apiVersion: v1 kind: PersistentVolumeClaim metadata: name: ghost-content namespace: royalcat-blog labels: app.kubernetes.io/name: ghost app.kubernetes.io/part-of: royalcat-blog spec: volumeMode: Filesystem accessModes: - ReadWriteOnce resources: requests: storage: 1Gi --- apiVersion: v1 kind: Secret metadata: name: ghost-config-prod namespace: royalcat-blog type: Opaque stringData: config.production.json: |- { "url": "https://blog.royalcat.dev", "server": { "port": 2368, "host": "0.0.0.0" }, "mail": { "transport": "SMTP", "from": "20royalcat@gmail.com", "options": { "service": "Google", "host": "smtp.gmail.com", "port": 465, "secure": true, "auth": { "user": "20royalcat@gmail.com", "pass": "tsdx aaci fncn qbaw" } } }, "logging": { "transports": [ "stdout" ] }, "database": { "client": "mysql", "connection": { "host": "mysql", "user": "root", "password": "HuSo6WbDao9Qv3", "database": "ghost", "port": "3306" } }, "process": "local", "paths": { "contentPath": "/var/lib/ghost/content" } } --- apiVersion: apps/v1 kind: Deployment metadata: name: ghost namespace: royalcat-blog labels: app: ghost spec: replicas: 1 selector: matchLabels: app: ghost template: metadata: namespace: royalcat-blog labels: app: ghost spec: volumes: - name: ghost-content persistentVolumeClaim: claimName: ghost-content - name: ghost-config-prod secret: secretName: ghost-config-prod defaultMode: 420 - name: tmp emptyDir: sizeLimit: 64Mi containers: - name: ghost image: ghost:latest ports: - name: ghk8s containerPort: 2368 protocol: TCP # You should uncomment the following lines in production. Change the values according to your environment. readinessProbe: httpGet: path: /ghost/api/v4/admin/site/ port: ghk8s httpHeaders: - name: X-Forwarded-Proto value: https - name: Host value: blog.royalcat.dev periodSeconds: 10 timeoutSeconds: 3 successThreshold: 1 failureThreshold: 3 initialDelaySeconds: 10 livenessProbe: httpGet: path: /ghost/api/v4/admin/site/ port: ghk8s httpHeaders: - name: X-Forwarded-Proto value: https - name: Host value: blog.royalcat.dev periodSeconds: 300 timeoutSeconds: 3 successThreshold: 1 failureThreshold: 1 initialDelaySeconds: 30 env: - name: NODE_ENV value: production resources: limits: cpu: 800m memory: 800Mi requests: cpu: 100m memory: 256Mi volumeMounts: - name: ghost-content mountPath: /var/lib/ghost/content readOnly: false - name: ghost-config-prod readOnly: true mountPath: /var/lib/ghost/config.production.json subPath: config.production.json - name: tmp # This is the temporary volume mount to allow loading themes mountPath: /tmp readOnly: false # dnsPolicy: ClusterFirst # Optional: Uncomment the following to specify node selectors # affinity: # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # nodeSelectorTerms: # - matchExpressions: # - key: node-role.kubernetes.io/worker # operator: In # values: # - "true" securityContext: {} --- apiVersion: v1 kind: Service metadata: name: ghost namespace: royalcat-blog labels: app: ghost spec: type: ClusterIP selector: app: ghost ports: - port: 2368 targetPort: ghk8s name: ghk8s