( $method = 0 ) {
return 403;
}
}
}
}
fastcgi_params: |
fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
mime.types: |
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
charts/matomo/templates/configmap-pre-upgrade-extras.yaml
+24
View File
@@ -0,0 +1,24 @@
{{ if .Values.extraConfigMaps.create -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-pre-upgrade-additional-config-maps
namespace: {{.Values.namespace}}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
partOf: matomo
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-6"
"helm.sh/hook-delete-policy": hook-succeeded
data:
{{- if and .Values.extraConfigMaps.create .Values.extraConfigMaps.data }}
{{- range $index, $content := .Values.extraConfigMaps.data }}
{{ $index }}: |-
{{ $content | indent 4 }}
{{- end }}
{{- end }}
{{- end }}
charts/matomo/templates/configmap-supervisor-queuedtrackingmonitor.yaml
+25
View File
@@ -0,0 +1,25 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-supervisor-queuedtrackingmonitor
namespace: {{.Values.namespace}}
data:
queuedtracking-monitor.ini: |
[unix_http_server]
file = /home/www-data/supervisord.sock
[program:queuedtracking-monitor]
startretries=100
process_name=%(program_name)s_%(process_num)02d
command=sh -c 'while ( php /var/www/html/console queuedtracking:monitor --iterations=1 );do sleep 2; done'
autostart=true
autorestart=true
user=www-data
numprocs=1
redirect_stderr=true
stdout_events_enabled=true
stderr_events_enabled=true
stdout_logfile_maxbytes=0
stderr_logfile_maxbytes=0
stdout_logfile=/dev/stdout
stderr_logfile=/dev/stderr
charts/matomo/templates/configmap-supervisor-queuedtrackingprocess.yaml
+25
View File
@@ -0,0 +1,25 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-supervisor-queuedtrackingprocess
namespace: {{.Values.namespace}}
data:
queuedtracking-process.ini: |
[unix_http_server]
file = /home/www-data/supervisord.sock
[program:queuedtracking-process]
startretries=100
process_name=%(program_name)s_%(process_num)02d
command=sh -c 'while ( php /var/www/html/console queuedtracking:process );do sleep 5; done'
autostart=true
autorestart=true
user=www-data
numprocs={{ .Values.matomo.queuedTrackingProcess.numProcs | default 1 }}
redirect_stderr=true
stdout_events_enabled=true
stderr_events_enabled=true
stdout_logfile_maxbytes=0
stderr_logfile_maxbytes=0
stdout_logfile=/dev/stdout
stderr_logfile=/dev/stderr
charts/matomo/templates/configmap-supervisor-tracker.yaml
+30
View File
@@ -0,0 +1,30 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-supervisor-tracker
namespace: {{.Values.namespace}}
data:
regenerate-matomo-js.ini: |
[unix_http_server]
file = /home/www-data/supervisord.sock
[program:php-fpm]
priority=1
process_name=%(program_name)s_%(process_num)02d
command=php-fpm
autostart=true
autorestart=true
user=www-data
redirect_stderr=true
stdout_events_enabled=true
stderr_events_enabled=true
startretries=100
[program:regenerate-matomo-js]
priority=2
process_name=%(program_name)s_%(process_num)02d
command=sh -c 'while ( php /var/www/html/console custom-matomo-js:update && php /var/www/html/console tagmanager:regenerate-released-containers );do sleep 120; done'
autostart=true
autorestart=true
user=www-data
redirect_stderr=true
stdout_events_enabled=true
stderr_events_enabled=true
charts/matomo/templates/configmaps-extras.yaml
+14
View File
@@ -0,0 +1,14 @@
{{ if .Values.extraConfigMaps.create -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: matomo-additional-config-maps
namespace: {{.Values.namespace}}
data:
{{- if and .Values.extraConfigMaps.create .Values.extraConfigMaps.data }}
{{- range $index, $content := .Values.extraConfigMaps.data }}
{{ $index }}: |-
{{ $content | indent 4 }}
{{- end }}
{{- end }}
{{- end }}
charts/matomo/templates/cronjob-matomo-corearchive.yaml
+61
View File
@@ -0,0 +1,61 @@
---
{{- if .Values.matomo.cronJobs.coreArchive.enabled }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: matomo-jobs-corearchive
namespace: {{.Values.namespace}}
spec:
schedule: {{quote .Values.matomo.cronJobs.coreArchive.schedule}}
concurrencyPolicy: {{.Values.matomo.cronJobs.coreArchive.concurrencyPolicy}}
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
activeDeadlineSeconds: {{.Values.matomo.cronJobs.coreArchive.activeDeadlineSeconds}}
template:
spec:
{{ include "matomo.init" . | nindent 10 }}
containers:
- name: matomo-jobs-corearchive
image: {{.Values.matomo.image}}
imagePullPolicy: Always
{{- if .Values.matomo.cronJobs.coreArchive.resources }}
resources:
{{ toYaml .Values.matomo.cronJobs.coreArchive.resources | indent 14 }}
{{- end }}
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
command: [ 'sh' , '-c' , '{{.Values.matomo.cronJobs.coreArchive.command}}' ]
env:
- name: MARIADB_MATOMO_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-phpfpm
mountPath: /usr/local/etc/php-fpm.d/zz-global.conf
subPath: zz-global.conf
- name: matomo-cronjob-php
mountPath: /usr/local/etc/php/conf.d/zz-global.ini
subPath: zz-global.ini
restartPolicy: OnFailure
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 10 }}
volumes:
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-phpfpm
configMap:
name: matomo-phpfpm
- name: matomo-cronjob-php
configMap:
name: matomo-cronjob-php
{{- end -}}
charts/matomo/templates/cronjob-matomo-scheduled-tasks.yaml
+57
View File
@@ -0,0 +1,57 @@
---
{{- if .Values.matomo.cronJobs.scheduledTasks.enabled }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: matomo-jobs-scheduled-tasks
namespace: {{.Values.namespace}}
{{- template "matomo.labels" .Values.matomo.cronJobs.scheduledTasks.labels }}
spec:
schedule: {{quote .Values.matomo.cronJobs.scheduledTasks.schedule}}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
activeDeadlineSeconds: {{.Values.matomo.cronJobs.scheduledTasks.activeDeadlineSeconds}}
template:
spec:
{{ include "matomo.init" . | nindent 10 }}
containers:
- name: matomo-jobs-scheduledtasks
image: {{.Values.matomo.image}}
imagePullPolicy: Always
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
command: [ 'sh' , '-c' , {{quote .Values.matomo.cronJobs.scheduledTasks.command}} ]
env:
- name: MARIADB_MATOMO_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 12 }}
{{- if .Values.matomo.cronJobs.scheduledTasks.resources }}
resources:
{{ toYaml .Values.matomo.cronJobs.scheduledTasks.resources | indent 14 }}
{{- end }}
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-scheduledtasks-php
mountPath: /usr/local/etc/php/conf.d/zz-global.ini
subPath: zz-global.ini
restartPolicy: OnFailure
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 10 }}
volumes:
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-scheduledtasks-php
configMap:
name: matomo-scheduledtasks-php
{{- end -}}
charts/matomo/templates/deployment-matomo-cli.yaml
+79
View File
@@ -0,0 +1,79 @@
---
{{- if .Values.matomo.cli.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: matomo-cli
namespace: {{.Values.namespace}}
labels:
app: matomo-cli
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
replicas: {{.Values.matomo.cli.replicas}}
selector:
matchLabels:
app: matomo-cli
template:
metadata:
labels:
app: matomo-cli
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }}
spec:
{{ include "matomo.init" . | nindent 6 }}
containers:
- name: matomo
image: {{.Values.matomo.image}}
{{- if .Values.matomo.cli.resources }}
resources:
{{ toYaml .Values.matomo.cli.resources | indent 10 }}
{{- end }}
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
command: [ 'sh' , '-c' , 'supervisord -n' ]
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-supervisor-tracker
mountPath: /etc/supervisor.d
readOnly: true
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
volumes:
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-supervisor-tracker
configMap:
name: matomo-supervisor-tracker
---
apiVersion: v1
kind: Service
metadata:
name: matomo-cli
namespace: {{.Values.namespace}}
labels:
app: matomo-cli
spec:
ports:
- port: 8080
protocol: TCP
selector:
app: matomo-cli
{{- end -}}
charts/matomo/templates/deployment-matomo-dashboard.yaml
+204
View File
@@ -0,0 +1,204 @@
---
{{- if .Values.matomo.dashboard.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: matomo-dashboard
namespace: {{.Values.namespace}}
labels:
app: matomo-dashboard
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
replicas: {{.Values.matomo.dashboard.replicas}}
selector:
matchLabels:
app: matomo-dashboard
template:
metadata:
labels:
app: matomo-dashboard
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }}
spec:
{{ include "matomo.init" . | nindent 6 }}
containers:
{{- if .Values.matomo.dashboard.sidecars }}
{{ toYaml .Values.matomo.dashboard.sidecars | indent 6 }}
{{- end }}
- name: fpm-metrics
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
image: hipages/php-fpm_exporter:2.2.0
imagePullPolicy: Always
env:
- name: PHP_FPM_FIX_PROCESS_COUNT
value: "true"
resources:
limits:
memory: 128Mi
requests:
cpu: 15m
memory: 32Mi
- name: nginx
image: {{.Values.nginx.image}}
{{- if .Values.nginx.resources }}
resources:
{{ toYaml .Values.nginx.resources | indent 10 }}
{{- end }}
# readinessProbe:
# httpGet:
# scheme: HTTP
# path: /index.php
# port: 8080
livenessProbe:
exec:
command:
- /bin/sh
- -c
- "[ -f /tmp/nginx.pid ] && ps -A | grep nginx"
initialDelaySeconds: 10
periodSeconds: 5
securityContext:
runAsUser: {{.Values.nginx.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
- name: fastcgi-params
mountPath: /etc/nginx/fastcgi_params
subPath: fastcgi_params
readOnly: true
- name: mime-types
mountPath: /etc/nginx/mime.types
subPath: mime.types
readOnly: true
- name: static-data
mountPath: /var/www/html
readOnly: true
ports:
- containerPort: 8080
- name: matomo
image: {{.Values.matomo.image}}
{{- if .Values.matomo.resources }}
resources:
{{ toYaml .Values.matomo.resources | indent 10 }}
{{- end }}
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
ports:
- containerPort: 9000
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-phpfpm
mountPath: /usr/local/etc/php-fpm.d/zz-global.conf
subPath: zz-global.conf
- name: matomo-dashboard-php
mountPath: /usr/local/etc/php/conf.d/zz-global.ini
subPath: zz-global.ini
{{- if .Values.xdebug.disabled }}
- name: matomo-disable-xdebug
mountPath: /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
subPath: docker-php-ext-xdebug.ini
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{ toYaml .Values.extraVolumeMounts | indent 10 }}
{{- end }}
{{- if .Values.matomo.livenessProbe }}
livenessProbe:
{{- if .Values.matomo.livenessProbe.exec }}
exec:
command:
- sh
- -c
- {{ .Values.matomo.livenessProbe.exec.command }}
initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 10 }}
periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 20 }}
timeoutSeconds: {{ .Values.matomo.livenessProbe.timeoutSeconds | default 10 }}
{{- end }}
{{- end }}
{{- if .Values.matomo.readinessProbe }}
readinessProbe:
httpGet:
path: {{ .Values.matomo.readinessProbe.httpGet.path }}
port: {{ .Values.matomo.readinessProbe.httpGet.port | default 80 }}
initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 30 }}
periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 30 }}
{{- end }}
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
volumes:
- name: nginx-conf
configMap:
name: nginx-matomo-dashboard
items:
- key: nginx.conf
path: nginx.conf
- name: fastcgi-params
configMap:
name: nginx-matomo-dashboard
items:
- key: fastcgi_params
path: fastcgi_params
- name: mime-types
configMap:
name: nginx-matomo-dashboard
items:
- key: mime.types
path: mime.types
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: matomo-phpfpm
configMap:
name: matomo-phpfpm
- name: matomo-dashboard-php
configMap:
name: matomo-dashboard-php
{{- if .Values.xdebug.disabled }}
- name: matomo-disable-xdebug
configMap:
name: matomo-disable-xdebug
{{- end }}
- name: static-data
emptyDir: {}
{{- if .Values.extraVolumes }}
{{ toYaml .Values.extraVolumes | indent 6 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: matomo-dashboard
namespace: {{.Values.namespace}}
labels:
app: matomo-dashboard
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
ports:
- port: 8080
protocol: TCP
selector:
app: matomo-dashboard
{{- end -}}
charts/matomo/templates/deployment-matomo-queuedtrackingmonitor.yaml
+68
View File
@@ -0,0 +1,68 @@
---
{{- if .Values.matomo.queuedTrackingMonitor.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: matomo-queuedtracking-monitor
namespace: {{.Values.namespace}}
labels:
app: matomo-queuedtracking-monitor
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
replicas: {{.Values.matomo.queuedTrackingMonitor.replicas | default 1}}
selector:
matchLabels:
app: matomo-queuedtracking-monitor
template:
metadata:
labels:
app: matomo-queuedtracking-monitor
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }}
spec:
{{ include "matomo.init" . | nindent 6 }}
containers:
- name: matomo
image: {{.Values.matomo.image}}
resources:
requests:
memory: "128Mi"
cpu: "300m"
limits:
memory: "180Mi"
cpu: "500m"
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
command: [ 'sh' , '-c' , 'supervisord -n' ]
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-supervisor-queuedtrackingmonitor
mountPath: /etc/supervisor.d
readOnly: true
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
volumes:
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-supervisor-queuedtrackingmonitor
configMap:
name: matomo-supervisor-queuedtrackingmonitor
{{- end -}}
charts/matomo/templates/deployment-matomo-queuedtrackingprocess.yaml
+68
View File
@@ -0,0 +1,68 @@
---
{{- if .Values.matomo.queuedTrackingProcess.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: matomo-queuedtracking-process
namespace: {{.Values.namespace}}
labels:
app: matomo-queuedtracking-process
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
replicas: {{.Values.matomo.queuedTrackingProcess.replicas}}
selector:
matchLabels:
app: matomo-queuedtracking-process
template:
metadata:
labels:
app: matomo-queuedtracking-process
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }}
spec:
{{ include "matomo.init" . | nindent 6 }}
containers:
- name: matomo
image: {{.Values.matomo.image}}
resources:
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "220Mi"
cpu: "1"
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
command: [ 'sh' , '-c' , 'supervisord -n' ]
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-supervisor-queuedtrackingprocess
mountPath: /etc/supervisor.d
readOnly: true
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
volumes:
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-supervisor-queuedtrackingprocess
configMap:
name: matomo-supervisor-queuedtrackingprocess
{{- end -}}
charts/matomo/templates/deployment-matomo-tracker.yaml
+179
View File
@@ -0,0 +1,179 @@
---
{{- if .Values.matomo.tracker.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: matomo-tracker
namespace: {{.Values.namespace}}
labels:
app: matomo-tracker
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 4 }}
{{- end }}
spec:
replicas: {{.Values.matomo.tracker.replicas}}
selector:
matchLabels:
app: matomo-tracker
template:
metadata:
labels:
app: matomo-tracker
{{- if .Values.matomo.extralabels }}
{{ toYaml .Values.matomo.extralabels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap-matomo.yaml") . | sha256sum }}
spec:
{{ include "matomo.init" . | nindent 6 }}
containers:
- name: fpm-metrics
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
image: hipages/php-fpm_exporter:2.2.0
imagePullPolicy: Always
resources:
limits:
cpu: 40m
memory: 32Mi
requests:
cpu: 40m
memory: 32Mi
- name: nginx
image: {{.Values.nginx.image}}
{{- if .Values.matomo.tracker.nginx.resources }}
resources:
{{ toYaml .Values.matomo.tracker.nginx.resources | indent 10 }}
{{- end }}
# readinessProbe:
# httpGet:
# scheme: HTTP
# path: /matomo.js
# port: 8080
# initialDelaySeconds: 10
# periodSeconds: 5
livenessProbe:
exec:
command:
- /bin/sh
- -c
- "[ -f /tmp/nginx.pid ] && ps -A | grep nginx"
initialDelaySeconds: 10
periodSeconds: 5
securityContext:
runAsUser: {{.Values.nginx.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
- name: fastcgi-params
mountPath: /etc/nginx/fastcgi_params
subPath: fastcgi_params
readOnly: true
- name: mime-types
mountPath: /etc/nginx/mime.types
subPath: mime.types
readOnly: true
- name: static-data
mountPath: /var/www/html
readOnly: true
ports:
- containerPort: 8080
- name: matomo
image: {{.Values.matomo.image}}
{{- if .Values.matomo.tracker.resources }}
resources:
{{ toYaml .Values.matomo.tracker.resources | indent 10 }}
{{- end }}
securityContext:
runAsUser: {{.Values.matomo.runAsUser}}
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
env:
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
command: [ 'sh' , '-c' , 'supervisord -n' ]
volumeMounts:
- name: static-data
mountPath: /var/www/html
- name: matomo-supervisor-tracker
mountPath: /etc/supervisor.d
readOnly: true
- name: matomo-phpfpm-tracker
mountPath: /usr/local/etc/php-fpm.d/zz-global.conf
subPath: zz-global.conf
{{- if .Values.matomo.livenessProbe }}
livenessProbe:
{{- if .Values.matomo.livenessProbe.exec }}
exec:
command:
- sh
- -c
- {{ .Values.matomo.livenessProbe.exec.command }}
initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 10 }}
periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 20 }}
timeoutSeconds: {{ .Values.matomo.livenessProbe.timeoutSeconds | default 10 }}
{{- end }}
{{- end }}
{{- if .Values.matomo.readinessProbe }}
readinessProbe:
httpGet:
path: {{ .Values.matomo.readinessProbe.httpGet.path }}
port: {{ .Values.matomo.readinessProbe.httpGet.port | default 80 }}
initialDelaySeconds: {{ .Values.matomo.livenessProbe.initialDelaySeconds | default 5 }}
periodSeconds: {{ .Values.matomo.livenessProbe.periodSeconds | default 5 }}
{{- end }}
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
volumes:
- name: nginx-conf
configMap:
name: nginx-matomo-tracker
items:
- key: nginx.conf
path: nginx.conf
- name: fastcgi-params
configMap:
name: nginx-matomo-tracker
items:
- key: fastcgi_params
path: fastcgi_params
- name: mime-types
configMap:
name: nginx-matomo-tracker
items:
- key: mime.types
path: mime.types
- name: matomo-configuration
configMap:
name: matomo-configuration
- name: static-data
emptyDir: {}
- name: matomo-supervisor-tracker
configMap:
name: matomo-supervisor-tracker
- name: matomo-phpfpm-tracker
configMap:
name: matomo-phpfpm-tracker
---
apiVersion: v1
kind: Service
metadata:
name: matomo-tracker
labels:
app: matomo-tracker
spec:
ports:
- port: 8080
protocol: TCP
selector:
app: matomo-tracker
{{- end -}}
charts/matomo/templates/ingress-matomo-dashboard.yaml
+57
View File
@@ -0,0 +1,57 @@
{{- if .Values.matomo.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app: matomo-dashboard
{{- if .Values.matomo.ingress.extralabels }}
{{ toYaml .Values.matomo.ingress.extralabels | indent 4 }}
{{- end }}
name: matomo-dashboard
namespace: {{.Values.namespace}}
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/client-body-timeout: 700s
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 200m
nginx.ingress.kubernetes.io/proxy-read-timeout: 700s
{{- if .Values.matomo.ingress.annotations }}
{{- with .Values.matomo.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.matomo.dashboard.whitelist }}
nginx.ingress.kubernetes.io/whitelist-source-range: {{.Values.matomo.dashboard.whitelist | toPrettyJson}}
{{ else }}
{{- end }}
spec:
{{- if .Values.matomo.dashboard.ingressClassName }}
ingressClassName: {{.Values.matomo.dashboard.ingressClassName}}
{{- end }}
rules:
- host: {{.Values.matomo.dashboard.hostname}}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.dashboard.loadbalancer }}
name: matomo-dashboard-lb
port:
number: 80
{{ else }}
name: matomo-dashboard
port:
number: 8080
{{- end }}
{{- if .Values.matomo.dashboard.tls }}
tls:
- hosts:
- {{.Values.matomo.dashboard.hostname}}
{{- if .Values.matomo.dashboard.secretName }}
secretName: {{.Values.matomo.dashboard.secretName}}
{{- end -}}
{{- end -}}
{{- end -}}
charts/matomo/templates/ingress-matomo-tracker.yaml
+193
View File
@@ -0,0 +1,193 @@
{{- if .Values.matomo.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app: matomo-tracker
{{- if .Values.matomo.ingress.extralabels }}
{{ toYaml .Values.matomo.ingress.extralabels | indent 4 }}
{{- end }}
name: matomo-tracker
namespace: {{.Values.namespace}}
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/server-snippet: |
gzip on;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 16 128k;
gzip_http_version 1.1;
gzip_types
application/json
application/javascript;
{{- if .Values.matomo.ingress.annotations }}
{{- with .Values.matomo.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if .Values.matomo.tracker.ingressClassName }}
ingressClassName: {{.Values.matomo.tracker.ingressClassName}}
{{- end }}
rules:
- host: {{.Values.matomo.tracker.hostname}}
http:
paths:
- path: /index.php
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /piwik.php
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /piwik.js
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /matomo.php
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /matomo.js
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /js/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /plugins/HeatmapSessionRecording/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /plugins/Overlay/client/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /node_modules/jquery/dist/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /plugins/UserFeedback/lib/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
- path: /plugins/UserFeedback/css/.*
pathType: ImplementationSpecific
backend:
service:
{{- if .Values.matomo.tracker.loadbalancer }}
name: matomo-tracker-lb
port:
number: 80
{{ else }}
name: matomo-tracker
port:
number: 8080
{{- end }}
{{- if .Values.matomo.tracker.tls }}
tls:
- hosts:
- {{.Values.matomo.tracker.hostname}}
{{- if .Values.matomo.tracker.secretName }}
secretName: {{.Values.matomo.tracker.secretName}}
{{- end -}}
{{- end -}}
{{- end -}}
charts/matomo/templates/loadbalancer-matomo-dashboard.yaml
+13
View File
@@ -0,0 +1,13 @@
{{- if .Values.matomo.dashboard.loadbalancer }}
apiVersion: v1
kind: Service
metadata:
name: matomo-dashboard-lb
spec:
selector:
app: matomo-dashboard
ports:
- port: 80
targetPort: 8080
type: LoadBalancer
{{- end -}}
charts/matomo/templates/loadbalancer-matomo-tracker.yaml
+13
View File
@@ -0,0 +1,13 @@
{{- if .Values.matomo.tracker.loadbalancer }}
apiVersion: v1
kind: Service
metadata:
name: matomo-tracker-lb
spec:
selector:
app: matomo-tracker
ports:
- port: 80
targetPort: 8080
type: LoadBalancer
{{- end -}}
charts/matomo/templates/post-install-job.yaml
+76
View File
@@ -0,0 +1,76 @@
{{- if .Values.matomo.postInstallCommand }}
apiVersion: batch/v1
kind: Job
metadata:
name: matomo-post-install
namespace: {{.Values.namespace}}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
partOf: matomo
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
metadata:
name: "{{ .Release.Name }}"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
restartPolicy: Never
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
containers:
- name: post-install-matomo
image: {{.Values.matomo.image}}
lifecycle:
postStart:
exec:
command: [ 'sh' , '-c' , '{{.Values.matomo.installCommand}}' ]
# To do anything with Matomo, we first need to bootstrap it (curl).
command: [ 'bash' , '-c' , 'sleep {{.Values.matomo.postInstallSleepTime}}; curl -Il https://{{.Values.matomo.dashboard.hostname}}; {{.Values.matomo.postInstallCommand}}' ]
env:
- name: MATOMO_FIRST_USER_NAME
value: {{.Values.matomo.dashboard.firstuser.username}}
- name: MATOMO_FIRST_USER_EMAIL
value: {{.Values.matomo.dashboard.firstuser.email}}
- name: MATOMO_FIRST_USER_PASSWORD
value: {{.Values.matomo.dashboard.firstuser.password}}
- name: MATOMO_DB_HOST
value: {{.Values.db.hostname}}
- name: MATOMO_DB_NAME
value: {{.Values.db.name}}
{{ if .Values.db.prefix }}
- name: MATOMO_DB_PREFIX
value: {{.Values.db.prefix}}
{{ end }}
- name: MATOMO_DB_USERNAME
value: {{.Values.db.username}}
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
volumeMounts:
- name: matomo-startup-config
mountPath: /var/www/html/config/config.ini.php
subPath: config.ini.php
{{- if .Values.extraVolumeMounts }}
{{ toYaml .Values.extraVolumeMounts | indent 8 }}
{{- end }}
volumes:
- name: matomo-startup-config
configMap:
name: matomo-startup-config
{{- if .Values.extraVolumes }}
{{ toYaml .Values.extraVolumes | indent 8 }}
{{- end }}
{{- end -}}
charts/matomo/templates/pre-upgrade-job.yaml
+72
View File
@@ -0,0 +1,72 @@
{{- if .Values.matomo.preUpgradeCommand }}
apiVersion: batch/v1
kind: Job
metadata:
name: matomo-pre-upgrade
namespace: {{.Values.namespace}}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
partOf: matomo
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
metadata:
name: "{{ .Release.Name }}"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
restartPolicy: Never
{{ include "matomo.images.pullSecrets" ( dict "images" (list .Values.matomo) "global" .Values.global) | nindent 6 }}
containers:
- name: pre-upgrade-matomo
image: {{.Values.matomo.image}}
volumeMounts:
- name: matomo-startup-config
mountPath: /var/www/html/config/config.ini.php
subPath: config.ini.php
- name: matomo-pre-upgrade-additional-config-maps
mountPath: /var/www/html/config/common.config.ini.php
subPath: common.config.ini.php
# To do anything with Matomo, we first need to bootstrap it (curl).
command: [ 'bash' , '-c' , 'sleep {{.Values.matomo.preUpgradeSleepTime}}; curl -Il https://{{.Values.matomo.dashboard.hostname}}; {{.Values.matomo.preUpgradeCommand}}' ]
env:
- name: MATOMO_FIRST_USER_NAME
value: {{.Values.matomo.dashboard.firstuser.username}}
- name: MATOMO_FIRST_USER_EMAIL
value: {{.Values.matomo.dashboard.firstuser.email}}
- name: MATOMO_FIRST_USER_PASSWORD
value: {{.Values.matomo.dashboard.firstuser.password}}
- name: MATOMO_DB_HOST
value: {{.Values.db.hostname}}
- name: MATOMO_DB_NAME
value: {{.Values.db.name}}
{{ if .Values.db.prefix }}
- name: MATOMO_DB_PREFIX
value: {{.Values.db.prefix}}
{{ end }}
- name: MATOMO_DB_USERNAME
value: {{.Values.db.username}}
- name: MATOMO_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.password.secretKeyRef.name }}
key: {{ .Values.db.password.secretKeyRef.key }}
{{ include "matomo.license" . | nindent 8 }}
volumes:
- name: matomo-startup-config
configMap:
name: matomo-startup-config
{{ if .Values.extraConfigMaps.create }}
- name: matomo-pre-upgrade-additional-config-maps
configMap:
name: matomo-pre-upgrade-additional-config-maps
{{- end }}
{{- end -}}
charts/matomo/templates/secrets-extra.yaml
+15
View File
@@ -0,0 +1,15 @@
{{- if .Values.extraSecrets.create -}}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: matomo-extra-secrets
namespace: {{.Values.namespace}}
data:
{{- if and .Values.extraSecrets.create .Values.extraSecrets.data }}
{{- range $index, $content := .Values.extraSecrets.data }}
{{ $index }}: |-
{{ $content | indent 4 }}
{{- end }}
{{- end }}
{{- end }}
charts/matomo/templates/services-extra.yaml
+27
View File
@@ -0,0 +1,27 @@
{{- range $service := .Values.extraServices }}
apiVersion: v1
kind: Service
metadata:
name: matomo-extra-{{ $service.name }}
spec:
type: {{ $service.type }}
ports:
- port: {{ $service.port }}
targetPort: {{ $service.name }}
protocol: {{ $service.protocol }}
name: {{ $service.name }}
{{- if and ( or (eq $service.type "LoadBalancer") (eq $service.type "NodePort") ) ($service.nodePort) }}
nodePort: {{ $service.nodePort }}
{{- end }}
{{- if and (eq $service.type "LoadBalancer") ($service.loadBalancerIP) }}
loadBalancerIP: {{ $service.loadBalancerIP }}
{{- end }}
{{- if $service.clusterIP }}
clusterIP: {{ $service.clusterIP }}
{{- end }}
selector:
{{- range $index, $content := $service.selector }}
{{ $index }}: {{ $content }}
{{- end }}
---
{{- end }}
charts/matomo/values.yaml
+184
View File
@@ -0,0 +1,184 @@
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
##
global:
## As:
## imageRegistry: "docker.io"
imageRegistry: ""
## As:
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
namespace: matomo
matomo:
imageRegistry: ""
## As:
## imagePullSecrets:
## - myRegistryKeySecretName
imagePullSecrets: []
image: digitalist/matomo:5.2.1
runAsUser: 82
installCommand: ./console plugin:activate ExtraTools && ./console matomo:install --install-file=/tmp/matomo/install.json --force --do-not-drop-db
# Post install for helm chart. Starts a post-install-job.
postInstallSleepTime: 5
postInstallCommand: ""
preUpgradeSleepTime: 5
preUpgradeCommand: ""
extralabels: {}
## If you have a premium license for plugins, set it here.
## you need to create the secret before referring it.
## As:
## license:
## secretKeyRef:
## name: matomo-license
## key: matomo-license
license:
ingress:
enabled: true
extralabels: {}
annotations:
digitalist.cloud/instance: "matomo"
cli:
replicas: 1
enabled: true
cronJobs:
coreArchive:
enabled: true
labels:
name: matomo-jobs-corearchive
instance: matomo
component: cronjob
partOf: matomo
managedBy: helm
schedule: "*/60 * * * *"
concurrencyPolicy: Allow
activeDeadlineSeconds: 43200
command: ./console core:archive --disable-scheduled-tasks
scheduledTasks:
php:
enabled: true
labels:
name: matomo-jobs-scheduled-tasks
instance: matomo
component: cronjob
partOf: matomo
managedBy: helm
schedule: "*/60 * * * *"
activeDeadlineSeconds: 43200
command: ./console scheduled-tasks:run
dashboard:
sidecars: []
## added like this:
# sidecars:
# - name: fpm-metrics
# image: hipages/php-fpm_exporter:2.2.0
# imagePullPolicy: IfNotPresent
# resources:
# limits:
# cpu: 500m
# memory: 256Mi
# requests:
# cpu: 40m
# memory: 32Mi
enabled: true
replicas: 1
loadbalancer: false
hostname: my.host
tls: false
firstuser:
username: admin
password: admin123
email: foo@example.com
nginx:
nginxWorkerProcesses: 5
ingressClassName: ""
queuedTrackingMonitor:
enabled: true
queuedTrackingProcess:
replicas: 1
tracker:
enabled: true
replicas: 1
hostname: my.host
tls: false
loadbalancer: false
nginx:
resources:
nginxWorkerProcesses: 5
phpfpm:
type: ondemand
max_children: 75
process_idle_timeout: 600s
max_requests: 500
ingressClassName: ""
nginx:
image: digitalist/nginx:1.21.6
imagePullSecrets: []
runAsUser: 100
db:
hostname: matomo-db-mysql
password:
secretKeyRef:
name: matomo-db-mysql
key: mysql-root-password
name: matomo
username: root
prefix: matomo_
xdebug:
disabled: 1
extraSecrets:
create: false
data: {}
# * secrets need to base64 encoded.
# data:
# name: Zm9vCg==
# bar: YmFyCg==
extraServices: {}
# - name: foo
## Service port type
# type: ClusterIP
## Service protocol
# protocol: TCP
## The container target port
# containerPort: 12001
## The service port
# port: 12001
# selector:
# app: matomo-dashboard
## The node port (only relevant for type LoadBalancer or NodePort)
# nodePort:
## The cluster ip address (only relevant for type LoadBalancer or NodePort)
# clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
# loadBalancerIP:
extraConfigMaps:
create: true
data: {}
# data:
# my.ini: |
# extension=foo.so
# foo.socket=tcp://bar:9309
extraVolumes: []
# extraVolumes:
# - name: mySecretVolume
# secret:
# secretName: matomo-extra-secrets
# - name: my.ini
# configMap:
# name: matomo-additional-config-maps
# items:
# - key: "my.ini"
# path: "my.ini"
extraVolumeMounts: []
# extraVolumeMounts:
# - name: mySecretVolume
# mountPath: /foo/secrets/mySecretVolume/
# - name: my.ini
# mountPath: /usr/local/etc/php/conf.d/my.ini
# subPath: my.ini
helmfile.d/plausible.yaml.gotmpl → helmfile.d/matomo.yaml.gotmpl
+17 -15
View File
@@ -1,36 +1,38 @@
# yaml-language-server: $schema=https://www.schemastore.org/helmfile.json
bases: bases:
- ../envs/environments.yaml.gotmpl - ../envs/environments.yaml.gotmpl
repositories: repositories:
- name: plausible - name: bitnami
url: https://imio.github.io/helm-charts url: https://charts.bitnami.com/bitnami
commonLabels: commonLabels:
tier: system tier: system
releases: releases:
- name: plausible-analytics - name: matomo
namespace: plausible namespace: analytics
chart: plausible/plausible-analytics chart: bitnami/matomo
version: 0.4.0 version: 11.0.0
condition: plausible.enabled condition: matomo.enabled
values: values:
- ../values/plausible/values/values.yaml - ../values/matomo/values/values.yaml
- ../values/plausible/values/values-{{ .Environment.Name }}.yaml - ../values/matomo/values/values-{{ .Environment.Name }}.yaml
postRenderer: ../bin/kustomizer postRenderer: ../bin/kustomizer
postRendererArgs: postRendererArgs:
- ../values/plausible/kustomize/{{ .Environment.Name }} - ../values/matomo/kustomize/{{ .Environment.Name }}
missingFileHandler: Info missingFileHandler: Info
- name: manifests - name: manifests
namespace: plausible namespace: analytics
chart: manifests chart: manifests
condition: plausible.enabled condition: matomo.enabled
missingFileHandler: Info missingFileHandler: Info
values: values:
- ../values/env.yaml - ../values/env.yaml
- ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
- ../values/plausible/env.yaml.gotmpl - ../values/matomo/env.yaml.gotmpl
- ../values/plausible/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl - ../values/matomo/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
hooks: hooks:
- events: [ prepare, cleanup ] - events: [ prepare, cleanup ]
showlogs: true showlogs: true
@@ -39,5 +41,5 @@ releases:
- '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
- '{{`{{ .Release.Chart }}`}}' - '{{`{{ .Release.Chart }}`}}'
- '{{`{{ .Environment.Name }}`}}' - '{{`{{ .Environment.Name }}`}}'
- ../values/plausible/manifests - ../values/matomo/manifests
- manifests - manifests
shell.nix
+4 -1
View File
@@ -40,8 +40,11 @@ pkgs.mkShellNoCC {
# linkerd # linkerd
step-cli step-cli
linkerd linkerd
# dapr
dapr-cli
]; ];
ARGOCD_ENV_CLUSTER_NAME = "ekman"; ARGOCD_ENV_CLUSTER_NAME = "oceanbox";
HELM_GIT_ACCESS_TOKEN = "glpat-xxx"; HELM_GIT_ACCESS_TOKEN = "glpat-xxx";
} }
values/matomo/README.md
+4
View File
@@ -0,0 +1,4 @@
# Matomo
TO-DO:
- [ ] Move to Digitalist [Chart](https://github.com/Digitalist-Open-Cloud/matomo-kubernetes)
values/matomo/env-oceanbox.yaml.gotmpl
+3
View File
@@ -0,0 +1,3 @@
matomo:
enabled: {{ if eq .Environment.Name "prod" }} true {{ else }} false {{ end }}
env: prod
values/matomo/env.yaml.gotmpl
+4
View File
@@ -0,0 +1,4 @@
matomo:
enabled: false
autosync: {{ if eq .Environment.Name "prod" }} false {{ else }} true {{ end }}
env: {{ .Environment.Name }}
values/matomo/manifests/matomo.yaml
+42
View File
@@ -0,0 +1,42 @@
{{- if .Values.clusterConfig.argo.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: matomo
namespace: argocd
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: analytics
server: https://kubernetes.default.svc
project: aux
sources:
- repoURL: {{ .Values.clusterConfig.manifests }}
targetRevision: HEAD
path: helmfile.d
plugin:
name: helmfile-cmp
env:
- name: CLUSTER_NAME
value: {{ .Values.clusterConfig.cluster }}
- name: HELMFILE_ENVIRONMENT
value: {{ .Values.matomo.env }}
- name: HELMFILE_FILE_PATH
value: analytics.yaml.gotmpl
syncPolicy:
managedNamespaceMetadata:
labels:
component: aux
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
# - ServerSideApply=true
{{- if .Values.matomo.autosync }}
automated:
prune: true
# selfHeal: false
{{- end }}
{{- end }}
values/matomo/values/values-prod.yaml
+1120
View File
File diff suppressed because it is too large Load Diff