Building a Blog on Civo K3s

Introduction

What better way to start learning a new technology than to use it for something productive? This guide will get you up and running with a Ghost blog on Civo's managed Kubernetes platform. It will quickly go over Civo Kubernetes and getting started, followed by a step-by-step guide for configuring your blog.

Getting Up and Running With Kubernetes

At the time of writing Civo are only allowing a limited number of people to join the #KUBE100 Beta. There are still spaces on the beta, so it's definitely worth registering your interest.

To keep this guide focused to deploying Ghost, it will not cover setting up Kubernetes. To get up and running in Civo managed Kubernetes, take a look at some of the guides here, or Alex Ellis's post on his blog detailing his experience getting started. Once you have a cluster running, you can get started with deploying Ghost with the section below.

Make sure you also have kubectl installed, as we will be managing the cluster using it.

Building Ghost

I will run through the setup of Ghost on Civo, step by step. I would recommend using a real domain name throughout, it will make the SSL bit later easier. Otherwise, you will probably end up ripping it all down and starting again. Fortunately with Kubernetes that's not as painful as it seems!

Environment Setup:

First, let's download the configuration file of the cluster you will be working with. You will find this on the cluster information page on the Civo dashboard, like in the image below:

Open your favourite terminal and navigate to a sensible directory.
Once downloaded you can set your session to use this:

export KUBECONFIG="path_to_config_file"

You can verify you are connected to the right cluster by doing a quick check of the nodes:

kubectl get nodes

And checking these against the cluster in the web interface, you wouldn't want to be connected to the wrong cluster!

Step 1 - Storage

To ensure the blog does not vanish like a...(sorry), I had to make sure there was persistent storage available for both the database and the ghost configuration/theme files. Civo Kubernetes provides stateful storage through an application:

The Civo marketplace provides the essential tools for Kubernetes and Longhorn by Rancher is one of them. Having not used Longhorn before, the installation was as easy as clicking the icon! Give it a few minutes to create the pods. You can check on their progress with, assuming you have kubectl set up and pointing at your cluster as per the set-up instructions:

kubectl get pods -n longhorn-system
NAME                                        READY   STATUS            RESTARTS   AGE
svclb-longhorn-frontend-4z4zp               0/1     Pending           0          93s
longhorn-manager-mgwrt                      1/1     Running           0          94s
longhorn-ui-7bd887cd87-qkng2                1/1     Running           0          93s
engine-image-ei-3827e67c-sthtc              1/1     Running           0          57s
instance-manager-e-d25cac90                 1/1     Running           0          8s
instance-manager-r-225aa2b5                 1/1     Running           0          8s
longhorn-driver-deployer-576bc5f794-ssfb9   0/1     PodInitializing   0          93s

To speed up the process I've provided links below to some yaml files to create parts of the config. You may want to download and create these manually. They are provided for reference only.

Step 2 - Creating storage for MYSQL

You can use the command below to quickly deploy the PVC (Persistent Volume Claim):

kubectl apply -f https://raw.githubusercontent.com/keithhubner/CIVO-K3S/master/vol-mysql.yml

You should be able to view the PV (Persistent Volume) and PVC (Persistent Volume Claim):

kubectl get pv

NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                    STORAGECLASS   REASON   AGE
pvc-e14f138c-d070-4552-9cda-c2c37aad7680   5Gi        RWO            Delete           Bound    default/mysql-pv-claim   longhorn                112m
kubectl get pvc

NAME             STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
mysql-pv-claim   Bound    pvc-e14f138c-d070-4552-9cda-c2c37aad7680   5Gi        RWO            longhorn       113m

Step 3 - Creating the storage for Ghost

Again I have a yaml file ready to go to create this for you. If you want to, feel free to download and edit this file yourself.

kubectl apply -f https://raw.githubusercontent.com/keithhubner/CIVO-K3S/master/vol-ghost.yml

Again check the PV and PVC have been setup correctly. They should look a bit like this:

kubectl get pv

NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                    STORAGECLASS   REASON   AGE
pvc-e14f138c-d070-4552-9cda-c2c37aad7680   5Gi        RWO            Delete           Bound    default/mysql-pv-claim   longhorn                116m
pvc-ffbf04ab-295d-420e-85ce-7ba25e5ea7cd   5Gi        RWO            Delete           Bound    default/ghost-pv-claim   longhorn                75m

kubectl get pvc 

NAME             STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
mysql-pv-claim   Bound    pvc-e14f138c-d070-4552-9cda-c2c37aad7680   5Gi        RWO            longhorn       114m
ghost-pv-claim   Bound    pvc-ffbf04ab-295d-420e-85ce-7ba25e5ea7cd   5Gi        RWO            longhorn       72m

Step 4 - Starting up MYSQL

Before deploying mysql, it's a good idea to create a Kubernetes secret to store the root password.

First we need to generate the password in base64, change this for your password:

echo -n some_text_to_encode | base64

You will get an output in base64:

c29tZV90ZXh0X3RvX2VuY29kZQ==

Copy the code below to a file called mysql-pass.yml (make sure you change the password for the base64 value given above)

apiVersion: v1
kind: Secret
metadata:
  name: mysql-pass
type: Opaque
data:
  password: c29tZV90ZXh0X3RvX2VuY29kZQ==
kubectl apply -f mysql-pass.yml

You should get a confirmation that the secret was created and you can check the secret has been stored:

secret/mysql-pass created
kubectl get secrets

NAME                  TYPE                                  DATA   AGE
default-token-zcdl6   kubernetes.io/service-account-token   3      98m
mysql-pass            Opaque                                1      53m

We will then reference this secret when both creating the server and also connecting to it from ghost, no passwords in code, hurrah!

Step 5 - Deploying MYSQL

You can use the command below to quickly deploy mysql:

kubectl apply -f https://raw.githubusercontent.com/keithhubner/CIVO-K3S/master/mysql-ghost.yml

After a few minutes you should see that the ghost-mysql pod is now running:

kubectl get pods

NAME                            READY   STATUS    RESTARTS   AGE
ghost-mysql-797694cfb8-zqktc    1/1     Running   0          53m

It's worth checking that mysql is up and running and accepting connections (change the pod name to match your result from above):

kubectl logs ghost-mysql-x

Step 6 - Deploying Ghost

Before we deploy ghost, we need to setup Cert Manager to allow us to use TLS for our blog.

Using cert-manager and deploying it in Civo is pretty straight forward! As with Longhorn, you can deploy it directly from the Civo marketplace:

Alternatively, if you are using the Civo CLI you just need to run:

$ civo applications add cert-manager
Added cert-manager v0.11.0 to Kubernetes cluster

Check it's started properly:

kubectl get pods -n cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-cainjector-54c4796c5d-zwbnz   1/1     Running   0          104m
cert-manager-55fff7f85f-jzpxn              1/1     Running   0          104m
cert-manager-webhook-77ccf5c8b4-2ggnz      1/1     Running   1          104m

Because Cert-Manager uses your domain records to verify ownership, you will need to alter your public DNS to point to the external IP address of one of your nodes (I appreciate a load balancer would be better here! Something i'll be writing about in a future blog!).

The first thing we need to do is create a provider.yml file. Copy the file below into a new file called provider.yml making sure you** edit the email address to your own.**

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: your@email.co.uk
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: traefik

Next apply this file:

kubectl apply -f provider.yml

You will see:

clusterissuer.cert-manager.io/letsencrypt-prod created

You can use the copy the code below to a file called ghost.yml, replacing yourbloghere domain with your own.

apiVersion: v1
kind: Service
metadata:
  name: ghost-svc
  labels:
    app: ghost
    tier: frontend
spec:
  selector:
    app: ghost
    tier: frontend
  ports:
  - protocol: TCP
    port: 2368
    targetPort: 2368  
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ghost-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: "traefik"
    ingress.kubernetes.io/ssl-redirect: "true"
  labels:
    app: ghost
spec:
  tls:
  - hosts:
    - www.yourbloghere.com
    - yourbloghere.com
    secretName: letsencrypt-prod
  rules:
  - host: www.yourbloghere.com
    http:
      paths:
      - path: /
        backend:
          serviceName: ghost-svc
          servicePort: 2368
  - host: yourbloghere.com
    http:
      paths:
      - path: /
        backend:
          serviceName: ghost-svc
          servicePort: 2368        
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ghost-deploy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ghost
      tier: frontend
  template:
    metadata:
      labels:
        app: ghost
        tier: frontend
    spec:
  #    securityContext:
  #      runAsUser: 1000
  #      runAsGroup: 50
      containers:
      - name: blog
        image: ghost
        imagePullPolicy: Always
        ports:
        - containerPort: 2368
        env:
        - name: url
          value: https://www.yourbloghere.com
        - name: database__client
          value: mysql
        - name: database__connection__host
          value: ghost-mysql
        - name: database__connection__user
          value: root
        - name: database__connection__password
          valueFrom:
            secretKeyRef:
              name: mysql-pass
              key: password
        - name: database__connection__database
          value: ghost
        volumeMounts:
        - mountPath: /var/lib/ghost/content
          name: ghost-vol
      volumes:
        - name: ghost-vol
          persistentVolumeClaim:
            claimName: ghost-pv-claim

Then, apply this file to your cluster:

kubectl apply -f ghost.yml

You should see the following:

service/ghost-svc created
ingress.networking.k8s.io/ghost-ingress created
deployment.apps/ghost-deploy created

Again check the that it is running OK:

kubectl get pods

NAME                            READY   STATUS    RESTARTS   AGE
ghost-mysql-797694cfb8-zqktc    1/1     Running   0          64m
ghost-deploy-868ff9bfd5-z82t4   1/1     Running   0          44s

You can verify that both mysql and ghost are ready to rock with some simple commands. You can use the commands below, making sure to change the pod names to the ones returned by kubectl:

kubectl logs ghost-mysql-x
kubectl logs ghost-deploy-x

You will get lots of output, but should show the following:

2019-10-28 21:51:08 1 [Note] Server socket created on IP: '::'.
2019-10-28 21:51:08 1 [Warning] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2019-10-28 21:51:08 1 [Warning] 'proxies_priv' entry '@ root@ghost-mysql-797694cfb8-zqktc' ignored in --skip-name-resolve mode.
2019-10-28 21:51:08 1 [Note] Event Scheduler: Loaded 0 events
2019-10-28 21:51:08 1 [Note] mysqld: ready for connections.
Version: '5.6.46'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server (GPL)
[2019-10-28 22:54:10] INFO Ghost is running in production...
[2019-10-28 22:54:10] INFO Your site is now available on https://www.yourbloghere.com/
[2019-10-28 22:54:10] INFO Ctrl+C to shut down
[2019-10-28 22:54:10] INFO Ghost boot 1.959s

You can also check if the certificate has been issued properly by using:

kubectl describe cert

All being well you should see the cert issued:

Status:
  Conditions:
    Last Transition Time:  2019-10-28T22:53:50Z
    Message:               Certificate is up to date and has not expired
    Reason:                Ready
    Status:                True
    Type:                  Ready
  Not After:               2020-01-26T20:52:57Z
Events:                    <none>

Now we can see if it's running, exciting!

Hopefully your DNS records have updated by now, if not just edit your host file to point to the new domain using an IP address of one of the nodes from the Civo web interface.

All being well you should see your shiny new blog:

Congratulations! Your new blog is ready!

If you have had any issues with this guide or would like any more detail on the process, please provide feedback. You can reach us on the Civo Community Slack or using the intercom chat on any civo.com page. Thanks!

A version of this post was originally posted on Keith's own blog, Technically Interesting.