diff --git a/royalcat-blog/00-namespace.yaml b/royalcat-blog/00-namespace.yaml
new file mode 100644
index 0000000..d7aa4ff
--- /dev/null
+++ b/royalcat-blog/00-namespace.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: royalcat-blog
+ labels:
+ app.kubernetes.io/name: royalcat-blog
+ app.kubernetes.io/component: namespace
+ app.kubernetes.io/part-of: royalcat-blog
diff --git a/royalcat-blog/01-mysql.yaml b/royalcat-blog/01-mysql.yaml
new file mode 100644
index 0000000..a679187
--- /dev/null
+++ b/royalcat-blog/01-mysql.yaml
@@ -0,0 +1,84 @@
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+ name: mysql-env
+ namespace: royalcat-blog
+ labels:
+ app: mysql
+stringData:
+ MYSQL_ROOT_PASSWORD: HuSo6WbDao9Qv3
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: mysql-pvc
+ namespace: royalcat-blog
+ labels:
+ app: mysql
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: mysql
+ namespace: royalcat-blog
+ labels:
+ app: mysql
+spec:
+ serviceName: mysql
+ replicas: 1
+ selector:
+ matchLabels:
+ app: mysql
+ template:
+ metadata:
+ labels:
+ app: mysql
+ spec:
+ containers:
+ - name: mysql
+ image: docker.io/mysql:8.4
+ envFrom:
+ - secretRef:
+ name: mysql-env
+ resources:
+ requests:
+ memory: 500Mi
+ cpu: 300m
+ limits:
+ memory: 1Gi
+ cpu: 900m
+ ports:
+ - name: mysql
+ containerPort: 3306
+ volumeMounts:
+ - name: mysql-volume
+ mountPath: /var/lib/mysql
+ readOnly: false
+ volumes:
+ - name: mysql-volume
+ persistentVolumeClaim:
+ claimName: mysql-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: mysql
+ namespace: royalcat-blog
+ labels:
+ app: mysql
+spec:
+ type: ClusterIP
+ selector:
+ app: mysql
+ ports:
+ - name: "3306"
+ port: 3306
+ protocol: TCP
+ targetPort: 3306
diff --git a/royalcat-blog/02-ghost.yaml b/royalcat-blog/02-ghost.yaml
new file mode 100644
index 0000000..f59e7e4
--- /dev/null
+++ b/royalcat-blog/02-ghost.yaml
@@ -0,0 +1,188 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: ghost-content
+ namespace: royalcat-blog
+ labels:
+ app.kubernetes.io/name: ghost
+ app.kubernetes.io/part-of: royalcat-blog
+spec:
+ volumeMode: Filesystem
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: ghost-config-prod
+ namespace: royalcat-blog
+type: Opaque
+stringData:
+ config.production.json: |-
+ {
+ "url": "https://blog.royalcat.dev",
+ "server": {
+ "port": 2368,
+ "host": "0.0.0.0"
+ },
+ "mail": {
+ "transport": "SMTP",
+ "from": "20royalcat@gmail.com",
+ "options": {
+ "service": "Google",
+ "host": "smtp.gmail.com",
+ "port": 465,
+ "secure": true,
+ "auth": {
+ "user": "20royalcat@gmail.com",
+ "pass": "tsdx aaci fncn qbaw"
+ }
+ }
+ },
+ "logging": {
+ "transports": [
+ "stdout"
+ ]
+ },
+ "database": {
+ "client": "mysql",
+ "connection":
+ {
+ "host": "mysql",
+ "user": "root",
+ "password": "HuSo6WbDao9Qv3",
+ "database": "ghost",
+ "port": "3306"
+ }
+ },
+ "process": "local",
+ "paths": {
+ "contentPath": "/var/lib/ghost/content"
+ }
+ }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ghost
+ namespace: royalcat-blog
+ labels:
+ app: ghost
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ghost
+ template:
+ metadata:
+ namespace: royalcat-blog
+ labels:
+ app: ghost
+ spec:
+ volumes:
+ - name: ghost-content
+ persistentVolumeClaim:
+ claimName: ghost-content
+
+ - name: ghost-config-prod
+ secret:
+ secretName: ghost-config-prod
+ defaultMode: 420
+
+ - name: tmp
+ emptyDir:
+ sizeLimit: 64Mi
+
+ containers:
+ - name: ghost
+ image: ghost:latest
+ ports:
+ - name: ghk8s
+ containerPort: 2368
+ protocol: TCP
+
+ # You should uncomment the following lines in production. Change the values according to your environment.
+ readinessProbe:
+ httpGet:
+ path: /ghost/api/v4/admin/site/
+ port: ghk8s
+ httpHeaders:
+ - name: X-Forwarded-Proto
+ value: https
+ - name: Host
+ value: blog.royalcat.dev
+ periodSeconds: 10
+ timeoutSeconds: 3
+ successThreshold: 1
+ failureThreshold: 3
+ initialDelaySeconds: 10
+
+ livenessProbe:
+ httpGet:
+ path: /ghost/api/v4/admin/site/
+ port: ghk8s
+ httpHeaders:
+ - name: X-Forwarded-Proto
+ value: https
+ - name: Host
+ value: blog.royalcat.dev
+ periodSeconds: 300
+ timeoutSeconds: 3
+ successThreshold: 1
+ failureThreshold: 1
+ initialDelaySeconds: 30
+
+ env:
+ - name: NODE_ENV
+ value: production
+ resources:
+ limits:
+ cpu: 800m
+ memory: 800Mi
+ requests:
+ cpu: 100m
+ memory: 256Mi
+
+ volumeMounts:
+ - name: ghost-content
+ mountPath: /var/lib/ghost/content
+ readOnly: false
+ - name: ghost-config-prod
+ readOnly: true
+ mountPath: /var/lib/ghost/config.production.json
+ subPath: config.production.json
+ - name: tmp # This is the temporary volume mount to allow loading themes
+ mountPath: /tmp
+ readOnly: false
+
+ # dnsPolicy: ClusterFirst
+ # Optional: Uncomment the following to specify node selectors
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: node-role.kubernetes.io/worker
+ # operator: In
+ # values:
+ # - "true"
+ securityContext: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: ghost
+ namespace: royalcat-blog
+ labels:
+ app: ghost
+spec:
+ type: ClusterIP
+ selector:
+ app: ghost
+ ports:
+ - port: 2368
+ targetPort: ghk8s
+ name: ghk8s
diff --git a/royalcat-blog/03-ingress.yaml b/royalcat-blog/03-ingress.yaml
new file mode 100644
index 0000000..f79c2e7
--- /dev/null
+++ b/royalcat-blog/03-ingress.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+ name: blog-royalcat-dev-ns-record
+spec:
+ endpoints:
+ - dnsName: blog.royalcat.dev
+ recordTTL: 300
+ recordType: A
+ targets:
+ - 130.61.173.37
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: blog-royalcat-dev
+ namespace: royalcat-blog
+spec:
+ secretName: blog-royalcat-dev-tls-secret
+ issuerRef:
+ name: letsencrypt-prod
+ kind: ClusterIssuer
+ dnsNames:
+ - blog.royalcat.dev
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: royalcat-blog
+ namespace: royalcat-blog
+ labels:
+ app: royalcat-blog
+ annotations:
+ traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+ tls:
+ - secretName: blog-royalcat-dev-tls-secret
+ rules:
+ - host: blog.royalcat.dev
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: ghost
+ port:
+ name: ghk8s