apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: ghost-content
  namespace: royalcat-blog
  labels:
    app.kubernetes.io/name: ghost
    app.kubernetes.io/part-of: royalcat-blog
spec:
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
---
apiVersion: v1
kind: Secret
metadata:
  name: ghost-config-prod
  namespace: royalcat-blog
type: Opaque
stringData:
  config.production.json: |-
    {
      "url": "https://blog.royalcat.dev",
      "server": {
        "port": 2368,
        "host": "0.0.0.0"
      },
      "mail": {
        "transport": "SMTP",
        "from": "20royalcat@gmail.com",
        "options": {
          "service": "Google",
          "host": "smtp.gmail.com",
          "port": 465,
          "secure": true,
          "auth": {
            "user": "20royalcat@gmail.com",
            "pass": "tsdx aaci fncn qbaw"
          }
        }
      },
      "logging": {
        "transports": [
          "stdout"
        ]
      },
      "database": {
        "client": "mysql",
        "connection": 
        {
          "host": "mysql",
          "user": "root",
          "password": "HuSo6WbDao9Qv3",
          "database": "ghost",
          "port": "3306"
        }
      },
      "process": "local",
      "paths": {
        "contentPath": "/var/lib/ghost/content"
      }
    }
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ghost
  namespace: royalcat-blog
  labels:
    app: ghost
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ghost
  template:
    metadata:
      namespace: royalcat-blog
      labels:
        app: ghost
    spec:
      volumes:
        - name: ghost-content
          persistentVolumeClaim:
            claimName: ghost-content

        - name: ghost-config-prod
          secret:
            secretName: ghost-config-prod
            defaultMode: 420

        - name: tmp
          emptyDir:
            sizeLimit: 64Mi

      containers:
        - name: ghost
          image: ghost:latest
          ports:
            - name: ghk8s
              containerPort: 2368
              protocol: TCP

          # You should uncomment the following lines in production. Change the values according to your environment.
          readinessProbe:
            httpGet:
              path: /ghost/api/v4/admin/site/
              port: ghk8s
              httpHeaders:
                - name: X-Forwarded-Proto
                  value: https
                - name: Host
                  value: blog.royalcat.dev
            periodSeconds: 10
            timeoutSeconds: 3
            successThreshold: 1
            failureThreshold: 3
            initialDelaySeconds: 10

          livenessProbe:
            httpGet:
              path: /ghost/api/v4/admin/site/
              port: ghk8s
              httpHeaders:
                - name: X-Forwarded-Proto
                  value: https
                - name: Host
                  value: blog.royalcat.dev
            periodSeconds: 300
            timeoutSeconds: 3
            successThreshold: 1
            failureThreshold: 1
            initialDelaySeconds: 30

          env:
            - name: NODE_ENV
              value: production
          resources:
            limits:
              cpu: 800m
              memory: 800Mi
            requests:
              cpu: 100m
              memory: 256Mi

          volumeMounts:
            - name: ghost-content
              mountPath: /var/lib/ghost/content
              readOnly: false
            - name: ghost-config-prod
              readOnly: true
              mountPath: /var/lib/ghost/config.production.json
              subPath: config.production.json
            - name: tmp # This is the temporary volume mount to allow loading themes
              mountPath: /tmp
              readOnly: false

      # dnsPolicy: ClusterFirst
      # Optional: Uncomment the following to specify node selectors
      # affinity:
      #   nodeAffinity:
      #     requiredDuringSchedulingIgnoredDuringExecution:
      #       nodeSelectorTerms:
      #         - matchExpressions:
      #             - key: node-role.kubernetes.io/worker
      #               operator: In
      #               values:
      #                 - "true"
      securityContext: {}
---
apiVersion: v1
kind: Service
metadata:
  name: ghost
  namespace: royalcat-blog
  labels:
    app: ghost
spec:
  type: ClusterIP
  selector:
    app: ghost
  ports:
    - port: 2368
      targetPort: ghk8s
      name: ghk8s