Add ghost deployment

apps/prod/ghost/ingress.yaml

@@ -0,0 +1,14 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ghost-ingress
+  namespace: ghost
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`${GHOST_DOMAIN}`)
+    kind: Rule
+    services:
+    - name: ghost
+      port: 80

apps/prod/ghost/kustomization.yaml

@@ -0,0 +1,19 @@
+# /apps/prod/ghost/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: ghost
+
+resources:
+  - ../../base/ghost
+  - release.yaml
+  - ingress.yaml
+  - secret.enc.yaml
+
+configMapGenerator:
+  - name: ghost-prod-values
+    namespace: ghost
+    files:
+      - values.yaml
+
+configurations:
+  - kustomizeconfig.yaml

apps/prod/ghost/kustomizeconfig.yaml

@@ -0,0 +1,7 @@
+# /apps/prod/ghost/kustomizeconfig.yaml
+nameReference:
+- kind: ConfigMap
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease

apps/prod/ghost/release.yaml

@@ -0,0 +1,19 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: ghost
+  namespace: ghost
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: ghost
+      version: "22.2.3"
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: ghost
+      interval: 1h
+  valuesFrom:
+    - kind: ConfigMap
+      name: ghost-prod-values

apps/prod/ghost/secret.enc.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: ghost-admin-secret
+    namespace: ghost
+type: Opaque
+stringData:
+    ghost-password: ENC[AES256_GCM,data:UfT+Is1grMWVhQOl2ew7etgE,iv:fDiZ4re4odMYd2LJk90qwqdMvr9+oH0fW7SZiEjE6TU=,tag:qbREC2IScRYq6Y9lk4C5EA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvd0VQMmJYVFp4bVBYWTZh
+            RmlGQXE5YlBZZjVFYlJERFR1Q3B5U2tncDBVCkVvczlzakJFN3o2UGFiLzZaN2pL
+            RVRYTUpOYTdpNUFNVWhldFVucVBwNXMKLS0tIHRNUVpnSkpVeHV6L0FaOFZVdW8v
+            ZGs3Y2dkZEtmTG9GbVRoMzJoTFJpaHMKENlCAd/B6HLlL2NlRXx64JqoJYuxNQwj
+            KRGmUNbjDIjFQym/8LI6XbIW1WgrWa/6pVdzkUOjjTXe6V9BijFGhw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-23T15:09:57Z"
+    mac: ENC[AES256_GCM,data:Xy351DGdecmgyDrNR9QUMj5QXlqnm4icdJix0zyiX8THO8cojHj7g5qfrXLuQbN6G5zMVW0b6YgDiSeaXvSFje1tHNZd4cCmq3BO4A0MTAUufau6n50nWFlWaMecny4JIPYS+kJe6FUq68mCv/aaDMWPOf3jZDfPYb5KUVqat80=,iv:aLphC2N5vkBB9Ma5NafpP6dyHD5rM3Z6aI+g1sJ5KNM=,tag:yFslBcL/oKWwdWG2ZWeBrA==,type:str]
+    pgp: []
+    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
+    version: 3.9.4

apps/prod/ghost/values.yaml

@@ -0,0 +1,24 @@
+mysql:
+  enabled: false
+postgresql:
+  enabled: false
+
+persistence:
+  enabled: true
+  storageClass: "retain-local-path"
+  size: 8Gi
+
+ghostHost: "${GHOST_URL}"
+ghostUsername: admin
+existingSecret: "ghost-admin-secret"
+ghostEmail: "${GHOST_ADMIN_EMAIL}"
+ghostBlogTitle: ""
+
+service:
+  type: ClusterIP
+
+extraEnvVars:
+  - name: database__client
+    value: sqlite3
+  - name: NODE_ENV
+    value: production