{"id":13619934,"url":"https://github.com/sredevopsorg/ghost-on-kubernetes","last_synced_at":"2026-04-01T20:10:37.346Z","repository":{"id":172974445,"uuid":"650035001","full_name":"sredevopsorg/ghost-on-kubernetes","owner":"sredevopsorg","description":"Ghost on Kubernetes by SREDevOps.org - Deploy Ghost v6 on Kubernetes (k8s, k3s, etc) with our hardened distroless rootless custom image.","archived":false,"fork":false,"pushed_at":"2026-03-31T23:46:19.000Z","size":1681,"stargazers_count":87,"open_issues_count":1,"forks_count":23,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-01T01:53:17.016Z","etag":null,"topics":["cms","container-image","containers","deploy","distroless","dockerfile","ghost","ghost-blog","ghost-cms","gke","hardened-images","k3s","k8s","kubernetes","kubernetes-deployment","self-hosted"],"latest_commit_sha":null,"homepage":"https://www.sredevops.org","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sredevopsorg.png","metadata":{"files":{"readme":"README.es.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-06-06T07:37:34.000Z","updated_at":"2026-03-31T23:44:20.000Z","dependencies_parsed_at":"2023-11-30T06:23:31.222Z","dependency_job_id":"4b900a01-9783-498a-a04b-4fc43060f40c","html_url":"https://github.com/sredevopsorg/ghost-on-kubernetes","commit_stats":null,"previous_names":["sredevopsdev/ghost-on-kubernetes","sredevopsorg/ghost-on-kubernetes"],"tags_count":121,"template":false,"template_full_name":null,"purl":"pkg:github/sredevopsorg/ghost-on-kubernetes","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sredevopsorg%2Fghost-on-kubernetes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sredevopsorg%2Fghost-on-kubernetes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sredevopsorg%2Fghost-on-kubernetes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sredevopsorg%2Fghost-on-kubernetes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sredevopsorg","download_url":"https://codeload.github.com/sredevopsorg/ghost-on-kubernetes/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sredevopsorg%2Fghost-on-kubernetes/sbom","scorecard":{"id":671146,"data":{"date":"2025-08-19T07:33:09Z","repo":{"name":"github.com/sredevopsorg/ghost-on-kubernetes","commit":"df3b23dd00dd9f7cbca1a7b8f66082a4c02f2f04"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":8.6,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1","Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:43","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:46","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:47","Info: jobLevel 'security-events' permission set to 'read': .github/workflows/multi-build.yaml:58","Info: jobLevel 'actions' permission set to 'read': .github/workflows/multi-build.yaml:47","Info: jobLevel 'discussions' permission set to 'read': .github/workflows/multi-build.yaml:53","Info: found token with 'none' permissions: .github/workflows/multi-build.yaml:55","Info: jobLevel 'statuses' permission set to 'read': .github/workflows/multi-build.yaml:59","Warn: jobLevel 'checks' permission set to 'write': .github/workflows/multi-build.yaml:48","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/multi-build.yaml:49","Info: found token with 'none' permissions: .github/workflows/multi-build.yaml:50","Info: jobLevel 'issues' permission set to 'read': .github/workflows/multi-build.yaml:52","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/multi-build.yaml:56","Info: jobLevel 'repository-projects' permission set to 'read': .github/workflows/multi-build.yaml:57","Info: found token with 'none' permissions: .github/workflows/multi-build.yaml:163","Info: jobLevel 'issues' permission set to 'read': .github/workflows/multi-build.yaml:165","Info: found token with 'none' permissions: .github/workflows/multi-build.yaml:168","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/multi-build.yaml:169","Info: jobLevel 'repository-projects' permission set to 'read': .github/workflows/multi-build.yaml:170","Info: jobLevel 'statuses' permission set to 'read': .github/workflows/multi-build.yaml:172","Info: jobLevel 'checks' permission set to 'read': .github/workflows/multi-build.yaml:161","Info: jobLevel 'contents' permission set to 'read': .github/workflows/multi-build.yaml:162","Info: jobLevel 'discussions' permission set to 'read': .github/workflows/multi-build.yaml:166","Info: jobLevel 'security-events' permission set to 'read': .github/workflows/multi-build.yaml:171","Info: jobLevel 'actions' permission set to 'read': .github/workflows/multi-build.yaml:160","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:31","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards.yml:32","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-pr-tests.yaml:14","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/jekyll-gh-pages.yml:17","Info: topLevel 'contents' permission set to 'read': .github/workflows/multi-build.yaml:31","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:20"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":9,"reason":"dependency not pinned by hash detected -- score normalized to 9","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/sredevopsorg/ghost-on-kubernetes/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/sredevopsorg/ghost-on-kubernetes/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/sredevopsorg/ghost-on-kubernetes/codeql.yml/main?enable=pin","Info:  14 out of  17 GitHub-owned GitHubAction dependencies pinned","Info:  17 out of  17 third-party GitHubAction dependencies pinned","Info:   2 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build-pr-tests.yaml:17"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":6,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: found contributions from: sredevopsorg"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}}]},"last_synced_at":"2025-08-21T20:05:38.846Z","repository_id":172974445,"created_at":"2025-08-21T20:05:38.847Z","updated_at":"2025-08-21T20:05:38.847Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31291403,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cms","container-image","containers","deploy","distroless","dockerfile","ghost","ghost-blog","ghost-cms","gke","hardened-images","k3s","k8s","kubernetes","kubernetes-deployment","self-hosted"],"created_at":"2024-08-01T21:00:50.316Z","updated_at":"2026-04-01T20:10:37.301Z","avatar_url":"https://github.com/sredevopsorg.png","language":"Dockerfile","funding_links":[],"categories":["Dockerfile"],"sub_categories":[],"readme":"# **Ghost en Kubernetes (v6.x) por SREDevOps.Org**\n\nDespliega la principal plataforma de publicación de código abierto, **Ghost**, en Kubernetes con la máxima **seguridad** y **eficiencia** utilizando una imagen de contenedor endurecida y multi-arquitectura.\n\nMantenido por ***[SREDevOps.org](https://www.sredevops.org)**: SRE, DevOps, Linux, Hacking Ético, IA, ML, Código Abierto, Cloud Native, Platform Engineering en Inglés, Español y Portugués (Brasil).*\n\n[![Build Multiarch](https://github.com/sredevopsorg/ghost-on-kubernetes/actions/workflows/multi-build.yaml/badge.svg?branch=main)](https://github.com/sredevopsorg/ghost-on-kubernetes/actions/workflows/multi-build.yaml) [![Image Size](https://ghcr-badge.egpl.dev/sredevopsorg/ghost-on-kubernetes/size?color=%2344cc11\u0026tag=main\u0026label=main+image+size)](https://github.com/sredevopsorg/ghost-on-kubernetes/pkgs/container/ghost-on-kubernetes) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/sredevopsorg/ghost-on-kubernetes/badge)](https://securityscorecards.dev/viewer/?uri=github.com/sredevopsorg/ghost-on-kubernetes) [![Fork this repository](https://img.shields.io/github/forks/sredevopsorg/ghost-on-kubernetes?style=social)](https://github.com/sredevopsorg/ghost-on-kubernetes/fork) [![Star this repository](https://img.shields.io/github/stars/sredevopsorg/ghost-on-kubernetes?style=social)](https://github.com/sredevopsorg/ghost-on-kubernetes/stargazers) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8888/badge)](https://www.bestpractices.dev/projects/8888) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/ghost-on-kubernetes)](https://artifacthub.io/packages/search?repo=ghost-on-kubernetes)\n\n## **Aspectos Destacados: Seguridad y Eficiencia**\n\nEste repositorio implementa Ghost CMS v6.xx.x de [@TryGhost (Oficial)](https://github.com/TryGhost/Ghost) en Kubernetes con una imagen personalizada, que ofrece mejoras significativas para el uso en producción y características de seguridad en Kubernetes.\n\n### **Seguridad Mejorada**\n\n* **Ejecución Sin Root:** Tanto los componentes de Ghost como los de MySQL se ejecutan exclusivamente como un **usuario sin privilegios (non-root)** (UID/GID 65532) en Kubernetes, previniendo posibles ataques de escalada de privilegios.\n* **Tiempo de Ejecución Distroless:** Utilizamos **Google Container Tools Distroless Debian 13 - NodeJS 22** como el entorno de tiempo de ejecución final. Las imágenes **Distroless** contienen solo las dependencias de la aplicación y el lenguaje requeridas, **excluyendo shells y gestores de paquetes**, lo que las hace sustancialmente más seguras y reduce la superficie de ataque.\n* **Reducción de Vulnerabilidades:** Al reemplazar `gosu` con un flujo de ejecución de contenedor nativo y adoptar Distroless, eliminamos varias vulnerabilidades críticas reportadas en la imagen original de Ghost:\n  * **Resultado:** Solo este cambio redujo **6 vulnerabilidades críticas** y **34 vulnerabilidades altas** reportadas por Docker Scout en la imagen oficial.\n\n**Ejemplo de Reportes de Seguridad:**\n\n| Imagen Oficial de Ghost | Imagen de Ghost en Kubernetes |\n| :---- | :---- |\n| Escaneo de ejemplo para la [Imagen Oficial de Ghost](https://hub.docker.com/_/ghost/tags): ![Reporte de Docker Scout - Imagen Oficial de Ghost](https://raw.githubusercontent.com/sredevopsorg/ghost-on-kubernetes/main/docs/images/dockerhub-ghost.png) | Ejemplo de nuestra [Imagen de Ghost en Kubernetes en Docker Hub](https://hub.docker.com/r/ngeorger/ghost-on-kubernetes/tags): ![Reporte de Docker Scout - Imagen de Ghost en Kubernetes](https://raw.githubusercontent.com/sredevopsorg/ghost-on-kubernetes/main/docs/images/dockerhub-ngeorger.png) |\n\n### **Rendimiento y Arquitectura**\n\n* **Artefactos de Build Personalizados:** Mantenemos dos Dockerfiles distintos para producción y desarrollo:\n  * **Imagen de Producción:** La imagen principal construida utilizando nuestro proceso de construcción endurecido y multi-etapa. Ver el [Dockerfile](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/Dockerfile).\n  * **Imagen de Desarrollo:** Una variante adaptada para pruebas, que incluye soporte para SQLite. Ver el [Dockerfile-dev](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/Dockerfile-dev).\n* **Soporte Multi-Arquitectura:** Las imágenes están construidas para las arquitecturas **amd64** y **arm64**.\n* **Build Multi-Etapa:** Utilizamos la imagen oficial de Node 22 Jod LTS para la construcción, lo que reduce significativamente el tamaño final de la imagen y mejora la seguridad al eliminar componentes de construcción innecesarios.\n* **Ghost v6 y NodeJS 22 LTS Actualizados:** Utilizando las últimas versiones estables para seguridad y rendimiento.\n* **Punto de Entrada Robusto (entrypoint.js):** Un script de punto de entrada **Node.js** personalizado, ejecutado por el usuario sin privilegios, maneja las operaciones de tiempo de ejecución necesarias, como la actualización de temas predeterminados, antes de iniciar la aplicación Ghost. El script se puede revisar aquí: [entrypoint.js](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/entrypoint.js).\n* **Contenedor Init Dedicado:** El despliegue incluye un **initContainer** para manejar la creación de directorios, la propiedad correcta (UID/GID 65532) y la configuración de permisos antes del lanzamiento del contenedor principal de Ghost, asegurando una operación fluida dentro del contenedor Distroless.\n\n## **Resumen de la Arquitectura de Despliegue**\n\nEste proyecto proporciona archivos manifest completos de Kubernetes (`deploy/`) para ejecutar una instancia de Ghost lista para producción, respaldada por una base de datos **MySQL**.\n\n| Recurso | Componentes | Detalles |\n| :---- | :---- | :---- |\n| **Namespace** | ghost-on-kubernetes | Proporciona aislamiento lógico para todos los componentes. (Archivo: [00-namespace.yaml](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/deploy/00-namespace.yaml)) |\n| **StatefulSet** | ghost-on-kubernetes-mysql | Gestiona la base de datos MySQL 8, asegurando red estable y almacenamiento persistente. (Archivo: [05-mysql.yaml](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/deploy/05-mysql.yaml)) |\n| **Deployment** | ghost-on-kubernetes | Gestiona los pods de la aplicación Ghost v6. (Archivo: [06-ghost-deployment.yaml](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/deploy/06-ghost-deployment.yaml)) |\n| **Services** | ghost-on-kubernetes-service, ghost-on-kubernetes-mysql-service | Expone Ghost (2368) y MySQL (3306) internamente dentro del clúster. (Archivo: [03-service.yaml](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/deploy/03-service.yaml)) |\n| **PersistentVolumeClaims (PVC)** | k8s-ghost-content, ghost-on-kubernetes-mysql-pvc | Solicita almacenamiento persistente para el contenido de Ghost (temas, imágenes) y los datos de MySQL. (Archivo: [02-pvc.yaml](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/deploy/02-pvc.yaml)) |\n| **Secrets** | ghost-config-prod, ghost-on-kubernetes-mysql-env, tls-secret | Almacena de forma segura la configuración de Ghost, las credenciales de la base de datos y los certificados TLS (opcional). (Archivos: [01-mysql-config.yaml](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/deploy/01-mysql-config.yaml), [04-ghost-config.yaml](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/deploy/04-ghost-config.yaml), [01-tls.yaml](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/deploy/01-tls.yaml)) |\n| **Ingress** | ghost-on-kubernetes-ingress | Expone la aplicación Ghost al mundo exterior a través de HTTP/HTTPS (requiere un TLD). (Archivo: [07-ingress.yaml](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/deploy/07-ingress.yaml)) |\n\n*Nota*: Puedes alojar múltiples instancias de Ghost reemplazando la especificación de Namespace en cada archivo manifest.\n\n## **Instrucciones de Instalación (Producción)**\n\nSigue estos pasos para desplegar Ghost en tu clúster de Kubernetes.\n\n### **Prerrequisitos**\n\n1. Un clúster de Kubernetes en funcionamiento (`kubectl` configurado).\n2. Un StorageClass provisionado (requerido para los PVCs).\n\n### **0. Clonar (o hacer fork) del Repositorio**\n\n```bash\n## Clonar el repositorio\ngit clone https://github.com/sredevopsorg/ghost-on-kubernetes.git --depth 1 --branch main --single-branch --no-tags\n## Cambiar de directorio\ncd ghost-on-kubernetes\n```\n\n### **1. Revisar y Configurar**\n\nRevisa los archivos de configuración de ejemplo y modifica los manifests en la carpeta `deploy/` para adaptarlos a tu entorno (ej. clase de almacenamiento, nombre de dominio, valores de secretos).\n\n* **Configuraciones:** Revisa los archivos de configuración de ejemplo en el directorio [examples/](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/examples/):\n  * `config.production.sample.yaml`: Configuración recomendada usando MySQL 8. Requiere un **dominio de nivel superior (TLD)** válido para el campo `url` y la configuración de Ingress.\n  * `config.development.sample.yaml`: Utiliza SQLite para entornos de prueba.\n* **Documentación Oficial de Ghost:** Consulta la [documentación oficial de Ghost](https://ghost.org/docs/config/#custom-configuration-files) para opciones de configuración detalladas.\n\n### **2. Secuencia de Despliegue**\n\nEs **crucial** aplicar los manifests en el orden correcto para asegurar la resolución de dependencias (especialmente los componentes de la base de datos).\n\nAlternativamente, puedes instalar el chart desde nuestro repositorio Helm (recomendado):\n\n```bash\nhelm repo add sredevopsorg https://sredevopsorg.github.io/ghost-on-kubernetes\nhelm repo update\nhelm install my-ghost sredevopsorg/ghost-on-kubernetes \\\n  --namespace ghost \\\n  --create-namespace \\\n  --set ghost.url=https://tudominio.tld \\\n  --set persistence.ghost.storageClassName=tu-clase-de-almacenamiento\n```\n\n1. **Crear el Namespace:**\n\n    `kubectl apply -f deploy/00-namespace.yaml`\n\n2. **Crear Secrets (Credenciales y Configuración):**\n\n    ```bash\n    # IMPORTANTE: Personaliza estos secretos antes de aplicarlos\n    kubectl apply -f deploy/01-mysql-config.yaml\n    kubectl apply -f deploy/04-ghost-config.yaml\n    kubectl apply -f deploy/01-tls.yaml\n    ```\n\n3. **Crear Almacenamiento Persistente y Services:**\n\n    ```bash\n    kubectl apply -f deploy/02-pvc.yaml\n    kubectl apply -f deploy/03-service.yaml\n    ```\n\n4. **Desplegar la Base de Datos MySQL (StatefulSet):**\n\n    ```bash\n    # Espera a que el PVC de MySQL esté enlazado\n    kubectl apply -f deploy/05-mysql.yaml\n    ```\n\n5. **Desplegar la Aplicación Ghost (Deployment):**\n\n    ```bash\n    # Espera a que MySQL esté listo antes de comenzar\n    kubectl apply -f deploy/06-ghost-deployment.yaml\n    ```\n\n6. **Exponer Ghost con Ingress (Opcional/Recomendado):**\n\n    ```bash\n    # Enruta el tráfico externo al Service de Ghost\n    kubectl apply -f deploy/07-ingress.yaml\n    ```\n\n## **¡Tu Blog Ghost está Desplegado\\!**\n\n¡Felicidades\\! Has desplegado una instancia de Ghost v6 altamente segura y escalable en Kubernetes.\n\n### **Acceso Sin Nombre de Dominio (Pruebas)**\n\nPara previsualizar el sitio web sin configurar Ingress o un TLD, puedes usar el *port forwarding*:\n\n1. Configura temporalmente las URL `url` y `admin` en tu Secret `config.production.json` para usar `http://localhost:2368/`.\n2. Reinicia el/los pod(s) de Ghost después de actualizar el Secret.\n3. Ejecuta el comando de *port-forwarding*:\n\n\u003c!-- end list --\u003e\n\n```bash\nkubectl port-forward -n ghost-on-kubernetes services ghost-on-kubernetes-service 2368:2368\n```\n\n## Contribuciones\n\n¡Damos la bienvenida a las contribuciones de la comunidad\\! Por favor, revisa el archivo [CONTRIBUTING.md](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/CONTRIBUTING.md) para obtener más información sobre cómo contribuir a este proyecto.\n\n## Licencia y Créditos\n\n* Este proyecto está licenciado bajo la **Licencia MIT**. Por favor, revisa el archivo [LICENSE](https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/LICENSE) para obtener más información.\n* Ghost CMS está licenciado bajo la [Licencia MIT](https://github.com/TryGhost/Ghost/blob/main/LICENSE).\n* La imagen de node y la imagen Distroless están licenciadas por sus respectivos propietarios.\n\n## Historial de Estrellas\n\n![Star History Chart](https://api.star-history.com/svg?repos=sredevopsorg/ghost-on-kubernetes\u0026type=Date\u0026theme=dark)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsredevopsorg%2Fghost-on-kubernetes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsredevopsorg%2Fghost-on-kubernetes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsredevopsorg%2Fghost-on-kubernetes/lists"}