From fc16584870c72585aad077ccadeba8c640c2e21e Mon Sep 17 00:00:00 2001 From: Michael Thomson Date: Thu, 11 Jan 2024 16:24:50 -0500 Subject: [PATCH] ghost --- .../kustomizations/kustomization-ghost.yaml | 22 ++++++++++++ bootstrap/namespaces/namespace-ghost.yaml | 4 +++ ghost/dns-endpoint.yaml | 12 +++++++ ghost/ghost-config.yaml | 7 ++++ ghost/ghost-db-deployment.yaml | 31 ++++++++++++++++ ghost/ghost-db-pvc.yaml | 12 +++++++ ghost/ghost-db-secret.yaml | 17 +++++++++ ghost/ghost-db-service.yaml | 11 ++++++ ghost/ghost-deployment.yaml | 35 +++++++++++++++++++ ghost/ghost-pvc.yaml | 12 +++++++ ghost/ghost-secret.yaml | 18 ++++++++++ ghost/ghost-service.yaml | 12 +++++++ ghost/ingress.yaml | 25 +++++++++++++ 13 files changed, 218 insertions(+) create mode 100644 bootstrap/kustomizations/kustomization-ghost.yaml create mode 100644 bootstrap/namespaces/namespace-ghost.yaml create mode 100644 ghost/dns-endpoint.yaml create mode 100644 ghost/ghost-config.yaml create mode 100644 ghost/ghost-db-deployment.yaml create mode 100644 ghost/ghost-db-pvc.yaml create mode 100644 ghost/ghost-db-secret.yaml create mode 100644 ghost/ghost-db-service.yaml create mode 100644 ghost/ghost-deployment.yaml create mode 100644 ghost/ghost-pvc.yaml create mode 100644 ghost/ghost-secret.yaml create mode 100644 ghost/ghost-service.yaml create mode 100644 ghost/ingress.yaml diff --git a/bootstrap/kustomizations/kustomization-ghost.yaml b/bootstrap/kustomizations/kustomization-ghost.yaml new file mode 100644 index 0000000..a3cd2ae --- /dev/null +++ b/bootstrap/kustomizations/kustomization-ghost.yaml @@ -0,0 +1,22 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: ghost + namespace: flux-system +spec: + interval: 30m + path: ./ghost + prune: true # remove any elements later removed from the above path + timeout: 2m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: ghost + namespace: ghost + - apiVersion: apps/v1 + kind: Deployment + name: ghost-db + namespace: ghost diff --git a/bootstrap/namespaces/namespace-ghost.yaml b/bootstrap/namespaces/namespace-ghost.yaml new file mode 100644 index 0000000..f575f05 --- /dev/null +++ b/bootstrap/namespaces/namespace-ghost.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ghost diff --git a/ghost/dns-endpoint.yaml b/ghost/dns-endpoint.yaml new file mode 100644 index 0000000..5cbf0be --- /dev/null +++ b/ghost/dns-endpoint.yaml @@ -0,0 +1,12 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: ghost.michaelthomson.dev + namespace: ghost +spec: + endpoints: + - dnsName: ghost.michaelthomson.dev + recordTTL: 180 + recordType: CNAME + targets: + - server.michaelthomson.dev diff --git a/ghost/ghost-config.yaml b/ghost/ghost-config.yaml new file mode 100644 index 0000000..6af024e --- /dev/null +++ b/ghost/ghost-config.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ghost-config + namespace: ghost +data: + url: https://ghost.michaelthomson.dev diff --git a/ghost/ghost-db-deployment.yaml b/ghost/ghost-db-deployment.yaml new file mode 100644 index 0000000..d051af1 --- /dev/null +++ b/ghost/ghost-db-deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ghost-db + namespace: ghost +spec: + selector: + matchLabels: + app: ghost-db + template: + metadata: + labels: + app: ghost-db + spec: + containers: + - name: ghost-db + image: mysql:8.0 + envFrom: + - secretRef: + name: ghost-db-secret + ports: + - containerPort: 3306 + volumeMounts: + - mountPath: /var/lib/mysql + name: ghost-db-pvc + volumes: + - name: ghost-db-pvc + persistentVolumeClaim: + claimName: ghost-db-pvc + + diff --git a/ghost/ghost-db-pvc.yaml b/ghost/ghost-db-pvc.yaml new file mode 100644 index 0000000..fca7d54 --- /dev/null +++ b/ghost/ghost-db-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ghost-db-pvc + namespace: ghost +spec: + resources: + requests: + storage: 10Gi + storageClassName: longhorn + accessModes: + - ReadWriteOnce diff --git a/ghost/ghost-db-secret.yaml b/ghost/ghost-db-secret.yaml new file mode 100644 index 0000000..fbe2289 --- /dev/null +++ b/ghost/ghost-db-secret.yaml @@ -0,0 +1,17 @@ +kind: SealedSecret +apiVersion: bitnami.com/v1alpha1 +metadata: + name: ghost-db-secret + namespace: ghost + creationTimestamp: +spec: + template: + metadata: + name: ghost-db-secret + namespace: ghost + creationTimestamp: + encryptedData: + MYSQL_DATABASE: AgDY1y3LZMtmBGt5TO1XRC0xzI/JSj4hPbz7fPFnlT+2kkWbq+730qh+ArO0GQedw2sPlDqnSgLa2gya7ToUKfJZS0jmbkWz/QXWMjlGGX2z6Vy3Q/c8cXNPDvl7C3TKdcx9RTcnuTzteO8Txh90cOyWkj0cHeV8jAT9bHYv6Wb4e96s6o2n7QmiEONTwCMnT2b9KbeH7y/qpS7mfByU4QqUTedlOz84JrncF9l3ji+TugkF2EgyRvbuxakpP3CwN9S2L2wfpIVK51rKu5zfJMya0vEKHVXVGB9Eej2bZWC06Y9UI2AUakLTLuBah7m1v58Pd8m9gVD5G6boISc7gUVL7hbxWlN5x3jANHc8wgxXv+FN+MsNk2HCnH9ukmd8TotKiwR4DcVKBuNrm633OfFN/MrENmnDCtGXcl+Eyrt68oBxnnmOKnf8WY9OQ0xrlg9ITPF4MLtkd4JixXWyZshXFj0XOyi5qfprVD25TWI2RNikCUs0b1K3N+BIWTgUeO2IQogx++l2Zw7xF6/eECxrP4PdRrG2z7KnwiXYcUzHi7B1JqBftzUY5tXN3TDUH1v7esyZndglBBQHS5rVL+XRhOiCI3/sl9ItHbtcenGHZzHbgL8FPKYpkGFbneHTx3rnP0LN9tveMXCl5Irlt9b9Q9A46EovLIl/7Q2cvLQy2FYZdp+yTJQtrI0EJd4P1tlWMDSNKQ== + MYSQL_PASSWORD: AgAvPslM3Zs0G4u/U1nTYilXwITGuo5HRzTfsW5wuv9+lDXOsbSNxvHgMRt/H3JdI778w1xYYldKzcmg5DZW16J/o50QYwCntfMbLvmrhpWCgrkWcA1sJiYcUHmQZVcT1MWr+87uu4ADQrhDfXspANo/w6cPvh+tpM5gt1TKYttzkkeht1fwYmIfNI7iOSbgzw7LIfW8ns2DlSAOoHM63b1KBFHAOuA6zk+Mp5U8WtEpKkhkkv1DOf42DFABuaUElAZJpZwf6e700HQKksB167kqUK4w7OkWRKpoXDcgflCUXB0z1C+mZTME9L1HNZ9Lt+71ssi2ndAxdb64zcJvTNGpOBy4bE+wKjzHbx0+xEVhwTwZ6wOb0d9CATFJUUfzD1PMyCLYiUgNBVydeQ7iPYTsRmc/mIFMHJoiKs/shzBDoxFLWw5QNWkJSYcfLEHLma1rlg5+5iXfagWxaQXCqZK1mq2LBb1YBUcgen0TGHjTD/R7fyEXKm0gimh3+g4J1dnQprh+mFH9vWblzri/sWHKV27VwFXCn4kZHJxrJ/kDzmQTGTcbcTu3erTuN/LPqOhsJYGaQ0qJH63U5kotRolKoothar6Os62nX4qcHN3OlPYThKuKjg9+uI0VSjmOiASI/ALppIm1AJ+HRPkxpcHKQ9wTAtpoEK8ngpSMkLZrdkzFv6Xi+jq43hk6zqyK+Dj1aZxhdgPSC9/xSSTDo95KzGtZs8Qu+S/7aamhZTg= + MYSQL_ROOT_PASSWORD: AgC5vPO7y00s4he9AT0t6pAATRfUPg54fA4JPokqbMw03oKkzAmS86fUUOMVIw7DYbOwkU/0U/ey5fTdWDdKoK2py2sDlGokVTQhRz0MQNd7rcIHXbBerejX1Z4IQTLzeX5NH+yL4t9w0KsooPVtphLir8kCmdpdOKz3o5smTd6cmFlKDS1cUJC8MqLVFTCDYT8xLkDln5p5i8xf0NxcXBK8fKzs8DgJDwFg20I7Ft8D7B+0FXNGVqcR3uWv2T7eIWrEBfzLzBgTZJQNW9FN/aZfm4tIldDNrdwgSeWxDPMWAgESalGcixE/We+0Ld8Crjsf1WoobSijZS6iLYgZIDLsyvmxVmWkcjcOq5pNUH6VAzyP/o0KxYDab3x6zRNoBtcwAdJHhCUASHZ/EfD4IKzI20ecjxi0wm9qbxhI0OI2LHUpeRzIFynDVLF44nyyUaE5MTXsNlbktIPp7gH1m6Jgc29CPu+VsVwXs4743kAAo0vagUliTfqZNhN4ZZIxsAFLVlukVTU4vJtR/LLHJtZ0rpfJoCJzHhuc+ehswo/AdceQ6ccsYbxBTKt+ocyu/QhgGyEf9zvheyMu/B+OUHQqFSvw2yjhBU/c6/hSMvMejz+9sWoyQjMdRQp4GpqXdejafGe+jBT6Wn/y31m1NwP8DpUgDpGlwzgw/5znCEqzy74FoF1mOC5Ozt9kbxnXatf3+TyYeqKUj6nN3RV82HK51KHi0otj3OvgZwTPFHc= + MYSQL_USER: AgBHxUK4KjEhCkQ44MQ34UKHJYEmdWRO8S1P5ArBg1bADC7L6FGdNwKO6QhSXrRZLYVq6iKuAsL/ITnq1EOUPwfVQBqs0Zb//qcxbFMpEws0+wttMIPdpUgzP7gfbfPkbpMoJr07lF9sQNjWYNb7wPceVxGDSx8pa2ybxwg7nqrlpm0m1ozqYZJQfMTCb5j0+5IUtCW50txEQopsgrGH8owVCzQgVYjQmTgT6vNoZRAIaKycGZxz2irbwdFPZ8dLU7e2+EMLZRNL4xqMHmEKwbr9hn2qYnx1JKC+fR1f/mUvV5PWgSdaW6oxeG3Zr5fhRWAXOD5SnA9qwUrk0wposGhrxhi/NnOyhTr9txOW4MAq3fcJeNXILdTnuKF/cf3Y4m1LOkGsO9J56akCw3DdBOEUmZySN0JuJ8gQPsk8iU3thvzAlD11Worqk+Y0TclbQSAyEZSUsEeNUbiww/iJMhOMjmuA7o+WOsF2tcWnmVoP6YR9gT7KZzHYdsRkkM15Q5W7pqIEL5HiA9GrKoKkW6VDKh4/7NdzgtP4C+n/cbWwTqUMU9c/oZMRwKxwABySz4CU4CZuDmJxlSF1Z5a+8HCXz8WQDaw8EoTyT3RhABsaMFOTwIe+35ad6g3qwC/8QURr0L94FdDToKJddrdB37UXyHXCh079VDU5gyIPKfVvYdy794tdNO0Ytj7t4wgN4kyLKKI6iQ== diff --git a/ghost/ghost-db-service.yaml b/ghost/ghost-db-service.yaml new file mode 100644 index 0000000..c63378f --- /dev/null +++ b/ghost/ghost-db-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: ghost-db + namespace: bookstack +spec: + selector: + app: ghost-db + ports: + - port: 3306 + targetPort: 3306 diff --git a/ghost/ghost-deployment.yaml b/ghost/ghost-deployment.yaml new file mode 100644 index 0000000..9f01eb2 --- /dev/null +++ b/ghost/ghost-deployment.yaml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ghost + namespace: ghost +spec: + selector: + matchLabels: + app: ghost + template: + metadata: + labels: + app: ghost + spec: + containers: + - name: ghost + image: ghost:5-alpine + envFrom: + - configMapRef: + name: ghost-config + - secretRef: + name: ghost-secret + ports: + - containerPort: 2368 + name: http + protocol: TCP + volumeMounts: + - mountPath: /var/lib/ghost/content + name: ghost-pvc + volumes: + - name: ghost-pvc + persistentVolumeClaim: + claimName: ghost-pvc + + diff --git a/ghost/ghost-pvc.yaml b/ghost/ghost-pvc.yaml new file mode 100644 index 0000000..668cd75 --- /dev/null +++ b/ghost/ghost-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ghost-pvc + namespace: ghost +spec: + resources: + requests: + storage: 50Gi + storageClassName: longhorn + accessModes: + - ReadWriteOnce diff --git a/ghost/ghost-secret.yaml b/ghost/ghost-secret.yaml new file mode 100644 index 0000000..5e7a812 --- /dev/null +++ b/ghost/ghost-secret.yaml @@ -0,0 +1,18 @@ +kind: SealedSecret +apiVersion: bitnami.com/v1alpha1 +metadata: + name: ghost-secret + namespace: ghost + creationTimestamp: +spec: + template: + metadata: + name: ghost-secret + namespace: ghost + creationTimestamp: + encryptedData: + database__client: AgBbunOGj6pxz0IpG+K/g9ATDr5jErw6qUNw7SH3T/3Q5AOIp6pjD5rXmUlSw9xN+ZVy0i8zt7SLpK29LNUXjpGnbzWPFpjmWVI3SlmjwmFzJS2e8W9+bsKe5TPw6Kqy1HRH77y1s+iy91h30nfmWpYNRoAQGvdOYFyCWEZjNQNPpQ6HagW3naNl1GM6l1rtoFLsZGLppDMS0HcwBMMvTI+SEN0hbyz0dCFi+js7F0LvVX4LblB3nmD5oxwtQEvoX6CNHcl2zTGy3F3e2ZwdSWG2TRFTTvCj994HelHPjdieQDja1BWq0tXZgoetAlxgVtRFOxrszdHM/ikf65X4CmXXa6baZPzY4M2YZkh3U7iTKu8J68VYEeToBDR0HJKOPqbGj0xB1cQwvg+aWFEUETg7JKbnR7HEn3PfqN2HMsLywslNe5+rVXGWEJOvdDOsGyk33W9dlpPL3ah4AxktDnJgyTozDrcTQOWljVy7YSpB3sCPwZdMT0FqYIaa9DuF0NDJLvD9wKMjlZ3DdkWPVSC9eAIa7Fz1j2S++PCLqtKgH42cB8nCBHX6enHBAOBMfo0dJR8Od6y3+yPCXday2u1wQRsFIkxAqJ25vBts1AiHfy3EOquXMgOWguAx/8fqri5iIoLwKlMWZ3nt9CwkoBtl2UepevROL0OKnh8EUo71+I/ZfrANdiA7obAVzOmBRKspNHpXvw== + database__connection__database: AgDZgZtIG2NvbPCFcNVj0x1YEiWxmJIwZInh00o7gEbzO1fTvuRJbJr9/NvlWuejmBBxdfGiaetI3TvyQpdlLzKN3e3y1sWI0pbCtswT9AYX16hMBmRIMNZW03yk0pdx/LwaSrzwo3X40x5nEv/qc6mqyBcVL0C7pHjVg34cODOqW87TD4nRcbCzxoOxYGLOCnO+frEoGA9AQ05wV/u3SC0ZGOBJH4rgdI9c8OSIphbx0VYXq7i4esY7FzANG+2rpCK0uw9VPL4uCw5zXoTyqRWROpzr5/Xp9Ak3lIxOXNERyvl91WdpEHuPv2L7nPTzvqSgkGdJCgV/70XT+z72esM8koBo9ia+7GjnT60jzjv4EyLozM2oajXJWHFzbL3R2zqGBiha/eHCECGz0bx9CVNgPD22j+rU3zvvY0ZrEhw7wxWZGCvj1/T7n1CfM4a7ZQdfDXPvboOp6rIGqbQUwnCkfaTEMymScgM5JVd4xyWy5R0T3Bi7qWXX6m7u1WbunEcVy/WPebHsEnKel/tAavZILVISmz1FmSY3QZJCIeNyvmAWoAfFjArVJ4+BfVCAF3vBnBFPJkdsZLwwhX/0uPfRrrFrlwsC/RhnAP/zHTnC/ye9AunK1RV06xvstzyMgnWAKLCyV5IBEtdcT9ZPEb8an0fuwMajmWEpKg7xvH5R8wHHfXymMEsvEulv+Rr4PjvOU7ffcw== + database__connection__host: AgDQEp5hXrcowGYt6n0G4KFhjIxiuh6RFhdQtlO9Sn5/qkWF3+6B2vB/x0uBkF2ogHk/E08ZKyGTT1+I9vPOR85MeehYYyTw9oVsHpw3qlgamkx0RC+vkci+2ngQbipHk6vyJvObbMDlk77pWBFur9mZDuUWaFJpDFTHljgtuI/gcSHDcEF3rlQaF8TS2RJza2yHB80P7RWIQabfqrfxp7PxAyPln7xbRB9NI+A/6qi4XriHT8QK4iZ/+I+4eBlZ8ey5Z1gy1IfHfx4Q/I9ijZBd9vU5trgBTHOdkGfguV+FX6JnTWRZDqUndAH63UAgLaPq5+fYy25Ja/qoaIuXFNBcwOGQxF+q4IJR5G4YjrUf3LObwV42geLf+Ii7XSdo4H+feP140d9uLOWXSGIMP8MJvhBR3iOT8qt89j5+stkgQjI6Us4TdzRy1mDNFY7fw41Mkd34Bpko1RvZJaUSvMaXsML09cFjRWoaQFKvxksxINF801rFunF04i4N+MRcEnRVVu43YY9ZB6aNN2PNNM6mhn15PQR/x9b89MwK2tDbzw9UDuSmk0cgagC1QVoDE8rTZ0mSeO8DmJ2E9tq4LemlFl6r+yhI0T0WvpdSFYv5tdkHLejWIcxYglXlzUOzskexhi7Dojjxd9eWipC68T1rTgEg+sDLdx7T5kcQGMLVGu60RzO7Ph/+JZAvlhEQCzo7CKySK8cziQ== + database__connection__password: AgB0/wexAvDsSL6GE0R8baIHxmOj7IhZuDUdjjenw/Pz6BBwdc8dJyr9fLXHbKgk3eYt1JVnckbBAb0xUJeSiED6Do/v3xC9MtJINtv/B5eMq5ZrqnxzOm89cW/gfpYb0GADm8z2vNzTsPW0QB75qZBOgSBhHCC5LBbBTAWlYzeMcqiKhOrQJz9st495UtpYHTdP5v9fxlzd1HAsdqL9BrRG9M54NUDbDN7kiHA7pC6WWZs+ZSfV7RDGsfVtsjwmtWybdEbUXNx1QFpk7CVKef7/yaFHXyM2oHzEt76/7TCCdN4cLc+nNOlm6DKZoggVaBtIITgKCFUKbahwk3K2oL98I9yWeTysM8IjV2Jy8sH4jbQdjL0DqQOVtYwAiWWOlUixmeF/1SCMg2QTliNrCONZUhHNR3Zz1d9KCZ8fThDGe7dBAZp0mCmLF/MGkKJ4FR3wSsnJshLlQJmo9LmRss2sl5rzuuWGBXrsIPqTJF96auouu9KEMB8dHH362GJTYCUXqBHnvdGYNa0SwxUhyw8u4GIp9PURwdlAwK3qBQ8REUQd6uI6OZ0WMOCQrWRMKiDqiSlwQKOOsaO8mfCK3UqBTsac69GodjgA/N+sr112K82Cb+EGm+ghYlQOlA4BJ/9CeHW70R31CrOeepNpPSEqBkGe9QUXp4WyD8t9sPl9qpvdocLkz7QfDNFrQ0tQx3ja2hDIlgW6o9VaCUe345ZIEdO2AM98yYiAUo8B0TM= + database__connection__user: AgBlXfq/wz8JAt5p68nI3cIqYfnLDceWy+r1ClCYOhbC+zSC3WJPJ11EnJMIkXlnAiy1LKX6fCXP6qBJtKrrTOTWEahmW3pHZx5XXOARPCoShWznbqvdOVErhb3oCMDtwTwKyNRJj5BUXMDbStktzzyW6orWuyWOlKHr7Pqh+MnmeVKE2NNNnMmwRIQ4OvSex/BRDjpuQ0AcXwdlNafFRuJRn5fVWVOKEoUV7yROOiNpKgbZHdFxOICHU04MyRu3bcI2JnA3zr71sW9EZijsjmraemuQQjFXY2eIhLzPy0KFufM52qgqQLgXXjSJniDyVsK2op729KfSIDxaKLpRAPv43JpsRBVt+Md8e0ikBtjf4eh6iwXchzSy+QTurBmSwSQs+eqFFB1jwGSDVHgmeaxA4FSJEl8UIHJPR5BSz2HICUULfhAKgl1cywfdoopkvGpTl4TPir6IzMmX5FewNny6hRm/iit33x6Vu/wqOc8ICs1QS6+OmkExtd+7kvXGfrd57fee4mYX50daoQu+0GKUY0gOM79EpQHJScxqFp0Ik5uhyCQLVLRTFJW7fihUrxZrdxZq/JcIWppZK/gt2xm/2JHWd00/QEoNlV7/SLUXpdC7jcPNNxB1eEuDWtC5O74Pk2mTeityk1kURKrtAKwWRO85ZE6tGKXzre9FriDoHn7gkSqOi/VsuHNA2hclrNMxHRmvMg== diff --git a/ghost/ghost-service.yaml b/ghost/ghost-service.yaml new file mode 100644 index 0000000..f18967d --- /dev/null +++ b/ghost/ghost-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: ghost + namespace: ghost +spec: + selector: + app: ghost + ports: + - port: 80 + targetPort: http + name: http diff --git a/ghost/ingress.yaml b/ghost/ingress.yaml new file mode 100644 index 0000000..c8df327 --- /dev/null +++ b/ghost/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ghost + namespace: ghost + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + rules: + - host: ghost.michaelthomson.dev + http: + paths: + - pathType: ImplementationSpecific + path: / + backend: + service: + name: ghost + port: + name: http + tls: + - hosts: + - ghost.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev