apiVersion: apps/v1 kind: Deployment metadata: name: ghost namespace: ghost spec: replicas: 1 strategy: type: Recreate selector: matchLabels: component: web template: metadata: labels: component: web spec: containers: - name: ghost image: {{ .apps.ghost.image }} ports: - name: http containerPort: {{ .apps.ghost.port }} protocol: TCP env: - name: BITNAMI_DEBUG value: "false" - name: ALLOW_EMPTY_PASSWORD value: "yes" - name: GHOST_DATABASE_HOST value: {{ .apps.ghost.dbHost }} - name: GHOST_DATABASE_PORT_NUMBER value: "{{ .apps.ghost.dbPort }}" - name: GHOST_DATABASE_NAME value: {{ .apps.ghost.dbName }} - name: GHOST_DATABASE_USER value: {{ .apps.ghost.dbUser }} - name: GHOST_DATABASE_PASSWORD valueFrom: secretKeyRef: name: ghost-secrets key: apps.ghost.dbPassword - name: GHOST_HOST value: {{ .apps.ghost.domain }} - name: GHOST_PORT_NUMBER value: "{{ .apps.ghost.port }}" - name: GHOST_USERNAME value: {{ .apps.ghost.adminUser }} - name: GHOST_PASSWORD valueFrom: secretKeyRef: name: ghost-secrets key: apps.ghost.adminPassword - name: GHOST_EMAIL value: {{ .apps.ghost.adminEmail }} - name: GHOST_BLOG_TITLE value: {{ .apps.ghost.blogTitle }} - name: GHOST_ENABLE_HTTPS value: "yes" - name: GHOST_EXTERNAL_HTTP_PORT_NUMBER value: "80" - name: GHOST_EXTERNAL_HTTPS_PORT_NUMBER value: "443" - name: GHOST_SKIP_BOOTSTRAP value: "no" - name: GHOST_SMTP_SERVICE value: SMTP - name: GHOST_SMTP_HOST value: {{ .apps.ghost.smtp.host }} - name: GHOST_SMTP_PORT value: "{{ .apps.ghost.smtp.port }}" - name: GHOST_SMTP_USER value: {{ .apps.ghost.smtp.user }} - name: GHOST_SMTP_PASSWORD valueFrom: secretKeyRef: name: ghost-secrets key: apps.ghost.smtpPassword - name: GHOST_SMTP_FROM_ADDRESS value: {{ .apps.ghost.smtp.from }} resources: limits: cpu: 375m ephemeral-storage: 2Gi memory: 384Mi requests: cpu: 250m ephemeral-storage: 50Mi memory: 256Mi volumeMounts: - name: ghost-data mountPath: /bitnami/ghost livenessProbe: tcpSocket: port: {{ .apps.ghost.port }} initialDelaySeconds: 120 timeoutSeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 readinessProbe: httpGet: path: / port: http scheme: HTTP httpHeaders: - name: x-forwarded-proto value: https initialDelaySeconds: 30 timeoutSeconds: 3 periodSeconds: 5 successThreshold: 1 failureThreshold: 6 securityContext: capabilities: drop: - ALL privileged: false runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true readOnlyRootFilesystem: false allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault volumes: - name: ghost-data persistentVolumeClaim: claimName: ghost-data restartPolicy: Always securityContext: fsGroup: 1001