add ghgost

clusters/cl01tl/applications/ghost/Chart.yaml

@@ -0,0 +1,30 @@
+apiVersion: v2
+name: ghost
+version: 1.0.0
+description: Ghost
+keywords:
+  - ghost
+  - cms
+  - blog
+home: https://wiki.alexlebens.dev/doc/ghost-seATqp9RfU
+sources:
+  - https://github.com/TryGhost/Ghost
+  - https://github.com/cloudflare/cloudflared
+  - https://github.com/percona/percona-xtradb-cluster-operator
+  - https://hub.docker.com/r/bitnami/ghost
+  - https://github.com/bitnami/charts/tree/main/bitnami/ghost
+  - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
+  - https://github.com/percona/percona-helm-charts/tree/main/charts/pxc-db
+dependencies:
+  - name: ghost
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 21.1.15
+  - name: cloudflared
+    alias: cloudflared
+    repository: http://alexlebens.github.io/helm-charts
+    version: 1.4.0
+  - name: pxc-db
+    version: 1.14.3
+    repository: https://percona.github.io/percona-helm-charts
+icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/ghost.png
+appVersion: 5.86.2

clusters/cl01tl/applications/ghost/templates/external-secret.yaml

@@ -0,0 +1,168 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ghost-credentials-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ghost-credentials-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ghost-password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/config/credentials
+        metadataPolicy: None
+        property: ghost-password
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ghost-cloudflared-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ghost-cloudflared-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: cf-tunnel-token
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cloudflare/tunnels/ghost
+        metadataPolicy: None
+        property: token
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ghost-mysql-credentials-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ghost-mysql-credentials-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: root
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: root
+    - secretKey: xtrabackup
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: xtrabackup
+    - secretKey: monitor
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: monitor
+    - secretKey: clustercheck
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: clustercheck
+    - secretKey: proxyadmin
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: proxyadmin
+    - secretKey: pmmserverkey
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: pmmserverkey
+    - secretKey: pmmserver
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: pmmserver
+    - secretKey: operator
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: operator
+    - secretKey: replication
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: replication
+    - secretKey: ghost-password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ghost/mysql/credentials
+        metadataPolicy: None
+        property: ghost-password
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ghost-mysql-backup-credentials-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ghost-mysql-backup-credentials-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-ghost-mysql
+        metadataPolicy: None
+        property: access_key
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-ghost-mysql
+        metadataPolicy: None
+        property: secret_key

clusters/cl01tl/applications/ghost/values.yaml

@@ -0,0 +1,134 @@
+ghost:
+  updateStrategy:
+    type: Recreate
+  ghostUsername: user
+  existingSecret: ghost-credentials-secret
+  ghostEmail: alexanderlebens@gmail.com
+  ghostBlogTitle: Alex Lebens
+  ghostHost: blog.alexlebens.dev
+  ghostPath: /
+  ghostSkipInstall: false
+  replicaCount: 1
+  resourcesPreset: small
+  service:
+    type: ClusterIP
+  persistence:
+    enabled: true
+    storageClass: ceph-block
+    accessModes:
+      - ReadWriteOnce
+    size: 10Gi
+  mysql:
+    enabled: false
+  externalDatabase:
+    host: ghost-mysql-8-cluster.ghost.svc.cluster.local
+    port: 3306
+    user: ghost
+    database: ghost
+    existingSecret: ghost-mysql-credentials-secret
+cloudflared:
+  existingSecretName: ghost-cloudflared-secret
+pxc-db:
+  updateStrategy: SmartUpdate
+  upgradeOptions:
+    versionServiceEndpoint: https://check.percona.com
+    apply: disabled
+    schedule: "0 4 * * *"
+  pxc:
+    size: 3
+    image:
+      repository: percona/percona-xtradb-cluster
+      tag: 8.0.36-28.1
+    autoRecovery: true
+    expose:
+      enabled: false
+    resources:
+      requests:
+        memory: 512Mi
+        cpu: 100m
+    persistence:
+      enabled: true
+      storageClass: local-path
+      accessMode: ReadWriteOnce
+      size: 10Gi
+    disableTLS: false
+    certManager: true
+    clusterSecretName: ghost-mysql-credentials-secret
+  haproxy:
+    enabled: true
+    size: 3
+    resources:
+      requests:
+        memory: 256Mi
+        cpu: 100m
+    exposePrimary:
+      enabled: true
+      type: ClusterIP
+      externalTrafficPolicy: Cluster
+      internalTrafficPolicy: Cluster
+    exposeReplicas:
+      enabled: false
+  logcollector:
+    enabled: true
+    resources:
+      requests:
+        memory: 128M
+        cpu: 100m
+  backup:
+    enabled: true
+    allowParallel: true
+    image:
+      repository: percona/percona-xtradb-cluster-operator
+      tag: 1.14.0-pxc8.0-backup-pxb8.0.35
+    pitr:
+      enabled: true
+      storageName: s3-binlogs
+      timeBetweenUploads: 600
+      timeoutSeconds: 60
+      resources:
+        requests:
+          memory: 256Mi
+          cpu: 100m
+    storages:
+      s3-binlogs:
+        type: s3
+        resources:
+          requests:
+            memory: 256Mi
+            cpu: 100m
+        s3:
+          bucket: cl01tl-mysql-backups/ghost/binlogs
+          credentialsSecret: ghost-mysql-backup-credentials-secret
+          region: us-east-2
+          endpointUrl: https://s3.us-east-2.amazonaws.com 
+      s3-daily:
+        type: s3
+        resources:
+          requests:
+            memory: 256Mi
+            cpu: 100m
+        s3:
+          bucket: cl01tl-mysql-backups/ghost/daily
+          credentialsSecret: ghost-mysql-backup-credentials-secret
+          region: us-east-2
+          endpointUrl: https://s3.us-east-2.amazonaws.com
+      s3-weekly:
+        type: s3
+        resources:
+          requests:
+            memory: 256Mi
+            cpu: 100m        
+        s3:
+          bucket: cl01tl-mysql-backups/ghost/weekly
+          credentialsSecret: ghost-mysql-backup-credentials-secret
+          region: us-east-2
+          endpointUrl: https://s3.us-east-2.amazonaws.com
+    schedule:
+      - name: daily-backup
+        schedule: "0 0 * * *"
+        keep: 5
+        storageName: s3-daily
+      - name: weekly-backup
+        schedule: "0 0 * * 6"
+        keep: 4
+        storageName: s3-weekly