hvg-dev/blog
1
0
Fork 0
Code Actions Activity

+ ADD kubernetes deployment

Browse Source
This commit is contained in:
felegy
2025-10-01 07:42:27 +00:00
parent 28c75bf5c0
commit 267c96c75f
29 changed files with 1321 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

756
.devops/db/wp_init_db Normal file
View File

File diff suppressed because one or more lines are too long

BIN
.devops/db/wp_init_db.gz
View File

Binary file not shown.

2
.lando.yml
View File

@@ -7,7 +7,7 @@ recipe: wordpress
config: config:
php: '8.3' php: '8.3'
via: nginx via: nginx
database: mariadb:11.4.5 database: mariadb
webroot: web webroot: web
xdebug: false xdebug: false
config: config:

48
composer.lock generated
View File

@@ -62,16 +62,16 @@
}, },
{ {
"name": "aws/aws-sdk-php", "name": "aws/aws-sdk-php",
"version": "3.356.25", "version": "3.356.29",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/aws/aws-sdk-php.git", "url": "https://github.com/aws/aws-sdk-php.git",
"reference": "d78bd3b221890aac679ec3b6cb5abcb01fd42699" "reference": "3e413221956aa969f379ff6fa67a303ce76aad13"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/d78bd3b221890aac679ec3b6cb5abcb01fd42699", "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/3e413221956aa969f379ff6fa67a303ce76aad13",
"reference": "d78bd3b221890aac679ec3b6cb5abcb01fd42699", "reference": "3e413221956aa969f379ff6fa67a303ce76aad13",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@@ -153,9 +153,9 @@
"support": { "support": {
"forum": "https://github.com/aws/aws-sdk-php/discussions", "forum": "https://github.com/aws/aws-sdk-php/discussions",
"issues": "https://github.com/aws/aws-sdk-php/issues", "issues": "https://github.com/aws/aws-sdk-php/issues",
"source": "https://github.com/aws/aws-sdk-php/tree/3.356.25" "source": "https://github.com/aws/aws-sdk-php/tree/3.356.29"
}, },
"time": "2025-09-24T18:08:25+00:00" "time": "2025-09-30T18:12:45+00:00"
}, },
{ {
"name": "composer/installers", "name": "composer/installers",
@@ -1318,7 +1318,7 @@
}, },
{ {
"name": "roots/wordpress", "name": "roots/wordpress",
"version": "6.8.2", "version": "6.8.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/roots/wordpress.git", "url": "https://github.com/roots/wordpress.git",
@@ -1349,7 +1349,7 @@
], ],
"support": { "support": {
"issues": "https://github.com/roots/wordpress/issues", "issues": "https://github.com/roots/wordpress/issues",
"source": "https://github.com/roots/wordpress/tree/6.8.2" "source": "https://github.com/roots/wordpress/tree/6.8.3"
}, },
"funding": [ "funding": [
{ {
@@ -1428,23 +1428,23 @@
}, },
{ {
"name": "roots/wordpress-no-content", "name": "roots/wordpress-no-content",
"version": "6.8.2", "version": "6.8.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/WordPress/WordPress.git", "url": "https://github.com/WordPress/WordPress.git",
"reference": "6.8.2" "reference": "6.8.3"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://downloads.wordpress.org/release/wordpress-6.8.2-no-content.zip", "url": "https://downloads.wordpress.org/release/wordpress-6.8.3-no-content.zip",
"reference": "6.8.2", "reference": "6.8.3",
"shasum": "7d8dcb839f4754e331d93b86f9adc8c171d81e97" "shasum": "2c34ba506afd8061d96cde50b2c92f109c10d2c8"
}, },
"require": { "require": {
"php": ">= 7.2.24" "php": ">= 7.2.24"
}, },
"provide": { "provide": {
"wordpress/core-implementation": "6.8.2" "wordpress/core-implementation": "6.8.3"
}, },
"suggest": { "suggest": {
"ext-curl": "Performs remote request operations.", "ext-curl": "Performs remote request operations.",
@@ -1495,7 +1495,7 @@
"type": "other" "type": "other"
} }
], ],
"time": "2025-07-15T15:29:08+00:00" "time": "2025-09-30T18:16:31+00:00"
}, },
{ {
"name": "roots/wp-config", "name": "roots/wp-config",
@@ -1966,15 +1966,15 @@
}, },
{ {
"name": "wpackagist-plugin/ad-inserter", "name": "wpackagist-plugin/ad-inserter",
"version": "2.8.6", "version": "2.8.7",
"source": { "source": {
"type": "svn", "type": "svn",
"url": "https://plugins.svn.wordpress.org/ad-inserter/", "url": "https://plugins.svn.wordpress.org/ad-inserter/",
"reference": "tags/2.8.6" "reference": "tags/2.8.7"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://downloads.wordpress.org/plugin/ad-inserter.2.8.6.zip" "url": "https://downloads.wordpress.org/plugin/ad-inserter.2.8.7.zip"
}, },
"require": { "require": {
"composer/installers": "^1.0 || ^2.0" "composer/installers": "^1.0 || ^2.0"
@@ -2220,16 +2220,16 @@
"packages-dev": [ "packages-dev": [
{ {
"name": "heroku/heroku-buildpack-php", "name": "heroku/heroku-buildpack-php",
"version": "v274", "version": "v275",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/heroku/heroku-buildpack-php.git", "url": "https://github.com/heroku/heroku-buildpack-php.git",
"reference": "0383c0a081ef588c2d562ad4649421a6df669252" "reference": "a1f687c253f74f8d6db74a1410c43966e22cf946"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/heroku/heroku-buildpack-php/zipball/0383c0a081ef588c2d562ad4649421a6df669252", "url": "https://api.github.com/repos/heroku/heroku-buildpack-php/zipball/a1f687c253f74f8d6db74a1410c43966e22cf946",
"reference": "0383c0a081ef588c2d562ad4649421a6df669252", "reference": "a1f687c253f74f8d6db74a1410c43966e22cf946",
"shasum": "" "shasum": ""
}, },
"bin": [ "bin": [
@@ -2259,9 +2259,9 @@
], ],
"support": { "support": {
"issues": "https://github.com/heroku/heroku-buildpack-php/issues", "issues": "https://github.com/heroku/heroku-buildpack-php/issues",
"source": "https://github.com/heroku/heroku-buildpack-php/tree/v274" "source": "https://github.com/heroku/heroku-buildpack-php/tree/v275"
}, },
"time": "2025-09-19T21:18:10+00:00" "time": "2025-09-30T23:28:36+00:00"
}, },
{ {
"name": "roave/security-advisories", "name": "roave/security-advisories",

6
k8s/build/0-default-lifecycle.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kpack.io/v1alpha2
kind: ClusterLifecycle
metadata:
name: default-lifecycle
spec:
image: buildpacksio/lifecycle

9
k8s/build/0-kpack-service-account.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kpack-service-account
namespace: kpack
secrets:
- name: kp-default-registry-creds
imagePullSecrets:
- name: kp-default-registry-creds

10
k8s/build/1-default-clusterstores.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: kpack.io/v1alpha2
kind: ClusterStore
metadata:
name: default
spec:
serviceAccountRef:
name: kpack-service-account
namespace: kpack
sources:
- image: ghcr.io/hvg-dev/test-builder@sha256:3c169742c4d278f9baa79003b1a998d9337cc2050c7845207d8012207c16a1a7

13
k8s/build/1-heroku-24-clusterstacks.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: kpack.io/v1alpha2
kind: ClusterStack
metadata:
name: heroku-24
spec:
buildImage:
image: ghcr.io/hvg-dev/test-builder@sha256:6294ec780aeb492bbcef91884c21d9b5f1fc1f88f6096228ea2e3a640dadef09
id: heroku-24
runImage:
image: ghcr.io/hvg-dev/test-builder@sha256:9a80c7da247decbfb1350c1fb0aa6436d74bde59953751e6193835063ca38e84
serviceAccountRef:
name: kpack-service-account
namespace: kpack

25
k8s/build/3-builder-clusterbuilders.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: kpack.io/v1alpha2
kind: ClusterBuilder
metadata:
name: builder
spec:
lifecycle:
kind: ClusterLifecycle
name: default-lifecycle
order:
- group:
- id: heroku/php
- id: heroku/procfile
- group:
- id: heroku/nodejs
- id: heroku/procfile
serviceAccountRef:
name: kpack-service-account
namespace: kpack
stack:
kind: ClusterStack
name: heroku-24
store:
kind: ClusterStore
name: default
tag: ghcr.io/hvg-dev/test-builder

10
k8s/build/4-hvg-dev-service-account.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kpack-service-account
namespace: hvg-dev
secrets:
- name: kp-default-registry-creds
- name: git-ssh-auth-secret
imagePullSecrets:
- name: kp-default-registry-creds

20
k8s/build/blog-dev-image.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: kpack.io/v1alpha2
kind: Image
metadata:
name: blog-dev
namespace: hvg-dev
spec:
additionalTags:
- ghcr.io/hvg-dev/blog:sha-2bc32b8
builder:
kind: ClusterBuilder
name: builder
failedBuildHistoryLimit: 10
imageTaggingStrategy: BuildNumber
serviceAccountName: kpack-service-account
source:
git:
revision: 2bc32b8f256bd8931d690ab78b08a6e31cab7af0
url: git@gitea-ssh.gitea.svc:hvg-dev/blog.git
successBuildHistoryLimit: 10
tag: ghcr.io/hvg-dev/blog:dev

20
k8s/build/blog-main-image.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: kpack.io/v1alpha2
kind: Image
metadata:
name: blog-main
namespace: hvg-dev
spec:
additionalTags:
- ghcr.io/hvg-dev/blog:sha-b0e1cfc
builder:
kind: ClusterBuilder
name: builder
failedBuildHistoryLimit: 10
imageTaggingStrategy: BuildNumber
serviceAccountName: kpack-service-account
source:
git:
revision: b0e1cfca5205556c738e44b7eb040c5f87dac109
url: git@gitea-ssh.gitea.svc:hvg-dev/blog.git
successBuildHistoryLimit: 10
tag: ghcr.io/hvg-dev/blog:main

52
k8s/hvgblog-vcluster.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
annotations:
helmcharts.cattle.io/managed-by: helm-controller
name: hvgblog-vcluster
namespace: kube-system
spec:
chart: vcluster
createNamespace: true
repo: https://charts.loft.sh
set:
integrations.metricsServer.enabled: "true"
sync.toHost.ingresses.enabled: "true"
sync.toHost.persistentVolumeClaims.enabled: "true"
targetNamespace: hvgblog
valuesContent: |
controlPlane:
distro:
k3s:
enabled: true
extraArgs:
- --tls-san=hvgblog-vcluster.hvg.hu
image:
tag: v1.32.1-k3s1
ingress:
annotations:
cert-manager.io/cluster-issuer: cloudflare-cluster-issuer
ingress.kubernetes.io/force-ssl-redirect: "true"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-redirect: "true"
enabled: true
host: hvgblog-vcluster.hvg.hu
pathType: ImplementationSpecific
spec:
tls:
- hosts:
- hvgblog-vcluster.hvg.hu
secretName: tls-vcluster
exportKubeConfig:
context: hvgblog-vcluster
integrations:
metricsServer:
enabled: true
sync:
toHost:
ingresses:
enabled: true
persistentVolumeClaims:
enabled: true
version: 0.26.0

4
k8s/manifests/app/Chart.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v2
name: hvgblog
version: 0.1.0
type: application

15
k8s/manifests/app/templates/0-github-container-registry.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
name: github-container-registry
spec:
encryptedData:
.dockerconfigjson: {{ .Values.imagePullSealedSecret | quote }}
template:
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
name: github-container-registry
type: kubernetes.io/dockerconfigjson

33
k8s/manifests/app/templates/1-db-user.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: "{{ .Release.Name }}-db-pass"
namespace: {{ .Release.Namespace }}
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
spec:
encryptedData:
password: {{ .Values.db.sealedPassword | quote }}
template:
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
name: "{{ .Release.Name }}-db-pass"
namespace: {{ .Release.Namespace }}
---
apiVersion: k8s.mariadb.com/v1alpha1
kind: User
metadata:
name: "{{ .Release.Name }}-db-user"
spec:
name: {{ .Values.db.username | quote }}
mariaDbRef:
name: mariadb
namespace: default
passwordSecretKeyRef:
name: "{{ .Release.Name }}-db-pass"
key: password
# This field is immutable and defaults to 10
host: "%"
cleanupPolicy: Delete
maxUserConnections: 0

13
k8s/manifests/app/templates/2-database.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Database
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
spec:
name: {{ .Values.db.name | quote }}
mariaDbRef:
name: mariadb
namespace: default
characterSet: utf8
collate: utf8_general_ci
cleanupPolicy: Delete

26
k8s/manifests/app/templates/3-db-grant.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Grant
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
spec:
mariaDbRef:
name: mariadb
namespace: default
privileges:
- "SELECT"
- "INSERT"
- "UPDATE"
- "DELETE"
- "CREATE"
- "DROP"
- "INDEX"
- "ALTER"
- "LOCK TABLES"
- "EXECUTE"
database: {{ .Values.db.name | quote }}
table: "*"
host: "%"
username: {{ .Values.db.username | quote }}
grantOption: true
cleanupPolicy: Delete

26
k8s/manifests/app/templates/4-db-connection.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Connection
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
spec:
mariaDbRef:
name: mariadb
namespace: default
username: {{ .Values.db.username | quote }}
passwordSecretKeyRef:
name: "{{ .Release.Name }}-db-pass"
key: password
database: {{ .Values.db.name | quote }}
secretName: "{{ .Release.Name }}-db-connection"
secretTemplate:
key: dsn
usernameKey: DB_USER
passwordKey: DB_PASSWORD
hostKey: DB_HOST
portKey: DB_PORT
databaseKey: DB_NAME
healthCheck:
interval: 60s
retryInterval: 30s
serviceName: mariadb

11
k8s/manifests/app/templates/5-configmap-env.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
data:
WP_HOME: "https://{{ .Values.host }}"
WP_SITEURL: "https://{{ .Values.host }}/wp"
{{- range $key, $val := .Values.env }}
{{ $key }}: {{ $val | quote }}
{{- end }}

18
k8s/manifests/app/templates/6-secret-env.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.sealedSecretEnv }}
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
spec:
encryptedData:
{{- range $key, $val := .Values.sealedSecretEnv }}
{{ $key }}: {{ $val | quote }}
{{- end }}
template:
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
{{- end }}

55
k8s/manifests/app/templates/7-wp-deployment.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Release.Name }}
spec:
replicas: 1
# revisionHistoryLimit: 3
selector:
matchLabels:
app: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ .Release.Name }}
spec:
imagePullSecrets:
- name: github-container-registry
containers:
- name: {{ .Release.Name }}
image: {{ .Values.image }}
imagePullPolicy: Always
command:
- {{ .Values.command | default "web" | quote }}
resources:
requests:
memory: 128M
cpu: 100m
limits:
memory: 512M
ports:
- containerPort: 5000
envFrom:
- configMapRef:
name: {{ .Release.Name }}
- secretRef:
name: {{ .Release.Name }}
- secretRef:
name: "{{ .Release.Name }}-db-connection"
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
spec:
selector:
app: {{ .Release.Name }}
ports:
- name: wp
protocol: TCP
port: 5000
targetPort: 5000

22
k8s/manifests/app/templates/8-ingress.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
spec:
ingressClassName: nginx
rules:
- host: {{ .Values.host }}
http:
paths:
- backend:
service:
name: {{ .Release.Name }}
port:
number: 5000
path: /
pathType: Prefix
tls:
- hosts:
- {{ .Values.host }}
secretName: "{{ .Release.Name }}-tls"

49
k8s/manifests/app/values.yaml Normal file
View File

@@ -0,0 +1,49 @@
image: ghcr.io/hvg-dev/blog:dev
# Image pull secret for the container registry (see https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-create-imagepullsecrets)
imagePullSealedSecret: AgA56Wy8PD6cByq+xIFwOBl0OUPt0ricOB0tjaC+B/mpHhFnsKaGKt4EdUsfnDZccc3IdpoIFdhOo3rkAikxN+PjCFpb/bC0JZZiP8K3DAREizLAU1R0og0xWjOGZ+GHRdZMiuNFf3ADl5D65lrIr1e1wTrSuJ8SReOqo2rY9QGDwWC51iJwy0cmB3WVGDYjDUIz/vnx5p8BxzIEHsCIoSelBIQjJ0idZwe8JuaSxrQRUtk8/Cenj3mUVsXIVpNr4ExBMF4tBuYEAYuY1t98bp66l6dbbEfnLDpQXDusj7RITV0N2KQ++7h5fjlH9yC8nsXntZb4T6oVSZlJWUYDzqaqfBFckQ6S0L9XcgSOFHKeZa1MVEiKpjiU9uEn+hDCPbatg5exMUEAcvXl6LxnKW/Mn0dIykOv/LIQyxXeUFdGOoFj6pCvkj/Z2DFeHLq5/+rY0ZIvLnLtGYfxm2Du1ft3MldWUSq9i4BUuL0ddH5h4PRxC5SE7Yp/SGkU4qDqqSmh21GxVdezp4YK9Mg4gRrCcGPL+sViDYkDLvBXOpBVhhQbAQcZWkDHit58p3nh2byP0GpIL0etnFGVqx9n2W2BuckKbOeEaRGbdaeO8pT6f2IOA6ZyuT91RiqRYrzXYMA2hzmQBVYlKXjI3LAuEHOnccl7cA57j32U+yHsaCHpxQ0vbDpoZHwRj7O3De4BlEdFiMIBcgveXMK8V5t6Hie/KQZOXwt38UPj9axdGoMzPFe5KffWHNJrUYVyHkS9lfKgi4aHF/SIs034x39l7KPitk3+UqFtKUEuL0/P+EoxN9qre/HFGvF3uZRdllt6gruWYLVCrnLnHfKRKe9D9Mb5jVi+BbVfxuXBip/TFnc0x3JRGmGQQm2bICyYonPP3pQcDqqq/8dshKCGeVHmsN8mP+ERv/izbb2QU4loRg==
command: web
host: dev.hvgblog.hu
db:
name: dev
username: dev
# Use `kubeseal --fetch-cert > pub-cert.pem` to get the cert from the cluster
# Then use `tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | kubeseal --raw --scope cluster-wide --cert pub-cert.pem` to create a sealed password
sealedPassword: AgCjcJj1U6QOlCbQFVrT55D/6NECvZzwXZlQmVbeIW/b//SawiIIrlSnVHkQUYcC8VVswYJ854P1+3HANJriBHBs+fLklVsQytnjC6gktUgPcxuhBgACtOBWco3wyq3MNX5qU2IYevdCd7da31czaTNnLkowF8S7Oqyb4DKQAc1RE7geepJyHUxILGvFSsd3LiPkoI5y+J1IWcThFFU2ACZ247FYAprn/XqozgQcX28yO8U30ejW73TJrvxhKR4UvTlqNDSRh/XNBKre/zqCvKg8aKd+LgwCVegPQnGRMl3Jcw1CyRFDADYLg6YwQ9bRRpN518z3IQOonPL82EOAeXAYU6aTVQz2qwQZkDp7ww0MCknhypUSxfHTQ+FSauXxoweUICAzFP3LQuyoE+LUoUMKyC6tKh9Lsiiks+Y0gRp4Jpj0Rhm/f2wPQZwecN63Sd95pEmruYpsTfA4bqJo2omhdZHeQKLMfZQk4MGNBjGeXkif4NIk5RsOgQHM4Rf3tXOmxKoXRayl6J0ow36/jfxCMQAliiq7SGRcty6Mq7j2ou0MRi19b88fFUynLpxQUK7Ob7ziYmWDBPGwAGg9SLApJYidnpKO+351no58UBhAf+d4cyTI0PURvp9kZhkQNsCHuDFWh9CZ3B5RjJ7D/znkdZELvRWWGde7+qbRb924QfWmCpcmjxT6dOP0qQt4dUChVl/yBraBeWyL0EZtjXGDq/W+mf4AkAYN3fwpb98G
env:
PORT: 5000
BLOG_SLUG: dev
DB_PREFIX: wp_
WP_ENV: production
DISABLE_WP_CRON: 1
TZ: Europe/Budapest
#GTM_CODE:
S3_UPLOADS_BUCKET: hvgblog/dev
S3_UPLOADS_BUCKET_URL: https://cdn.hvgblog.hu
S3_UPLOADS_ENDPOINT: https://ams3.digitaloceanspaces.com
S3_UPLOADS_HTTP_CACHE_CONTROL: '30 * 24 * 60 * 60'
S3_UPLOADS_REGION: eu-west-1
SMTP_ENABLED: 1
SMTP_PORT: 587
SMTP_SECURE: tls
SMTP_SERVER: smtp.eu.mailgun.org
SMTP_DOMAIN: mg.hvgblog.hu
SMTP_LOGIN: wp@mg.hvgblog.hu
sealedSecretEnv:
S3_UPLOADS_KEY: AgASNFNBXB4SlrioskAAXTkVjpmDTFUVI88/qx0w9LMaW6Xqd2W1LZkwNqNStCeN1XbLX8KBypJ2SDz6jUaXUDFl3K98j4VGcxm7o06kGz6MQFDKPTv3tiSaqS8dJeQBB0pMIWRkbAQUkgRxR7SE5R8bkuKWg3RgvPfX6Po/8+D+vT47xi6Vk04VkCoTw8xiBZu6ZtwENm/57saMK/1n0o9uvEm3NWY/lN7G146wIrpHKqzefWddUK5ddDuJJQdUbQnkHPHC9pUH+6a+86ywBp6ZFg5Tzc7jkq9QryRRUjlh6+/fUHZm9B0IEKgdpKaX+fFVFg+xy6fO8CuV/80aJD12v/9+b6Wd9G2U+LSm1KYBFWoWFEiuW/qoA+WH60PYw0/czOxh6FXZgfcqFFLG1mNpzE0/0MsXrZZzS1pFhG8VCGBmTrDGq6gBCsYZtdY456L7fo/REbAHzJ3B5RATlfCTqrr33nNHX6MZod46vE/123dgeZ/Uaui9pjM9/AQko1KGnIAfmiYMilA+CIupXNr1CgIPlB6Gd8iUdg4Lyko0ahkRfu27O9mx4ATLz4b7YD0jXa9TY+LnyucsySTnSbRkjHIL0JePPMYjGP0+M9q+h5IwttRf2xVMqNkBXngqBOsNoBBWyoe2BfVCedX3wh5B/o9gSQbARNPYR03ZI4XeMiG4MbIwAGvXOm+/Ef3h1RtDq4+q4GtG/oH8UQFzxigr3Qcdt+M=
S3_UPLOADS_SECRET: AgANZgOk9NWB7DGFPt0ovHX9ZjT4Sz4cqmx3/MveZORX6yuRaGPHapMnA3f0rgc90c3Z+2z9VlMgINsoJg11DLb/wTNnGcSIW/rmvIH7o+///qk94QbSvUp0kc6VgE7kEZhGU/nzsAd0Ak+8reEh17fNPH6yNf4TtkeICfi4onX64SxEcNmuIcpGTTBeJ300eKgKlTeTuGuN/+/cOn0VPj456nv6nlvag9eRfAcSy6Qo4t0gfvRTbML5zTXDGXArfCCWhMxtoos1KbD48WNlWU/t6d6bODNSaMMsjgIAgY3mkwrUGvuSQV5BAAU2eIgtvAFASXHVLThIt8gqaktappgCJQmLK2d922BYV/ifJMFjp6t0+dd4lsjSmDNQxKr2cjz9DLqdmcpJ3U/W+pKPefb5Na+iOOhzQXSsSTUV4J0pVjdXqnGILX+CSgs8aH+Ax1eLAciGIcajGV6C70GYhVIyMkvC9mmY+QboJBd5eidemIz73APP6yTuKFVO8zsn+CmQ+r65FhjNFzRYTcWpt8k000phtlJvRI9AJ0auhPpGe8rWEA5VcMwlfW0BFbfCT4lkEEirPXUvFhfRohu4Kl0CZkVvRHVhf0q9LU0MEPqjQDPf/xYLP7gVYTD5wYo5aZVCS4FXn3qY8ehucJCJT1X6XjZff2Ym2f4VHC21I3bjOOJrX7gPhAlITEoCcumzaOwWf7iBMQVBQkMo1uscsTZy3YG/OKi7B8Oy36QTMl1enSSX8U3XS/AoSdvSjQ==
SMTP_PASSWORD: AgA9mg9AReuqS8mNJ+6nukExGUhoMYRxHp6Yyuz9otonkn/7BXobjXjF3W8M9y77OysxlJNjfmuCDiYYSQY4EG8c3/lhA5qeMI9vZHIoOI+B/07Ur8BF2jrMdAkjJx6AIVnqIpoU1zGKuE58L4BV/5+D8wRJiEMaVWKcG/5doy2DqjYLEAUAAalrzL8EXM1NTqGS4g3tMNprkcriNSQ3Flj1WBkCX5QEIWtgjAtUajF0tQJLGq0fOHOO4ERM44sMBTS/JcHoLOB22N7YDeTCl+RZwfQgycLThunMbnTtwxjYRELxprWuf9d1Xt+mQ74owU/WWUb5J8DO9gRoI5WHMfCU/TSFLn2C5d6n4J/MlbVElJ8DJDN1CG2dA2XqkiHvoyAbhv66J25d8Jgx69E8cA2zLgBs3SD4rKZ7l8Sqj/G83bAPwqOO6M/fmMtOaHYU7od1buBybesWoZXFRNXBjz5q7UUQkIV6qegMc5Mef2CkrD2NCwJVWsOJMJuWbyFoowMMlgEB/OYEcN5qVVKT9UoaeYXf0h9MA54sv2U/YqDkFxYzVnPe3JMVoRY2x7x+PVe3gzh3rFjSrqjN8MVbAtIGFVJLOZmhN69r2alsJxFsUo+uEFNETYlPPfnmbTiuZwc4cbSRXSSwbhX7zI0mBQhVpVts+2DT5hu3vmUFw9L7M2JClJcECW/mopSS1Ao2jzPHpCwQ3tc/Io4Daut5n4fMsdISEoFUy50cnHlOCu1O09hH0f+FRCEojrP50Ycs2xb//PE=
### WordPress Salts
AUTH_KEY: AgCvDJbrBT/ze5NXqfrs4ZCjHkDj6uM19QVVomPy3mLkcDqBoRznD0heGbiWBLu6/kOcV18sw1q7WMwU//6cuU5eZmeYnhZHbNDxGDPE8Nw/UUmoOR9wOc/XozXf4DBK1zLn9ne4xA4lMdlYeJ7WBWPFYyoc0htrbEiB+MAEt8DXvlRooDIZYtitZzBHWrhFLuIhAi2mIA2SQ9V8simzbUU3DM7Wb/DY4Qoa4jP/XTEgcxdtQPzOXFJTlZt5poMqs1/ckrTeo1/9SLrZZTWQPeZlsoISs18J8oeK33ugTNYz51mRoOai0Yhnc2bbN+4WGgtXi6FPjPgFcdjKjul5gdb81Z47RIO8wwsPjnFTSQ1LXtSJ/HiX9uOj1OHUYEH1rIqzaOmxDo23VYParhDsU2QLDIf1S8mJo/WTn4Hb6IAA5Veb7bbudesffgxgMm69qTQrdoPumLaXNX6TnRC5tGM+YaYbBGVsuDxSZUnagEkobgG8D60V58c6mWbZ+k+VZ+0aNGyaLHEAjZDCDxh9/6AkOoqLIaUXOgL7hQ3eX2YAFfBdwIICY82ylC1DqwTxGqpjRP45E2tMHEp8IQHLgvdEChLBXmqPVk0kJF+FJIzdOE+OkLtnAmCD0L3eq2SXRoceISxf0UNVWLwXMYCrvOM2kSrDHT/PhCqtGwaIDWuLXdddXZzECPk5hcLJb+JSYG1yRc6Qc8nezag7hh31pvfFI6PtR4LqlI8xmsHz0RognxQi/MEI6uSJ23/w+4RbjlBBKILoLqkgE+v1mhbAUuMr0Q==
AUTH_SALT: AgBX0tOuA235buf6x054X0SmTsyqkjeYuevgDdbWIWqi+AWd9slUnlS2bnBtjYGg4U+fTIbldo2bYuEAHK+TIVOXTxud7+PSYEO+JjtpetHchQBYh0rNjTs8K11uK5mqPBSPVkLJE08U2BNvXXubc7plLerNjW4D44ICvJly7P6CO2Rnrjueg34DB1TnGnD8PANIiUZVTrJOCC/QSodhaerqDvJBuq6qS0q+GEqU4C5kineHyzuQnuGq5lUN6l+Gk2R8vlwLaT36x4MJlxRa/UjQsvbQ6CYRNGnZW1knPsvON/sukpy7BVEVYAnCYnrzRX/8kEgyxMfSePcWOwsG1JkSb1PrcQXftro7xZQjKgdkqacOGnkVd8sKn1n0f0w2iAGhMt2fCn7sf5htnSC5lL0mdBosNv3p1VwrfXIwjDr5Fzs1CHTbb1hJ8282aAGfzLxmGXPucAbk7nSvbD4iVhXmZ91vbWJRKC+DD/9HBdQloEplSKYm3uyTb0qlJzPIUVTNLu9b+yTeBQIckuAYu03NX2WWSVkX1M80YMER0/eNbvec4ZCSUxKWLzjVm+k3ra8ToL5tYrEr65Be/WuK57tMvx25106OHvokc6S0wp5B+VyirLtwXqRSGFBWqQv62hxJQDOySNsi45QzueD/BYxG+tf3QX1+bdc50WlwUHK1UEZuSNb6JnGfvFU1fJEApAZWJaK2odItjaR2dVVDMuW1NsXj4qLpB/CaNYM/B8C4Elg7jyCrwTv/1TaY3IW3j/SVnRstgXTwNjRnM/WCUIJbWA==
LOGGED_IN_KEY: AgDU2Ss24Cuw1kthXp2DcKahfQT7apnRWtaoQymBEZMMRpGlvxWMTRRMKAx4N7E0AZdW41QLTpK0ciaI63B0PRD2B6fPVVpoz3ybNlJO/0caIw0yHWL8YSOD7rGw6TkxKrz8lggqRVZerS0tEFT8nLGoqgi+SCsfBhh3u5JQ8QM60WLeWaPvph/QFlSl290+UC2xIVEjk37zQdyXou3goeS3DMjdtze8FiwnmK/XVPsPf2cWZQw0wwAwgIJMVZWhkK2bPOKrMmsdqy4G6YrihcjjRTK/0lGKZ6sEVUsu7NTKgeHGogbu8feA8gpTEuRYP60iFNgwNrCYGmOKCXyw0vSLtxHPE7+cm2pU57GhJCTnOe1Ez9zJZmv0Zc4OEZBAaLbCXoNvoJPskeDBUe7+qcV8ugdtFCxCBtoUolos9UukhAtUWp6+uTv/vjjnCv/7kGGp2fNK8lS1D1ksk1mB0JsnjxKo5pnMHBVhJfk3IfbPLx3yvMaz86wCDKZacm5h9IwsPYEvVzkvWhiOydg3ZRVH7WUE8uJ1+Ojt2+6hlB2cMNNQ5P16fTOmt9vfl9Schlrgo+ku2tU/KPfMs4hHCvvecOskqy9MeTOF5mJllI2gqTlGR2uQ5Hgb/OgH8YOmmycpS+MqKNaTKafvwgN1i0xBaYD8y3hSYeBRTmaHu+Szm8CKEDL8PW4ebJX3a+khJMXkf3UkDjRXjSQhUoFMyRNsHLwAt5mC3asySQue6jOP/mKbZ4c7lH0gx8caDoWrlJFHsDhr79jw3F0gkr4mN+ueAQ==
LOGGED_IN_SALT: AgAVoBL1paq14YzaeB9lkvabzo5iDoVN23gvEQAs6CgZUIejtUa2AAkTmQIjVfkb2S7LOdfXIq1lIAPBqSmO5LqfWDh8kuxgz23mTDxYWvVqqbDpiwAgaydokprDm0WEpPdGTyvqsvEk0Gtxq6rqbFXObsfkLCv85FweyfHxh8Gwo+L/e2l1/NUFOkmT5e1j7bkKmTgBUyMEVuWMA6lFVCd3D6vGfOZqS5O5NfzhFnK9U4ZG+55+LlgbFZZltHixs/jpMBms30B/wkRxBzAAGMMCyqVLlqr3bB0HQsobA/PWHAJbGBuFHV1e9XE+7SUlKLTmcmTyxx2cfHiX2XK7Ne3VW3wEtN/4IVeCPpbwCnceXEzK4uhTHH2Hwihewm+xN5uB7SDBLLO3qSLLznapEhgHIj2tPV2i2ftAsIUjzjuPHyFhdFumzXW3QxqOofvruRYqxQAFN1LBvbys6wWLRPkRgEez0/UIiL3xaWnA+r51/cozozNZI+QDgeAACQQguX/Ag7jR+q83Xga1SeYV0HYT9AvRr+UvRQ0NcTG2ObD5JE5rUmFUeRFWIwRh+HqgekDYy359vFds54vHDn/xtOS6Cb6fyr0qX1WygsBtWUV6jf6T59zYg9L2/kr+s1iUTbbBRizJOrRMdr2gswoUWW+THhM+yc/mIL7BCoWoHPBVJ9m5uvqemfy8VOvFHOVxlBnzqIsc5eAvTh4Nqy6hIxISxG8s44RHTLfDfDxWXxI2QVq8NzY91TlBL68fzINf+Bc4vks3CJnssYdinTS9AjQQOg==
NONCE_KEY: AgAHwWgpFVXSLcEdHG5USGPhqueGXo163MdqCSSscxXjxw9JXKjDQ13jrsnD0JcZIWnSJnBdJ/H84HgHdaFU9g8CDzL3mXC4s66RM+c7Jw/0VCHM72+3zr5Nw+h6ycLzlE1UmB806nY88t8h4/HKujmu42qSzdFySxC5x6WbnaOqri+H+VHZ57dQfyyNFlp7fum2WnqU+EXoxvbEOMgJaxpwc8iwsmKGwy+aSzE7DTpkt/9fA+T8LiaakwtAwcvo8EnVxBesCe9ioDsA+ZjgI3xOr7OsUPb/NxaGt3VGmVk2d8dcKI6YOiyoLCFjAL1z56922OjScOO0CUo7qq0jPRuUJdouT5S3OpDm3NGCr/yjCz9Mh8anWPKxYX1ZEg2QmPiR//r+94V10A0NP6W9frpiBQhIWDqMprUK/0SpZGX88C4F1FPmOi2RSn6Tl7mwOHpZadLzBLpbY2DY/AyGQO6H0W+MJpXCT65vZJeTDcLMjCNGkVEI9vxvtVedTVkbZNbLS6+ros/HA/0qMI803exlNZEnMMwlHn1Hm4z6ngeBP4KJBUkLYLD3ienwijmiMtqmgkOhGbG2K6r+IdKHrssWeizNrx5TzLXKXzyCyk5I/9jVLhC2AM6tBqxW8TVs2WfKS4RVsNvS55qpjWbVpZb7ei10+RiPA6KaVW4ZmwtDuW8bzD2d1rMd6yJ1SiYQhzUOVjcCCYEz6VWN3R5IZ/3UjpeCWnkQ7Lja+Xm3Asvxg4m41cA3B1S/ckmj+qOr2WgjFu7GymWX8IF0hZXZo1oz2g==
NONCE_SALT: AgABajYW5+6c0BPjlcQLPd7v706wd+i8U1hp69+up8PalMtvugwR754mEU/ed7L15U9pTWAf6zGjmuMIZYiFpQVosQl/ggq2LeciT+xBUcrvCxZ/EBCdTl8ig/TgzucVNsR2Y0dCK5Tp7YBTuAIOa0dqyK+v1+LGrgb4PnVQvi18hApBiDX0Txnn5QkGhBaSr7LJuD76KfgY+AZ8Gv95b30pTY2AtYydDJXrtqoDCIXfPcnPf102Hq3na5OfJp2m2N4IUD771tDesb+faeDgk7K/mVcn+kmXB8rIawOQFnaowt5UwbfZ60ppgy1MzQZiiq2pXvMA8F42EnhNUe+C3fPyG7Kl6t7jRo+3mHhz0Dv+o0DO4Iir8r0dTw0MruLqun9YU8pLOv17+BciAxWeG8obJ9Hs5sv9ZPv7wdmlQIX/8fvsxgJgy0cqgH4lWNBD5Em9EyiVAUiRmA6tOosFrlifJMS8F1wfaiNEZ7DxjdSVMrEBtntBO2ndSdrdqNIfUED9ZfIvBxP2UHRS9h4KEyCvxcM8HgWt7htnpiSx/XpFZCJr4meGfaNB1Tv5f40bCFpKmsbK1GXNMKJwOJcV1I2FV6xpp6Ch7tgHlZ/Il7hbQ4JsKav7l93b/Dd2e8y/58Jk3DvBQzrPOWPpQrKxrIOeT8o+HC8PS7jdi5xKJ0g9dR10LkgmW0m/usTdwCLWca/9I7iLxiAF/zRoN+7+8ySxIxnBTaFWykYsIDs+5nsYH6TgXseq9PFnxxtKutMp7EPtnO7vzc4DNtkuouS8oqt+Aw==
SECURE_AUTH_KEY: AgBAPzBURABD4yzbUrMr4l4CRD18wu9+o6+wA9UJ6NQ8F+Hn3ddGG8HMpbq/eWwXw4q7SXv7BEU4VVoeuPjTle5ChQJfrdbThjermhjwcEDu8Cgr6jczj9bKEJ6Th3ezXR2jf+gwpvoPbrlk2s+mPJdWnJrAGxkV89KJWTxPuCz2PbZp2ZaxdAbXiGSL2X9KPO1XHYZjpgN1nd4+2BqGnA9B0ozyVChPctYHv1taPdvF0ifMsJDiNu4PpEcq9Ga/hrgmjYEVvxvrA5J+zOs/DaVm68VtJvyQEIw3A6jZNOVC5WFUk7UuCoBhuj9X/6ayZTVjqvtHMhi3BT2pxFT0n7OXAWd8g4MctyX93dBYcmkjqE4aZn1kHndOdvS1E41J+aMjslWgzdCLDqGqzVxgilMbxXxM+AXOeuAzSzo96WzTnIxnX851xdkJEIjBnCedaIXVkXfEWOewE2SOa/7F7JbQAlMwCrNN5/Co45tLNsfolpwy4WQmWJWcI4nZVTOM79kZM9kr6hAYqhHCG6/8MQ/2Vd8fYvTblJKoagEpKhqZK0J7HQpBaneOGhFV/Wn42v8g73HZc2BdxMrj53yq2eHzpe5AQSApn9nNBWhivAR7+jaDWmNYjcsmDzFf5p8MVPsiyT6JZxVjphkKI38/AfUt7WENcGjyXW6I0MwFYvEXgiPUUPQXtMvX6yDscpxGa/aVIin+7BKrZiu12du4jfyr7VyF+hyw90/YSrk/hfehjiTWk844GDMF9K7LSMLR+tWQ47yUyV5rNQ2FsGqGqdKE/Q==
SECURE_AUTH_SALT: AgCuReJp+NF2X4ywkx+vNjLvX/7JrgCcw8qDGnfI6Pr4/rCUEAouzI9GQ81jLWJX5JL0xIoNfLzv9KyhVGpPEZ2qj+2pHveCFKab0QcMLTVdqLVu9JiESiJ769va7dwV0UZiv2hW1TDdHzTNCtujz3Sd2nP1QXE5stjunVYgMuR5TuDc0vMVYrD4G3GkEaIdKNyDFLrq5w4QHa+zxhDpYPIv1yg09K4X4j0dgYT/PiSdCyhjwyO+92q6AXaeRuq7o1/AavSvpslp3Zc7kiNPY79C6khZhI9VdHosT1H2xbySEovF1FO3f0q1nrxuMFVeMrJrnJBrOjf/7fxi3EQU8YHqcuLLZhOJ9vo7Xo6mpjdiUC3/HCtGDwlGGlsZtZ8xSOT7sqrSS7Z6L+8SMciO/JJY0SyOSQ+KI6XLCF+gLJ/ldguY07RLSCaEqpso1ov6BwdBgkMwYVEtCG19Ll6Qug4gEps6AAfX9fYtzZuqh7klHIstJJ+z1bRZyRMqiyKD3U8B3Xj76nDzmNoKGqEh64q+ylR1yDI7sN4myBXVSLxC86DEfHiDgb7Fpm9KvzqSuPc6WQiRAJOsshnju1g2Mks9XQ3o2xwNtC39uwfXB/aVtG69udi5AYjhRlXfHRkqNxl/nT3sDLR4F4ViLh736b30FPdzjiYx/SBdfwSEljrBWQfMpTSx7jEAFvgARci1MvIPk3SJi39PH4rej4wZGTuEtoWA33473bFKGx5ch7rXGHuVOEgtU4aTshUmKpIbYc0ViZcvKKJM9saEVetQjJvPJw==

25
k8s/manifests/dev-application.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dev.hvgblog.hu
namespace: hvg-dev
spec:
project: default
source:
repoURL: 'ssh://git@ssh.github.com:443/hvg-dev/blog.git'
path: k8s/manifests/app
targetRevision: HEAD
helm:
releaseName: hvgblog-dev-wp
parameters: []
valueFiles: []
destination:
server: 'https://hvgblog-vcluster.hvg.hu'
namespace: dev
ignoreDifferences: []
syncPolicy:
automated:
prune: true
selfHeal: false
syncOptions:
- CreateNamespace=true

4
k8s/manifests/sys/0-namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: site-system

40
k8s/manifests/sys/default/mariadb.yaml Normal file
View File

@@ -0,0 +1,40 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: mariadb-my-cnf
namespace: default
data:
config: |
[mariadb]
bind-address=*
default_storage_engine=InnoDB
binlog_format=row
innodb_autoinc_lock_mode=2
wait_timeout=30
---
apiVersion: k8s.mariadb.com/v1alpha1
kind: MariaDB
metadata:
name: mariadb
namespace: default
spec:
image: mariadb:11.8.2
imagePullPolicy: IfNotPresent
myCnfConfigMapKeyRef:
key: config
name: mariadb-my-cnf
port: 3306
replicas: 1
resources:
limits:
cpu: 200m
memory: 1024M
requests:
cpu: 50m
memory: 128M
rootPasswordSecretKeyRef:
key: password
name: mariadb-root-pass
generate: true
storage:
size: 1Gi

22
k8s/manifests/sys/mariadb-operator.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: mariadb-operator-crds
namespace: site-system
spec:
chart: mariadb-operator-crds
repo: https://mariadb-operator.github.io/mariadb-operator
version: 25.8.3
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: mariadb-operator
namespace: site-system
spec:
chart: mariadb-operator
repo: https://mariadb-operator.github.io/mariadb-operator
targetNamespace: site-system
version: 25.8.3
valuesContent: |
fullnameOverride: mariadb-operator

12
k8s/manifests/sys/sealed-secrets.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: sealed-secrets
namespace: site-system
spec:
repo: https://bitnami-labs.github.io/sealed-secrets
chart: sealed-secrets
targetNamespace: kube-system
version: 2.11.0
valuesContent: |
fullnameOverride: sealed-secrets-controller