alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

add ghost

Browse Source
This commit is contained in:
Alex Lebens
2024-05-24 19:04:42 -05:00
parent 581f5d6b0e
commit d327269f11
3 changed files with 226 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
clusters/cl01tl/applications/ghost/Chart.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v2
name: ghost
version: 1.0.0
sources:
- https://github.com/TryGhost/Ghost
- https://github.com/bitnami/charts/tree/main/bitnami/ghost
- https://github.com/cloudflare/cloudflared
dependencies:
- name: ghost
repository: oci://registry-1.docker.io/bitnamicharts/ghost
version: 20.1.0
- name: mysql-innodbcluster
repository: https://mysql.github.io/mysql-operator/
version: 2.1.3
- name: app-template
alias: cloudflared
repository: https://bjw-s.github.io/helm-charts/
version: 3.1.0
appVersion: 5.82.11

98
clusters/cl01tl/applications/ghost/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,98 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ghost-credentials-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ghost-credentials-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ghost-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/ghost/config/credentials
metadataPolicy: None
property: ghost-password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ghost-mysql-credentials-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ghost-mysql-credentials-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ghost-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/ghost/mysql/credentials
metadataPolicy: None
property: password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ghost-mysql-backup-credentials-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ghost-mysql-backup-credentials-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/ghost/mysql/credentials
metadataPolicy: None
property: backup-config
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ghost-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ghost-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/ghost
metadataPolicy: None
property: token

109
clusters/cl01tl/applications/ghost/values.yaml Normal file
View File

@@ -0,0 +1,109 @@
ghost:
image:
registry: docker.io
repository: bitnami/ghost
tag: 5.82.11-debian-12-r0
ghostUsername: user
existingSecret: ghost-credentials-secret
ghostEmail: alexanderlebens@gmail.com
ghostBlogTitle: Alex Lebens
ghostHost: blog.alexlebens.net
ghostPath: /
ghostSkipInstall: false
replicaCount: 1
resourcesPreset: "micro"
service:
type: ClusterIP
persistence:
enabled: true
storageClass: ceph-block
accessModes:
- ReadWriteOnce
size: 10Gi
mysql:
enabled: false
externalDatabase:
host: ghost-mysql
port: 3306
user: ghost
database: ghost
existingSecret: ghost-mysql-credentials-secret
mysql-innodbcluster:
serverInstances: 3
routerInstances: 1
baseServerId: 1000
logs:
error:
enabled: true
collect: false
general:
enabled: true
collect: false
slowQuery:
enabled: true
longQueryTime: 2.5
datadirVolumeClaimTemplate:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
backupProfiles:
- name: dump-instance-profile
dumpInstance:
storage:
s3:
prefix: ghost/instance
config: ghost-mysql-backup-credentials-secret
bucketName: cl01tl-mysql-backups
endpoint: https://s3.us-east-2.amazonaws.com
- name: snapshot-profile
snapshot:
storage:
s3:
prefix: ghost/snapshot
config: ghost-mysql-backup-credentials-secret
bucketName: cl01tl-mysql-backups
endpoint: https://s3.us-east-2.amazonaws.com
backupSchedules:
- name: dump-instance-schedule
schedule: "0 0 * * SAT"
timeZone: US/Central
deleteBackupData: false
backupProfileName: dump-instance-profile
enabled: true
- name: snapshot-schedule
schedule: "0 0 * * *"
timeZone: US/Central
deleteBackupData: false
backupProfileName: snapshot-profile
enabled: true
cloudflared:
global:
nameOverride: cloudflared
controllers:
main:
type: deployment
strategy: Recreate
containers:
main:
image:
repository: cloudflare/cloudflared
tag: "2024.5.0"
pullPolicy: IfNotPresent
args:
- tunnel
- --no-autoupdate
- run
- --token
- $(CF_MANAGED_TUNNEL_TOKEN)
env:
- name: CF_MANAGED_TUNNEL_TOKEN
valueFrom:
secretKeyRef:
name: ghost-cloudflared-secret
key: cf-tunnel-token
resources:
requests:
cpu: 100m
memory: 128Mi