HOWTO: Deploy ghost with helm on kubernetes

Developer help Self-hosting
1

This is the yaml I use to deploy ghost on Kubernetes using the helm chart from https://charts.bitnami.com/bitnami.

affinity: {}
allowEmptyPassword: false
args: []
automountServiceAccountToken: false
clusterDomain: cluster.local
command: []
commonAnnotations: {}
commonLabels: {}
containerPorts:
  http: 2368
  https: 2368
containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
  enabled: true
  privileged: false
  readOnlyRootFilesystem: true
  runAsGroup: 1001
  runAsNonRoot: true
  runAsUser: 1001
  seLinuxOptions: {}
  seccompProfile:
    type: RuntimeDefault
customLivenessProbe: {}
customReadinessProbe: {}
diagnosticMode:
  args:
    - infinity
  command:
    - sleep
  enabled: false
existingSecret: ''
externalDatabase:
  database: ghost
  existingSecret: ''
  host: mariadb01.example.com
  password: SomeSecret
  port: 3306
  ssl: false
  sslCaFile: ''
  user: ghost
extraContainerPorts: []
extraDeploy: []
extraEnvVars: []
extraEnvVarsCM: ''
extraEnvVarsSecret: ''
extraVolumeMounts: []
extraVolumes: []
fullnameOverride: ''
ghostBlogTitle: Blog of René Jochum
ghostEmail: ghost@example.com
ghostEnableHttps: true
ghostHost: example.com
ghostPassword: anotherSecret
ghostPath: /
ghostSkipInstall: true
ghostUsername: jochumdev
global:
  compatibility:
    openshift:
      adaptSecurityContext: auto
  imagePullSecrets: []
  imageRegistry: ''
  storageClass: ''
  cattle:
    systemProjectId: p-g2j9j
hostAliases: []
image:
  debug: false
  digest: ''
  pullPolicy: IfNotPresent
  pullSecrets: []
  registry: docker.io
  repository: bitnami/ghost
  tag: 5.82.2-debian-12-r0
ingress:
  annotations: {}
  apiVersion: ''
  enabled: false
  extraHosts: []
  extraPaths: []
  extraRules: []
  extraTls: []
  hostname: rene.example.com
  ingressClassName: ''
  path: /
  pathType: ImplementationSpecific
  secrets: []
  selfSigned: false
  tls: false
initContainers: []
kubeVersion: ''
lifecycleHooks: {}
livenessProbe:
  enabled: true
  failureThreshold: 6
  initialDelaySeconds: 120
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 5
mysql:
  architecture: standalone
  auth:
    database: ghost
    existingSecret: ''
    password: ''
    rootPassword: ''
    username: bn_ghost
  enabled: false
  primary:
    persistence:
      accessModes:
        - ReadWriteOnce
      enabled: true
      size: 8Gi
      storageClass: ''
    resources: {}
    resourcesPreset: small
nameOverride: ''
networkPolicy:
  allowExternal: true
  allowExternalEgress: true
  enabled: true
  extraEgress: []
  extraIngress: []
  ingressNSMatchLabels: {}
  ingressNSPodMatchLabels: {}
nodeAffinityPreset:
  key: ''
  type: ''
  values: []
nodeSelector: {}
persistence:
  accessModes:
    - ReadWriteOnce
  annotations: {}
  enabled: true
  existingClaim: ''
  size: 8Gi
  storageClass: ''
  subPath: ''
podAffinityPreset: ''
podAnnotations: {}
podAntiAffinityPreset: soft
podLabels: {}
podSecurityContext:
  enabled: true
  fsGroup: 1001
  fsGroupChangePolicy: Always
  supplementalGroups: []
  sysctls: []
priorityClassName: ''
readinessProbe:
  enabled: true
  failureThreshold: 6
  initialDelaySeconds: 30
  periodSeconds: 5
  successThreshold: 1
  timeoutSeconds: 3
replicaCount: 1
resources: {}
resourcesPreset: micro
schedulerName: ''
service:
  annotations: {}
  clusterIP: ''
  externalTrafficPolicy: Cluster
  extraPorts: []
  loadBalancerIP: ''
  loadBalancerSourceRanges: []
  nodePorts:
    http: ''
    https: ''
  ports:
    http: 80
    https: 443
  sessionAffinity: None
  sessionAffinityConfig: {}
  type: ClusterIP
serviceAccount:
  annotations: {}
  automountServiceAccountToken: false
  create: true
  name: ''
sidecars: []
smtpExistingSecret: ''
smtpHost: mail.example.com
smtpPassword: thirdSecret
smtpPort: '587'
smtpProtocol: tls
smtpService: ''
smtpUser: ghost@example.com
startupProbe:
  enabled: false
  failureThreshold: 6
  initialDelaySeconds: 120
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 5
tolerations: []
topologySpreadConstraints: []
updateStrategy:
  type: RollingUpdate
volumePermissions:
  enabled: false
  image:
    digest: ''
    pullPolicy: IfNotPresent
    pullSecrets: []
    registry: docker.io
    repository: bitnami/os-shell
    tag: 12-debian-12-r18
  resources: {}
  resourcesPreset: none
  securityContext:
    runAsUser: 0
    seLinuxOptions: null

As I’m using rancher it’s a thing of some clicks to install a new instance of ghost for me else you can use.

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm install -n blogs ghost1 bitnami/ghost -f values.yaml

To deploy with Traefik as Ingress:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: ghost-admin
  namespace: blogs
spec:
  ipWhiteList:
    sourceRange:
      - 10.0.0.0/8
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: blog.example.com
  namespace: blogs
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`blog.example.com`)
      priority: 10
      services:
        - kind: Service
          name: ghost
          passHostHeader: true
          port: https
          scheme: http
    - kind: Rule
      match: Host(`blog.example.com`) && PathPrefix(`/ghost/api/admin`)
      middlewares:
        - name: ghost-admin
      priority: 20
      services:
        - kind: Service
          name: ghost
          passHostHeader: true
          scheme: http
  tls:
    certResolver: letsencrypt-prod