Migrate ghost from helm to manifests

apps/prod/ghost/deployment-patch.yaml

@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ghost
+  namespace: ghost
+spec:
+  template:
+    spec:
+      containers:
+      - name: ghost
+        env:
+        - name: url
+          value: https://${GHOST_URL}
+        volumeMounts:
+        - name: ghost-content
+          mountPath: /var/lib/ghost/content
+      volumes:
+      - name: ghost-content
+        persistentVolumeClaim:
+          claimName: ghost-content

apps/prod/ghost/kustomization.yaml

@@ -1,19 +1,14 @@
-# /apps/prod/ghost/kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: ghost
 
 resources:
   - ../../base/ghost
-  - release.yaml
+  - pvc.yaml
   - ingress.yaml
-  - secret.enc.yaml
 
-configMapGenerator:
-  - name: ghost-prod-values
-    namespace: ghost
-    files:
-      - values.yaml
+patchesStrategicMerge:
+  - deployment-patch.yaml
 
 configurations:
   - kustomizeconfig.yaml

apps/prod/ghost/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ghost-content
+  namespace: ghost
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: retain-local-path
+  resources:
+    requests:
+      storage: 5Gi

apps/prod/ghost/release.yaml

@@ -1,19 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: ghost
-  namespace: ghost
-spec:
-  interval: 1h
-  chart:
-    spec:
-      chart: ghost
-      version: "22.2.3"
-      sourceRef:
-        kind: HelmRepository
-        name: bitnami
-        namespace: ghost
-      interval: 1h
-  valuesFrom:
-    - kind: ConfigMap
-      name: ghost-prod-values

apps/prod/ghost/secret.enc.yaml

@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: ghost-admin-secret
-    namespace: ghost
-type: Opaque
-stringData:
-    ghost-password: ENC[AES256_GCM,data:UfT+Is1grMWVhQOl2ew7etgE,iv:fDiZ4re4odMYd2LJk90qwqdMvr9+oH0fW7SZiEjE6TU=,tag:qbREC2IScRYq6Y9lk4C5EA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvd0VQMmJYVFp4bVBYWTZh
-            RmlGQXE5YlBZZjVFYlJERFR1Q3B5U2tncDBVCkVvczlzakJFN3o2UGFiLzZaN2pL
-            RVRYTUpOYTdpNUFNVWhldFVucVBwNXMKLS0tIHRNUVpnSkpVeHV6L0FaOFZVdW8v
-            ZGs3Y2dkZEtmTG9GbVRoMzJoTFJpaHMKENlCAd/B6HLlL2NlRXx64JqoJYuxNQwj
-            KRGmUNbjDIjFQym/8LI6XbIW1WgrWa/6pVdzkUOjjTXe6V9BijFGhw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-23T15:09:57Z"
-    mac: ENC[AES256_GCM,data:Xy351DGdecmgyDrNR9QUMj5QXlqnm4icdJix0zyiX8THO8cojHj7g5qfrXLuQbN6G5zMVW0b6YgDiSeaXvSFje1tHNZd4cCmq3BO4A0MTAUufau6n50nWFlWaMecny4JIPYS+kJe6FUq68mCv/aaDMWPOf3jZDfPYb5KUVqat80=,iv:aLphC2N5vkBB9Ma5NafpP6dyHD5rM3Z6aI+g1sJ5KNM=,tag:yFslBcL/oKWwdWG2ZWeBrA==,type:str]
-    pgp: []
-    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
-    version: 3.9.4

apps/prod/ghost/values.yaml

@@ -1,24 +0,0 @@
-mysql:
-  enabled: false
-postgresql:
-  enabled: false
-
-persistence:
-  enabled: true
-  storageClass: "retain-local-path"
-  size: 8Gi
-
-ghostHost: "${GHOST_DOMAIN}"
-ghostUsername: admin
-existingSecret: "ghost-admin-secret"
-ghostEmail: "${GHOST_ADMIN_EMAIL}"
-ghostBlogTitle: ""
-
-service:
-  type: ClusterIP
-
-extraEnvVars:
-  - name: database__client
-    value: sqlite3
-  - name: NODE_ENV
-    value: production