deploy/06-ghost-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ghost-on-kubernetes
  namespace: ghost-on-kubernetes
  labels:
    app: ghost-on-kubernetes
    app.kubernetes.io/name: ghost-on-kubernetes
    app.kubernetes.io/instance: ghost-on-kubernetes
    app.kubernetes.io/version: '5.92'
    app.kubernetes.io/component: ghost
    app.kubernetes.io/part-of: ghost-on-kubernetes
    
    
spec:
  # If you want HA for your Ghost instance, you can increase the number of replicas AFTER creation and you need to adjust the storage class. See 02-pvc.yaml for more information.
  replicas: 1
  selector:
    matchLabels:
      app: ghost-on-kubernetes
  minReadySeconds: 5
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 3
  revisionHistoryLimit: 4
  progressDeadlineSeconds: 600
  template:
    metadata:
      namespace: ghost-on-kubernetes
      labels:
        app: ghost-on-kubernetes
    spec:
      automountServiceAccountToken: false # Disable automounting of service account token
      volumes:
      - name: k8s-ghost-content
        persistentVolumeClaim:
          claimName: k8s-ghost-content

      - name: ghost-config-prod
        secret:
          secretName: ghost-config-prod
          defaultMode: 420

      - name: tmp
        emptyDir:
          sizeLimit: 64Mi

      initContainers:
      - name: permissions-fix
        imagePullPolicy: Always
        image: docker.io/busybox:stable-musl
        env:
        - name: GHOST_INSTALL
          value: /home/nonroot/app/ghost
        - name: GHOST_CONTENT
          value: /home/nonroot/app/ghost/content
        - name: NODE_ENV
          value: production
        securityContext:
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
        resources:
          limits:
            cpu: 900m
            memory: 1000Mi
          requests:
            cpu: 100m
            memory: 128Mi
        command:
          - /bin/sh
          - '-c'
          - |
            set -e

            export DIRS='files logs apps themes data public settings images media'
            echo 'Check if base dirs exists, if not, create them'
            echo "Directories to check: $DIRS"
            for dir in $DIRS; do
              if [ ! -d $GHOST_CONTENT/$dir ]; then
                echo "Creating $GHOST_CONTENT/$dir directory"
                mkdir -pv $GHOST_CONTENT/$dir || echo "Error creating $GHOST_CONTENT/$dir directory"
              fi
              chown -Rfv 65532:65532 $GHOST_CONTENT/$dir && echo "chown ok on $dir" || echo "Error changing ownership of $GHOST_CONTENT/$dir directory"
            done
            exit 0


        volumeMounts:
        - name: k8s-ghost-content
          mountPath: /home/nonroot/app/ghost/content
          readOnly: false

      containers:
      - name: ghost-on-kubernetes
        image: ghcr.io/sredevopsorg/ghost-on-kubernetes:main
        imagePullPolicy: Always
        ports:
        - name: ghk8s
          containerPort: 2368
          protocol: TCP

        # You should uncomment the following lines in production. Change the values according to your environment.
        readinessProbe:
          httpGet:
            path: /ghost/api/v4/admin/site/
            port: ghk8s
            httpHeaders:
            - name: X-Forwarded-Proto
              value: https
            - name: Host
              value: yourdomain.tld
          periodSeconds: 10
          timeoutSeconds: 3
          successThreshold: 1
          failureThreshold: 3
          initialDelaySeconds: 10

        livenessProbe:
          httpGet:
            path: /ghost/api/v4/admin/site/
            port: ghk8s
            httpHeaders:
            - name: X-Forwarded-Proto
              value: https
            - name: Host
              value: yourdomain.tld
          periodSeconds: 300
          timeoutSeconds: 3
          successThreshold: 1
          failureThreshold: 1
          initialDelaySeconds: 30

        env:
        - name: NODE_ENV
          value: production
        resources:
          limits:
            cpu: 800m
            memory: 800Mi
          requests:
            cpu: 100m
            memory: 256Mi

        volumeMounts:
        - name: k8s-ghost-content
          mountPath: /home/nonroot/app/ghost/content
          readOnly: false
        - name: ghost-config-prod
          readOnly: true
          mountPath: /home/nonroot/app/ghost/config.production.json
          subPath: config.production.json
        - name: tmp # This is the temporary volume mount to allow loading themes
          mountPath: /tmp
          readOnly: false
        securityContext:
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
          runAsNonRoot: true
          runAsUser: 65532


      restartPolicy: Always
      terminationGracePeriodSeconds: 15
      dnsPolicy: ClusterFirst
      # Optional: Uncomment the following to specify node selectors
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: node-role.kubernetes.io/worker
                    operator: In
                    values:
                      - 'true'
      securityContext: {}