Merge pull request #9 from foomo/feature/sesamy-umami

feat: add sesamy umami

charts/sesamy-gtm/README.md

@@ -91,7 +91,7 @@ Helm chart for the Sesamy GTM tagging & preview service.
 | loki.compactor.replicas | int | `0` |  |
 | loki.deploymentMode | string | `"SingleBinary"` |  |
 | loki.distributor.replicas | int | `0` |  |
-| loki.enabled | bool | `false` |  |
+| loki.enabled | bool | `false` | Enable loki |
 | loki.indexGateway.replicas | int | `0` |  |
 | loki.ingester.replicas | int | `0` |  |
 | loki.loki.auth_enabled | bool | `false` |  |
@@ -219,3 +219,4 @@ Helm chart for the Sesamy GTM tagging & preview service.
 | tagging.service.port | int | `8080` | Port of the service |
 | tagging.service.type | string | `"ClusterIP"` | Type of the service |
 | tagging.tolerations | list | `[]` | Tolerations settings for pods. |
+

charts/sesamy-gtm/README.md.gotmpl

@@ -17,3 +17,4 @@
 {{ template "chart.requirementsSection" . }}
 
 {{ template "chart.valuesSection" . }}
+

charts/sesamy-gtm/values.yaml

@@ -9,7 +9,7 @@ namespaceOverride: ''
 # -- Number of revisions to retain to allow rollback
 revisionHistoryLimit: 10
 
-# Google Tag Manager configuration
+# Google Tag Manager
 gtm:
   image:
     # -- The image repository
@@ -29,7 +29,7 @@ gtm:
   # Let the tagging server implicitly choose the project.
   googleCloudProject: ''
 
-# Google Tag Manger TLS Reverse Proxy configurations
+# TLS Reverse Proxy configurations
 # All urls have to be valid https urls, so proxy https traffic to your containers.
 # Create a self-signed certificate by running
 # $ openssl req -x509 -newkey rsa:2048 -keyout tls.key -out tls.crt -nodes -subj '/CN=sesamy'
@@ -75,6 +75,8 @@ proxy:
       }
     }
 
+
+
 # GTM Tagging configuration
 tagging:
   # -- Number of replicas
@@ -419,6 +421,7 @@ collect:
 
 # Grafana Loki
 loki:
+  # -- Enable loki
   enabled: false
   deploymentMode: SingleBinary
   singleBinary:

charts/sesamy-umami/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/sesamy-umami/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+type: application
+name: sesamy-umami
+description: Helm chart for the Sesamy Umami integration.
+icon: https://avatars.githubusercontent.com/u/889755?s=200&v=4
+home: https://www.foomo.org
+keywords:
+  - foomo
+  - sesamy
+sources:
+  - https://github.com/foomo/helm-charts
+annotations:
+  "artifacthub.io/links": |
+    - name: Chart Source
+      url: https://github.com/foomo/helm-charts
+    - name: Umami Source
+      url: https://github.com/umami-software/umami
+version: 0.0.1
+appVersion: 2.11.3

charts/sesamy-umami/README.md

@@ -0,0 +1,126 @@
+# sesamy-umami
+
+![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.11.3](https://img.shields.io/badge/AppVersion-2.11.3-informational?style=flat-square)
+
+Helm chart for the Sesamy Umami integration.
+
+**Homepage:** <https://www.foomo.org>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| fullnameOverride | string | `""` | Overrides the chart's computed fullname |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` | Ingress class name |
+| ingress.enabled | bool | `false` | Enable ingress |
+| ingress.hosts[0] | string | `"example.com"` |  |
+| ingress.paths.umami[0].path | string | `"/"` |  |
+| ingress.paths.umami[0].pathType | string | `"Prefix"` |  |
+| ingress.paths.umami[0].port | int | `8000` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` | Overrides the chart's name |
+| namespaceOverride | string | `""` | The name of the Namespace to deploy If not set, `.Release.Namespace` is used |
+| networkPolicy.discovery.namespaceSelector | object | `{}` | Specifies the namespace the discovery Pods are running in |
+| networkPolicy.discovery.podSelector | object | `{}` | Specifies the Pods labels used for discovery. As this is cross-namespace communication, you also need the namespaceSelector. |
+| networkPolicy.discovery.port | string | `nil` | Specify the port used for discovery |
+| networkPolicy.enabled | bool | `false` | Specifies whether Network Policies should be created |
+| networkPolicy.externalStorage.cidrs | list | `[]` | Specifies specific network CIDRs you want to limit access to |
+| networkPolicy.externalStorage.ports | list | `[]` | Specify the port used for external storage, e.g. AWS S3 |
+| networkPolicy.ingress.namespaceSelector | object | `{}` | Specifies the namespaces which are allowed to access the http port |
+| networkPolicy.ingress.podSelector | object | `{}` | Specifies the Pods which are allowed to access the http port. As this is cross-namespace communication, you also need the namespaceSelector. |
+| networkPolicy.metrics.cidrs | list | `[]` | Specifies specific network CIDRs which are allowed to access the metrics port. In case you use namespaceSelector, you also have to specify your kubelet networks here. The metrics ports are also used for probes. |
+| networkPolicy.metrics.namespaceSelector | object | `{}` | Specifies the namespaces which are allowed to access the metrics port |
+| networkPolicy.metrics.podSelector | object | `{}` | Specifies the Pods which are allowed to access the metrics port. As this is cross-namespace communication, you also need the namespaceSelector. |
+| proxy.config | string | see values.yaml | Nginx SSL Reverse Proxy config. The value is templated using `tpl`. |
+| proxy.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy |
+| proxy.image.repository | string | `"nginx"` | The image repository |
+| proxy.image.tag | string | `"1.25-alpine"` | The image tag |
+| proxy.resources | object | `{}` | Resource request & limits. |
+| proxy.tls.crt | string | `""` | Base64 encoded TLS cert |
+| proxy.tls.key | string | `""` | Base64 encoded TLS key |
+| rbac.enabled | bool | `false` | Create PodSecurityPolicy. |
+| revisionHistoryLimit | int | `10` | Number of revisions to retain to allow rollback |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template |
+| serviceMonitor.annotations | object | `{}` | ServiceMonitor annotations |
+| serviceMonitor.enabled | bool | `false` | If enabled, ServiceMonitor resources for Prometheus Operator are created |
+| serviceMonitor.interval | string | `nil` | ServiceMonitor scrape interval |
+| serviceMonitor.labels | object | `{}` | Additional ServiceMonitor labels |
+| serviceMonitor.matchExpressions | list | `[]` | Optional expressions to match on |
+| serviceMonitor.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint |
+| serviceMonitor.namespace | string | `nil` | Alternative namespace for ServiceMonitor resources |
+| serviceMonitor.namespaceSelector | object | `{}` | Namespace selector for ServiceMonitor resources |
+| serviceMonitor.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig |
+| serviceMonitor.scheme | string | `"http"` | ServiceMonitor will use http by default, but you can pick https as well |
+| serviceMonitor.scrapeTimeout | string | `nil` | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) |
+| serviceMonitor.targetLabels | list | `[]` |  |
+| serviceMonitor.tlsConfig | string | `nil` | ServiceMonitor will use these tlsConfig settings to make the health check requests |
+| umami.affinity | object | `{}` | Affinity settings for pods. |
+| umami.autoscaling.behavior.enabled | bool | `false` | Enable autoscaling behaviours |
+| umami.autoscaling.behavior.scaleDown | object | `{}` | Scale down policies, must conform to HPAScalingRules |
+| umami.autoscaling.behavior.scaleUp | object | `{}` | Scale up policies, must conform to HPAScalingRules |
+| umami.autoscaling.customMetrics | list | `[]` | Custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) |
+| umami.autoscaling.enabled | bool | `false` | Enable autoscaling |
+| umami.autoscaling.maxReplicas | int | `100` | Maximum autoscaling replicas |
+| umami.autoscaling.minReplicas | int | `1` | Minimum autoscaling replicas |
+| umami.autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilisation percentage |
+| umami.autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Target memory utilisation percentage |
+| umami.config.appSecret.existingSecret | string | `""` | Name of an existing secret containing the app secret under the key app-secret. |
+| umami.config.appSecret.existingSecretKey | string | `""` | Key in the existing secret containing the value (default: app-secret) |
+| umami.config.appSecret.secret | string | `""` | A random string used to generate unique values. |
+| umami.config.clientIpHeader | string | `""` | HTTP header to check for the client's IP address. This is useful when you're behind a proxy that uses non-standard headers. |
+| umami.config.cloudMode | string | `"1"` | Disables users, teams, and websites settings page. |
+| umami.config.collectApiEndpoint | string | `""` | Allows you to send metrics to a location different than the default `/api/send`. This is to help you avoid some ad-blockers. |
+| umami.config.corsMaxAge | string | `"86400"` | How many seconds a CORS preflight should last. Default is 24 hours. |
+| umami.config.database.auth.database | string | `""` | Database name |
+| umami.config.database.auth.hostname | string | `""` | Database hostname |
+| umami.config.database.auth.password | string | `""` | Database password |
+| umami.config.database.auth.username | string | `""` | Database username |
+| umami.config.database.existingSecret | string | `""` | Use an existing secret containing the database uri. |
+| umami.config.database.existingSecretKey | string | `""` | Key in the existing secret containing value (default: database-url) |
+| umami.config.disableBotCheck | string | `"1"` | By default bots are excluded from statistics. This disables checking for bots. |
+| umami.config.disableLogin | string | `"1"` | Disables the login page for the application |
+| umami.config.disableTelemetry | string | `"1"` | Umami collects completely anonymous telemetry data in order help improve the application. You can choose to disable this if you don't want to participate. |
+| umami.config.disableUpdates | string | `"1"` | Disables the check for new versions of Umami |
+| umami.config.enableTestConsole | string | `"1"` | Enables the internal test page, {host}/console. Admin access is required. Users can manually fire pageviews and events to their websites. |
+| umami.config.forceSSL | string | `"1"` | This will redirect all requests from http to https in the Umami application. Note, this does not apply to the tracking script. |
+| umami.config.hostname | string | `"0.0.0.0"` | hostname under which Umami will be reached |
+| umami.config.ignoreHostname | string | `""` | This will do a DNS lookup on a hostname and the resulting IP address will be ignored. This can be a comma delimited list of hostnames. |
+| umami.config.ignoredIpAddresses | string | `""` | You can provide a comma-delimited list of IP address to exclude from data collection. |
+| umami.config.logQuery | string | `"1"` | If you are running in development mode, this will log database queries to the console for debugging. |
+| umami.config.removeDisableLoginEnv | bool | `true` | setting this to true removes the environment variable DISABLE_LOGIN defined in `umami.disableLogin` from the deployment as this caused errors in some setups |
+| umami.config.removeTrailingSlash | string | `"1"` | Removes the trailing slash from all incoming urls. |
+| umami.config.trackerScriptName | string | `"umami"` | Allows you to assign a custom name to the tracker script different from the default umami. This is to help you avoid some ad-blockers. |
+| umami.dnsConfig | object | `{}` | DNSConfig settings for pods. |
+| umami.enabled | bool | `false` | Enable umami |
+| umami.extraEnv | list | `[]` | Environment variables to add |
+| umami.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add |
+| umami.extraPorts | list | `[]` | Port definitions to add |
+| umami.extraVolumeMounts | list | `[]` | Volume mounts to add |
+| umami.extraVolumes | list | `[]` | Volumes to add |
+| umami.hostAliases | list | `[]` | Host aliases to add |
+| umami.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy |
+| umami.image.registry | string | `"ghcr.io"` | The image registry |
+| umami.image.repository | string | `"umami-software/umami"` | The image repository |
+| umami.image.tag | string | `"postgresql-v2.11.3"` | The image tag |
+| umami.imagePullSecrets | list | `[]` | Image pull secrets |
+| umami.livenessProbe | object | `{"httpGet":{"path":"/","port":"http"}}` | Liveness probe settings for pods. |
+| umami.maxUnavailable | string | `nil` | Pod Disruption Budget maxUnavailable |
+| umami.nodeSelector | object | `{}` | Tolerations settings for pods. |
+| umami.podAnnotations | object | `{}` | Annotations for pods |
+| umami.podLabels | object | `{}` | Labels for pods |
+| umami.podSecurityContext | object | `{}` | The SecurityContext for pods |
+| umami.readinessProbe | object | `{"httpGet":{"path":"/","port":"http"}}` | Readiness probe settings for pods. |
+| umami.replicaCount | int | `1` | Number of replicas |
+| umami.resources | object | `{}` | Resource request & limits. |
+| umami.securityContext | object | `{}` |  |
+| umami.service.annotations | object | `{}` | Annotations for the service |
+| umami.service.labels | object | `{}` | Labels for service |
+| umami.service.port | int | `8000` | Port of the service |
+| umami.service.type | string | `"ClusterIP"` | Type of the service |
+| umami.startupProbe | object | `{}` | Startup probe settings for pods. |
+| umami.tolerations | list | `[]` | Tolerations settings for pods. |
+

charts/sesamy-umami/README.md.gotmpl

@@ -0,0 +1,15 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
+

charts/sesamy-umami/templates/_helpers.tpl

@@ -0,0 +1,69 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sesamy.umami.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sesamy.umami.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "sesamy.umami.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "sesamy.umami.labels" -}}
+helm.sh/chart: {{ include "sesamy.umami.chart" . }}
+{{ include "sesamy.umami.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "sesamy.umami.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "sesamy.umami.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "sesamy.umami.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "sesamy.umami.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the namespace
+*/}}
+{{- define "sesamy.umami.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride }}
+{{- end }}

charts/sesamy-umami/templates/ingress.yaml

@@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "sesamy.umami.fullname" . -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "sesamy.umami.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  namespace: {{ include "sesamy.umami.namespace" . }}
+spec:
+  {{- if .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className  }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ . | quote }}
+      http:
+        paths:
+          {{- range $svcName, $paths := $.Values.ingress.paths }}
+          {{- range $paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ include "sesamy.umami.fullname" $ }}-{{ $svcName }}
+                port:
+                  number: {{ .port }}
+              {{- end }}
+           {{- end }}
+    {{- end }}
+  {{- with .Values.ingress.tls }}
+  tls:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}