From 9ab78d9bb6297e8fdd09511e1e01feb5cd2f52e8 Mon Sep 17 00:00:00 2001 From: chemavx Date: Fri, 29 May 2026 08:59:20 +0000 Subject: [PATCH] =?UTF-8?q?feat:=20adopt=20ghost-en=20into=20GitOps=20with?= =?UTF-8?q?=20non-www=20=E2=86=92=20www=20redirect?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Brings the existing manually-applied ghost-en (theexclusionzone.com) into the GitOps repo. Adds redirect-to-www-https middleware to fix the Google Search Console redirect issue: non-www now 301s to https://www instead of serving duplicate content. Co-Authored-By: Claude Opus 4.7 (1M context) --- README.md | 1 + ghost-en/argocd-app.yaml | 28 +++++++++ ghost-en/certificate.yaml | 13 ++++ ghost-en/deployment.yaml | 118 ++++++++++++++++++++++++++++++++++++ ghost-en/ingressroutes.yaml | 52 ++++++++++++++++ ghost-en/middlewares.yaml | 22 +++++++ 6 files changed, 234 insertions(+) create mode 100644 ghost-en/argocd-app.yaml create mode 100644 ghost-en/certificate.yaml create mode 100644 ghost-en/deployment.yaml create mode 100644 ghost-en/ingressroutes.yaml create mode 100644 ghost-en/middlewares.yaml diff --git a/README.md b/README.md index 8e32fc6..d932f5e 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,7 @@ Los secrets TLS los gestiona **cert-manager** automáticamente a partir del recu | `cloudflare-ddns` | `cloudflare-ddns-secret` | Ver Vaultwarden → "cloudflare-ddns" | | `vaultwarden` | `vaultwarden-secret` | Ver Vaultwarden → "vaultwarden" | | `openclaw` | `openclaw-token` | Ver Vaultwarden → "openclaw" | +| `ghost-en` | `ghost-en-smtp` | `kubectl create secret generic ghost-en-smtp --from-literal=SMTP_USER='' --from-literal=SMTP_PASS='' -n ghost-en` | | `argocd` | `argocd-secret` | Gestionado por ArgoCD bootstrap | | `argocd` | `argocd-redis` | Gestionado por ArgoCD bootstrap | | `monitoring` | `kube-prometheus-stack-grafana` | Ver Vaultwarden → "grafana" | diff --git a/ghost-en/argocd-app.yaml b/ghost-en/argocd-app.yaml new file mode 100644 index 0000000..e174979 --- /dev/null +++ b/ghost-en/argocd-app.yaml @@ -0,0 +1,28 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ghost-en + namespace: argocd +spec: + project: default + source: + repoURL: https://git.chemavx.xyz/chemavx/k8s-manifests + targetRevision: HEAD + path: ghost-en + destination: + server: https://kubernetes.default.svc + namespace: ghost-en + ignoreDifferences: + - group: "" + kind: Secret + name: ghost-en-smtp + namespace: ghost-en + jsonPointers: + - /data + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true diff --git a/ghost-en/certificate.yaml b/ghost-en/certificate.yaml new file mode 100644 index 0000000..11d88f7 --- /dev/null +++ b/ghost-en/certificate.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ghost-en-tls + namespace: ghost-en +spec: + secretName: ghost-en-tls + issuerRef: + kind: ClusterIssuer + name: letsencrypt-prod + dnsNames: + - theexclusionzone.com + - www.theexclusionzone.com diff --git a/ghost-en/deployment.yaml b/ghost-en/deployment.yaml new file mode 100644 index 0000000..d72743d --- /dev/null +++ b/ghost-en/deployment.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ghost-en + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ghost-en-content + namespace: ghost-en +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: local-path + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ghost-en + namespace: ghost-en + labels: + app: ghost-en +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: ghost-en + template: + metadata: + labels: + app: ghost-en + spec: + containers: + - name: ghost + image: ghost:5-alpine + ports: + - containerPort: 2368 + env: + - name: url + value: "https://www.theexclusionzone.com" + - name: NODE_ENV + value: "production" + - name: database__client + value: "sqlite3" + - name: database__connection__filename + value: "/var/lib/ghost/content/data/ghost.db" + - name: mail__transport + value: "SMTP" + - name: mail__options__service + value: "Gmail" + - name: mail__options__host + value: "smtp.gmail.com" + - name: mail__options__port + value: "465" + - name: mail__options__secureConnection + value: "true" + - name: mail__options__auth__user + valueFrom: + secretKeyRef: + name: ghost-en-smtp + key: SMTP_USER + - name: mail__options__auth__pass + valueFrom: + secretKeyRef: + name: ghost-en-smtp + key: SMTP_PASS + - name: privacy__useUpdateCheck + value: "false" + livenessProbe: + httpGet: + path: /ghost/api/v4/admin/site/ + port: 2368 + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: /ghost/api/v4/admin/site/ + port: 2368 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "500m" + memory: "512Mi" + volumeMounts: + - name: ghost-en-content + mountPath: /var/lib/ghost/content + volumes: + - name: ghost-en-content + persistentVolumeClaim: + claimName: ghost-en-content + +--- +apiVersion: v1 +kind: Service +metadata: + name: ghost-en + namespace: ghost-en +spec: + selector: + app: ghost-en + ports: + - port: 2368 + targetPort: 2368 + protocol: TCP diff --git a/ghost-en/ingressroutes.yaml b/ghost-en/ingressroutes.yaml new file mode 100644 index 0000000..8817dc0 --- /dev/null +++ b/ghost-en/ingressroutes.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: ghost-en-https + namespace: ghost-en +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`www.theexclusionzone.com`) + services: + - name: ghost-en + port: 2368 + - kind: Rule + match: Host(`theexclusionzone.com`) + middlewares: + - name: redirect-to-www-https + namespace: ghost-en + services: + - name: ghost-en + port: 2368 + tls: + secretName: ghost-en-tls + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: ghost-en-http-redirect + namespace: ghost-en +spec: + entryPoints: + - web + routes: + - kind: Rule + match: Host(`www.theexclusionzone.com`) + middlewares: + - name: redirect-to-https + namespace: ghost-en + services: + - name: ghost-en + port: 2368 + - kind: Rule + match: Host(`theexclusionzone.com`) + middlewares: + - name: redirect-to-www-https + namespace: ghost-en + services: + - name: ghost-en + port: 2368 diff --git a/ghost-en/middlewares.yaml b/ghost-en/middlewares.yaml new file mode 100644 index 0000000..13c25cf --- /dev/null +++ b/ghost-en/middlewares.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: redirect-to-https + namespace: ghost-en +spec: + redirectScheme: + scheme: https + permanent: true + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: redirect-to-www-https + namespace: ghost-en +spec: + redirectRegex: + regex: ^https?://theexclusionzone\.com/(.*) + replacement: https://www.theexclusionzone.com/${1} + permanent: true