diff --git a/charts/umami/Chart.yaml b/charts/umami/Chart.yaml index 17d00bfe..fe5fae8b 100644 --- a/charts/umami/Chart.yaml +++ b/charts/umami/Chart.yaml @@ -3,7 +3,7 @@ name: umami description: Umami is a simple, fast, privacy-focused alternative to Google Analytics. type: application version: 2.0.0 -appVersion: "postgresql-v1.40.0" +appVersion: "postgresql-v2.9.0" home: https://github.com/christianknell/helm-charts icon: https://raw.githubusercontent.com/umami-software/umami/master/public/android-chrome-512x512.png maintainers: @@ -15,7 +15,7 @@ sources: dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 14.1.1 + version: 12.12.10 condition: postgresql.enabled - name: mysql repository: https://charts.bitnami.com/bitnami @@ -25,7 +25,9 @@ annotations: artifacthub.io/category: monitoring-logging artifacthub.io/changes: | - kind: changed - description: bumped chart version of postgresql to 14.1.1 + description: bumped image version to v2.9.0 + - kind: changed + description: environment variable HASH_SALT is now called APP_SECRET. Values have been moved to `umami.appSecret` artifacthub.io/screenshots: | - title: Umami measures just the important metrics that you care about and everything is displayed on a single, easy to browse page. url: https://umami.is/images/feature-website-stats.png diff --git a/charts/umami/README.md b/charts/umami/README.md index 01434c4c..4bf5f982 100644 --- a/charts/umami/README.md +++ b/charts/umami/README.md @@ -67,7 +67,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"Always"` | image pull policy | | image.registry | string | `"ghcr.io"` | image registry | | image.repository | string | `"umami-software/umami"` | image repository | -| image.tag | string | `"postgresql-v1.40.0"` | Overrides the image tag | +| image.tag | string | `"postgresql-v2.9.0"` | Overrides the image tag | | imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. | | ingress.annotations | object | `{}` | Additional annotations for the Ingress resource | | ingress.className | string | `""` | IngressClass that will be be used to implement the Ingress | @@ -96,16 +96,24 @@ The command removes all the Kubernetes components associated with the chart and | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Toleration labels for pod assignment | +| umami.appSecret.existingSecret | string | `""` | Name of an existing secret containing the app secret under the key app-secret. | +| umami.appSecret.secret | string | `""` | A random string used to generate unique values. | | umami.clientIpHeader | string | `""` | HTTP header to check for the client's IP address. This is useful when you're behind a proxy that uses non-standard headers. | -| umami.collectApiEndpoint | string | `""` | Allows you to send metrics to a location different than the default /api/collect. This is to help you avoid some ad-blockers. | +| umami.cloudMode | string | `"1"` | Disables users, teams, and websites settings page. | +| umami.collectApiEndpoint | string | `""` | Allows you to send metrics to a location different than the default `/api/send`. This is to help you avoid some ad-blockers. | +| umami.corsMaxAge | string | `"86400"` | How many seconds a CORS preflight should last. Default is 24 hours. | +| umami.debug | string | `""` | Console logging for specific areas of the application. Values include `umami:auth`, `umami:clickhouse`, `umami:kafka`, `umami:middleware`, and `umami:prisma`. | +| umami.disableBotCheck | string | `"1"` | By default bots are excluded from statistics. This disables checking for bots. | | umami.disableLogin | string | `"1"` | Disables the login page for the application | | umami.disableTelemetry | string | `"1"` | Umami collects completely anonymous telemetry data in order help improve the application. You can choose to disable this if you don't want to participate. | | umami.disableUpdates | string | `"1"` | Disables the check for new versions of Umami | +| umami.enableTestConsole | string | `"1"` | Enables the internal test page, {host}/console. Admin access is required. Users can manually fire pageviews and events to their websites. | | umami.forceSSL | string | `"1"` | This will redirect all requests from http to https in the Umami application. Note, this does not apply to the tracking script. | -| umami.hash.existingSecret | string | `""` | Name of an existing secret containing the hash salt under the key hash-salt | -| umami.hash.salt | string | `""` | A random string used to generate unique values. | -| umami.hostname | string | `""` | hostname under which Umami will be reached | +| umami.hostname | string | `"0.0.0.0"` | hostname under which Umami will be reached | +| umami.ignoreHostname | string | `""` | This will do a DNS lookup on a hostname and the resulting IP address will be ignored. This can be a comma delimited list of hostnames. | | umami.ignoredIpAddresses | string | `""` | You can provide a comma-delimited list of IP address to exclude from data collection. | +| umami.logQuery | string | `"1"` | If you are running in development mode, this will log database queries to the console for debugging. | +| umami.migration.v1v2.enabled | bool | `false` | enable a job that migrates database structure from v1 to v2 | | umami.removeDisableLoginEnv | bool | `false` | setting this to true removes the environment variable DISABLE_LOGIN defined in `umami.disableLogin` from the deployment as this caused errors in some setups | | umami.removeTrailingSlash | string | `"1"` | Removes the trailing slash from all incoming urls. | | umami.trackerScriptName | string | `"umami"` | Allows you to assign a custom name to the tracker script different from the default umami. This is to help you avoid some ad-blockers. | @@ -122,4 +130,6 @@ helm install my-release -f values.yaml christianknell/umami ### To 2.0.0 -This major updates the PostgreSQL subchart to its newest major, 14.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1400) you can find more information about the changes introduced in that version. +This major updates the Docker Image to its newest major, 2.0.0. [Here](https://github.com/umami-software/umami/releases/tag/v2.0.0) you can find more information about the changes introduced in that version. + +To upgrade from a previous version of the Helm Chart make sure to activate the database migration job with `umami.migration.v1v2.enabled`. diff --git a/charts/umami/README.md.gotmpl b/charts/umami/README.md.gotmpl index cc3ce7fe..46e87af9 100644 --- a/charts/umami/README.md.gotmpl +++ b/charts/umami/README.md.gotmpl @@ -57,4 +57,6 @@ helm install my-release -f values.yaml christianknell/umami ### To 2.0.0 -This major updates the PostgreSQL subchart to its newest major, 14.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1400) you can find more information about the changes introduced in that version. +This major updates the Docker Image to its newest major, 2.0.0. [Here](https://github.com/umami-software/umami/releases/tag/v2.0.0) you can find more information about the changes introduced in that version. + +To upgrade from a previous version of the Helm Chart make sure to activate the database migration job with `umami.migration.v1v2.enabled`. diff --git a/charts/umami/templates/_helpers.tpl b/charts/umami/templates/_helpers.tpl index 52c45d12..f887bb25 100644 --- a/charts/umami/templates/_helpers.tpl +++ b/charts/umami/templates/_helpers.tpl @@ -170,12 +170,12 @@ Get the key for the database url {{- end -}} {{/* -Get the name of the secret containing the hash salt +Get the name of the secret containing the app secret */}} -{{- define "umami.hash.secretName" -}} - {{- if .Values.umami.hash.existingSecret -}} - {{- printf "%s" (tpl .Values.umami.hash.existingSecret $) -}} +{{- define "umami.appSecret.secretName" -}} + {{- if .Values.umami.appSecret.existingSecret -}} + {{- printf "%s" (tpl .Values.umami.appSecret.existingSecret $) -}} {{- else -}} - {{- printf "%s" (include "umami.fullname" .) -}}-hash + {{- printf "%s" (include "umami.fullname" .) -}}-app-secret {{- end -}} {{- end -}} diff --git a/charts/umami/templates/app-secret.yaml b/charts/umami/templates/app-secret.yaml new file mode 100644 index 00000000..f7be5b24 --- /dev/null +++ b/charts/umami/templates/app-secret.yaml @@ -0,0 +1,12 @@ +{{- if and (not .Values.umami.appSecret.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "umami.appSecret.secretName" . }} +data: + {{- if .Values.umami.appSecret.secret }} + app-secret: {{ .Values.umami.appSecret.secret | b64enc }} + {{- else }} + app-secret: {{ randAlphaNum 50 | b64enc }} + {{- end }} +{{- end }} diff --git a/charts/umami/templates/deployment.yaml b/charts/umami/templates/deployment.yaml index bd9b8603..8001181b 100644 --- a/charts/umami/templates/deployment.yaml +++ b/charts/umami/templates/deployment.yaml @@ -42,14 +42,31 @@ spec: name: {{ include "umami.database.secretName" . | quote }} key: {{ include "umami.database.databaseUrlKey" . | quote }} # Umami Settings + - name: APP_SECRET + valueFrom: + secretKeyRef: + name: {{ include "umami.appSecret.secretName" . | quote }} + key: app-secret {{- if .Values.umami.clientIpHeader }} - name: CLIENT_IP_HEADER value: {{ .Values.umami.clientIpHeader | quote }} {{- end }} + {{- if .Values.umami.cloudMode }} + - name: CLOUD_MODE + value: {{ .Values.umami.cloudMode | quote }} + {{- end }} {{- if .Values.umami.collectApiEndpoint }} - name: COLLECT_API_ENDPOINT value: {{ .Values.umami.collectApiEndpoint | quote }} {{- end }} + {{- if .Values.umami.corsMaxAge }} + - name: CORS_MAX_AGE + value: {{ .Values.umami.corsMaxAge | quote }} + {{- end }} + {{- if .Values.umami.disableBotCheck }} + - name: DISABLE_BOT_CHECK + value: {{ .Values.umami.disableBotCheck | quote }} + {{- end }} {{- if not .Values.umami.removeDisableLoginEnv }} - name: DISABLE_LOGIN value: {{ .Values.umami.disableLogin | quote }} @@ -60,19 +77,22 @@ spec: value: {{ .Values.umami.disableUpdates | quote }} - name: FORCE_SSL value: {{ .Values.umami.forceSSL | quote }} - - name: HASH_SALT - valueFrom: - secretKeyRef: - name: {{ include "umami.hash.secretName" . | quote }} - key: hash-salt {{- if .Values.umami.hostname }} - name: HOSTNAME value: {{ .Values.umami.hostname | quote }} {{- end }} + {{- if .Values.umami.ignoreHostname }} + - name: IGNORE_HOSTNAME + value: {{ .Values.umami.ignoreHostname | quote }} + {{- end }} {{- if .Values.umami.ignoredIpAddresses }} - name: IGNORE_IP value: {{ .Values.umami.ignoredIpAddresses | quote }} {{- end }} + {{- if .Values.umami.logQuery }} + - name: LOG_QUERY + value: {{ .Values.umami.logQuery | quote }} + {{- end }} - name: PORT value: {{ .Values.service.port | quote }} - name: REMOVE_TRAILING_SLASH diff --git a/charts/umami/templates/hash-secret.yaml b/charts/umami/templates/hash-secret.yaml deleted file mode 100644 index d4072451..00000000 --- a/charts/umami/templates/hash-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (not .Values.umami.hash.existingSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "umami.hash.secretName" . }} -data: - {{- if .Values.umami.hash.salt }} - hash-salt: {{ .Values.umami.hash.salt | b64enc }} - {{- else }} - hash-salt: {{ randAlphaNum 50 | b64enc }} - {{- end }} -{{- end }} diff --git a/charts/umami/templates/job.yaml b/charts/umami/templates/job.yaml new file mode 100644 index 00000000..141a4af5 --- /dev/null +++ b/charts/umami/templates/job.yaml @@ -0,0 +1,32 @@ +{{- if .Values.umami.migration.v1v2.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": "pre-install, pre-upgrade" + labels: + {{- include "umami.labels" . | nindent 4 }} + name: {{ include "umami.fullname" . }}-migration-v1-to-v2 +spec: + template: + metadata: + labels: + {{- include "umami.labels" . | nindent 8 }} + spec: + containers: + - name: migrate-v1-to-v2 + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - "/bin/sh" + - "-c" + - "npx @umami/migrate-v1-v2@latest" + env: + # Database Settings + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: {{ include "umami.database.secretName" . | quote }} + key: {{ include "umami.database.databaseUrlKey" . | quote }} + restartPolicy: OnFailure +{{- end }} diff --git a/charts/umami/values.yaml b/charts/umami/values.yaml index fb7f3a2e..47a781a6 100644 --- a/charts/umami/values.yaml +++ b/charts/umami/values.yaml @@ -12,7 +12,7 @@ image: # -- image pull policy pullPolicy: Always # -- Overrides the image tag - tag: "postgresql-v1.40.0" + tag: "postgresql-v2.9.0" # -- If defined, uses a Secret to pull an image from a private Docker registry or repository. imagePullSecrets: [] @@ -112,27 +112,45 @@ affinity: {} extraEnv: [] umami: + appSecret: + # -- Name of an existing secret containing the app secret under the key app-secret. + existingSecret: "" + # -- A random string used to generate unique values. + secret: "" # -- HTTP header to check for the client's IP address. This is useful when you're behind a proxy that uses non-standard headers. clientIpHeader: "" - # -- Allows you to send metrics to a location different than the default /api/collect. This is to help you avoid some ad-blockers. + # -- Disables users, teams, and websites settings page. + cloudMode: "1" + # -- Allows you to send metrics to a location different than the default `/api/send`. This is to help you avoid some ad-blockers. collectApiEndpoint: "" + # -- How many seconds a CORS preflight should last. Default is 24 hours. + corsMaxAge: "86400" + # -- Console logging for specific areas of the application. Values include `umami:auth`, `umami:clickhouse`, `umami:kafka`, `umami:middleware`, and `umami:prisma`. + debug: "" + # -- By default bots are excluded from statistics. This disables checking for bots. + disableBotCheck: "1" # -- Disables the login page for the application disableLogin: "1" # -- Umami collects completely anonymous telemetry data in order help improve the application. You can choose to disable this if you don't want to participate. disableTelemetry: "1" # -- Disables the check for new versions of Umami disableUpdates: "1" + # -- Enables the internal test page, {host}/console. Admin access is required. Users can manually fire pageviews and events to their websites. + enableTestConsole: "1" # -- This will redirect all requests from http to https in the Umami application. Note, this does not apply to the tracking script. forceSSL: "1" - hash: - # -- Name of an existing secret containing the hash salt under the key hash-salt - existingSecret: "" - # -- A random string used to generate unique values. - salt: "" # -- hostname under which Umami will be reached - hostname: "" + hostname: "0.0.0.0" + # -- This will do a DNS lookup on a hostname and the resulting IP address will be ignored. This can be a comma delimited list of hostnames. + ignoreHostname: "" # -- You can provide a comma-delimited list of IP address to exclude from data collection. ignoredIpAddresses: "" + # -- If you are running in development mode, this will log database queries to the console for debugging. + logQuery: "1" + migration: + v1v2: + # -- enable a job that migrates database structure from v1 to v2 + enabled: false # -- setting this to true removes the environment variable DISABLE_LOGIN defined in `umami.disableLogin` from the deployment as this caused errors in some setups removeDisableLoginEnv: false # -- Removes the trailing slash from all incoming urls.