aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/namespaces/web
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/namespaces/web')
-rw-r--r--kubernetes/namespaces/web/ghost/README.md7
-rw-r--r--kubernetes/namespaces/web/ghost/deployment.yaml43
-rw-r--r--kubernetes/namespaces/web/ghost/ingress.yaml25
-rw-r--r--kubernetes/namespaces/web/ghost/service.yaml10
-rw-r--r--kubernetes/namespaces/web/ghost/volume.yaml14
5 files changed, 99 insertions, 0 deletions
diff --git a/kubernetes/namespaces/web/ghost/README.md b/kubernetes/namespaces/web/ghost/README.md
new file mode 100644
index 0000000..fee4f8f
--- /dev/null
+++ b/kubernetes/namespaces/web/ghost/README.md
@@ -0,0 +1,7 @@
+# Ghost
+
+This folder contains the deployment manifests for Ghost, the CMS we use for https://blog.pythondiscord.com/.
+
+There should be no additional configuration required, there is a setup process on the domain when Ghost first boots, you can reach it by going to https://blog.pythondiscord.com/ghost/ immediately after starting the deployment.
+
+To deploy this application run `kubectl apply -f ghost` from the root directory of this repository. This will create a deployment, service ingress and persistent volume.
diff --git a/kubernetes/namespaces/web/ghost/deployment.yaml b/kubernetes/namespaces/web/ghost/deployment.yaml
new file mode 100644
index 0000000..3d07ffe
--- /dev/null
+++ b/kubernetes/namespaces/web/ghost/deployment.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ghost
+ namespace: web
+spec:
+ replicas: 1
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ app: ghost
+ template:
+ metadata:
+ labels:
+ app: ghost
+ spec:
+ securityContext:
+ fsGroup: 2000
+ runAsUser: 1000
+ runAsNonRoot: true
+ containers:
+ - name: ghost
+ image: ghost:5.78-alpine
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 2368
+ env:
+ - name: url
+ value: https://blog.pythondiscord.com
+ - name: database__client
+ value: sqlite3
+ - name: database__connection__filename
+ value: /var/lib/ghost/content/data/ghost.db
+ volumeMounts:
+ - mountPath: /var/lib/ghost/content
+ name: ghost-data
+ securityContext:
+ readOnlyRootFilesystem: true
+ volumes:
+ - name: ghost-data
+ persistentVolumeClaim:
+ claimName: ghost-storage
diff --git a/kubernetes/namespaces/web/ghost/ingress.yaml b/kubernetes/namespaces/web/ghost/ingress.yaml
new file mode 100644
index 0000000..74a275b
--- /dev/null
+++ b/kubernetes/namespaces/web/ghost/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ annotations:
+ nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+ nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle"
+ nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ"
+ name: ghost
+ namespace: web
+spec:
+ tls:
+ - hosts:
+ - "*.pythondiscord.com"
+ secretName: pythondiscord.com-tls
+ rules:
+ - host: blog.pythondiscord.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: ghost
+ port:
+ number: 2368
diff --git a/kubernetes/namespaces/web/ghost/service.yaml b/kubernetes/namespaces/web/ghost/service.yaml
new file mode 100644
index 0000000..7cb41b9
--- /dev/null
+++ b/kubernetes/namespaces/web/ghost/service.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ghost
+ namespace: web
+spec:
+ ports:
+ - port: 2368
+ selector:
+ app: ghost
diff --git a/kubernetes/namespaces/web/ghost/volume.yaml b/kubernetes/namespaces/web/ghost/volume.yaml
new file mode 100644
index 0000000..3789b39
--- /dev/null
+++ b/kubernetes/namespaces/web/ghost/volume.yaml
@@ -0,0 +1,14 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: ghost-storage
+ labels:
+ app: ghost
+ namespace: web
+spec:
+ storageClassName: linode-block-storage-retain
+ accessModes:
+ - ReadWriteOncePod
+ resources:
+ requests:
+ storage: 10Gi
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 09:49:14 +0000