ghost

bootstrap/kustomizations/kustomization-ghost.yaml

@@ -0,0 +1,22 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: ghost
+  namespace: flux-system
+spec:
+  interval: 30m
+  path: ./ghost
+  prune: true # remove any elements later removed from the above path
+  timeout: 2m # if not set, this defaults to interval duration, which is 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  healthChecks:
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: ghost
+      namespace: ghost
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: ghost-db
+      namespace: ghost

bootstrap/namespaces/namespace-ghost.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ghost

ghost/dns-endpoint.yaml

@@ -0,0 +1,12 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: ghost.michaelthomson.dev
+  namespace: ghost
+spec:
+  endpoints:
+  - dnsName: ghost.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+    - server.michaelthomson.dev

ghost/ghost-config.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ghost-config
+  namespace: ghost
+data:
+  url: https://ghost.michaelthomson.dev

ghost/ghost-db-deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ghost-db
+  namespace: ghost
+spec:
+  selector:
+    matchLabels:
+      app: ghost-db
+  template:
+    metadata:
+      labels:
+        app: ghost-db
+    spec:
+      containers:
+      - name: ghost-db
+        image: mysql:8.0
+        envFrom:
+        - secretRef:
+            name: ghost-db-secret
+        ports:
+        - containerPort: 3306
+        volumeMounts:
+        - mountPath: /var/lib/mysql
+          name: ghost-db-pvc
+      volumes:
+      - name: ghost-db-pvc
+        persistentVolumeClaim: 
+          claimName: ghost-db-pvc
+            
+          

ghost/ghost-db-pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ghost-db-pvc
+  namespace: ghost
+spec:
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce

ghost/ghost-db-secret.yaml

@@ -0,0 +1,17 @@
+kind: SealedSecret
+apiVersion: bitnami.com/v1alpha1
+metadata:
+  name: ghost-db-secret
+  namespace: ghost
+  creationTimestamp:
+spec:
+  template:
+    metadata:
+      name: ghost-db-secret
+      namespace: ghost
+      creationTimestamp:
+  encryptedData:
+    MYSQL_DATABASE: AgDY1y3LZMtmBGt5TO1XRC0xzI/JSj4hPbz7fPFnlT+2kkWbq+730qh+ArO0GQedw2sPlDqnSgLa2gya7ToUKfJZS0jmbkWz/QXWMjlGGX2z6Vy3Q/c8cXNPDvl7C3TKdcx9RTcnuTzteO8Txh90cOyWkj0cHeV8jAT9bHYv6Wb4e96s6o2n7QmiEONTwCMnT2b9KbeH7y/qpS7mfByU4QqUTedlOz84JrncF9l3ji+TugkF2EgyRvbuxakpP3CwN9S2L2wfpIVK51rKu5zfJMya0vEKHVXVGB9Eej2bZWC06Y9UI2AUakLTLuBah7m1v58Pd8m9gVD5G6boISc7gUVL7hbxWlN5x3jANHc8wgxXv+FN+MsNk2HCnH9ukmd8TotKiwR4DcVKBuNrm633OfFN/MrENmnDCtGXcl+Eyrt68oBxnnmOKnf8WY9OQ0xrlg9ITPF4MLtkd4JixXWyZshXFj0XOyi5qfprVD25TWI2RNikCUs0b1K3N+BIWTgUeO2IQogx++l2Zw7xF6/eECxrP4PdRrG2z7KnwiXYcUzHi7B1JqBftzUY5tXN3TDUH1v7esyZndglBBQHS5rVL+XRhOiCI3/sl9ItHbtcenGHZzHbgL8FPKYpkGFbneHTx3rnP0LN9tveMXCl5Irlt9b9Q9A46EovLIl/7Q2cvLQy2FYZdp+yTJQtrI0EJd4P1tlWMDSNKQ==
+    MYSQL_PASSWORD: AgAvPslM3Zs0G4u/U1nTYilXwITGuo5HRzTfsW5wuv9+lDXOsbSNxvHgMRt/H3JdI778w1xYYldKzcmg5DZW16J/o50QYwCntfMbLvmrhpWCgrkWcA1sJiYcUHmQZVcT1MWr+87uu4ADQrhDfXspANo/w6cPvh+tpM5gt1TKYttzkkeht1fwYmIfNI7iOSbgzw7LIfW8ns2DlSAOoHM63b1KBFHAOuA6zk+Mp5U8WtEpKkhkkv1DOf42DFABuaUElAZJpZwf6e700HQKksB167kqUK4w7OkWRKpoXDcgflCUXB0z1C+mZTME9L1HNZ9Lt+71ssi2ndAxdb64zcJvTNGpOBy4bE+wKjzHbx0+xEVhwTwZ6wOb0d9CATFJUUfzD1PMyCLYiUgNBVydeQ7iPYTsRmc/mIFMHJoiKs/shzBDoxFLWw5QNWkJSYcfLEHLma1rlg5+5iXfagWxaQXCqZK1mq2LBb1YBUcgen0TGHjTD/R7fyEXKm0gimh3+g4J1dnQprh+mFH9vWblzri/sWHKV27VwFXCn4kZHJxrJ/kDzmQTGTcbcTu3erTuN/LPqOhsJYGaQ0qJH63U5kotRolKoothar6Os62nX4qcHN3OlPYThKuKjg9+uI0VSjmOiASI/ALppIm1AJ+HRPkxpcHKQ9wTAtpoEK8ngpSMkLZrdkzFv6Xi+jq43hk6zqyK+Dj1aZxhdgPSC9/xSSTDo95KzGtZs8Qu+S/7aamhZTg=
+    MYSQL_ROOT_PASSWORD: AgC5vPO7y00s4he9AT0t6pAATRfUPg54fA4JPokqbMw03oKkzAmS86fUUOMVIw7DYbOwkU/0U/ey5fTdWDdKoK2py2sDlGokVTQhRz0MQNd7rcIHXbBerejX1Z4IQTLzeX5NH+yL4t9w0KsooPVtphLir8kCmdpdOKz3o5smTd6cmFlKDS1cUJC8MqLVFTCDYT8xLkDln5p5i8xf0NxcXBK8fKzs8DgJDwFg20I7Ft8D7B+0FXNGVqcR3uWv2T7eIWrEBfzLzBgTZJQNW9FN/aZfm4tIldDNrdwgSeWxDPMWAgESalGcixE/We+0Ld8Crjsf1WoobSijZS6iLYgZIDLsyvmxVmWkcjcOq5pNUH6VAzyP/o0KxYDab3x6zRNoBtcwAdJHhCUASHZ/EfD4IKzI20ecjxi0wm9qbxhI0OI2LHUpeRzIFynDVLF44nyyUaE5MTXsNlbktIPp7gH1m6Jgc29CPu+VsVwXs4743kAAo0vagUliTfqZNhN4ZZIxsAFLVlukVTU4vJtR/LLHJtZ0rpfJoCJzHhuc+ehswo/AdceQ6ccsYbxBTKt+ocyu/QhgGyEf9zvheyMu/B+OUHQqFSvw2yjhBU/c6/hSMvMejz+9sWoyQjMdRQp4GpqXdejafGe+jBT6Wn/y31m1NwP8DpUgDpGlwzgw/5znCEqzy74FoF1mOC5Ozt9kbxnXatf3+TyYeqKUj6nN3RV82HK51KHi0otj3OvgZwTPFHc=
+    MYSQL_USER: AgBHxUK4KjEhCkQ44MQ34UKHJYEmdWRO8S1P5ArBg1bADC7L6FGdNwKO6QhSXrRZLYVq6iKuAsL/ITnq1EOUPwfVQBqs0Zb//qcxbFMpEws0+wttMIPdpUgzP7gfbfPkbpMoJr07lF9sQNjWYNb7wPceVxGDSx8pa2ybxwg7nqrlpm0m1ozqYZJQfMTCb5j0+5IUtCW50txEQopsgrGH8owVCzQgVYjQmTgT6vNoZRAIaKycGZxz2irbwdFPZ8dLU7e2+EMLZRNL4xqMHmEKwbr9hn2qYnx1JKC+fR1f/mUvV5PWgSdaW6oxeG3Zr5fhRWAXOD5SnA9qwUrk0wposGhrxhi/NnOyhTr9txOW4MAq3fcJeNXILdTnuKF/cf3Y4m1LOkGsO9J56akCw3DdBOEUmZySN0JuJ8gQPsk8iU3thvzAlD11Worqk+Y0TclbQSAyEZSUsEeNUbiww/iJMhOMjmuA7o+WOsF2tcWnmVoP6YR9gT7KZzHYdsRkkM15Q5W7pqIEL5HiA9GrKoKkW6VDKh4/7NdzgtP4C+n/cbWwTqUMU9c/oZMRwKxwABySz4CU4CZuDmJxlSF1Z5a+8HCXz8WQDaw8EoTyT3RhABsaMFOTwIe+35ad6g3qwC/8QURr0L94FdDToKJddrdB37UXyHXCh079VDU5gyIPKfVvYdy794tdNO0Ytj7t4wgN4kyLKKI6iQ==

ghost/ghost-db-service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ghost-db
+  namespace: bookstack
+spec:
+  selector:
+    app: ghost-db
+  ports:
+  - port: 3306
+    targetPort: 3306

ghost/ghost-deployment.yaml

@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ghost
+  namespace: ghost
+spec:
+  selector:
+    matchLabels:
+      app: ghost
+  template:
+    metadata:
+      labels:
+        app: ghost
+    spec:
+      containers:
+      - name: ghost
+        image: ghost:5-alpine
+        envFrom:
+        - configMapRef:
+            name: ghost-config
+        - secretRef:
+            name: ghost-secret
+        ports:
+        - containerPort: 2368
+          name: http
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /var/lib/ghost/content
+          name: ghost-pvc
+      volumes:
+      - name: ghost-pvc
+        persistentVolumeClaim: 
+          claimName: ghost-pvc
+            
+          

ghost/ghost-pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ghost-pvc
+  namespace: ghost
+spec:
+  resources:
+    requests:
+      storage: 50Gi
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce

ghost/ghost-secret.yaml

@@ -0,0 +1,18 @@
+kind: SealedSecret
+apiVersion: bitnami.com/v1alpha1
+metadata:
+  name: ghost-secret
+  namespace: ghost
+  creationTimestamp:
+spec:
+  template:
+    metadata:
+      name: ghost-secret
+      namespace: ghost
+      creationTimestamp:
+  encryptedData:
+    database__client: AgBbunOGj6pxz0IpG+K/g9ATDr5jErw6qUNw7SH3T/3Q5AOIp6pjD5rXmUlSw9xN+ZVy0i8zt7SLpK29LNUXjpGnbzWPFpjmWVI3SlmjwmFzJS2e8W9+bsKe5TPw6Kqy1HRH77y1s+iy91h30nfmWpYNRoAQGvdOYFyCWEZjNQNPpQ6HagW3naNl1GM6l1rtoFLsZGLppDMS0HcwBMMvTI+SEN0hbyz0dCFi+js7F0LvVX4LblB3nmD5oxwtQEvoX6CNHcl2zTGy3F3e2ZwdSWG2TRFTTvCj994HelHPjdieQDja1BWq0tXZgoetAlxgVtRFOxrszdHM/ikf65X4CmXXa6baZPzY4M2YZkh3U7iTKu8J68VYEeToBDR0HJKOPqbGj0xB1cQwvg+aWFEUETg7JKbnR7HEn3PfqN2HMsLywslNe5+rVXGWEJOvdDOsGyk33W9dlpPL3ah4AxktDnJgyTozDrcTQOWljVy7YSpB3sCPwZdMT0FqYIaa9DuF0NDJLvD9wKMjlZ3DdkWPVSC9eAIa7Fz1j2S++PCLqtKgH42cB8nCBHX6enHBAOBMfo0dJR8Od6y3+yPCXday2u1wQRsFIkxAqJ25vBts1AiHfy3EOquXMgOWguAx/8fqri5iIoLwKlMWZ3nt9CwkoBtl2UepevROL0OKnh8EUo71+I/ZfrANdiA7obAVzOmBRKspNHpXvw==
+    database__connection__database: AgDZgZtIG2NvbPCFcNVj0x1YEiWxmJIwZInh00o7gEbzO1fTvuRJbJr9/NvlWuejmBBxdfGiaetI3TvyQpdlLzKN3e3y1sWI0pbCtswT9AYX16hMBmRIMNZW03yk0pdx/LwaSrzwo3X40x5nEv/qc6mqyBcVL0C7pHjVg34cODOqW87TD4nRcbCzxoOxYGLOCnO+frEoGA9AQ05wV/u3SC0ZGOBJH4rgdI9c8OSIphbx0VYXq7i4esY7FzANG+2rpCK0uw9VPL4uCw5zXoTyqRWROpzr5/Xp9Ak3lIxOXNERyvl91WdpEHuPv2L7nPTzvqSgkGdJCgV/70XT+z72esM8koBo9ia+7GjnT60jzjv4EyLozM2oajXJWHFzbL3R2zqGBiha/eHCECGz0bx9CVNgPD22j+rU3zvvY0ZrEhw7wxWZGCvj1/T7n1CfM4a7ZQdfDXPvboOp6rIGqbQUwnCkfaTEMymScgM5JVd4xyWy5R0T3Bi7qWXX6m7u1WbunEcVy/WPebHsEnKel/tAavZILVISmz1FmSY3QZJCIeNyvmAWoAfFjArVJ4+BfVCAF3vBnBFPJkdsZLwwhX/0uPfRrrFrlwsC/RhnAP/zHTnC/ye9AunK1RV06xvstzyMgnWAKLCyV5IBEtdcT9ZPEb8an0fuwMajmWEpKg7xvH5R8wHHfXymMEsvEulv+Rr4PjvOU7ffcw==
+    database__connection__host: AgDQEp5hXrcowGYt6n0G4KFhjIxiuh6RFhdQtlO9Sn5/qkWF3+6B2vB/x0uBkF2ogHk/E08ZKyGTT1+I9vPOR85MeehYYyTw9oVsHpw3qlgamkx0RC+vkci+2ngQbipHk6vyJvObbMDlk77pWBFur9mZDuUWaFJpDFTHljgtuI/gcSHDcEF3rlQaF8TS2RJza2yHB80P7RWIQabfqrfxp7PxAyPln7xbRB9NI+A/6qi4XriHT8QK4iZ/+I+4eBlZ8ey5Z1gy1IfHfx4Q/I9ijZBd9vU5trgBTHOdkGfguV+FX6JnTWRZDqUndAH63UAgLaPq5+fYy25Ja/qoaIuXFNBcwOGQxF+q4IJR5G4YjrUf3LObwV42geLf+Ii7XSdo4H+feP140d9uLOWXSGIMP8MJvhBR3iOT8qt89j5+stkgQjI6Us4TdzRy1mDNFY7fw41Mkd34Bpko1RvZJaUSvMaXsML09cFjRWoaQFKvxksxINF801rFunF04i4N+MRcEnRVVu43YY9ZB6aNN2PNNM6mhn15PQR/x9b89MwK2tDbzw9UDuSmk0cgagC1QVoDE8rTZ0mSeO8DmJ2E9tq4LemlFl6r+yhI0T0WvpdSFYv5tdkHLejWIcxYglXlzUOzskexhi7Dojjxd9eWipC68T1rTgEg+sDLdx7T5kcQGMLVGu60RzO7Ph/+JZAvlhEQCzo7CKySK8cziQ==
+    database__connection__password: AgB0/wexAvDsSL6GE0R8baIHxmOj7IhZuDUdjjenw/Pz6BBwdc8dJyr9fLXHbKgk3eYt1JVnckbBAb0xUJeSiED6Do/v3xC9MtJINtv/B5eMq5ZrqnxzOm89cW/gfpYb0GADm8z2vNzTsPW0QB75qZBOgSBhHCC5LBbBTAWlYzeMcqiKhOrQJz9st495UtpYHTdP5v9fxlzd1HAsdqL9BrRG9M54NUDbDN7kiHA7pC6WWZs+ZSfV7RDGsfVtsjwmtWybdEbUXNx1QFpk7CVKef7/yaFHXyM2oHzEt76/7TCCdN4cLc+nNOlm6DKZoggVaBtIITgKCFUKbahwk3K2oL98I9yWeTysM8IjV2Jy8sH4jbQdjL0DqQOVtYwAiWWOlUixmeF/1SCMg2QTliNrCONZUhHNR3Zz1d9KCZ8fThDGe7dBAZp0mCmLF/MGkKJ4FR3wSsnJshLlQJmo9LmRss2sl5rzuuWGBXrsIPqTJF96auouu9KEMB8dHH362GJTYCUXqBHnvdGYNa0SwxUhyw8u4GIp9PURwdlAwK3qBQ8REUQd6uI6OZ0WMOCQrWRMKiDqiSlwQKOOsaO8mfCK3UqBTsac69GodjgA/N+sr112K82Cb+EGm+ghYlQOlA4BJ/9CeHW70R31CrOeepNpPSEqBkGe9QUXp4WyD8t9sPl9qpvdocLkz7QfDNFrQ0tQx3ja2hDIlgW6o9VaCUe345ZIEdO2AM98yYiAUo8B0TM=
+    database__connection__user: AgBlXfq/wz8JAt5p68nI3cIqYfnLDceWy+r1ClCYOhbC+zSC3WJPJ11EnJMIkXlnAiy1LKX6fCXP6qBJtKrrTOTWEahmW3pHZx5XXOARPCoShWznbqvdOVErhb3oCMDtwTwKyNRJj5BUXMDbStktzzyW6orWuyWOlKHr7Pqh+MnmeVKE2NNNnMmwRIQ4OvSex/BRDjpuQ0AcXwdlNafFRuJRn5fVWVOKEoUV7yROOiNpKgbZHdFxOICHU04MyRu3bcI2JnA3zr71sW9EZijsjmraemuQQjFXY2eIhLzPy0KFufM52qgqQLgXXjSJniDyVsK2op729KfSIDxaKLpRAPv43JpsRBVt+Md8e0ikBtjf4eh6iwXchzSy+QTurBmSwSQs+eqFFB1jwGSDVHgmeaxA4FSJEl8UIHJPR5BSz2HICUULfhAKgl1cywfdoopkvGpTl4TPir6IzMmX5FewNny6hRm/iit33x6Vu/wqOc8ICs1QS6+OmkExtd+7kvXGfrd57fee4mYX50daoQu+0GKUY0gOM79EpQHJScxqFp0Ik5uhyCQLVLRTFJW7fihUrxZrdxZq/JcIWppZK/gt2xm/2JHWd00/QEoNlV7/SLUXpdC7jcPNNxB1eEuDWtC5O74Pk2mTeityk1kURKrtAKwWRO85ZE6tGKXzre9FriDoHn7gkSqOi/VsuHNA2hclrNMxHRmvMg==

ghost/ghost-service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ghost
+  namespace: ghost
+spec:
+  selector:
+    app: ghost
+  ports:
+  - port: 80
+    targetPort: http
+    name: http

ghost/ingress.yaml

@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ghost
+  namespace: ghost
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+  - host: ghost.michaelthomson.dev
+    http:
+      paths:
+      - pathType: ImplementationSpecific
+        path: /
+        backend:
+          service:
+            name: ghost
+            port: 
+              name: http
+  tls:
+    - hosts:
+        - ghost.michaelthomson.dev
+      secretName: letsencrypt-wildcard-cert-michaelthomson.dev