aggarwalakshun/public-k3s
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Add Kubernetes manifests for Ghostfolio application including PVC, Service, Deployment, and SealedSecret

Browse Source
This commit is contained in:
Akshun Aggarwal
2025-05-22 22:16:01 +05:30
parent 5904bd02e6
commit a0a7ba6f59
4 changed files with 171 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cluster/apps/ghostfolio/ghostfolio-pvc.yml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: longhorn-ghostfolio
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: longhorn
resources:
requests:
storage: 5Gi

15
cluster/apps/ghostfolio/ghostfolio-svc.yml Normal file
View File

@@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: ghostfolio-service
namespace: default
spec:
type: NodePort
selector:
app: ghostfolio
ports:
- port: 3333
targetPort: 3333
nodePort: 3232
protocol: TCP

124
cluster/apps/ghostfolio/ghostfolio.yml Normal file
View File

@@ -0,0 +1,124 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ghostfolio
namespace: default
spec:
selector:
matchLabels:
app: ghostfolio
template:
metadata:
labels:
app: ghostfolio
spec:
initContainers:
- name: cleanup-postgres
image: busybox
command:
- /bin/sh
- -c
- rm -rf /var/lib/postgresql/data/lost+found
volumeMounts:
- name: ghostfolio-data
mountPath: /var/lib/postgresql/data
- name: redis
image: docker.io/library/redis:alpine
command:
- /bin/sh
- -c
- redis-server --requirepass "$(redis-password)"
envFrom:
- secretRef:
name: ghostfolio-secrets
restartPolicy: Always
securityContext:
runAsUser: 999
runAsGroup: 1000
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
env:
- name: REDIS_HOST
value: "redis"
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: ghostfolio-secrets
key: redis-password
- name: postgres
image: docker.io/library/postgres:15-alpine
restartPolicy: Always
securityContext:
capabilities:
drop:
- ALL
add:
- CHOWN
- DAC_READ_SEARCH
- FOWNER
- SETGID
- SETUID
allowPrivilegeEscalation: false
env:
- name: POSTGRES_USER
value: "ghostfolio"
- name: POSTGRES_DB
value: "ghostfolio"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: ghostfolio-secrets
key: postgres-password
containers:
- name: ghostfolio
image: docker.io/ghostfolio/ghostfolio:latest
securityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
ports:
- containerPort: 3333
volumeMounts:
- name: ghostfolio-data
mountPath: /var/lib/postgresql/data
env:
- name: REDIS_HOST
value: "localhost"
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: ghostfolio-secrets
key: redis-password
- name: POSTGRES_DB
value: "ghostfolio"
- name: POSTGRES_USER
value: "ghostfolio"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: ghostfolio-secrets
key: postgres-password
- name: ACCESS_TOKEN_SALT
valueFrom:
secretKeyRef:
name: ghostfolio-secrets
key: access-token-salt
- name: JWT_SECRET_KEY
valueFrom:
secretKeyRef:
name: ghostfolio-secrets
key: jwt-secret-key
- name: DATABASE_URL
value: "postgresql://ghostfolio:akshun9501@localhost:5432/ghostfolio?connect_timeout=300&sslmode=prefer"
volumes:
- name: ghostfolio-data
persistentVolumeClaim:
claimName: longhorn-ghostfolio