Last active
April 1, 2020 14:46
-
-
Save nepomucen/73731723644f9e24918746fd5990304c to your computer and use it in GitHub Desktop.
ghost deployment template with cloudsql-proxy sidecar for helmv2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{{- if include "ghost.host" . -}} | |
apiVersion: {{ template "ghost.deployment.apiVersion" . }} | |
kind: Deployment | |
metadata: | |
name: {{ template "ghost.fullname" . }} | |
labels: | |
app: "{{ template "ghost.fullname" . }}" | |
chart: "{{ template "ghost.chart" . }}" | |
release: {{ .Release.Name | quote }} | |
heritage: {{ .Release.Service | quote }} | |
spec: | |
selector: | |
matchLabels: | |
app: "{{ template "ghost.fullname" . }}" | |
release: {{ .Release.Name | quote }} | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
app: "{{ template "ghost.fullname" . }}" | |
chart: "{{ template "ghost.chart" . }}" | |
release: {{ .Release.Name | quote }} | |
spec: | |
{{- if .Values.securityContext.enabled }} | |
securityContext: | |
fsGroup: {{ .Values.securityContext.fsGroup }} | |
runAsUser: {{ .Values.securityContext.runAsUser }} | |
{{- else }} | |
initContainers: | |
- name: volume-permissions | |
image: {{ template "ghost.volumePermissions.image" . }} | |
imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}" | |
command: ['sh', '-c', 'chmod -R g+rwX {{ .Values.persistence.path }}'] | |
volumeMounts: | |
- mountPath: {{ .Values.persistence.path }} | |
name: ghost-data | |
{{- end }} | |
{{- include "ghost.imagePullSecrets" . | indent 6 }} | |
containers: | |
- name : cloudsql-proxy | |
image: gcr.io/cloudsql-docker/gce-proxy:1.16 | |
command: | |
- /cloud_sql_proxy | |
- -instances=infrastructure-0000:europe-west4:blablabla=tcp:3306 | |
{{- if or .Values.serviceAccountKey .Values.existingSecret -}} | |
- -credential_file=/secrets/cloudsql/{{- if .Values.existingSecret -}} {{ .Values.existingSecretKey }} {{- else -}} credentials.json {{- end }} | |
{{end}} | |
securityContext: | |
runAsUser: 2 | |
allowPrivilegeEscalation: false | |
volumeMounts: | |
- name: cloudsql-instance-credentials | |
mountPath: /secrets/cloudsql | |
- name: {{ template "ghost.fullname" . }} | |
image: {{ template "ghost.image" . }} | |
imagePullPolicy: {{ .Values.image.pullPolicy | quote }} | |
env: | |
- name: ALLOW_EMPTY_PASSWORD | |
{{- if .Values.allowEmptyPassword }} | |
value: "yes" | |
{{- else }} | |
value: "no" | |
{{- end }} | |
- name: MARIADB_HOST | |
{{- if .Values.mariadb.enabled }} | |
value: {{ template "ghost.mariadb.fullname" . }} | |
{{- else }} | |
value: {{ .Values.externalDatabase.host | quote }} | |
{{- end }} | |
- name: MARIADB_PORT_NUMBER | |
{{- if .Values.mariadb.enabled }} | |
value: "3306" | |
{{- else }} | |
value: {{ .Values.externalDatabase.port | quote }} | |
{{- end }} | |
- name: GHOST_DATABASE_NAME | |
{{- if .Values.mariadb.enabled }} | |
value: {{ .Values.mariadb.db.name | quote }} | |
{{- else }} | |
value: {{ .Values.externalDatabase.database | quote }} | |
{{- end }} | |
- name: GHOST_DATABASE_USER | |
{{- if .Values.mariadb.enabled }} | |
value: {{ .Values.mariadb.db.user | quote }} | |
{{- else }} | |
value: {{ .Values.externalDatabase.user | quote }} | |
{{- end }} | |
- name: GHOST_DATABASE_PASSWORD | |
{{- if .Values.mariadb.enabled }} | |
valueFrom: | |
secretKeyRef: | |
name: {{ template "ghost.mariadb.fullname" . }} | |
key: mariadb-password | |
{{- else }} | |
value: {{ .Values.externalDatabase.password | quote }} | |
{{- end }} | |
- name: GHOST_HOST | |
value: {{ include "ghost.host" . | quote }} | |
- name: GHOST_PROTOCOL | |
value: {{ .Values.ghostProtocol | quote }} | |
- name: GHOST_PORT_NUMBER | |
{{- if .Values.ghostPort }} | |
value: {{ .Values.ghostPort | quote }} | |
{{- else }} | |
value: {{ .Values.service.port | quote }} | |
{{- end }} | |
- name: GHOST_USERNAME | |
value: {{ .Values.ghostUsername | quote }} | |
- name: GHOST_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: {{ template "ghost.fullname" . }} | |
key: ghost-password | |
- name: GHOST_EMAIL | |
value: {{ .Values.ghostEmail | quote }} | |
- name: BLOG_TITLE | |
value: {{ .Values.ghostBlogTitle | quote }} | |
{{- if .Values.smtpHost }} | |
- name: SMTP_HOST | |
value: {{ .Values.smtpHost | quote }} | |
{{- end }} | |
{{- if .Values.smtpPort }} | |
- name: SMTP_PORT | |
value: {{ .Values.smtpPort | quote }} | |
{{- end }} | |
{{- if .Values.smtpUser }} | |
- name: SMTP_USER | |
value: {{ .Values.smtpUser | quote }} | |
{{- end }} | |
{{- if .Values.smtpPassword }} | |
- name: SMTP_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: {{ template "ghost.fullname" . }} | |
key: smtp-password | |
{{- end }} | |
{{- if .Values.smtpFromAddress }} | |
- name: SMTP_FROM_ADDRESS | |
value: {{ .Values.smtpFromAddress | quote }} | |
{{- end }} | |
{{- if .Values.smtpService }} | |
- name: SMTP_SERVICE | |
value: {{ .Values.smtpService | quote }} | |
{{- end }} | |
ports: | |
- name: http | |
containerPort: 2368 | |
{{- if .Values.livenessProbe.enabled }} | |
livenessProbe: | |
httpGet: | |
path: {{ .Values.ghostPath }} | |
port: http | |
httpHeaders: | |
- name: Host | |
value: {{ include "ghost.host" . | quote }} | |
{{- if eq .Values.ghostProtocol "https" }} | |
- name: X-Forwarded-Proto | |
value: https | |
{{- end }} | |
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} | |
periodSeconds: {{ .Values.livenessProbe.periodSeconds }} | |
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} | |
successThreshold: {{ .Values.livenessProbe.successThreshold }} | |
failureThreshold: {{ .Values.livenessProbe.failureThreshold }} | |
{{- end }} | |
{{- if .Values.readinessProbe.enabled }} | |
readinessProbe: | |
httpGet: | |
path: {{ .Values.ghostPath }} | |
port: http | |
httpHeaders: | |
- name: Host | |
value: {{ include "ghost.host" . | quote }} | |
{{- if eq .Values.ghostProtocol "https" }} | |
- name: X-Forwarded-Proto | |
value: https | |
{{- end }} | |
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} | |
periodSeconds: {{ .Values.readinessProbe.periodSeconds }} | |
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} | |
successThreshold: {{ .Values.readinessProbe.successThreshold }} | |
failureThreshold: {{ .Values.readinessProbe.failureThreshold }} | |
{{- end }} | |
{{- if .Values.resources }} | |
resources: {{- toYaml .Values.resources | nindent 10 }} | |
{{- end }} | |
volumeMounts: | |
- name: ghost-data | |
mountPath: /bitnami/ghost | |
volumes: | |
- name: cloudsql-instance-credentials | |
secret: | |
secretName: calm-com-tls | |
- name: ghost-data | |
{{- if .Values.persistence.enabled }} | |
persistentVolumeClaim: | |
claimName: {{ template "ghost.fullname" . }} | |
{{- else }} | |
emptyDir: {} | |
{{- end }} | |
{{- with .Values.nodeSelector }} | |
nodeSelector: | |
{{- toYaml . | nindent 8 }} | |
{{- end }} | |
{{- with .Values.affinity }} | |
affinity: | |
{{- toYaml . | nindent 8 }} | |
{{- end }} | |
{{- end -}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment