From a6ae38800dee94309656fa78e41545285d608e86 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Sat, 8 Feb 2020 15:15:12 +0100 Subject: [PATCH] install tobru.ch ghost blog --- _apps/tobru-ch.yaml | 21 ++++++ tobru-ch/backup.yaml | 16 +++++ tobru-ch/ghost.yaml | 103 +++++++++++++++++++++++++++++ tobru-ch/isso-ingress.yaml.dis | 23 +++++++ tobru-ch/isso.yaml | 65 ++++++++++++++++++ tobru-ch/mailgun-auth-secret.yaml | 16 +++++ tobru-ch/tobru-ch-ingress.yaml.dis | 50 ++++++++++++++ 7 files changed, 294 insertions(+) create mode 100644 _apps/tobru-ch.yaml create mode 100644 tobru-ch/backup.yaml create mode 100644 tobru-ch/ghost.yaml create mode 100644 tobru-ch/isso-ingress.yaml.dis create mode 100644 tobru-ch/isso.yaml create mode 100644 tobru-ch/mailgun-auth-secret.yaml create mode 100644 tobru-ch/tobru-ch-ingress.yaml.dis diff --git a/_apps/tobru-ch.yaml b/_apps/tobru-ch.yaml new file mode 100644 index 0000000..41d6e5b --- /dev/null +++ b/_apps/tobru-ch.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tobru-ch + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: tobru-ch + server: https://kubernetes.default.svc + project: default + source: + path: tobru-ch + repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git + targetRevision: HEAD +--- +apiVersion: v1 +kind: Namespace +metadata: + name: tobru-ch diff --git a/tobru-ch/backup.yaml b/tobru-ch/backup.yaml new file mode 100644 index 0000000..2fe16ad --- /dev/null +++ b/tobru-ch/backup.yaml @@ -0,0 +1,16 @@ +apiVersion: backup.appuio.ch/v1alpha1 +kind: Schedule +metadata: + name: backup-schedule + namespace: tobru-ch +spec: + backup: + schedule: '0 */4 * * *' + keepJobs: 4 + check: + schedule: '0 01 * * *' + prune: + schedule: '0 02 * * *' + retention: + keepLast: 10 + keepDaily: 14 diff --git a/tobru-ch/ghost.yaml b/tobru-ch/ghost.yaml new file mode 100644 index 0000000..8d05409 --- /dev/null +++ b/tobru-ch/ghost.yaml @@ -0,0 +1,103 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: data + namespace: tobru-ch + labels: + app: tobru-ch +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 10Gi + storageClassName: localstorage + selector: + matchLabels: + app: tobru-ch +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: tobru-ch + name: ghost + namespace: tobru-ch +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + component: ghost + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + component: ghost + spec: + containers: + - image: ghost:3.1.0 + imagePullPolicy: IfNotPresent + name: ghost + env: + - name: url + value: https://tobru.ch/ + - name: mail__transport + value: SMTP + - name: mail__options__service + value: Mailgun + - name: mail__options__host + value: smtp.eu.mailgun.org + - name: mail__options__auth__user + value: ghost@www.tobru.ch + - name: mail__options__auth__pass + valueFrom: + secretKeyRef: + name: mailgun-auth + key: auth_pass + - name: mail__from + value: "'tobru.ch Ghost Blog '" + ports: + - containerPort: 2368 + name: ghost + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - name: data + mountPath: /var/lib/ghost/content + subPath: ghost + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: data +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tobru-ch + name: ghost + namespace: tobru-ch +spec: + ports: + - port: 2368 + protocol: TCP + targetPort: 2368 + selector: + component: ghost + sessionAffinity: None + type: ClusterIP diff --git a/tobru-ch/isso-ingress.yaml.dis b/tobru-ch/isso-ingress.yaml.dis new file mode 100644 index 0000000..01729e4 --- /dev/null +++ b/tobru-ch/isso-ingress.yaml.dis @@ -0,0 +1,23 @@ +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + ingress.kubernetes.io/ssl-redirect: "true" + labels: + app: tobru-ch + name: isso + namespace: tobru-ch +spec: + rules: + - host: isso.tobru.ch + http: + paths: + - backend: + serviceName: isso + servicePort: 8080 + tls: + - hosts: + - isso.tobru.ch + secretName: isso-cert diff --git a/tobru-ch/isso.yaml b/tobru-ch/isso.yaml new file mode 100644 index 0000000..3217bbe --- /dev/null +++ b/tobru-ch/isso.yaml @@ -0,0 +1,65 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: tobru-ch + name: isso + namespace: tobru-ch +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + component: isso + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + component: isso + spec: + containers: + - image: angristan/isso:0.11.1 + imagePullPolicy: IfNotPresent + name: isso + ports: + - containerPort: 8080 + name: isso + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - name: data + mountPath: /isso + subPath: isso + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: data +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tobru-ch + name: isso + namespace: tobru-ch +spec: + ports: + - port: 8080 + protocol: TCP + targetPort: 8080 + selector: + component: isso + sessionAffinity: None + type: ClusterIP diff --git a/tobru-ch/mailgun-auth-secret.yaml b/tobru-ch/mailgun-auth-secret.yaml new file mode 100644 index 0000000..3666f15 --- /dev/null +++ b/tobru-ch/mailgun-auth-secret.yaml @@ -0,0 +1,16 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: mailgun-auth + namespace: tobru-ch +spec: + encryptedData: + auth_pass: AgB6kRHjsYIZEQWJvPkuGDkMCczJ9kCjzZEwerxydqUA3o4GpSMz4gWIwu7z+5X+JnFgteUIx0Zhr4OAxBrXMg+kC9JNDSXykzLVpPfHUtGemcSl9AMGOXv3TTFG94PRFvUxBOYi2PX0FzJzst4JoTkAlTHS2oU9PvaAFVaP4KcxJQpGZBo2foapjRp3aKz+q4Lv+8NBnwWjnMV1oBd+CkSq+dSMYuOtBbWF6tVHaOJJqb9sI+oRo283em43ocs01VT9hxdNdgqla0WQHyH3EScHF9ZuL5nBRkCLn2wPF8TlLb25NE+Wd5ETMSeu4PizNcOi0LHFF8YXsM8aNBWtvEm4wlCJMiHWACiuBIbL9fvB9HI9FR0wvVTWaJ+0gvkg2sXqU9tp1SuFPA8VHVedXEHLBfEoOdcQTXTuaHck0pzYB9KksI3A45/fEiHJprAIOj/nu9ttlUqfgtoFDOpbbYiDTJl7krQQpIrIzQDnxFkWZUoR7Rh6PVotx3WmnDvSLPrgXCpJxgAZ0dvHqtMrp1SO0NsRlfhNmJTVy5XoQF9cRp80f2q7/tDBaZnRE/RpmIXUs6eg5W3qaol92uSesQULQ62dKiK48T+aErKFrU1VyAeAlyJOMUiNhn7zgsxkpRwM6KvGJ+gmA6PyY0+03/PZm5A0UaBLJl4ZukUUBDwJHoDyvzFpQQZkw2xjZ4pIE73eA0pB6A0O2hC6fO0gkFOXL7reT+PicL1nHOZVFS//KQ== + template: + metadata: + creationTimestamp: null + name: mailgun-auth + namespace: tobru-ch +status: {} + diff --git a/tobru-ch/tobru-ch-ingress.yaml.dis b/tobru-ch/tobru-ch-ingress.yaml.dis new file mode 100644 index 0000000..cecc28b --- /dev/null +++ b/tobru-ch/tobru-ch-ingress.yaml.dis @@ -0,0 +1,50 @@ +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + ingress.kubernetes.io/ssl-redirect: "true" + ingress.kubernetes.io/force-hsts: "true" + ingress.kubernetes.io/hsts-max-age: "315360000" + ingress.kubernetes.io/hsts-preload: "true" + labels: + app: tobru-ch + name: tobru-ch + namespace: tobru-ch +spec: + rules: + - host: tobru.ch + http: + paths: + - backend: + serviceName: ghost + servicePort: 2368 + tls: + - hosts: + - tobru.ch + secretName: tobru-ch-cert +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + traefik.ingress.kubernetes.io/redirect-regex: ^https://www.tobru.ch/(.*) + traefik.ingress.kubernetes.io/redirect-replacement: https://tobru.ch/$1 + ingress.kubernetes.io/ssl-redirect: "true" + labels: + app: tobru-ch + name: www-tobru-ch + namespace: tobru-ch +spec: + rules: + - host: www.tobru.ch + http: + paths: + - backend: + serviceName: ghost + servicePort: 2368 + tls: + - hosts: + - www.tobru.ch