apps: radicale: terminate TLS at the ingress
Anirudh Oppiliappan x@icyphox.sh
Tue, 30 Jul 2024 12:57:38 +0300
2 files changed,
32 insertions(+),
22 deletions(-)
M
apps/coredns/coredns.yaml
→
apps/coredns/coredns.yaml
@@ -5,7 +5,7 @@ koti.lan:53 {
log kubernetes koti.lan - rewrite name dav.koti.lan radicale.default.svc.koti.lan + rewrite name dav.koti.lan koti-ingress-nginx-controller.ingress-nginx.svc.koti.lan rewrite name feed.koti.lan miniflux.default.svc.koti.lan rewrite name g.koti.lan grafana.monitoring.svc.koti.lan rewrite name files.garage.koti.lan garage.default.svc.koti.lan
M
apps/radicale/radicale.yaml
→
apps/radicale/radicale.yaml
@@ -22,33 +22,14 @@ imagePullPolicy: IfNotPresent
volumeMounts: - name: collections mountPath: /data/collections - - name: tls - mountPath: /tls ports: - name: http containerPort: 5232 command: ["/venv/bin/radicale", "--config", "/config/config"] - args: - - --ssl - - "true" - - -c - - /tls/tls.crt - - -k - - /tls/tls.key volumes: - name: collections persistentVolumeClaim: claimName: radicale-collections - - name: tls - projected: - sources: - - secret: - name: dav-koti-lan - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key --- apiVersion: v1 kind: Service@@ -58,8 +39,8 @@ spec:
selector: app: radicale ports: - - name: https - port: 443 + - name: http + port: 80 targetPort: 5232 --- apiVersion: v1@@ -73,3 +54,32 @@ - ReadWriteOnce
resources: requests: storage: 100Mi +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "true" + labels: + app.kubernetes.io/component: radicale + app.kubernetes.io/instance: radicale + app.kubernetes.io/name: radicale + name: dav.koti.lan + namespace: default +spec: + ingressClassName: nginx + rules: + - host: dav.koti.lan + http: + paths: + - backend: + service: + name: radicale + port: + name: http + path: / + pathType: Prefix + tls: + - hosts: + - dav.koti.lan + secretName: dav-koti-lan