diff --git a/umami/argocd-app.yaml b/umami/argocd-app.yaml new file mode 100644 index 0000000..fc40565 --- /dev/null +++ b/umami/argocd-app.yaml @@ -0,0 +1,28 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: umami + namespace: argocd +spec: + project: default + source: + repoURL: https://git.chemavx.xyz/chemavx/k8s-manifests + targetRevision: HEAD + path: umami + destination: + server: https://kubernetes.default.svc + namespace: umami + ignoreDifferences: + - group: "" + kind: Secret + name: umami-secrets + namespace: umami + jsonPointers: + - /data + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true diff --git a/umami/deployment.yaml b/umami/deployment.yaml new file mode 100644 index 0000000..831929f --- /dev/null +++ b/umami/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: umami + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: umami-postgres-data + namespace: umami +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres + namespace: umami + labels: + app: postgres +spec: + replicas: 1 + selector: + matchLabels: + app: postgres + template: + metadata: + labels: + app: postgres + spec: + containers: + - name: postgres + image: postgres:15-alpine + imagePullPolicy: IfNotPresent + env: + - name: POSTGRES_DB + value: "umami" + - name: POSTGRES_USER + value: "umami" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: umami-secrets + key: postgres-password + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql/data + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "256Mi" + cpu: "500m" + volumes: + - name: postgres-data + persistentVolumeClaim: + claimName: umami-postgres-data + +--- +apiVersion: v1 +kind: Service +metadata: + name: postgres + namespace: umami +spec: + selector: + app: postgres + ports: + - port: 5432 + targetPort: 5432 + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: umami + namespace: umami + labels: + app: umami +spec: + replicas: 1 + selector: + matchLabels: + app: umami + template: + metadata: + labels: + app: umami + spec: + initContainers: + - name: wait-for-postgres + image: busybox:1.36 + command: + - sh + - -c + - | + until nc -z postgres 5432; do + echo "waiting for postgres..."; sleep 2 + done + containers: + - name: umami + image: ghcr.io/umami-software/umami:postgresql-latest + imagePullPolicy: Always + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: umami-secrets + key: database-url + - name: APP_SECRET + valueFrom: + secretKeyRef: + name: umami-secrets + key: app-secret + ports: + - containerPort: 3000 + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + +--- +apiVersion: v1 +kind: Service +metadata: + name: umami + namespace: umami +spec: + selector: + app: umami + ports: + - port: 80 + targetPort: 3000 + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: umami + namespace: umami + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + rules: + - host: umami.chemavx.xyz + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: umami + port: + number: 80 + tls: + - hosts: + - umami.chemavx.xyz + secretName: umami-tls + +# Secrets gestionados manualmente — NO añadir aquí para evitar que ArgoCD sobreescriba. +# Ver instrucciones de deploy en argocd-app.yaml