feat(ghost): Add ghost (#1977)
* feat(ghost): Add ghost * update docs * use correct image * full perms for tests * don't set url on test * set to localhost * try default port * whoops * add more gui options * strict perms * rofs off * root + rofs * root + rofs off * use strict perms * Update charts/incubator/ghost/values.yaml * Update charts/incubator/ghost/questions.yaml * Update charts/incubator/ghost/questions.yaml * Update charts/incubator/ghost/values.yaml * update url env Co-authored-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl>
This commit is contained in:
parent
1f3db0c79d
commit
317d3508d9
|
@ -0,0 +1,33 @@
|
|||
apiVersion: v2
|
||||
appVersion: "10.6.2"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.16.0
|
||||
- condition: mariadb.enabled
|
||||
name: mariadb
|
||||
repository: https://truecharts.org/
|
||||
version: 1.0.73
|
||||
description: Ghost is an open source, professional publishing platform built on a modern Node.js technology stack — designed for teams who need power, flexibility and performance.
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/ghost
|
||||
icon: https://truecharts.org/_static/img/appicons/ghost-icon.png
|
||||
keywords:
|
||||
- ghost
|
||||
- blog
|
||||
- cms
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: ghost
|
||||
sources:
|
||||
- https://github.com/TryGhost/Ghost
|
||||
- https://hub.docker.com/_/ghost
|
||||
- https://ghost.org/docs/
|
||||
version: 0.0.1
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- productivity
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
|
@ -0,0 +1,523 @@
|
|||
# Include{groups}
|
||||
portals:
|
||||
open:
|
||||
protocols:
|
||||
- "$kubernetes-resource_configmap_portal_protocol"
|
||||
host:
|
||||
- "$kubernetes-resource_configmap_portal_host"
|
||||
ports:
|
||||
- "$kubernetes-resource_configmap_portal_port"
|
||||
admin:
|
||||
protocols:
|
||||
- "$kubernetes-resource_configmap_portal_protocol"
|
||||
host:
|
||||
- "$kubernetes-resource_configmap_portal_host"
|
||||
ports:
|
||||
- "$kubernetes-resource_configmap_portal_port"
|
||||
path: "/ghost"
|
||||
|
||||
questions:
|
||||
- variable: portal
|
||||
group: "Container Image"
|
||||
label: "Configure Portal Button"
|
||||
schema:
|
||||
type: dict
|
||||
hidden: true
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: "Enable"
|
||||
description: "enable the portal button"
|
||||
schema:
|
||||
hidden: true
|
||||
editable: false
|
||||
type: boolean
|
||||
default: true
|
||||
# Include{global}
|
||||
- variable: controller
|
||||
group: "Controller"
|
||||
label: ""
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: advanced
|
||||
label: "Show Advanced Controller Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: type
|
||||
description: "Please specify type of workload to deploy"
|
||||
label: "(Advanced) Controller Type"
|
||||
schema:
|
||||
type: string
|
||||
default: "deployment"
|
||||
required: true
|
||||
enum:
|
||||
- value: "deployment"
|
||||
description: "Deployment"
|
||||
- value: "statefulset"
|
||||
description: "Statefulset"
|
||||
- value: "daemonset"
|
||||
description: "Daemonset"
|
||||
- variable: replicas
|
||||
description: "Number of desired pod replicas"
|
||||
label: "Desired Replicas"
|
||||
schema:
|
||||
type: int
|
||||
default: 1
|
||||
required: true
|
||||
- variable: strategy
|
||||
description: "Please specify type of workload to deploy"
|
||||
label: "(Advanced) Update Strategy"
|
||||
schema:
|
||||
type: string
|
||||
default: "Recreate"
|
||||
required: true
|
||||
enum:
|
||||
- value: "Recreate"
|
||||
description: "Recreate: Kill existing pods before creating new ones"
|
||||
- value: "RollingUpdate"
|
||||
description: "RollingUpdate: Create new pods and then kill old ones"
|
||||
- value: "OnDelete"
|
||||
description: "(Legacy) OnDelete: ignore .spec.template changes"
|
||||
# Include{controllerExpert}
|
||||
# Docker specific env
|
||||
- variable: env
|
||||
group: "Container Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{fixedEnv}
|
||||
- variable: url
|
||||
label: "URL"
|
||||
description: "Enter the URL that is used to access your publication"
|
||||
schema:
|
||||
type: string
|
||||
default: "http://localhost:10165"
|
||||
- variable: useMinFiles
|
||||
label: "useMinFiles"
|
||||
description: "Generate assets url with .min notation"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: imageOptimization__resize
|
||||
label: "Image Optimization: Resize"
|
||||
description: "Automatically process and compress"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: imageOptimization__srcsets
|
||||
label: "Image Optimization: srcsets"
|
||||
description: "Image Optimization: srcsets"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: compress
|
||||
label: "Compress"
|
||||
description: "Compress"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: preloadHeaders
|
||||
label: "Preload Headers"
|
||||
description: "Preload Headers"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: adminFrameProtection
|
||||
label: "Admin Frame Protection"
|
||||
description: "Admin Frame Protection"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: sendWelcomeEmail
|
||||
label: "Send Welcome Email"
|
||||
description: "Send Welcome Email"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: stripeDirect
|
||||
label: "Stripe Direct"
|
||||
description: "Stripe Direct"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: enableStripePromoCodes
|
||||
label: "Enable Stripe Promo Codes"
|
||||
description: "Enable Stripe Promo Codes"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: emailAnalytics
|
||||
label: "Email Analytics"
|
||||
description: "Email Analytics"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: backgroundJobs__emailAnalytics
|
||||
label: "Background Jobs Email Analytics"
|
||||
description: "Background Jobs Email Analytics"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: useMinFiles
|
||||
label: "useMinFiles"
|
||||
description: "Generate assets url with .min notation"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: privacy__useTinfoil
|
||||
label: "Privacy: Use Tin Foil"
|
||||
description: "Turn privacy features on or off"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: false
|
||||
subquestions:
|
||||
- variable: privacy__useUpdateCheck
|
||||
label: "Privacy: Use Update Checks"
|
||||
description: "Enable Update Checks"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: privacy__useGravatar
|
||||
label: "Privacy: Use Gravatar"
|
||||
description: "Enable Gravatar"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: privacy__useRpcPing
|
||||
label: "Privacy: Use RPC Ping"
|
||||
description: "Enable RPC Pings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: privacy__useStructuredData
|
||||
label: "Privacy: Use Structured Data"
|
||||
description: "Enable Structured Data"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: mailenabled
|
||||
label: "Mail Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: mail__from
|
||||
label: "Mail: From Address"
|
||||
description: "From Address eg ('Ghost Admin' <support@example.com>)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: mail__transport
|
||||
label: "Mail: Transport"
|
||||
description: "Transport"
|
||||
schema:
|
||||
type: string
|
||||
default: "SMTP"
|
||||
- variable: mail__options__service
|
||||
label: "Mail: Options - Service"
|
||||
description: "Service eg (Mailgun)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: mail__options__port
|
||||
label: "Mail: Options - Port"
|
||||
description: "Port eg (587)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: mail__options__secure
|
||||
label: "Mail: Options - Secure"
|
||||
description: "Enable Secure Mail"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: mail__options__auth__user
|
||||
label: "Mail: Options - Auth - User"
|
||||
description: "Username for mail provider"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: mail__options__auth__pass
|
||||
label: "Mail: Options - Auth - Password"
|
||||
description: "Password for mail provider"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: integrationsenabled
|
||||
label: "Integration Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: twitter__privateReadOnlyToken
|
||||
label: "Twitter: Private Read Only Token"
|
||||
description: "Twitter: Private Read Only Token"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: opensea__privateReadOnlyApiKey
|
||||
label: "Opensea: Private Read Only API Key"
|
||||
description: "Opensea: Private Read Only API Key"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: tenor__publicReadOnlyApiKey
|
||||
label: "Tenor: Private Read Only API Key"
|
||||
description: "Tenor: Private Read Only API Key"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: tenor__contentFilter
|
||||
label: "Tenor: Content Filter"
|
||||
description: "Tenor: Content Filter"
|
||||
schema:
|
||||
type: string
|
||||
default: "off"
|
||||
enum:
|
||||
- value: "off"
|
||||
description: "off"
|
||||
- value: "on"
|
||||
description: "on"
|
||||
|
||||
# Include{containerConfig}
|
||||
|
||||
- variable: service
|
||||
group: "Networking and Services"
|
||||
label: "Configure Service(s)"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
description: "The Primary service on which the healthcheck runs, often the webUI"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelector}
|
||||
- variable: main
|
||||
label: "Main Service Port Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: "Port"
|
||||
description: "This port exposes the container port on the service"
|
||||
schema:
|
||||
type: int
|
||||
default: 10166
|
||||
required: true
|
||||
- variable: advanced
|
||||
label: "Show Advanced settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: protocol
|
||||
label: "Port Type"
|
||||
schema:
|
||||
type: string
|
||||
default: "HTTP"
|
||||
enum:
|
||||
- value: HTTP
|
||||
description: "HTTP"
|
||||
- value: "HTTPS"
|
||||
description: "HTTPS"
|
||||
- value: TCP
|
||||
description: "TCP"
|
||||
- value: "UDP"
|
||||
description: "UDP"
|
||||
- variable: nodePort
|
||||
label: "Node Port (Optional)"
|
||||
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
||||
schema:
|
||||
type: int
|
||||
min: 9000
|
||||
max: 65535
|
||||
- variable: targetPort
|
||||
label: "Target Port"
|
||||
description: "The internal(!) port on the container the Application runs on"
|
||||
schema:
|
||||
type: int
|
||||
default: 10166
|
||||
|
||||
- variable: serviceexpert
|
||||
group: "Networking and Services"
|
||||
label: "Show Expert Config"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: hostNetwork
|
||||
group: "Networking and Services"
|
||||
label: "Host-Networking (Complicated)"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
# Include{serviceExpert}
|
||||
|
||||
# Include{serviceList}
|
||||
|
||||
- variable: persistence
|
||||
label: "Integrated Persistent Storage"
|
||||
description: "Integrated Persistent Storage"
|
||||
group: "Storage and Persistence"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: content
|
||||
label: "App Content Storage"
|
||||
description: "Stores the Application Content."
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: type
|
||||
label: "Type of Storage"
|
||||
description: "Sets the persistence type, Anything other than PVC could break rollback!"
|
||||
schema:
|
||||
type: string
|
||||
default: "simplePVC"
|
||||
enum:
|
||||
- value: "simplePVC"
|
||||
description: "PVC (simple)"
|
||||
- value: "simpleHP"
|
||||
description: "HostPath (simple)"
|
||||
- value: "emptyDir"
|
||||
description: "emptyDir"
|
||||
- value: "pvc"
|
||||
description: "pvc"
|
||||
- value: "hostPath"
|
||||
description: "hostPath"
|
||||
# Include{persistenceBasic}
|
||||
- variable: hostPath
|
||||
label: "hostPath"
|
||||
description: "Path inside the container the storage is mounted"
|
||||
schema:
|
||||
show_if: [["type", "=", "hostPath"]]
|
||||
type: hostpath
|
||||
- variable: medium
|
||||
label: "EmptyDir Medium"
|
||||
schema:
|
||||
show_if: [["type", "=", "emptyDir"]]
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "Memory"
|
||||
description: "Memory"
|
||||
# Include{persistenceAdvanced}
|
||||
|
||||
# Include{persistenceList}
|
||||
|
||||
- variable: ingress
|
||||
label: ""
|
||||
group: "Ingress"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: main
|
||||
label: "Main Ingress"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{ingressDefault}
|
||||
|
||||
# Include{ingressTLS}
|
||||
|
||||
# Include{ingressTraefik}
|
||||
|
||||
# Include{ingressExpert}
|
||||
|
||||
# Include{ingressList}
|
||||
|
||||
- variable: advancedSecurity
|
||||
label: "Show Advanced Security Settings"
|
||||
group: "Security and Permissions"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: securityContext
|
||||
label: "Security Context"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: privileged
|
||||
label: "Privileged mode"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: readOnlyRootFilesystem
|
||||
label: "ReadOnly Root Filesystem"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: allowPrivilegeEscalation
|
||||
label: "Allow Privilege Escalation"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: runAsNonRoot
|
||||
label: "runAsNonRoot"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
# Include{securityContextAdvanced}
|
||||
|
||||
- variable: podSecurityContext
|
||||
group: "Security and Permissions"
|
||||
label: "Pod Security Context"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: runAsUser
|
||||
label: "runAsUser"
|
||||
description: "The UserID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: fsGroup
|
||||
label: "fsGroup"
|
||||
description: "The group that should own ALL storage."
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{podSecurityContextAdvanced}
|
||||
|
||||
# Include{resources}
|
||||
|
||||
# Include{advanced}
|
||||
|
||||
# Include{addons}
|
|
@ -0,0 +1 @@
|
|||
{{ include "common.all" . }}
|
|
@ -0,0 +1,73 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/ghost
|
||||
tag: v4.36.32@sha256:d897092217e34dcdb98ffb452f650d2f19d02236729a216246df1df810536661
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
env:
|
||||
# db env
|
||||
database__client: "mysql"
|
||||
database__connection__port: 3306
|
||||
database__connection__user: "{{ .Values.mariadb.mariadbUsername }}"
|
||||
database__connection__database: "{{ .Values.mariadb.mariadbDatabase }}"
|
||||
# server env
|
||||
NODE_ENV: "production"
|
||||
server__port: "{{ .Values.service.main.ports.main.port }}"
|
||||
url: "http://localhost:10166"
|
||||
useMinFiles: true
|
||||
compress: true
|
||||
imageOptimization__resize: true
|
||||
imageOptimization__srcsets: true
|
||||
preloadHeaders: false
|
||||
sendWelcomeEmail: true
|
||||
adminFrameProtection: true
|
||||
emailAnalytics: true
|
||||
backgroundJobs__emailAnalytics: true
|
||||
stripeDirect: false
|
||||
enableStripePromoCodes: false
|
||||
# privacy env
|
||||
privacy__useTinfoil: true
|
||||
privacy__useUpdateCheck: false
|
||||
privacy__useGravatar: false
|
||||
privacy__useRpcPing: false
|
||||
privacy__useStructuredData: false
|
||||
# mail env
|
||||
mail__from: ""
|
||||
mail__transport: ""
|
||||
mail__options__service: ""
|
||||
mail__options__port: ""
|
||||
mail__options__secure: false
|
||||
mail__options__auth__user: ""
|
||||
mail__options__auth__pass: ""
|
||||
# integrations env
|
||||
tenor__publicReadOnlyApiKey: ""
|
||||
tenor__contentFilter: "off"
|
||||
opensea__privateReadOnlyApiKey: ""
|
||||
twitter__privateReadOnlyToken: ""
|
||||
|
||||
envValueFrom:
|
||||
database__connection__host:
|
||||
secretKeyRef:
|
||||
name: mariadbcreds
|
||||
key: plainhost
|
||||
database__connection__password:
|
||||
secretKeyRef:
|
||||
name: mariadbcreds
|
||||
key: mariadb-password
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 10166
|
||||
targetPort: 10166
|
||||
|
||||
persistence:
|
||||
content:
|
||||
enabled: true
|
||||
mountPath: "/var/lib/ghost/content"
|
||||
|
||||
mariadb:
|
||||
enabled: true
|
||||
mariadbUsername: ghost
|
||||
mariadbDatabase: ghost
|
||||
existingSecret: "mariadbcreds"
|
Binary file not shown.
After Width: | Height: | Size: 44 KiB |
|
@ -62,7 +62,6 @@ _This list is to track `App Requests` from one place._
|
|||
- [ ] Geth #1348
|
||||
- [ ] Spotify Connect #1319
|
||||
- [ ] Machinaris #1304
|
||||
- [ ] Ghost #1282
|
||||
- [ ] teslamate
|
||||
|
||||
##### TODO: Requires More-Than-Average effort
|
||||
|
@ -518,3 +517,4 @@ _These Apps have specific requirements or need specific customisation and care_
|
|||
- [x] Librephotos #293
|
||||
- [x] AMD - Automated Music Downloader
|
||||
- [x] Deemix #628
|
||||
- [x] Ghost #1282
|
||||
|
|
|
@ -322,6 +322,7 @@ These defaults can of course be changed, but as we guarantee "sane, working defa
|
|||
| grist | main | main | 10163 | TCP | |
|
||||
| grist | api | api | 10164 | TCP | |
|
||||
| budge | main | main | 10165 | TCP | |
|
||||
| ghost | main | main | 10166 | TCP | |
|
||||
| satisfactory | beacon | beacon | 15000 | UDP | |
|
||||
| satisfactory | query | query | 15777 | UDP | |
|
||||
| minecraft-bedrock | main | main | 19132 | UDP | |
|
||||
|
|
Loading…
Reference in New Issue