Add Kubernetes manifests for Ghostfolio application including PVC, Service, Deployment, and SealedSecret

cluster/apps/ghostfolio/ghostfolio-pvc.yml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: longhorn-ghostfolio
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 5Gi

cluster/apps/ghostfolio/ghostfolio-svc.yml

@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ghostfolio-service
+  namespace: default
+spec:
+  type: NodePort
+  selector:
+    app: ghostfolio
+  ports:
+  - port: 3333
+    targetPort: 3333
+    nodePort: 3232
+    protocol: TCP

cluster/apps/ghostfolio/ghostfolio.yml

@@ -0,0 +1,124 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ghostfolio
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: ghostfolio
+  template:
+    metadata:
+      labels:
+        app: ghostfolio
+    spec:
+      initContainers:
+      - name: cleanup-postgres
+        image: busybox
+        command:
+        - /bin/sh
+        - -c
+        - rm -rf /var/lib/postgresql/data/lost+found
+        volumeMounts:
+        - name: ghostfolio-data
+          mountPath: /var/lib/postgresql/data
+      - name: redis
+        image: docker.io/library/redis:alpine
+        command:
+        - /bin/sh
+        - -c
+        - redis-server --requirepass "$(redis-password)"
+        envFrom:
+        - secretRef:
+            name: ghostfolio-secrets
+        restartPolicy: Always
+        securityContext:
+          runAsUser: 999
+          runAsGroup: 1000
+          capabilities:
+            drop:
+            - ALL
+          allowPrivilegeEscalation: false
+        env:
+        - name: REDIS_HOST
+          value: "redis"
+        - name: REDIS_PORT
+          value: "6379"
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: ghostfolio-secrets
+              key: redis-password
+      - name: postgres
+        image: docker.io/library/postgres:15-alpine
+        restartPolicy: Always
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+            add:
+            - CHOWN
+            - DAC_READ_SEARCH
+            - FOWNER
+            - SETGID
+            - SETUID
+          allowPrivilegeEscalation: false
+        env:
+        - name: POSTGRES_USER
+          value: "ghostfolio"
+        - name: POSTGRES_DB
+          value: "ghostfolio"
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: ghostfolio-secrets
+              key: postgres-password
+      containers:
+      - name: ghostfolio
+        image: docker.io/ghostfolio/ghostfolio:latest
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+          allowPrivilegeEscalation: false
+        ports:
+        - containerPort: 3333
+        volumeMounts:
+        - name: ghostfolio-data
+          mountPath: /var/lib/postgresql/data
+        env:
+        - name: REDIS_HOST
+          value: "localhost"
+        - name: REDIS_PORT
+          value: "6379"
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: ghostfolio-secrets
+              key: redis-password
+        - name: POSTGRES_DB
+          value: "ghostfolio"
+        - name: POSTGRES_USER
+          value: "ghostfolio"
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: ghostfolio-secrets
+              key: postgres-password
+        - name: ACCESS_TOKEN_SALT
+          valueFrom:
+            secretKeyRef:
+              name: ghostfolio-secrets
+              key: access-token-salt
+        - name: JWT_SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: ghostfolio-secrets
+              key: jwt-secret-key
+        - name: DATABASE_URL
+          value: "postgresql://ghostfolio:akshun9501@localhost:5432/ghostfolio?connect_timeout=300&sslmode=prefer"
+      volumes:
+      - name: ghostfolio-data
+        persistentVolumeClaim:
+          claimName: longhorn-ghostfolio

cluster/config/secrets/ghostfolio-secrets-sealed.yml

@@ -0,0 +1,19 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: ghostfolio-secrets
+  namespace: default
+spec:
+  encryptedData:
+    access-token-salt: AgBDDwJbTl3ZR1wPkOvtvU6X/TPYbYsJ7J7ps/HJZPjMmYgO8bdZv/+TSE9niMbC0HaPdEGRfMemBdcUPqNa31jw0OP3fidPp1N8JzbjcTGFAvNcMhyKnVF5lhRw+7HecWtuST565jJj1VUw28eAylV6kUuVopiXmotrm4D8k6CTw+9/lrnJkLYYqB7YJbaRDTNYoCUh/hkRxaxpiz4p7HyhHoKqyIFkaA7kZKrFosRycsnO0B6auw3Gyl82lEUixIoI0No2PS3Qi7ZmwNGP2uiX79H1rn974wqi3EhZxDHOfoCuK1+DUl0anld/KxYj28B6LylFhI5U/DnXJ43c6EWYw1pfte8nHe2ygUfHBHDgqVl4Jq8XfpzUpl88TTGcZ4tQzFh9cVo4nSwdjWKXYfbd0arEId3yl7GnKR74qDiZxYR/JEnAUFzY885kQ9jcvKSirFzeUFWTj/kxjIOiwZOEfvGfCmngyHfCkjXshAfZ6UDH45BdK6GzYmUT9eAiYCLqmsdgsMwad1MmCmS5zTZVozntmFPkTMm3gZL41WtCpIL7PM/QkbY4TZM5At3xrJyTNznGLO4FyFHwVYEgWrTLghiU9tcmtnQvusToP1jdbRUx5RoFZ2BhhepryBkRxonZ+DO4K4aS1PojO3p+coUtJWJhJm5o6n4EDCaHaPpopgFEva+vsxgIP9wqpGjrlmbBIPmNSveUB0u3aFq8GPhRPpWRcA==
+    jwt-secret-key: AgC5Z7MaZ9kqEEvcZMk6n2DoQERFUToVDbeRuXQssp582j2rWmI2kjW8qYimEjNAY33iFwBYqBQ60A4dAVnKEFDjumO2APZLNsFLNzqrm+TP7gs9RFrvEtDwCfy/hXIXMdKTKCXXwfv/t8yUYKGOfF2r8tquI89DtRzS8cjdr+p8CiIG8IXZpGoT/Q0kuVPDI3Grh8yFMygc8OWIR/S+q4LYG4EeYSjkoyUnNmO+GinpEBigT3ZHmjlprJUivq52+F9OPObuZhHQIy8hxCIabsgt6SEfAE4bYaaPVzRhpcGlDOX7XYs+NQDEmwyPMjfYLgRx9iXxblBdvGo3Q1xDQQwFrNJ4G/lP6V/4xhBRyr9exHlKoGQBfgpoKojhMXVKCeTNM8Gj68DibwLHzdBfxHYaQ1Kg0MgMclho69+5otgOuyKhNwGQm5X8BYlvQcfv/KSqeIMMiSjNqiy5ni2vRfnoAtu25rpqFzut4kAleY1iGFgkFs8yMqtfBzR6LTgzLm1fjqO5J1QZu8/aMqgKion4X7NA0PiS4ZZaoiheBql7HwIoi8OWUpSeSPnHe5HhGerF6T+kITKjmlE7mPhfiDL2pi0KjtY2S6zPa7reZ2XVTKtpVdmBPwfDZMkExuYcsOZ5i30SAjq2QYlb0rDxlZ11a6seCmd5NdLBTmE26wk5wlIZF1q3nO7CnjIRJNeIHAq05INMn0JLw1k8gKvaG7dV+5KTHA==
+    postgres-password: AgAyms/qOR9MTPKAhm88HpeoWCJjYlDSrhUYkpZhoRWsU5IPVgmV08GExL2gV32POZEI0tTvzoa2RWuOHcbybSISnf/LhbPMj9Ug3UMslFSxhx9VEYpDtk40pOJFFeiSyMZcRChm8T48vlmorbjw03vpZCqml9rhpeXfp9wv9tw8exQUppbt4mjkjgeE5TLPPqxvT+ZzVn8R4WNztvZwWVvUmGOg8HRC7yvq64LbHhjadKdra+Epi2t5CoZMZ4P4fyIWublNA6FMslkpIozsd5SxozDr+tsZdoKVrSaoDA/yzzbtCvNaGeA9E157ZKiv9mN4MMk4z8Vzf8iX1H+Af6fYNAZu+te5Wj4nFXxFxHZ+1OI9w6dKKKJ/r74i9wizBoFgqT76CJvYfWD4d4+l7uliciOlJ+gJvqaopA2y/zkNA6p/OIz5PkpmAXwC3pKqvzhJCZC2cxcDaYN5XhdXstmQOcO0AnVYGftc1rgDvuzKQuN/4nmeVyFvsn8QTk7JA0b7+N5BYocpC31lNtylzJZ6URKAzpvEOjwWi12bU+CvZuTj0gHCW1qVKvZF49gl5ldkynKNo/ENGrDEm+Vr5j0XMBP4wAjPHb8nPcmTKlfguN/zwIvsz/BA+RNEq/e0ZTjGwHMUjonJ3UJxmluepexYarHj0adI3+jO4HKcsCBHimjy7VMCWRHdg919RKNVUsqvjutUZqKGrFdx
+    redis-password: AgBUrsideOc2PYoRyAJ4j5xS/1nI34zfjlP0nDkEmHoL8o3nk1Ks+Tikmg3VoSOa2Ww8Bd2szcHKsZPTLHWbf7xMzE+DQ+/ktHPRBIwI1DtnWRX4rna+vtdjt4I0LayFUgCPXCNRYE892Qxc/WP23e9wvTXL9hGMOEL3cvFYNXDrdiVaLLM+KMEuY8EERkvQiQQtceubJ3fsMt2IbL/navWJOzas0AwhbSVlfl2AwVUCypGufucZ3GndJ2dBa3FXSi+N8I9n/6aEp21picnsMnyxEBL/cR0+Sj8Q/026A5k+hoHhypfAbZJpKOOVXAQS4G1PEciabh7PsypT/fXggLldMiIqL/Avh9ZpbtTD9uu+8b2IZ+fwLW29Mt4HjLtz+MBhXsE6XhIuLGmTY7iztqEy2SHmq5q+KI/nzUx8Nkz1XwNJ4bGPIeLgvvjKW0Lj90mgsII+ijh2I+fv+GL9dwDyXTY/j09OY4Z02xZ5Lw6GANN1O3qIhLKpurjyUWR8EppkV/MpKukvTqcErtXcLtYa63JqCnoKpdoecOLahHdV9B0yGQj3XTKfHJpVERYLSCZZJMkM7iL2u07Q7HIOboQyHGZqAIU0JhW0JSdR0VVsZVrioui28tzNdb/5O3F14wZCs+PdCC+kT7zRF2VC1hDsRwRswjezr4fYZzwLQK9HBbHveyRuopH041YiUtx30XpxY+sfpCZu+O90
+  template:
+    metadata:
+      creationTimestamp: null
+      name: ghostfolio-secrets
+      namespace: default
+    type: Opaque