Initial commit.

2025-10-11 17:25:46 +00:00
commit db621755b3
123 changed files with 5066 additions and 0 deletions
--- a/ghost/db-init-job.yaml
+++ b/ghost/db-init-job.yaml
@@ -0,0 +1,44 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: ghost-db-init
+  labels:
+    component: db-init
+spec:
+  template:
+    metadata:
+      labels:
+        component: db-init
+    spec:
+      containers:
+        - name: db-init
+          image: {{ .apps.mysql.image }}
+          command: ["/bin/bash", "-c"]
+          args:
+            - |
+              mysql -h ${DB_HOSTNAME} -P ${DB_PORT} -u root -p${MYSQL_ROOT_PASSWORD} <<EOF
+              CREATE DATABASE IF NOT EXISTS ${DB_DATABASE_NAME};
+              CREATE USER IF NOT EXISTS '${DB_USERNAME}'@'%' IDENTIFIED BY '${DB_PASSWORD}';
+              GRANT ALL PRIVILEGES ON ${DB_DATABASE_NAME}.* TO '${DB_USERNAME}'@'%';
+              FLUSH PRIVILEGES;
+              EOF
+          env:
+            - name: MYSQL_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secrets
+                  key: apps.mysql.rootPassword
+            - name: DB_HOSTNAME
+              value: "{{ .apps.ghost.dbHost }}"
+            - name: DB_PORT
+              value: "{{ .apps.ghost.dbPort }}"
+            - name: DB_DATABASE_NAME
+              value: "{{ .apps.ghost.dbName }}"
+            - name: DB_USERNAME
+              value: "{{ .apps.ghost.dbUser }}"
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: ghost-secrets
+                  key: apps.ghost.dbPassword
+      restartPolicy: OnFailure
--- a/ghost/deployment.yaml
+++ b/ghost/deployment.yaml
@@ -0,0 +1,132 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ghost
+  namespace: ghost
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      component: web
+  template:
+    metadata:
+      labels:
+        component: web
+    spec:
+      containers:
+        - name: ghost
+          image: {{ .apps.ghost.image }}
+          ports:
+            - name: http
+              containerPort: {{ .apps.ghost.port }}
+              protocol: TCP
+          env:
+            - name: BITNAMI_DEBUG
+              value: "false"
+            - name: ALLOW_EMPTY_PASSWORD
+              value: "yes"
+            - name: GHOST_DATABASE_HOST
+              value: {{ .apps.ghost.dbHost }}
+            - name: GHOST_DATABASE_PORT_NUMBER
+              value: "{{ .apps.ghost.dbPort }}"
+            - name: GHOST_DATABASE_NAME
+              value: {{ .apps.ghost.dbName }}
+            - name: GHOST_DATABASE_USER
+              value: {{ .apps.ghost.dbUser }}
+            - name: GHOST_DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: ghost-secrets
+                  key: apps.ghost.dbPassword
+            - name: GHOST_HOST
+              value: {{ .apps.ghost.domain }}
+            - name: GHOST_PORT_NUMBER
+              value: "{{ .apps.ghost.port }}"
+            - name: GHOST_USERNAME
+              value: {{ .apps.ghost.adminUser }}
+            - name: GHOST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: ghost-secrets
+                  key: apps.ghost.adminPassword
+            - name: GHOST_EMAIL
+              value: {{ .apps.ghost.adminEmail }}
+            - name: GHOST_BLOG_TITLE
+              value: {{ .apps.ghost.blogTitle }}
+            - name: GHOST_ENABLE_HTTPS
+              value: "yes"
+            - name: GHOST_EXTERNAL_HTTP_PORT_NUMBER
+              value: "80"
+            - name: GHOST_EXTERNAL_HTTPS_PORT_NUMBER
+              value: "443"
+            - name: GHOST_SKIP_BOOTSTRAP
+              value: "no"
+            - name: GHOST_SMTP_SERVICE
+              value: SMTP
+            - name: GHOST_SMTP_HOST
+              value: {{ .apps.ghost.smtp.host }}
+            - name: GHOST_SMTP_PORT
+              value: "{{ .apps.ghost.smtp.port }}"
+            - name: GHOST_SMTP_USER
+              value: {{ .apps.ghost.smtp.user }}
+            - name: GHOST_SMTP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: ghost-secrets
+                  key: apps.ghost.smtpPassword
+            - name: GHOST_SMTP_FROM_ADDRESS
+              value: {{ .apps.ghost.smtp.from }}
+          resources:
+            limits:
+              cpu: 375m
+              ephemeral-storage: 2Gi
+              memory: 384Mi
+            requests:
+              cpu: 250m
+              ephemeral-storage: 50Mi
+              memory: 256Mi
+          volumeMounts:
+            - name: ghost-data
+              mountPath: /bitnami/ghost
+          livenessProbe:
+            tcpSocket:
+              port: {{ .apps.ghost.port }}
+            initialDelaySeconds: 120
+            timeoutSeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 6
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+              scheme: HTTP
+              httpHeaders:
+                - name: x-forwarded-proto
+                  value: https
+            initialDelaySeconds: 30
+            timeoutSeconds: 3
+            periodSeconds: 5
+            successThreshold: 1
+            failureThreshold: 6
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+            privileged: false
+            runAsUser: 1001
+            runAsGroup: 1001
+            runAsNonRoot: true
+            readOnlyRootFilesystem: false
+            allowPrivilegeEscalation: false
+            seccompProfile:
+              type: RuntimeDefault
+      volumes:
+        - name: ghost-data
+          persistentVolumeClaim:
+            claimName: ghost-data
+      restartPolicy: Always
+      securityContext:
+        fsGroup: 1001
--- a/ghost/ingress.yaml
+++ b/ghost/ingress.yaml
@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ghost
+  namespace: ghost
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
+    external-dns.alpha.kubernetes.io/target: {{ .cloud.domain }}
+    external-dns.alpha.kubernetes.io/ttl: "60"
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+spec:
+  rules:
+    - host: {{ .apps.ghost.domain }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: ghost
+                port:
+                  number: 80
+  tls:
+    - hosts:
+        - {{ .apps.ghost.domain }}
+      secretName: {{ .apps.ghost.tlsSecretName }}
--- a/ghost/kustomization.yaml
+++ b/ghost/kustomization.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: ghost
+labels:
+  - includeSelectors: true
+    pairs:
+      app: ghost
+      managedBy: kustomize
+      partOf: wild-cloud
+resources:
+  - namespace.yaml
+  - db-init-job.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
+  - pvc.yaml
--- a/ghost/manifest.yaml
+++ b/ghost/manifest.yaml
@@ -0,0 +1,30 @@
+name: ghost
+description: Ghost is a powerful app for new-media creators to publish, share, and grow a business around their content.
+version: 5.118.1
+icon: https://ghost.org/images/logos/ghost-logo-orb.png
+requires:
+  - name: mysql
+defaultConfig:
+  image: docker.io/bitnami/ghost:5.118.1-debian-12-r0
+  domain: ghost.{{ .cloud.domain }}
+  tlsSecretName: wildcard-wild-cloud-tls
+  port: 2368
+  storage: 10Gi
+  dbHost: mysql.mysql.svc.cluster.local
+  dbPort: 3306
+  dbName: ghost
+  dbUser: ghost
+  adminUser: admin
+  adminEmail: "admin@{{ .cloud.domain }}"
+  blogTitle: "My Blog"
+  timezone: UTC
+  tlsSecretName: wildcard-wild-cloud-tls
+  smtp:
+    host: "{{ .cloud.smtp.host }}"
+    port: "{{ .cloud.smtp.port }}"
+    from: "{{ .cloud.smtp.from }}"
+    user: "{{ .cloud.smtp.user }}"
+requiredSecrets:
+  - apps.ghost.adminPassword
+  - apps.ghost.dbPassword
+  - apps.ghost.smtpPassword
--- a/ghost/namespace.yaml
+++ b/ghost/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ghost
--- a/ghost/pvc.yaml
+++ b/ghost/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ghost-data
+  namespace: ghost
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .apps.ghost.storage }}
--- a/ghost/service.yaml
+++ b/ghost/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ghost
+  namespace: ghost
+spec:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: {{ .apps.ghost.port }}
+  selector:
+    component: web