feat: prepare GhostCMS
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
a31774336f
commit
c592010f90
28 changed files with 17256 additions and 2 deletions
97
.drone.yml
97
.drone.yml
|
@ -3,6 +3,9 @@ kind: pipeline
|
||||||
type: docker
|
type: docker
|
||||||
name: default
|
name: default
|
||||||
|
|
||||||
|
platform:
|
||||||
|
arch: arm64
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: keydb
|
- name: keydb
|
||||||
image: quay.io/buildah/stable
|
image: quay.io/buildah/stable
|
||||||
|
@ -24,4 +27,96 @@ steps:
|
||||||
from_secret: gitea_token
|
from_secret: gitea_token
|
||||||
IMAGE_REGISTRY: code.icb4dc0.de
|
IMAGE_REGISTRY: code.icb4dc0.de
|
||||||
IMAGE_REPO: prskr/infrastructure/keydb
|
IMAGE_REPO: prskr/infrastructure/keydb
|
||||||
IMAGE_TAG: v6.3.3
|
IMAGE_TAG: v6.3.3
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: arm64
|
||||||
|
|
||||||
|
platform:
|
||||||
|
arch: arm64
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: manifest
|
||||||
|
image: quay.io/buildah/stable
|
||||||
|
network_mode: host
|
||||||
|
privileged: true
|
||||||
|
commands:
|
||||||
|
- |
|
||||||
|
buildah login "$${IMAGE_REGISTRY}" --username "$${GITEA_USER}" --password "$${GITEA_TOKEN}"
|
||||||
|
buildah bud \
|
||||||
|
--tag "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}" \
|
||||||
|
--arch $${IMAGE_ARCH} \
|
||||||
|
apps/ghostcms
|
||||||
|
buildah push "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}"
|
||||||
|
environment:
|
||||||
|
GITEA_USER: prskr
|
||||||
|
GITEA_TOKEN:
|
||||||
|
from_secret: gitea_token
|
||||||
|
IMAGE_REGISTRY: code.icb4dc0.de
|
||||||
|
IMAGE_REPO: prskr/ghostcms
|
||||||
|
IMAGE_TAG: 5.71.0-alpine_arm64
|
||||||
|
IMAGE_ARCH: arm64
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: amd64
|
||||||
|
|
||||||
|
platform:
|
||||||
|
arch: amd64
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: manifest
|
||||||
|
image: quay.io/buildah/stable
|
||||||
|
network_mode: host
|
||||||
|
privileged: true
|
||||||
|
commands:
|
||||||
|
- |
|
||||||
|
buildah login "$${IMAGE_REGISTRY}" --username "$${GITEA_USER}" --password "$${GITEA_TOKEN}"
|
||||||
|
buildah bud \
|
||||||
|
--tag "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}" \
|
||||||
|
--arch $${IMAGE_ARCH} \
|
||||||
|
apps/ghostcms
|
||||||
|
buildah push "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}"
|
||||||
|
environment:
|
||||||
|
GITEA_USER: prskr
|
||||||
|
GITEA_TOKEN:
|
||||||
|
from_secret: gitea_token
|
||||||
|
IMAGE_REGISTRY: code.icb4dc0.de
|
||||||
|
IMAGE_REPO: prskr/ghostcms
|
||||||
|
IMAGE_TAG: 5.71.0-alpine_amd64
|
||||||
|
IMAGE_ARCH: amd64
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: manifest
|
||||||
|
|
||||||
|
platform:
|
||||||
|
arch: arm64
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- amd64
|
||||||
|
- arm64
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: manifest
|
||||||
|
image: quay.io/buildah/stable
|
||||||
|
network_mode: host
|
||||||
|
privileged: true
|
||||||
|
commands:
|
||||||
|
- |
|
||||||
|
buildah login "$${IMAGE_REGISTRY}" --username "$${GITEA_USER}" --password "$${GITEA_TOKEN}"
|
||||||
|
buildah manifest create "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}"
|
||||||
|
buildah pull --arch amd64 "docker://$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_amd64"
|
||||||
|
buildah pull --arch arm64 "docker://$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_arm64"
|
||||||
|
buildah manifest add "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}" "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_amd64"
|
||||||
|
buildah manifest add "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}" "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_arm64"
|
||||||
|
buildah manifest push --all "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}" "docker://$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}"
|
||||||
|
environment:
|
||||||
|
GITEA_USER: prskr
|
||||||
|
GITEA_TOKEN:
|
||||||
|
from_secret: gitea_token
|
||||||
|
IMAGE_REGISTRY: code.icb4dc0.de
|
||||||
|
IMAGE_REPO: prskr/ghostcms
|
||||||
|
IMAGE_TAG: 5.71.0-alpine
|
||||||
|
|
|
@ -8,7 +8,6 @@ service:
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
annotations:
|
annotations:
|
||||||
gethomepage.dev/description: where to code goes to
|
gethomepage.dev/description: where to code goes to
|
||||||
gethomepage.dev/enabled: "true"
|
gethomepage.dev/enabled: "true"
|
||||||
|
|
|
@ -14,6 +14,9 @@ helmCharts:
|
||||||
namespace: forgejo
|
namespace: forgejo
|
||||||
version: "0.13.0"
|
version: "0.13.0"
|
||||||
valuesFile: config/values.forgejo.yaml
|
valuesFile: config/values.forgejo.yaml
|
||||||
|
skipTests: true
|
||||||
|
apiVersions:
|
||||||
|
- "networking.k8s.io/v1/Ingress"
|
||||||
|
|
||||||
generators:
|
generators:
|
||||||
- ./secret-generator.yaml
|
- ./secret-generator.yaml
|
1
apps/ghostcms/.gitignore
vendored
Normal file
1
apps/ghostcms/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
charts/
|
11
apps/ghostcms/Dockerfile
Normal file
11
apps/ghostcms/Dockerfile
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
ARG GHOST_IMAGE_TAG=5.71.0-alpine
|
||||||
|
|
||||||
|
FROM docker.io/node:18-alpine AS s3-storage-adapter
|
||||||
|
|
||||||
|
WORKDIR /s3
|
||||||
|
|
||||||
|
RUN npm install ghos3
|
||||||
|
|
||||||
|
FROM docker.io/ghost:${GHOST_IMAGE_TAG}
|
||||||
|
|
||||||
|
COPY --from=s3-storage-adapter /s3/node_modules/ghos3/* ./content/adapters/storage/s3
|
15
apps/ghostcms/config/base.env
Normal file
15
apps/ghostcms/config/base.env
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
database__client=mysql
|
||||||
|
database__connection__host=ghostcms-db
|
||||||
|
database__connection__database=ghostcms
|
||||||
|
server__host=0.0.0.0
|
||||||
|
server__port=2368
|
||||||
|
storage__active=s3
|
||||||
|
storage__media__adapter=s3
|
||||||
|
storage__files__adapter=s3
|
||||||
|
storage__s3__region=us-east-1
|
||||||
|
storage__s3__bucket=ghostcms
|
||||||
|
storage__s3__endpoint=minio.minio.svc.cluster.local:9000
|
||||||
|
storage__s3__forcePathStyle=true
|
||||||
|
cache__imageSizes__adapter=Redis
|
||||||
|
cache__Redis__host=ghostcms-keydb.ghostcms.svc
|
||||||
|
cache__Redis__port=6379
|
33
apps/ghostcms/config/values.keydb.yaml
Normal file
33
apps/ghostcms/config/values.keydb.yaml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
imageRepository: code.icb4dc0.de/prskr/infrastructure/keydb
|
||||||
|
imageTag: v6.3.3
|
||||||
|
|
||||||
|
nodes: 3
|
||||||
|
podDisruptionBudget:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
persistentVolume:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 250m
|
||||||
|
memory: 256Mi
|
||||||
|
|
||||||
|
exporter:
|
||||||
|
enabled: true
|
||||||
|
imageTag: v1.51.0
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 50Mi
|
||||||
|
limits:
|
||||||
|
cpu: 150m
|
||||||
|
memory: 100Mi
|
||||||
|
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
36
apps/ghostcms/kustomization.yaml
Normal file
36
apps/ghostcms/kustomization.yaml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: ghostcms
|
||||||
|
|
||||||
|
images:
|
||||||
|
- name: ghostcms
|
||||||
|
newName: code.icb4dc0.de/prskr/ghostcms
|
||||||
|
newTag: 5.71.0-alpine
|
||||||
|
|
||||||
|
commonLabels:
|
||||||
|
app.kubernetes.io/instance: icb4dc0de
|
||||||
|
app.kubernetes.io/managed-by: kustomize
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- resources/namespace.yaml
|
||||||
|
- resources/db.yaml
|
||||||
|
- resources/deployment.yaml
|
||||||
|
- resources/service.yaml
|
||||||
|
- resources/ingress.yaml
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- ./secret-generator.yaml
|
||||||
|
|
||||||
|
secretGenerator:
|
||||||
|
- name: ghostcms-base-config
|
||||||
|
envs:
|
||||||
|
- "config/base.env"
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: keydb
|
||||||
|
repo: https://enapter.github.io/charts/
|
||||||
|
releaseName: ghostcms-keydb
|
||||||
|
namespace: ghostcms
|
||||||
|
version: "0.48.0"
|
||||||
|
valuesFile: config/values.keydb.yaml
|
39
apps/ghostcms/resources/creds.enc.yaml
Normal file
39
apps/ghostcms/resources/creds.enc.yaml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: ghostcms-secret-config
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
database__connection__user: ENC[AES256_GCM,data:RB9Ne7UwdiE=,iv:i+qC2xTv2I6iQfJnzui1V+M3YOCu7OD9qmtY6G1pp3A=,tag:PPe9wMGHeM7fItM+GJhchA==,type:str]
|
||||||
|
database__connection__password: ENC[AES256_GCM,data:EH5AnurBZlQPpybbS+mbFgMQk2H6GXrXlw2nDDChoaU=,iv:wShvZE2GEUG4OVBoSydE9MbFPO9T70QG4H65lf4itWw=,tag:J7fKtAVGWEYvXDWfC7ZNIQ==,type:str]
|
||||||
|
adapters__storage__s3__accessKeyId: ENC[AES256_GCM,data:zRnYiP0OGRJhYYuYGwjwgw==,iv:3S53/I21EW+ONOdU5lriqcnwEfCa74GK2NVwbOfnUlg=,tag:+Aljr4KLvC0/38LmYbSfpw==,type:str]
|
||||||
|
adapters__storage__s3__secretAccessKey: ENC[AES256_GCM,data:lK3nL/2VwcA1znIol0mtZOdbTEXoplnh7kb30xj8A/hLUVeWhDXf5EqGXlI5tsBHme2i51KjDTzk+taFEZkb,iv:0nwuVhcoW+7HB9EreZ6jlpzXkxYSAMNbX4wUAHzH0yU=,tag:frst/SlL3sgmM+wRAgQBJQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRkFMcWRyNE9tMU5NVkVs
|
||||||
|
UmNsSFVDN3k4SDJxK2tva1Rza2xuR2ExcUhVCndua28xNUZBaVlGeTJ0TG0xMlpo
|
||||||
|
cTB5ZTBkMzZ4NW03T1ZacmVGRnZMUXMKLS0tIEYyVGdMZlVCTHREdnBOR3h3NU4x
|
||||||
|
UzBWYXdMS3RadXpEQmN6cVBBUUpHWkUKugUfHbVc5+0597P5r8k8bAIcXHx2BfFe
|
||||||
|
DVdOoxLasWTXvz1GWTFuzvin3Z42GB9zCnjfzkEnwXbATwQy26MhaQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndE9JcHB5NWtBRDZLYTQ4
|
||||||
|
QXhJRG93bEtXYUlmRWhKWC93Mng2YUtDN2ljCmE3RklOdTN2dE42Q0RSc0djSXpX
|
||||||
|
UzBkdXRPVHJ2YUFDR0REeSt5YS9NNEUKLS0tIGJGR0pBWUp3Vm5tMVNneUtaQ1NB
|
||||||
|
UnE2NTVSSUp1OEVFVDd5bHJYOEZpaVkKqmw9GLZavqaPQOJjGhLqXo4ggfmFDgXz
|
||||||
|
C9HNxeDVr2kY452gleVS/YFTPWo0QPevl0SjpZg2gvnz28qLDSNXYQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-10-31T17:51:51Z"
|
||||||
|
mac: ENC[AES256_GCM,data:MMIdx3HIiclIbWDpMkxNiC9cGpzZysYtqZCObA8jBB39GdokRbIFaNS1JQuZ/6u3KyTj2X15HDvgphUWzjTIgl1nYvEumEj6ZyI82VqKP59BBOQ3jCz3rTvLqcqkI+HHd6CUzHehElS11xFZ1VV8CmcGrzhNtoGfIcpFr/7W0/E=,iv:HySrtTaz23uYOOOEnEDY34AGxFYyFRQ92xaD4kCQxe8=,tag:VqBbHcQIxJZRig+Krl3EFg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||||
|
version: 3.8.1
|
37
apps/ghostcms/resources/db-cred.enc.yaml
Normal file
37
apps/ghostcms/resources/db-cred.enc.yaml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: ghostcms-db-creds
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
root-password: ENC[AES256_GCM,data:tCCuYiHneNQMbWk9JYBOQT0fq+M3yjSJpg5MeMVl7Bw=,iv:EAX8seGBIUtaG2/S5SDUKYBkY57g4UKJdMFjCTBBZIs=,tag:giYe8hiyk8dSbcNT9fHJhQ==,type:str]
|
||||||
|
password: ENC[AES256_GCM,data:ae7q5C9RyPZJEpMSYc11Rdx0fgyxZSdW0QPrrhd4EXU=,iv:PZd/tVfoh3xetvov/BVdRPeev2MKRG+6uVLmi1YkHRA=,tag:H2fe2T0TWLV93yhcNheYhg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFREpwa1VjOHZOa1Rmc3M3
|
||||||
|
R001d0cxZjNYMUNLeGdxODlmMWI2bVVJd0RBCmxuOVl2cGg1dHpHU2tSMDJGSVpQ
|
||||||
|
TU5udWpEdjZZQVR5RnE3djFxZWcyRHMKLS0tICtCK1k5V0JTVy9PamViL3BtYTZk
|
||||||
|
WEo0RU5seTZvR2E2ZnhwdTNwUGF4K00KHItzwS/FL1N3iB5880SqBCAzogk2mvJo
|
||||||
|
frkb2ysHPA3e6mC/iYEJwENYTjHqi4tfkwYQmYErAFnNeD28690q1w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhaHJPb1FORk5NL2Q3Y2Fx
|
||||||
|
S3FzQjBmUmNTdVRiYkJqOE94THB6Q0ZwU3pzCmtLT0ZsZ2NEQVVVSy9IMFEyTnNN
|
||||||
|
QUVCQ1IxQjYvVGV5U1lHcUJveHk5ZU0KLS0tIFo5eWZIUzFma3BYWnlaZ08xVFkv
|
||||||
|
Y2YwMThRcUlTSVJmSDArbzdudGs3a1UKqfdWZlKDD3qsYAAKYts51XS41a52O5w1
|
||||||
|
Rivz1sRaMg7deBAMcERU9ACH7NmatWSTvehkKBWpGdkQuiGIcMCEBA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-10-31T14:40:10Z"
|
||||||
|
mac: ENC[AES256_GCM,data:mK71CK+Cp/BbobMrCr5nHpb/bdXQLFB1mxhq1vzw8FZqGQzvYQ2X5pQFeJe8Z3jOYBaR+EUIETdWnBqp7kpaci0QLYw7DnrANpAPmQxczyvITh2m1RNgkHiQxkzF7ywmmdQjr8jrm79p7viy488HLgyrCuiB5zcSW6Cu1D3RT+Y=,iv:Hsafop14fyk3cKpI9TJKHwBjVDR7v92vcHB72Qf14Nw=,tag:eM2QkUKJVN9h27ccw3Zt1w==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||||
|
version: 3.8.1
|
51
apps/ghostcms/resources/db.yaml
Normal file
51
apps/ghostcms/resources/db.yaml
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
---
|
||||||
|
apiVersion: mariadb.mmontes.io/v1alpha1
|
||||||
|
kind: MariaDB
|
||||||
|
metadata:
|
||||||
|
name: ghostcms-db
|
||||||
|
spec:
|
||||||
|
rootPasswordSecretKeyRef:
|
||||||
|
name: ghostcms-db-creds
|
||||||
|
key: root-password
|
||||||
|
|
||||||
|
image: mariadb:11.1.2
|
||||||
|
|
||||||
|
port: 3306
|
||||||
|
|
||||||
|
|
||||||
|
database: ghostcms
|
||||||
|
username: ghostcms
|
||||||
|
passwordSecretKeyRef:
|
||||||
|
name: ghostcms-db-creds
|
||||||
|
key: password
|
||||||
|
|
||||||
|
volumeClaimTemplate:
|
||||||
|
storageClassName: hcloud-volumes
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 10Gi
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
|
||||||
|
livenessProbe:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- bash
|
||||||
|
- -c
|
||||||
|
- mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;"
|
||||||
|
initialDelaySeconds: 20
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
|
||||||
|
readinessProbe:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- bash
|
||||||
|
- -c
|
||||||
|
- mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;"
|
||||||
|
initialDelaySeconds: 20
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 5
|
41
apps/ghostcms/resources/deployment.yaml
Normal file
41
apps/ghostcms/resources/deployment.yaml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: ghostcms
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: ghostcms
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ghostcms
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: ghostcms
|
||||||
|
image: ghostcms
|
||||||
|
ports:
|
||||||
|
- containerPort: 2368
|
||||||
|
env:
|
||||||
|
- name: NODE_ENV
|
||||||
|
value: production
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: ghostcms-base-config
|
||||||
|
- secretRef:
|
||||||
|
name: ghostcms-secret-config
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
privileged: false
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
memory: "384Mi"
|
||||||
|
cpu: "100m"
|
23
apps/ghostcms/resources/ingress.yaml
Normal file
23
apps/ghostcms/resources/ingress.yaml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: ghostcms
|
||||||
|
annotations:
|
||||||
|
gethomepage.dev/description: GhostCMS blog
|
||||||
|
gethomepage.dev/enabled: "true"
|
||||||
|
gethomepage.dev/group: Apps
|
||||||
|
gethomepage.dev/icon: ghost.png
|
||||||
|
gethomepage.dev/name: GhostCMS
|
||||||
|
spec:
|
||||||
|
rules:
|
||||||
|
- host: blog.icb4dc0.de
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- pathType: Prefix
|
||||||
|
path: /
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: ghostcms
|
||||||
|
port:
|
||||||
|
number: 2368
|
7
apps/ghostcms/resources/namespace.yaml
Normal file
7
apps/ghostcms/resources/namespace.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: ghostcms
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
12
apps/ghostcms/resources/service.yaml
Normal file
12
apps/ghostcms/resources/service.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: ghostcms
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: ghostcms
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: 2368
|
||||||
|
targetPort: 2368
|
12
apps/ghostcms/secret-generator.yaml
Normal file
12
apps/ghostcms/secret-generator.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
# Specify a name
|
||||||
|
name: ghostcms-secret-generator
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |
|
||||||
|
exec:
|
||||||
|
path: ksops
|
||||||
|
files:
|
||||||
|
- ./resources/db-cred.enc.yaml
|
||||||
|
- ./resources/creds.enc.yaml
|
1
apps/mariadb-operator/.gitignore
vendored
Normal file
1
apps/mariadb-operator/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
charts/
|
|
@ -0,0 +1,2 @@
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
17
apps/mariadb-operator/kustomization.yaml
Normal file
17
apps/mariadb-operator/kustomization.yaml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: mariadb-system
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- resources/namespace.yaml
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: mariadb-operator
|
||||||
|
releaseName: mariadb-operator
|
||||||
|
repo: https://mariadb-operator.github.io/mariadb-operator
|
||||||
|
namespace: mariadb-system
|
||||||
|
version: "0.22.0"
|
||||||
|
valuesFile: config/mariadb-operator.values.yaml
|
||||||
|
includeCRDs: true
|
||||||
|
skipTests: true
|
7
apps/mariadb-operator/resources/namespace.yaml
Normal file
7
apps/mariadb-operator/resources/namespace.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: mariadb-system
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
26
apps/postgres-operator/kustomization.yaml
Normal file
26
apps/postgres-operator/kustomization.yaml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: postgres-system
|
||||||
|
|
||||||
|
labels:
|
||||||
|
- includeTemplates: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/name: pgo
|
||||||
|
# The version below should match the version on the PostgresCluster CRD
|
||||||
|
app.kubernetes.io/version: 5.4.3
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
|
||||||
|
images:
|
||||||
|
- name: postgres-operator
|
||||||
|
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator
|
||||||
|
newTag: ubi8-5.4.3-0
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- resources/namespace.yaml
|
||||||
|
- resources/crd/postgresclusters.yaml
|
||||||
|
- resources/crd/pgupgrades.yaml
|
||||||
|
- resources/rbac/service_account.yaml
|
||||||
|
- resources/rbac/role.yaml
|
||||||
|
- resources/rbac/role_binding.yaml
|
||||||
|
- resources/manager.yaml
|
1075
apps/postgres-operator/resources/crd/pgupgrades.yaml
Normal file
1075
apps/postgres-operator/resources/crd/pgupgrades.yaml
Normal file
File diff suppressed because it is too large
Load diff
15465
apps/postgres-operator/resources/crd/postgresclusters.yaml
Normal file
15465
apps/postgres-operator/resources/crd/postgresclusters.yaml
Normal file
File diff suppressed because it is too large
Load diff
62
apps/postgres-operator/resources/manager.yaml
Normal file
62
apps/postgres-operator/resources/manager.yaml
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: pgo
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
strategy: { type: Recreate }
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: operator
|
||||||
|
image: postgres-operator
|
||||||
|
env:
|
||||||
|
- name: PGO_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
- name: CRUNCHY_DEBUG
|
||||||
|
value: "true"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_14
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.9-1"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_14_GIS_3.1
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.9-3.1-1"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_14_GIS_3.2
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.9-3.2-1"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_14_GIS_3.3
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.9-3.3-1"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_15
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_15_GIS_3.3
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-15.4-3.3-1"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_16
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.0-0"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_16_GIS_3.3
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.0-3.3-0"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_16_GIS_3.4
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.0-3.4-0"
|
||||||
|
- name: RELATED_IMAGE_PGADMIN
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-18"
|
||||||
|
- name: RELATED_IMAGE_PGBACKREST
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1"
|
||||||
|
- name: RELATED_IMAGE_PGBOUNCER
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.19-5"
|
||||||
|
- name: RELATED_IMAGE_PGEXPORTER
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.4.3-0"
|
||||||
|
- name: RELATED_IMAGE_PGUPGRADE
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi8-5.4.3-0"
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities: { drop: [ALL] }
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
serviceAccountName: pgo
|
7
apps/postgres-operator/resources/namespace.yaml
Normal file
7
apps/postgres-operator/resources/namespace.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: postgres-system
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
156
apps/postgres-operator/resources/rbac/role.yaml
Normal file
156
apps/postgres-operator/resources/rbac/role.yaml
Normal file
|
@ -0,0 +1,156 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: postgres-operator
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- configmaps
|
||||||
|
- persistentvolumeclaims
|
||||||
|
- secrets
|
||||||
|
- services
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- endpoints
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- deletecollection
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- endpoints/restricted
|
||||||
|
- pods/exec
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- events
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
verbs:
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- serviceaccounts
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- apps
|
||||||
|
resources:
|
||||||
|
- deployments
|
||||||
|
- statefulsets
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- batch
|
||||||
|
resources:
|
||||||
|
- cronjobs
|
||||||
|
- jobs
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- policy
|
||||||
|
resources:
|
||||||
|
- poddisruptionbudgets
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- pgupgrades
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- pgupgrades/finalizers
|
||||||
|
verbs:
|
||||||
|
- patch
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- pgupgrades/status
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters/finalizers
|
||||||
|
verbs:
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters/status
|
||||||
|
verbs:
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- rbac.authorization.k8s.io
|
||||||
|
resources:
|
||||||
|
- rolebindings
|
||||||
|
- roles
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
14
apps/postgres-operator/resources/rbac/role_binding.yaml
Normal file
14
apps/postgres-operator/resources/rbac/role_binding.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: postgres-operator
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: postgres-operator
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: pgo
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: pgo
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
Loading…
Reference in a new issue