all repos — infra @ 2c2f4a9c4ea30de96f40d8cd804201ede5015088

infrastructure manifests and setup notes 

apps: add radicale
Anirudh Oppiliappan x@icyphox.sh
Tue, 02 Jul 2024 00:30:02 +0300
commit

2c2f4a9c4ea30de96f40d8cd804201ede5015088

parent

fe4e1663705e00f04340ca4f18cde91a435f6f92

6 files changed, 42 insertions(+), 83 deletions(-)

jump to
M .gitignore.gitignore 
@@ -1,1 +1,2 @@ 
 *certs*
+rootca.crt
D apps/radicale/Dockerfile 
@@ -1,14 +0,0 @@ 
-FROM alpine
-
-RUN apk add --no-cache \
-    python3 \
-    py3-pip
-
-RUN python3 -m pip install --upgrade radicale
-RUN addgroup -S radicale && adduser -S radicale -G radicale
-
-USER radicale
-WORKDIR /home/radicale
-EXPOSE 5232
-
-CMD ["python3", "-m", "radicale", "--server-hosts", "0.0.0.0:5232", "--storage-filesystem-folder=./collections"]
D apps/radicale/ing.yaml 
@@ -1,28 +0,0 @@ 
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      proxy_set_header  X-Script-Name /;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  Host $http_host;
-      proxy_pass_header Authorization;
-    kubernetes.io/tls-acme: 'true'
-    cert-manager.io/issuer: "letsencrypt-prod"
-  name: radicale-ingress
-spec:
-  tls:
-    - hosts:
-      - dav.icyphox.sh
-      secretName: radicale-certs
-  rules:
-  - host: dav.icyphox.sh
-    http:
-      paths:
-      - backend:
-          service:
-            name: radicale
-            port:
-              number: 5232
-        path: /
-        pathType: Prefix
D apps/radicale/pvc.yaml 
@@ -1,10 +0,0 @@ 
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: radicale-collections
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 100Mi
M apps/radicale/radicale.yamlapps/radicale/radicale.yaml 
@@ -13,19 +13,15 @@ metadata:
       labels:
         app: radicale
     spec:
-      securityContext:
-        fsGroup: 101
-      imagePullSecrets:
-        - name: registry-creds
       nodeSelector:
-        arch: "amd64"
+        kubernetes.io/hostname: sini
       containers:
         - name: radicale
-          image: reg.icyphox.sh/radicale
+          image: tomsquest/docker-radicale
           imagePullPolicy: IfNotPresent
           volumeMounts:
             - name: collections
-              mountPath: "/home/radicale/collections"
+              mountPath: /data/collections
           ports:
             - name: http
               containerPort: 5232

@@ -43,5 +39,41 @@ selector:
     app: radicale
   ports:
     - name: http
-      port: 5232
+      port: 80
       targetPort: 5232
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: radicale-collections
+spec:
+  storageClassName: local-path
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dav.koti.lan
+  namespace: default
+spec:
+  ingressClassName: caddy
+  rules:
+  - host: dav.koti.lan
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: radicale
+            port:
+              number: 80
+  tls:
+    - secretName: koti-lan-tls
+      hosts:
+        - dav.koti.lan
+
M apps/yarr/ing.yamlapps/yarr/ing.yaml 
@@ -1,23 +1,1 @@ 
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    kubernetes.io/tls-acme: 'true'
-    cert-manager.io/issuer: "letsencrypt-prod"
-  name: yarr-ingress
-spec:
-  tls:
-    - hosts:
-      - f.icyphox.sh
-      secretName: yarr-certs
-  rules:
-  - host: f.icyphox.sh
-    http:
-      paths:
-      - backend:
-          service:
-            name: yarr
-            port:
-              number: 7070
-        path: /
-        pathType: Prefix
+