install tobru.ch ghost blog

2020-02-08 15:15:12 +01:00 · 2020-02-08 15:15:12 +01:00 · a6ae38800d
parent 2ea545a905
commit a6ae38800d
7 changed files with 294 additions and 0 deletions
--- a/_apps/tobru-ch.yaml
+++ b/_apps/tobru-ch.yaml
@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: tobru-ch
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: tobru-ch
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: tobru-ch
+    repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git
+    targetRevision: HEAD
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tobru-ch
--- a/tobru-ch/backup.yaml
+++ b/tobru-ch/backup.yaml
@ -0,0 +1,16 @@
+apiVersion: backup.appuio.ch/v1alpha1
+kind: Schedule
+metadata:
+  name: backup-schedule
+  namespace: tobru-ch
+spec:
+  backup:
+    schedule: '0 */4 * * *'
+    keepJobs: 4
+  check:
+    schedule: '0 01 * * *'
+  prune:
+    schedule: '0 02 * * *'
+    retention:
+      keepLast: 10
+      keepDaily: 14
--- a/tobru-ch/ghost.yaml
+++ b/tobru-ch/ghost.yaml
@ -0,0 +1,103 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: data
+  namespace: tobru-ch
+  labels:
+    app: tobru-ch
+spec:
+  accessModes:
+  - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: localstorage
+  selector:
+    matchLabels:
+      app: tobru-ch
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: tobru-ch
+  name: ghost
+  namespace: tobru-ch
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      component: ghost
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        component: ghost
+    spec:
+      containers:
+      - image: ghost:3.1.0
+        imagePullPolicy: IfNotPresent
+        name: ghost
+        env:
+        - name: url
+          value: https://tobru.ch/
+        - name: mail__transport
+          value: SMTP
+        - name: mail__options__service
+          value: Mailgun
+        - name: mail__options__host
+          value: smtp.eu.mailgun.org
+        - name: mail__options__auth__user
+          value: ghost@www.tobru.ch
+        - name: mail__options__auth__pass
+          valueFrom:
+            secretKeyRef:
+              name: mailgun-auth
+              key: auth_pass
+        - name: mail__from
+          value: "'tobru.ch Ghost Blog <ghost@www.tobru.ch>'"
+        ports:
+        - containerPort: 2368
+          name: ghost
+          protocol: TCP
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/ghost/content
+          subPath: ghost
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: tobru-ch
+  name: ghost
+  namespace: tobru-ch
+spec:
+  ports:
+  - port: 2368
+    protocol: TCP
+    targetPort: 2368
+  selector:
+    component: ghost
+  sessionAffinity: None
+  type: ClusterIP
--- a/tobru-ch/isso-ingress.yaml.dis
+++ b/tobru-ch/isso-ingress.yaml.dis
@ -0,0 +1,23 @@
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    ingress.kubernetes.io/ssl-redirect: "true"
+  labels:
+    app: tobru-ch
+  name: isso
+  namespace: tobru-ch
+spec:
+  rules:
+  - host: isso.tobru.ch
+    http:
+      paths:
+      - backend:
+          serviceName: isso
+          servicePort: 8080
+  tls:
+  - hosts:
+    - isso.tobru.ch
+    secretName: isso-cert
--- a/tobru-ch/isso.yaml
+++ b/tobru-ch/isso.yaml
@ -0,0 +1,65 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: tobru-ch
+  name: isso
+  namespace: tobru-ch
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      component: isso
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        component: isso
+    spec:
+      containers:
+      - image: angristan/isso:0.11.1
+        imagePullPolicy: IfNotPresent
+        name: isso
+        ports:
+        - containerPort: 8080
+          name: isso
+          protocol: TCP
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - name: data
+          mountPath: /isso
+          subPath: isso
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: tobru-ch
+  name: isso
+  namespace: tobru-ch
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    component: isso
+  sessionAffinity: None
+  type: ClusterIP
--- a/tobru-ch/mailgun-auth-secret.yaml
+++ b/tobru-ch/mailgun-auth-secret.yaml
@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: mailgun-auth
+  namespace: tobru-ch
+spec:
+  encryptedData:
+    auth_pass: AgB6kRHjsYIZEQWJvPkuGDkMCczJ9kCjzZEwerxydqUA3o4GpSMz4gWIwu7z+5X+JnFgteUIx0Zhr4OAxBrXMg+kC9JNDSXykzLVpPfHUtGemcSl9AMGOXv3TTFG94PRFvUxBOYi2PX0FzJzst4JoTkAlTHS2oU9PvaAFVaP4KcxJQpGZBo2foapjRp3aKz+q4Lv+8NBnwWjnMV1oBd+CkSq+dSMYuOtBbWF6tVHaOJJqb9sI+oRo283em43ocs01VT9hxdNdgqla0WQHyH3EScHF9ZuL5nBRkCLn2wPF8TlLb25NE+Wd5ETMSeu4PizNcOi0LHFF8YXsM8aNBWtvEm4wlCJMiHWACiuBIbL9fvB9HI9FR0wvVTWaJ+0gvkg2sXqU9tp1SuFPA8VHVedXEHLBfEoOdcQTXTuaHck0pzYB9KksI3A45/fEiHJprAIOj/nu9ttlUqfgtoFDOpbbYiDTJl7krQQpIrIzQDnxFkWZUoR7Rh6PVotx3WmnDvSLPrgXCpJxgAZ0dvHqtMrp1SO0NsRlfhNmJTVy5XoQF9cRp80f2q7/tDBaZnRE/RpmIXUs6eg5W3qaol92uSesQULQ62dKiK48T+aErKFrU1VyAeAlyJOMUiNhn7zgsxkpRwM6KvGJ+gmA6PyY0+03/PZm5A0UaBLJl4ZukUUBDwJHoDyvzFpQQZkw2xjZ4pIE73eA0pB6A0O2hC6fO0gkFOXL7reT+PicL1nHOZVFS//KQ==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: mailgun-auth
+      namespace: tobru-ch
+status: {}
+
--- a/tobru-ch/tobru-ch-ingress.yaml.dis
+++ b/tobru-ch/tobru-ch-ingress.yaml.dis
@ -0,0 +1,50 @@
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    ingress.kubernetes.io/ssl-redirect: "true"
+    ingress.kubernetes.io/force-hsts: "true"
+    ingress.kubernetes.io/hsts-max-age: "315360000"
+    ingress.kubernetes.io/hsts-preload: "true"
+  labels:
+    app: tobru-ch
+  name: tobru-ch
+  namespace: tobru-ch
+spec:
+  rules:
+  - host: tobru.ch
+    http:
+      paths:
+      - backend:
+          serviceName: ghost
+          servicePort: 2368
+  tls:
+  - hosts:
+    - tobru.ch
+    secretName: tobru-ch-cert
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    traefik.ingress.kubernetes.io/redirect-regex: ^https://www.tobru.ch/(.*)
+    traefik.ingress.kubernetes.io/redirect-replacement: https://tobru.ch/$1
+    ingress.kubernetes.io/ssl-redirect: "true"
+  labels:
+    app: tobru-ch
+  name: www-tobru-ch
+  namespace: tobru-ch
+spec:
+  rules:
+  - host: www.tobru.ch
+    http:
+      paths:
+      - backend:
+          serviceName: ghost
+          servicePort: 2368
+  tls:
+  - hosts:
+    - www.tobru.ch