From d327269f119fcb8d855e3d3430fe7007c7706e8b Mon Sep 17 00:00:00 2001 From: alexlebens Date: Fri, 24 May 2024 19:04:42 -0500 Subject: [PATCH] add ghost --- clusters/cl01tl/applications/ghost/Chart.yaml | 19 +++ .../ghost/templates/external-secret.yaml | 98 ++++++++++++++++ .../cl01tl/applications/ghost/values.yaml | 109 ++++++++++++++++++ 3 files changed, 226 insertions(+) create mode 100644 clusters/cl01tl/applications/ghost/Chart.yaml create mode 100644 clusters/cl01tl/applications/ghost/templates/external-secret.yaml create mode 100644 clusters/cl01tl/applications/ghost/values.yaml diff --git a/clusters/cl01tl/applications/ghost/Chart.yaml b/clusters/cl01tl/applications/ghost/Chart.yaml new file mode 100644 index 000000000..1c98f7c5b --- /dev/null +++ b/clusters/cl01tl/applications/ghost/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: ghost +version: 1.0.0 +sources: + - https://github.com/TryGhost/Ghost + - https://github.com/bitnami/charts/tree/main/bitnami/ghost + - https://github.com/cloudflare/cloudflared +dependencies: + - name: ghost + repository: oci://registry-1.docker.io/bitnamicharts/ghost + version: 20.1.0 + - name: mysql-innodbcluster + repository: https://mysql.github.io/mysql-operator/ + version: 2.1.3 + - name: app-template + alias: cloudflared + repository: https://bjw-s.github.io/helm-charts/ + version: 3.1.0 +appVersion: 5.82.11 diff --git a/clusters/cl01tl/applications/ghost/templates/external-secret.yaml b/clusters/cl01tl/applications/ghost/templates/external-secret.yaml new file mode 100644 index 000000000..1a5909479 --- /dev/null +++ b/clusters/cl01tl/applications/ghost/templates/external-secret.yaml @@ -0,0 +1,98 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ghost-credentials-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ghost-credentials-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ghost-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/config/credentials + metadataPolicy: None + property: ghost-password + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ghost-mysql-credentials-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ghost-mysql-credentials-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ghost-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: password + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ghost-mysql-backup-credentials-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ghost-mysql-backup-credentials-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: backup-config + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ghost-cloudflared-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ghost-cloudflared-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: cf-tunnel-token + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cloudflare/tunnels/ghost + metadataPolicy: None + property: token diff --git a/clusters/cl01tl/applications/ghost/values.yaml b/clusters/cl01tl/applications/ghost/values.yaml new file mode 100644 index 000000000..a0238fc0f --- /dev/null +++ b/clusters/cl01tl/applications/ghost/values.yaml @@ -0,0 +1,109 @@ +ghost: + image: + registry: docker.io + repository: bitnami/ghost + tag: 5.82.11-debian-12-r0 + ghostUsername: user + existingSecret: ghost-credentials-secret + ghostEmail: alexanderlebens@gmail.com + ghostBlogTitle: Alex Lebens + ghostHost: blog.alexlebens.net + ghostPath: / + ghostSkipInstall: false + replicaCount: 1 + resourcesPreset: "micro" + service: + type: ClusterIP + persistence: + enabled: true + storageClass: ceph-block + accessModes: + - ReadWriteOnce + size: 10Gi + mysql: + enabled: false + externalDatabase: + host: ghost-mysql + port: 3306 + user: ghost + database: ghost + existingSecret: ghost-mysql-credentials-secret +mysql-innodbcluster: + serverInstances: 3 + routerInstances: 1 + baseServerId: 1000 + logs: + error: + enabled: true + collect: false + general: + enabled: true + collect: false + slowQuery: + enabled: true + longQueryTime: 2.5 + datadirVolumeClaimTemplate: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + backupProfiles: + - name: dump-instance-profile + dumpInstance: + storage: + s3: + prefix: ghost/instance + config: ghost-mysql-backup-credentials-secret + bucketName: cl01tl-mysql-backups + endpoint: https://s3.us-east-2.amazonaws.com + - name: snapshot-profile + snapshot: + storage: + s3: + prefix: ghost/snapshot + config: ghost-mysql-backup-credentials-secret + bucketName: cl01tl-mysql-backups + endpoint: https://s3.us-east-2.amazonaws.com + backupSchedules: + - name: dump-instance-schedule + schedule: "0 0 * * SAT" + timeZone: US/Central + deleteBackupData: false + backupProfileName: dump-instance-profile + enabled: true + - name: snapshot-schedule + schedule: "0 0 * * *" + timeZone: US/Central + deleteBackupData: false + backupProfileName: snapshot-profile + enabled: true +cloudflared: + global: + nameOverride: cloudflared + controllers: + main: + type: deployment + strategy: Recreate + containers: + main: + image: + repository: cloudflare/cloudflared + tag: "2024.5.0" + pullPolicy: IfNotPresent + args: + - tunnel + - --no-autoupdate + - run + - --token + - $(CF_MANAGED_TUNNEL_TOKEN) + env: + - name: CF_MANAGED_TUNNEL_TOKEN + valueFrom: + secretKeyRef: + name: ghost-cloudflared-secret + key: cf-tunnel-token + resources: + requests: + cpu: 100m + memory: 128Mi