Move ghost to web namespace

5 files changed, 99 insertions, 0 deletions

diff --git a/kubernetes/namespaces/web/ghost/README.md b/kubernetes/namespaces/web/ghost/README.md
new file mode 100644
index 0000000..fee4f8f
--- /dev/null
+++ b/kubernetes/namespaces/web/ghost/README.md
@@ -0,0 +1,7 @@
+# Ghost
+
+This folder contains the deployment manifests for Ghost, the CMS we use for https://blog.pythondiscord.com/.
+
+There should be no additional configuration required, there is a setup process on the domain when Ghost first boots, you can reach it by going to https://blog.pythondiscord.com/ghost/ immediately after starting the deployment.
+
+To deploy this application run `kubectl apply -f ghost` from the root directory of this repository. This will create a deployment, service ingress and persistent volume.
diff --git a/kubernetes/namespaces/web/ghost/deployment.yaml b/kubernetes/namespaces/web/ghost/deployment.yaml
new file mode 100644
index 0000000..3d07ffe
--- /dev/null
+++ b/kubernetes/namespaces/web/ghost/deployment.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ghost
+  namespace: web
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: ghost
+  template:
+    metadata:
+      labels:
+        app: ghost
+    spec:
+      securityContext:
+        fsGroup: 2000
+        runAsUser: 1000
+        runAsNonRoot: true
+      containers:
+        - name: ghost
+          image: ghost:5.78-alpine
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 2368
+          env:
+            - name: url
+              value: https://blog.pythondiscord.com
+            - name: database__client
+              value: sqlite3
+            - name: database__connection__filename
+              value: /var/lib/ghost/content/data/ghost.db
+          volumeMounts:
+            - mountPath: /var/lib/ghost/content
+              name: ghost-data
+          securityContext:
+            readOnlyRootFilesystem: true
+      volumes:
+        - name: ghost-data
+          persistentVolumeClaim:
+            claimName: ghost-storage
diff --git a/kubernetes/namespaces/web/ghost/ingress.yaml b/kubernetes/namespaces/web/ghost/ingress.yaml
new file mode 100644
index 0000000..74a275b
--- /dev/null
+++ b/kubernetes/namespaces/web/ghost/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+    nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle"
+    nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ"
+  name: ghost
+  namespace: web
+spec:
+  tls:
+  - hosts:
+      - "*.pythondiscord.com"
+    secretName: pythondiscord.com-tls
+  rules:
+  - host: blog.pythondiscord.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: ghost
+            port:
+              number: 2368
diff --git a/kubernetes/namespaces/web/ghost/service.yaml b/kubernetes/namespaces/web/ghost/service.yaml
new file mode 100644
index 0000000..7cb41b9
--- /dev/null
+++ b/kubernetes/namespaces/web/ghost/service.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ghost
+  namespace: web
+spec:
+  ports:
+    - port: 2368
+  selector:
+    app: ghost
diff --git a/kubernetes/namespaces/web/ghost/volume.yaml b/kubernetes/namespaces/web/ghost/volume.yaml
new file mode 100644
index 0000000..3789b39
--- /dev/null
+++ b/kubernetes/namespaces/web/ghost/volume.yaml
@@ -0,0 +1,14 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: ghost-storage
+  labels:
+    app: ghost
+  namespace: web
+spec:
+  storageClassName: linode-block-storage-retain
+  accessModes:
+    - ReadWriteOncePod
+  resources:
+    requests:
+      storage: 10Gi