From fe7d4a406402704061e0825e39d33d4e4172d73e Mon Sep 17 00:00:00 2001 From: alexlebens Date: Mon, 8 Jul 2024 21:09:30 -0500 Subject: [PATCH] add ghgost --- clusters/cl01tl/applications/ghost/Chart.yaml | 30 ++++ .../ghost/templates/external-secret.yaml | 168 ++++++++++++++++++ .../cl01tl/applications/ghost/values.yaml | 134 ++++++++++++++ 3 files changed, 332 insertions(+) create mode 100644 clusters/cl01tl/applications/ghost/Chart.yaml create mode 100644 clusters/cl01tl/applications/ghost/templates/external-secret.yaml create mode 100644 clusters/cl01tl/applications/ghost/values.yaml diff --git a/clusters/cl01tl/applications/ghost/Chart.yaml b/clusters/cl01tl/applications/ghost/Chart.yaml new file mode 100644 index 000000000..4af5ec9d2 --- /dev/null +++ b/clusters/cl01tl/applications/ghost/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +name: ghost +version: 1.0.0 +description: Ghost +keywords: + - ghost + - cms + - blog +home: https://wiki.alexlebens.dev/doc/ghost-seATqp9RfU +sources: + - https://github.com/TryGhost/Ghost + - https://github.com/cloudflare/cloudflared + - https://github.com/percona/percona-xtradb-cluster-operator + - https://hub.docker.com/r/bitnami/ghost + - https://github.com/bitnami/charts/tree/main/bitnami/ghost + - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared + - https://github.com/percona/percona-helm-charts/tree/main/charts/pxc-db +dependencies: + - name: ghost + repository: oci://registry-1.docker.io/bitnamicharts + version: 21.1.15 + - name: cloudflared + alias: cloudflared + repository: http://alexlebens.github.io/helm-charts + version: 1.4.0 + - name: pxc-db + version: 1.14.3 + repository: https://percona.github.io/percona-helm-charts +icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/ghost.png +appVersion: 5.86.2 diff --git a/clusters/cl01tl/applications/ghost/templates/external-secret.yaml b/clusters/cl01tl/applications/ghost/templates/external-secret.yaml new file mode 100644 index 000000000..fb0258925 --- /dev/null +++ b/clusters/cl01tl/applications/ghost/templates/external-secret.yaml @@ -0,0 +1,168 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ghost-credentials-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ghost-credentials-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ghost-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/config/credentials + metadataPolicy: None + property: ghost-password + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ghost-cloudflared-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ghost-cloudflared-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: cf-tunnel-token + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cloudflare/tunnels/ghost + metadataPolicy: None + property: token + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ghost-mysql-credentials-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ghost-mysql-credentials-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: root + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: root + - secretKey: xtrabackup + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: xtrabackup + - secretKey: monitor + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: monitor + - secretKey: clustercheck + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: clustercheck + - secretKey: proxyadmin + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: proxyadmin + - secretKey: pmmserverkey + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: pmmserverkey + - secretKey: pmmserver + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: pmmserver + - secretKey: operator + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: operator + - secretKey: replication + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: replication + - secretKey: ghost-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/ghost/mysql/credentials + metadataPolicy: None + property: ghost-password + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ghost-mysql-backup-credentials-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ghost-mysql-backup-credentials-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-ghost-mysql + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-ghost-mysql + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/ghost/values.yaml b/clusters/cl01tl/applications/ghost/values.yaml new file mode 100644 index 000000000..6090347bf --- /dev/null +++ b/clusters/cl01tl/applications/ghost/values.yaml @@ -0,0 +1,134 @@ +ghost: + updateStrategy: + type: Recreate + ghostUsername: user + existingSecret: ghost-credentials-secret + ghostEmail: alexanderlebens@gmail.com + ghostBlogTitle: Alex Lebens + ghostHost: blog.alexlebens.dev + ghostPath: / + ghostSkipInstall: false + replicaCount: 1 + resourcesPreset: small + service: + type: ClusterIP + persistence: + enabled: true + storageClass: ceph-block + accessModes: + - ReadWriteOnce + size: 10Gi + mysql: + enabled: false + externalDatabase: + host: ghost-mysql-8-cluster.ghost.svc.cluster.local + port: 3306 + user: ghost + database: ghost + existingSecret: ghost-mysql-credentials-secret +cloudflared: + existingSecretName: ghost-cloudflared-secret +pxc-db: + updateStrategy: SmartUpdate + upgradeOptions: + versionServiceEndpoint: https://check.percona.com + apply: disabled + schedule: "0 4 * * *" + pxc: + size: 3 + image: + repository: percona/percona-xtradb-cluster + tag: 8.0.36-28.1 + autoRecovery: true + expose: + enabled: false + resources: + requests: + memory: 512Mi + cpu: 100m + persistence: + enabled: true + storageClass: local-path + accessMode: ReadWriteOnce + size: 10Gi + disableTLS: false + certManager: true + clusterSecretName: ghost-mysql-credentials-secret + haproxy: + enabled: true + size: 3 + resources: + requests: + memory: 256Mi + cpu: 100m + exposePrimary: + enabled: true + type: ClusterIP + externalTrafficPolicy: Cluster + internalTrafficPolicy: Cluster + exposeReplicas: + enabled: false + logcollector: + enabled: true + resources: + requests: + memory: 128M + cpu: 100m + backup: + enabled: true + allowParallel: true + image: + repository: percona/percona-xtradb-cluster-operator + tag: 1.14.0-pxc8.0-backup-pxb8.0.35 + pitr: + enabled: true + storageName: s3-binlogs + timeBetweenUploads: 600 + timeoutSeconds: 60 + resources: + requests: + memory: 256Mi + cpu: 100m + storages: + s3-binlogs: + type: s3 + resources: + requests: + memory: 256Mi + cpu: 100m + s3: + bucket: cl01tl-mysql-backups/ghost/binlogs + credentialsSecret: ghost-mysql-backup-credentials-secret + region: us-east-2 + endpointUrl: https://s3.us-east-2.amazonaws.com + s3-daily: + type: s3 + resources: + requests: + memory: 256Mi + cpu: 100m + s3: + bucket: cl01tl-mysql-backups/ghost/daily + credentialsSecret: ghost-mysql-backup-credentials-secret + region: us-east-2 + endpointUrl: https://s3.us-east-2.amazonaws.com + s3-weekly: + type: s3 + resources: + requests: + memory: 256Mi + cpu: 100m + s3: + bucket: cl01tl-mysql-backups/ghost/weekly + credentialsSecret: ghost-mysql-backup-credentials-secret + region: us-east-2 + endpointUrl: https://s3.us-east-2.amazonaws.com + schedule: + - name: daily-backup + schedule: "0 0 * * *" + keep: 5 + storageName: s3-daily + - name: weekly-backup + schedule: "0 0 * * 6" + keep: 4 + storageName: s3-weekly