add ghost

clusters/cl01tl/applications/ghost/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+name: ghost
+version: 1.0.0
+sources:
+  - https://github.com/TryGhost/Ghost
+  - https://github.com/bitnami/charts/tree/main/bitnami/ghost
+  - https://github.com/cloudflare/cloudflared
+dependencies:
+  - name: ghost
+    repository: oci://registry-1.docker.io/bitnamicharts/ghost
+    version: 20.1.0
+  - name: mysql-innodbcluster
+    repository: https://mysql.github.io/mysql-operator/
+    version: 2.1.3
+  - name: app-template
+    alias: cloudflared
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.1.0
+appVersion: 5.82.11

clusters/cl01tl/applications/ghost/templates/external-secret.yaml

@@ -0,0 +1,98 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ghost-credentials-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ghost-credentials-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ghost-password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/config/credentials
+        metadataPolicy: None
+        property: ghost-password
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ghost-mysql-credentials-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ghost-mysql-credentials-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ghost-password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: password
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ghost-mysql-backup-credentials-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ghost-mysql-backup-credentials-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: config
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: backup-config
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ghost-cloudflared-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ghost-cloudflared-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: cf-tunnel-token
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cloudflare/tunnels/ghost
+        metadataPolicy: None
+        property: token

clusters/cl01tl/applications/ghost/values.yaml

@@ -0,0 +1,109 @@
+ghost:
+  image:
+    registry: docker.io
+    repository: bitnami/ghost
+    tag: 5.82.11-debian-12-r0
+  ghostUsername: user
+  existingSecret: ghost-credentials-secret
+  ghostEmail: alexanderlebens@gmail.com
+  ghostBlogTitle: Alex Lebens
+  ghostHost: blog.alexlebens.net
+  ghostPath: /
+  ghostSkipInstall: false
+  replicaCount: 1
+  resourcesPreset: "micro"
+  service:
+    type: ClusterIP
+  persistence:
+    enabled: true
+    storageClass: ceph-block
+    accessModes:
+      - ReadWriteOnce
+    size: 10Gi
+  mysql:
+    enabled: false
+  externalDatabase:
+    host: ghost-mysql
+    port: 3306
+    user: ghost
+    database: ghost
+    existingSecret: ghost-mysql-credentials-secret
+mysql-innodbcluster:    
+  serverInstances: 3
+  routerInstances: 1
+  baseServerId: 1000
+  logs:
+    error:
+      enabled: true
+      collect: false
+    general:
+      enabled: true
+      collect: false
+    slowQuery:
+      enabled: true
+      longQueryTime: 2.5
+  datadirVolumeClaimTemplate:
+    accessModes: 
+      - ReadWriteOnce
+    resources:
+      requests:
+        storage: 10Gi
+  backupProfiles:
+    - name: dump-instance-profile
+      dumpInstance:
+        storage:
+          s3:
+            prefix: ghost/instance
+            config: ghost-mysql-backup-credentials-secret
+            bucketName: cl01tl-mysql-backups
+            endpoint: https://s3.us-east-2.amazonaws.com
+    - name: snapshot-profile
+      snapshot:
+        storage:
+          s3:
+            prefix: ghost/snapshot
+            config: ghost-mysql-backup-credentials-secret
+            bucketName: cl01tl-mysql-backups
+            endpoint: https://s3.us-east-2.amazonaws.com
+  backupSchedules:
+    - name: dump-instance-schedule
+      schedule: "0 0 * * SAT"
+      timeZone: US/Central
+      deleteBackupData: false
+      backupProfileName: dump-instance-profile
+      enabled: true
+    - name: snapshot-schedule
+      schedule: "0 0 * * *"
+      timeZone: US/Central
+      deleteBackupData: false
+      backupProfileName: snapshot-profile
+      enabled: true
+cloudflared:
+  global:
+    nameOverride: cloudflared
+  controllers:
+    main:
+      type: deployment
+      strategy: Recreate
+      containers:
+        main:
+          image:
+            repository: cloudflare/cloudflared
+            tag: "2024.5.0"
+            pullPolicy: IfNotPresent
+          args:
+            - tunnel
+            - --no-autoupdate
+            - run
+            - --token
+            - $(CF_MANAGED_TUNNEL_TOKEN)
+          env:
+            - name: CF_MANAGED_TUNNEL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: ghost-cloudflared-secret
+                  key: cf-tunnel-token
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi