diff options
Diffstat (limited to 'kubernetes/namespaces/web')
| -rw-r--r-- | kubernetes/namespaces/web/ghost/README.md | 7 | ||||
| -rw-r--r-- | kubernetes/namespaces/web/ghost/deployment.yaml | 43 | ||||
| -rw-r--r-- | kubernetes/namespaces/web/ghost/ingress.yaml | 25 | ||||
| -rw-r--r-- | kubernetes/namespaces/web/ghost/service.yaml | 10 | ||||
| -rw-r--r-- | kubernetes/namespaces/web/ghost/volume.yaml | 14 |
5 files changed, 99 insertions, 0 deletions
diff --git a/kubernetes/namespaces/web/ghost/README.md b/kubernetes/namespaces/web/ghost/README.md new file mode 100644 index 0000000..fee4f8f --- /dev/null +++ b/kubernetes/namespaces/web/ghost/README.md @@ -0,0 +1,7 @@ +# Ghost + +This folder contains the deployment manifests for Ghost, the CMS we use for https://blog.pythondiscord.com/. + +There should be no additional configuration required, there is a setup process on the domain when Ghost first boots, you can reach it by going to https://blog.pythondiscord.com/ghost/ immediately after starting the deployment. + +To deploy this application run `kubectl apply -f ghost` from the root directory of this repository. This will create a deployment, service ingress and persistent volume. diff --git a/kubernetes/namespaces/web/ghost/deployment.yaml b/kubernetes/namespaces/web/ghost/deployment.yaml new file mode 100644 index 0000000..3d07ffe --- /dev/null +++ b/kubernetes/namespaces/web/ghost/deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ghost + namespace: web +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: ghost + template: + metadata: + labels: + app: ghost + spec: + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true + containers: + - name: ghost + image: ghost:5.78-alpine + imagePullPolicy: Always + ports: + - containerPort: 2368 + env: + - name: url + value: https://blog.pythondiscord.com + - name: database__client + value: sqlite3 + - name: database__connection__filename + value: /var/lib/ghost/content/data/ghost.db + volumeMounts: + - mountPath: /var/lib/ghost/content + name: ghost-data + securityContext: + readOnlyRootFilesystem: true + volumes: + - name: ghost-data + persistentVolumeClaim: + claimName: ghost-storage diff --git a/kubernetes/namespaces/web/ghost/ingress.yaml b/kubernetes/namespaces/web/ghost/ingress.yaml new file mode 100644 index 0000000..74a275b --- /dev/null +++ b/kubernetes/namespaces/web/ghost/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + name: ghost + namespace: web +spec: + tls: + - hosts: + - "*.pythondiscord.com" + secretName: pythondiscord.com-tls + rules: + - host: blog.pythondiscord.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ghost + port: + number: 2368 diff --git a/kubernetes/namespaces/web/ghost/service.yaml b/kubernetes/namespaces/web/ghost/service.yaml new file mode 100644 index 0000000..7cb41b9 --- /dev/null +++ b/kubernetes/namespaces/web/ghost/service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: ghost + namespace: web +spec: + ports: + - port: 2368 + selector: + app: ghost diff --git a/kubernetes/namespaces/web/ghost/volume.yaml b/kubernetes/namespaces/web/ghost/volume.yaml new file mode 100644 index 0000000..3789b39 --- /dev/null +++ b/kubernetes/namespaces/web/ghost/volume.yaml @@ -0,0 +1,14 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: ghost-storage + labels: + app: ghost + namespace: web +spec: + storageClassName: linode-block-storage-retain + accessModes: + - ReadWriteOncePod + resources: + requests: + storage: 10Gi |