{"id":1326,"date":"2026-03-19T10:12:25","date_gmt":"2026-03-19T09:12:25","guid":{"rendered":"https:\/\/simon-frey.com\/blog\/?p=1326"},"modified":"2026-03-23T11:31:22","modified_gmt":"2026-03-23T10:31:22","slug":"self-hosted-plausible-analytics-on-kubernetes","status":"publish","type":"post","link":"https:\/\/simon-frey.com\/blog\/self-hosted-plausible-analytics-on-kubernetes\/","title":{"rendered":"Self-hosted Plausible Analytics on Kubernetes (with db operators and ArgoCD)"},"content":{"rendered":"\n

I’ve been running Plausible for my website analytics for over four years. They do a great job as a managed service and I really like their team…but I have a Kubernetes cluster on Hetzner Cloud<\/a> running all my other infrastructure. So the natural question came up: Would it work and be reliable at all? So far I can say yes<\/em> to both of these questions.<\/p>\n\n\n\n

If you just want to see the k8s YAMLs, checkout https:\/\/github.com\/simonfrey\/hetzner_k8s\/tree\/main\/gitops\/apps\/plausible <\/a><\/p>\n\n\n\n

The secondary reason is control. With self-hosted Plausible, analytics data never leaves my cluster. No third-party processors, no data sharing agreements, no GDPR concerns beyond what I already handle for the website itself.<\/p>\n\n\n\n

Last: The infrastructure I am running is there anyways, so self-hosting basically is free in comparison to a monthly SaaS payment (if you neglect the time it took me to spin it up, which easily could have payed for years of managed plausible…).<\/p>\n\n\n\n

Architecture<\/h2>\n\n\n\n

Plausible CE needs three things: the application itself (an Elixir\/Phoenix app I think – but as we load it as docker container anyways…who cares), PostgreSQL for user accounts and site configuration, and ClickHouse for the actual analytics event data. On my Kubernetes, this translates to:<\/p>\n\n\n\n

flowchart TD\n    %% External \n    Visitor([Visitor]) --> HLB[Hetzner LB]\n\n    %% Kubernetes Cluster\n    subgraph K8s [Kubernetes Cluster]\n        Traefik{Traefik Ingress}\n        Plausible[Plausible CE App<br\/>Elixir\/Phoenix]\n        \n        subgraph Databases [Data Storage]\n            Postgres[(PostgreSQL<br\/>Zalando Op.)]\n            ClickHouse[(ClickHouse<br\/>Altinity Op.)]\n        end\n\n        Traefik --> Plausible\n        Plausible -->|Accounts & Config| Postgres\n        Plausible -->|Analytics Event Data| ClickHouse\n    end\n\n    %% Routing into cluster\n    HLB --> Traefik<\/pre><\/div>\n\n\n\n
Everything runs in a single plausible<\/code> namespace. The databases are managed by Kubernetes operators rather than plain StatefulSets \u2014 operators handle password rotation, connection pooling, backup coordination, and failure recovery. Trust me: You don’t want to write liveness probes for database processes.<\/p>\n\n\n\n
Database operators<\/h2>\n\n\n\n
PostgreSQL: Zalando Postgres Operator<\/h3>\n\n\n\n
The Zalando Postgres Operator<\/a> (v1.15.1) manages PostgreSQL clusters as custom resources. My Plausible PostgreSQL instance is defined in about 30 lines:<\/p>\n\n\n\n
apiVersion: acid.zalan.do\/v1
kind: postgresql
metadata:
  name: plausible-postgres
spec:
  teamId: plausible
  volume:
    size: 5Gi
    storageClass: hcloud-volumes
  numberOfInstances: 1
  users:
    plausible: []
  databases:
    plausible: plausible
  postgresql:
    version: \"16\"
  resources:
    requests:
      cpu: 100m
      memory: 256Mi<\/code><\/pre>\n\n\n\n
The operator auto-generates credentials and stores them in a secret with a predictable name (plausible.plausible-postgres.credentials.postgresql.acid.zalan.do<\/code>). Plausible references this secret to build its DATABASE_URL<\/code>. No passwords in git, no manual secret creation.<\/p>\n\n\n\n
The pg_hba<\/code> config allows both SSL and non-SSL connections. This matters because the operator itself needs SSL to create roles and databases during initialization.<\/p>\n\n\n\n
ClickHouse: Altinity Operator<\/h3>\n\n\n\n
ClickHouse handles all the event data, page views, and aggregation queries. The Altinity ClickHouse Operator<\/a> manages it via a ClickHouseInstallation<\/code> custom resource:<\/p>\n\n\n\n
apiVersion: clickhouse.altinity.com\/v1
kind: ClickHouseInstallation
metadata:
  name: plausible-clickhouse
spec:
  configuration:
    users:
      plausible\/k8s_secret_password: plausible\/plausible-credentials\/CLICKHOUSE_PASSWORD
      plausible\/networks\/ip: \"::\/0\"
    clusters:
      - name: plausible
        layout:
          shardsCount: 1
          replicasCount: 1
  templates:
    volumeClaimTemplates:
      - name: data
        spec:
          storageClassName: hcloud-volumes
          accessModes: [ReadWriteOnce]
          resources:
            requests:
              storage: 10Gi<\/code><\/pre>\n\n\n\n
One shard, one replica, 10GB of storage. The key line is plausible\/k8s_secret_password: plausible\/plausible-credentials\/CLICKHOUSE_PASSWORD<\/code> \u2014 this tells the operator to read the password from a Kubernetes secret rather than embedding it in the CR. The format is namespace\/secret-name\/key<\/code>. This took me (+ my rubber ducky Claude Code) three attempts to get right.<\/p>\n\n\n\n
Secrets management<\/h2>\n\n\n\n
I generate three passwords from the outside (via terraform) for Plausible and stores them in a Kubernetes secret:<\/p>\n\n\n\n
resource \"random_password\" \"plausible_clickhouse\" {
  length  = 24
  special = false
}
\u200b
resource \"random_password\" \"plausible_secret_key\" {
  length  = 64
  special = false
}
\u200b
resource \"random_password\" \"plausible_totp_vault\" {
  length  = 32
  special = false
}
\u200b
resource \"kubernetes_secret\" \"plausible_credentials\" {
  metadata {
    name      = \"plausible-credentials\"
    namespace = \"plausible\"
  }
  data = {
    SECRET_KEY_BASE     = base64encode(random_password.plausible_secret_key.result)
    TOTP_VAULT_KEY      = base64encode(random_password.plausible_totp_vault.result)
    CLICKHOUSE_PASSWORD = random_password.plausible_clickhouse.result
  }
}<\/code><\/pre>\n\n\n\n
SECRET_KEY_BASE<\/code> is the Phoenix framework encryption key. 
TOTP_VAULT_KEY<\/code> encrypts two-factor authentication secrets.
CLICKHOUSE_PASSWORD<\/code> authenticates the Plausible app against ClickHouse. <\/p>\n\n\n\n
All generated with special = false<\/code> because special characters in database connection URLs are a recipe for URL-encoding bugs (which I ran into).<\/p>\n\n\n\n
The PostgreSQL password is handled differently \u2014 the Zalando operator generates it automatically and stores it in its own secret. Plausible reads it via valueFrom.secretKeyRef<\/code> and interpolates it into the connection URL using Kubernetes variable substitution:<\/p>\n\n\n\n
env:
  - name: PG_PASSWORD
    valueFrom:
      secretKeyRef:
        name: plausible.plausible-postgres.credentials.postgresql.acid.zalan.do
        key: password
  - name: DATABASE_URL
    value: postgres:\/\/plausible:$(PG_PASSWORD)@plausible-postgres:5432\/plausible<\/code><\/pre>\n\n\n\n
The $(PG_PASSWORD)<\/code> syntax is Kubernetes-native env var substitution. Kubernetes resolves it at pod creation time from the previously defined env var. Same pattern for the ClickHouse URL.<\/p>\n\n\n\n
ArgoCD integration<\/h2>\n\n\n\n
Plausible is split into two ArgoCD Applications to handle the dependency ordering:<\/p>\n\n\n\n
    \n
  1. plausible-db<\/strong> (sync wave 3): Deploys the ClickHouseInstallation and PostgreSQL CRs from gitops\/apps\/plausible\/<\/code>. This waits for the operators (sync wave 1) to be ready.<\/li>\n\n\n\n
  2. plausible<\/strong> (sync wave 4): Deploys the Plausible app via the pascaliske Helm chart<\/a> (v2.0.0). This waits for the databases to be ready.<\/li>\n<\/ol>\n\n\n\n
    The wave ordering is critical. If Plausible starts before ClickHouse or Postgres are accepting connections, the init container crashes and the pod enters a CrashLoopBackOff. ArgoCD’s retry policy (5 retries with exponential backoff) usually recovers from timing issues, but getting the waves right avoids unnecessary churn.<\/p>\n\n\n\n
    Scaling<\/h2>\n\n\n\n
    I investigated whether Plausible CE can auto-scale under high event load. The short answer: it can’t, and it’s not worth trying.<\/p>\n\n\n\n
    Plausible stores session state in-memory with no external session store. Running multiple replicas requires sticky sessions at the ingress level, and scaling events risk losing in-memory state. The pascaliske Helm chart<\/a> supports a static controller.replicas<\/code> count but has no HPA template. You could create one manually, but the session affinity requirement makes it a poor fit for dynamic scaling.<\/p>\n\n\n\n
    ClickHouse can be replicated via the Altinity operator, but Plausible doesn’t support HA ClickHouse natively \u2014 you’d need to convert table engines to Replicated*<\/code> variants and run ZooKeeper for coordination. That’s a lot of machinery for a personal analytics setup.<\/p>\n\n\n\n
    For a personal website with a few hundred visitors a day, a single replica of each component is more than sufficient….and if you need more horsepower, you still can scale horizontally…OR pay plausible manged service. <\/p>\n\n\n\n
    Bonus: Removing footer with CSS injection<\/h2>\n\n\n\n
    Plausible CE shows a footer on every page with branding. I wanted a cleaner look, so I used a Traefik middleware to inject CSS that hides it:<\/p>\n\n\n\n
    apiVersion: traefik.io\/v1alpha1
    kind: Middleware
    metadata:
      name: inject-css
      namespace: plausible
    spec:
      plugin:
        rewritebody:
          rewrites:
            - regex: \"<\/head>\"
              replacement: \"<style>main + div{display:none;}<\/style><\/head>\"<\/code><\/pre>\n\n\n\n
    This uses the traefik-plugin-rewritebody<\/a> plugin to rewrite the HTML response on the fly. It finds the closing <\/head><\/code> tag and injects a <style><\/code> block before it. The CSS selector main + div<\/code> targets the div element immediately after the <main><\/code> element, which is where Plausible renders its footer. The element gets display:none<\/code> and disappears.<\/p>\n\n\n\n
    It’s hacky \u2014 a CSS selector that could break with any Plausible update that changes the DOM structure. But it’s six lines of YAML, doesn’t require forking Plausible, and has survived a version update so far.<\/p>\n\n\n\n
    Bonus: HTTPS-only<\/h2>\n\n\n\n
    A traefik HTTPS redirect middleware ensures all traffic uses TLS:<\/p>\n\n\n\n
    apiVersion: traefik.io\/v1alpha1
    kind: Middleware
    metadata:
      name: redirect-https
    spec:
      redirectScheme:
        scheme: https
        permanent: true<\/code><\/pre>\n\n\n\n
    Both middlewares are referenced in the Plausible IngressRoute, so every request passes through HTTPS redirect first, then CSS injection.<\/p>\n\n\n\n
    <\/p>\n","protected":false},"excerpt":{"rendered":"
    I’ve been running Plausible for my website analytics for over four years. They do a great job as a managed service and I really like their team…but I have a Kubernetes cluster on Hetzner Cloud…<\/p>\n
    Read more of Self-hosted Plausible Analytics on Kubernetes (with db operators and ArgoCD)<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[232,375,374],"tags":[],"class_list":["post-1326","post","type-post","status-publish","format-standard","hentry","category-devops","category-homelab","category-kubernetes-k8s"],"yoast_head":"\nSelf-hosted Plausible Analytics on Kubernetes (with db operators and ArgoCD) - Blog by Simon Frey<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/simon-frey.com\/blog\/self-hosted-plausible-analytics-on-kubernetes\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Simon Frey\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Self-hosted Plausible Analytics on Kubernetes (with db operators and ArgoCD) - Blog by Simon Frey","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/simon-frey.com\/blog\/self-hosted-plausible-analytics-on-kubernetes\/","twitter_misc":{"Written by":"Simon Frey","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/simon-frey.com\/blog\/self-hosted-plausible-analytics-on-kubernetes\/#article","isPartOf":{"@id":"https:\/\/simon-frey.com\/blog\/self-hosted-plausible-analytics-on-kubernetes\/"},"author":{"name":"Simon Frey","@id":"https:\/\/simon-frey.com\/blog\/#\/schema\/person\/34753982b648415636ee7a079f3e19a3"},"headline":"Self-hosted Plausible Analytics on Kubernetes (with db operators and ArgoCD)","datePublished":"2026-03-19T09:12:25+00:00","dateModified":"2026-03-23T10:31:22+00:00","mainEntityOfPage":{"@id":"https:\/\/simon-frey.com\/blog\/self-hosted-plausible-analytics-on-kubernetes\/"},"wordCount":939,"publisher":{"@id":"https:\/\/simon-frey.com\/blog\/#\/schema\/person\/34753982b648415636ee7a079f3e19a3"},"articleSection":["DevOps","Homelab","Kubernetes (k8s)"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/simon-frey.com\/blog\/self-hosted-plausible-analytics-on-kubernetes\/","url":"https:\/\/simon-frey.com\/blog\/self-hosted-plausible-analytics-on-kubernetes\/","name":"Self-hosted Plausible Analytics on Kubernetes (with db operators and ArgoCD) - Blog by Simon Frey","isPartOf":{"@id":"https:\/\/simon-frey.com\/blog\/#website"},"datePublished":"2026-03-19T09:12:25+00:00","dateModified":"2026-03-23T10:31:22+00:00","breadcrumb":{"@id":"https:\/\/simon-frey.com\/blog\/self-hosted-plausible-analytics-on-kubernetes\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/simon-frey.com\/blog\/self-hosted-plausible-analytics-on-kubernetes\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/simon-frey.com\/blog\/self-hosted-plausible-analytics-on-kubernetes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/simon-frey.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Self-hosted Plausible Analytics on Kubernetes (with db operators and ArgoCD)"}]},{"@type":"WebSite","@id":"https:\/\/simon-frey.com\/blog\/#website","url":"https:\/\/simon-frey.com\/blog\/","name":"Blog by Simon Frey","description":"","publisher":{"@id":"https:\/\/simon-frey.com\/blog\/#\/schema\/person\/34753982b648415636ee7a079f3e19a3"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/simon-frey.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/simon-frey.com\/blog\/#\/schema\/person\/34753982b648415636ee7a079f3e19a3","name":"Simon Frey","logo":{"@id":"https:\/\/simon-frey.com\/blog\/#\/schema\/person\/image\/"},"sameAs":["https:\/\/simon-frey.com","https:\/\/www.linkedin.com\/in\/simonfrey\/","https:\/\/x.com\/eu_frey"]}]}},"_links":{"self":[{"href":"https:\/\/simon-frey.com\/blog\/wp-json\/wp\/v2\/posts\/1326","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/simon-frey.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/simon-frey.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/simon-frey.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/simon-frey.com\/blog\/wp-json\/wp\/v2\/comments?post=1326"}],"version-history":[{"count":1,"href":"https:\/\/simon-frey.com\/blog\/wp-json\/wp\/v2\/posts\/1326\/revisions"}],"predecessor-version":[{"id":1327,"href":"https:\/\/simon-frey.com\/blog\/wp-json\/wp\/v2\/posts\/1326\/revisions\/1327"}],"wp:attachment":[{"href":"https:\/\/simon-frey.com\/blog\/wp-json\/wp\/v2\/media?parent=1326"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/simon-frey.com\/blog\/wp-json\/wp\/v2\/categories?post=1326"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/simon-frey.com\/blog\/wp-json\/wp\/v2\/tags?post=1326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}