Last active
April 1, 2020 14:46
-
-
Save nepomucen/73731723644f9e24918746fd5990304c to your computer and use it in GitHub Desktop.
ghost deployment template with cloudsql-proxy sidecar for helmv2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {{- if include "ghost.host" . -}} | |
| apiVersion: {{ template "ghost.deployment.apiVersion" . }} | |
| kind: Deployment | |
| metadata: | |
| name: {{ template "ghost.fullname" . }} | |
| labels: | |
| app: "{{ template "ghost.fullname" . }}" | |
| chart: "{{ template "ghost.chart" . }}" | |
| release: {{ .Release.Name | quote }} | |
| heritage: {{ .Release.Service | quote }} | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: "{{ template "ghost.fullname" . }}" | |
| release: {{ .Release.Name | quote }} | |
| replicas: 1 | |
| template: | |
| metadata: | |
| labels: | |
| app: "{{ template "ghost.fullname" . }}" | |
| chart: "{{ template "ghost.chart" . }}" | |
| release: {{ .Release.Name | quote }} | |
| spec: | |
| {{- if .Values.securityContext.enabled }} | |
| securityContext: | |
| fsGroup: {{ .Values.securityContext.fsGroup }} | |
| runAsUser: {{ .Values.securityContext.runAsUser }} | |
| {{- else }} | |
| initContainers: | |
| - name: volume-permissions | |
| image: {{ template "ghost.volumePermissions.image" . }} | |
| imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}" | |
| command: ['sh', '-c', 'chmod -R g+rwX {{ .Values.persistence.path }}'] | |
| volumeMounts: | |
| - mountPath: {{ .Values.persistence.path }} | |
| name: ghost-data | |
| {{- end }} | |
| {{- include "ghost.imagePullSecrets" . | indent 6 }} | |
| containers: | |
| - name : cloudsql-proxy | |
| image: gcr.io/cloudsql-docker/gce-proxy:1.16 | |
| command: | |
| - /cloud_sql_proxy | |
| - -instances=infrastructure-0000:europe-west4:blablabla=tcp:3306 | |
| {{- if or .Values.serviceAccountKey .Values.existingSecret -}} | |
| - -credential_file=/secrets/cloudsql/{{- if .Values.existingSecret -}} {{ .Values.existingSecretKey }} {{- else -}} credentials.json {{- end }} | |
| {{end}} | |
| securityContext: | |
| runAsUser: 2 | |
| allowPrivilegeEscalation: false | |
| volumeMounts: | |
| - name: cloudsql-instance-credentials | |
| mountPath: /secrets/cloudsql | |
| - name: {{ template "ghost.fullname" . }} | |
| image: {{ template "ghost.image" . }} | |
| imagePullPolicy: {{ .Values.image.pullPolicy | quote }} | |
| env: | |
| - name: ALLOW_EMPTY_PASSWORD | |
| {{- if .Values.allowEmptyPassword }} | |
| value: "yes" | |
| {{- else }} | |
| value: "no" | |
| {{- end }} | |
| - name: MARIADB_HOST | |
| {{- if .Values.mariadb.enabled }} | |
| value: {{ template "ghost.mariadb.fullname" . }} | |
| {{- else }} | |
| value: {{ .Values.externalDatabase.host | quote }} | |
| {{- end }} | |
| - name: MARIADB_PORT_NUMBER | |
| {{- if .Values.mariadb.enabled }} | |
| value: "3306" | |
| {{- else }} | |
| value: {{ .Values.externalDatabase.port | quote }} | |
| {{- end }} | |
| - name: GHOST_DATABASE_NAME | |
| {{- if .Values.mariadb.enabled }} | |
| value: {{ .Values.mariadb.db.name | quote }} | |
| {{- else }} | |
| value: {{ .Values.externalDatabase.database | quote }} | |
| {{- end }} | |
| - name: GHOST_DATABASE_USER | |
| {{- if .Values.mariadb.enabled }} | |
| value: {{ .Values.mariadb.db.user | quote }} | |
| {{- else }} | |
| value: {{ .Values.externalDatabase.user | quote }} | |
| {{- end }} | |
| - name: GHOST_DATABASE_PASSWORD | |
| {{- if .Values.mariadb.enabled }} | |
| valueFrom: | |
| secretKeyRef: | |
| name: {{ template "ghost.mariadb.fullname" . }} | |
| key: mariadb-password | |
| {{- else }} | |
| value: {{ .Values.externalDatabase.password | quote }} | |
| {{- end }} | |
| - name: GHOST_HOST | |
| value: {{ include "ghost.host" . | quote }} | |
| - name: GHOST_PROTOCOL | |
| value: {{ .Values.ghostProtocol | quote }} | |
| - name: GHOST_PORT_NUMBER | |
| {{- if .Values.ghostPort }} | |
| value: {{ .Values.ghostPort | quote }} | |
| {{- else }} | |
| value: {{ .Values.service.port | quote }} | |
| {{- end }} | |
| - name: GHOST_USERNAME | |
| value: {{ .Values.ghostUsername | quote }} | |
| - name: GHOST_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| name: {{ template "ghost.fullname" . }} | |
| key: ghost-password | |
| - name: GHOST_EMAIL | |
| value: {{ .Values.ghostEmail | quote }} | |
| - name: BLOG_TITLE | |
| value: {{ .Values.ghostBlogTitle | quote }} | |
| {{- if .Values.smtpHost }} | |
| - name: SMTP_HOST | |
| value: {{ .Values.smtpHost | quote }} | |
| {{- end }} | |
| {{- if .Values.smtpPort }} | |
| - name: SMTP_PORT | |
| value: {{ .Values.smtpPort | quote }} | |
| {{- end }} | |
| {{- if .Values.smtpUser }} | |
| - name: SMTP_USER | |
| value: {{ .Values.smtpUser | quote }} | |
| {{- end }} | |
| {{- if .Values.smtpPassword }} | |
| - name: SMTP_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| name: {{ template "ghost.fullname" . }} | |
| key: smtp-password | |
| {{- end }} | |
| {{- if .Values.smtpFromAddress }} | |
| - name: SMTP_FROM_ADDRESS | |
| value: {{ .Values.smtpFromAddress | quote }} | |
| {{- end }} | |
| {{- if .Values.smtpService }} | |
| - name: SMTP_SERVICE | |
| value: {{ .Values.smtpService | quote }} | |
| {{- end }} | |
| ports: | |
| - name: http | |
| containerPort: 2368 | |
| {{- if .Values.livenessProbe.enabled }} | |
| livenessProbe: | |
| httpGet: | |
| path: {{ .Values.ghostPath }} | |
| port: http | |
| httpHeaders: | |
| - name: Host | |
| value: {{ include "ghost.host" . | quote }} | |
| {{- if eq .Values.ghostProtocol "https" }} | |
| - name: X-Forwarded-Proto | |
| value: https | |
| {{- end }} | |
| initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} | |
| periodSeconds: {{ .Values.livenessProbe.periodSeconds }} | |
| timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} | |
| successThreshold: {{ .Values.livenessProbe.successThreshold }} | |
| failureThreshold: {{ .Values.livenessProbe.failureThreshold }} | |
| {{- end }} | |
| {{- if .Values.readinessProbe.enabled }} | |
| readinessProbe: | |
| httpGet: | |
| path: {{ .Values.ghostPath }} | |
| port: http | |
| httpHeaders: | |
| - name: Host | |
| value: {{ include "ghost.host" . | quote }} | |
| {{- if eq .Values.ghostProtocol "https" }} | |
| - name: X-Forwarded-Proto | |
| value: https | |
| {{- end }} | |
| initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} | |
| periodSeconds: {{ .Values.readinessProbe.periodSeconds }} | |
| timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} | |
| successThreshold: {{ .Values.readinessProbe.successThreshold }} | |
| failureThreshold: {{ .Values.readinessProbe.failureThreshold }} | |
| {{- end }} | |
| {{- if .Values.resources }} | |
| resources: {{- toYaml .Values.resources | nindent 10 }} | |
| {{- end }} | |
| volumeMounts: | |
| - name: ghost-data | |
| mountPath: /bitnami/ghost | |
| volumes: | |
| - name: cloudsql-instance-credentials | |
| secret: | |
| secretName: calm-com-tls | |
| - name: ghost-data | |
| {{- if .Values.persistence.enabled }} | |
| persistentVolumeClaim: | |
| claimName: {{ template "ghost.fullname" . }} | |
| {{- else }} | |
| emptyDir: {} | |
| {{- end }} | |
| {{- with .Values.nodeSelector }} | |
| nodeSelector: | |
| {{- toYaml . | nindent 8 }} | |
| {{- end }} | |
| {{- with .Values.affinity }} | |
| affinity: | |
| {{- toYaml . | nindent 8 }} | |
| {{- end }} | |
| {{- end -}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment