Installing Ghost on DigitalOcean with Kubernetes

Simply click on Create Kubernetes cluster. You can select 1 droplet (this blog is running on 1 20$ machine). Ignore the warning when you select a cluster with only 1 droplet. It will work.

While the cluster is spinning up install doctl tools from DigitalOcean.

MacOS

Use Homebrew to install doctl on macOS:

brew install doctl

doctl is also available via MacPorts. Note that
the port is community maintained and may not be on the latest version.

Snap supported OS

Use Snap on Snap-supported systems to
install doctl:

sudo snap install doctl

Use with kubectl

Using kubectl requires the kube-config personal-files connection for doctl:

sudo snap connect doctl:kube-config

Using doctl compute ssh

Using doctl compute ssh requires the core ssh-keys interface:

sudo snap connect doctl:ssh-keys :ssh-keys

Use with Docker

Using doctl registry login requires the dot-docker personal-files connection for doctl:

sudo snap connect doctl:dot-docker

This allows doctl to add DigitalOcean container registry credentials to your Docker configuration file.

Arch Linux

doctl is available in the official Arch Linux repository:

sudo pacman -S doctl

As an alternative, you can install it from the AUR.

Make sure you read error messages is using Snap for installation. You'll probably need to run additional command after installation:

 sudo snap connect doctl:dot-docker

Now clone the github repository:

https://github.com/igorrendulic/ghost-kubernetes

kubectl create -f volume.yaml
kubectl create -f deployment.yaml
kubectl create -f service.yaml

We're almost done.

Connect Domain to the right LoadBalancer

Navigate to Networking -> Domains and click on your domain.

If you have more than one load balancer make sure to select the correct one:

I'm not sure yet if A record must be added. Doesn't seem likely. You can add it anyways from Domains.

Add an Let's Encrypt SSL Certificate

The first step of enabling SSL Certificate is to create a Let's Encrypt managed certificate. You can do that through a LoadBalancer console.

Navigate to Networking -> Load Balancers -> Settings.

Edit the "Forwarding rules" and add new rule with a certificate:

The Droplet part of the settings currently don't matter. You can select HTTP with port 80 for example. We will update our service.yml to make use of the generated certificate.

Once the certificate is created you need to find it's ID, using doctl command:

doctl compute certificate list

Grab the ID and replace e4dca8e1-86f9-4933-a5d1-20347c4c9036 with your own in service-tls.yml file. Save it and run:

kubectl apply -f service-tls.yml

This will replace your current service settings with the TLS termination settings.

Resources:

• https://www.digitalocean.com/docs/networking/load-balancers/how-to/ssl-termination/
• https://www.digitalocean.com/docs/kubernetes/how-to/configure-load-balancers/
• https://github.com/digitalocean/doctl