all repos — infra @ e63b77bec0f29374d2a54f288d0ecaa8d3b906ad

infrastructure manifests and setup notes

apps: add yarr, and simplify tls
Anirudh Oppiliappan x@icyphox.sh
Thu, 04 Jul 2024 22:21:24 +0300
commit

e63b77bec0f29374d2a54f288d0ecaa8d3b906ad

parent

98c073e8a948e7e07313a98b6ee84e9b733304c1

5 files changed, 47 insertions(+), 57 deletions(-)

jump to
M apps/coredns/coredns.yamlapps/coredns/coredns.yaml

@@ -127,8 +127,8 @@

koti.lan:53 { kubernetes koti.lan - rewrite name dav.koti.lan caddy-ingress-caddy-ingress-controller.caddy-system.svc.koti.lan - rewrite name rss.koti.lan caddy-ingress-caddy-ingress-controller.caddy-system.svc.koti.lan + rewrite name dav.koti.lan radicale.default.svc.koti.lan + rewrite name rss.koti.lan yarr.default.svc.koti.lan } import /etc/coredns/custom/*.server
M apps/radicale/radicale.yamlapps/radicale/radicale.yaml

@@ -22,13 +22,33 @@ imagePullPolicy: IfNotPresent

volumeMounts: - name: collections mountPath: /data/collections + - name: tls + mountPath: /tls ports: - name: http containerPort: 5232 + command: ["/venv/bin/radicale", "--config", "/config/config"] + args: + - --ssl + - "true" + - -c + - /tls/tls.crt + - -k + - /tls/tls.key volumes: - name: collections persistentVolumeClaim: claimName: radicale-collections + - name: tls + projected: + sources: + - secret: + name: dav-koti-lan + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key --- apiVersion: v1 kind: Service

@@ -38,8 +58,8 @@ spec:

selector: app: radicale ports: - - name: http - port: 80 + - name: https + port: 443 targetPort: 5232 --- apiVersion: v1

@@ -53,27 +73,3 @@ - ReadWriteOnce

resources: requests: storage: 100Mi ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: dav.koti.lan - namespace: default -spec: - ingressClassName: caddy - rules: - - host: dav.koti.lan - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: radicale - port: - number: 80 - tls: - - secretName: koti-lan-tls - hosts: - - dav.koti.lan -
D apps/yarr/Dockerfile

@@ -1,12 +0,0 @@

-FROM golang:alpine AS build -RUN apk add build-base git -WORKDIR /src -COPY . . -RUN make build_linux - -FROM alpine:latest -RUN apk add --no-cache ca-certificates && \ - update-ca-certificates -COPY --from=build /src/_output/linux/yarr /usr/local/bin/yarr -EXPOSE 7070 -CMD ["/usr/local/bin/yarr", "-addr", "0.0.0.0:7070", "-db", "/data/yarr.db"]
D apps/yarr/ing.yaml

@@ -1,1 +0,0 @@

-
M apps/yarr/yarr.yamlapps/yarr/yarr.yaml

@@ -13,29 +13,24 @@ metadata:

labels: app: yarr spec: - imagePullSecrets: - - name: registry-creds - nodeSelector: - arch: "arm" containers: - name: yarr - image: reg.icyphox.sh/yarr + image: sini:5000/yarr:latest imagePullPolicy: Always - volumeMounts: - - name: auth - mountPath: "/config" - readOnly: true ports: - name: http containerPort: 7070 - command: ["/bin/sh"] args: - - -c - - /usr/local/bin/yarr -auth-file /config/auth -addr 0.0.0.0:7070 + - -addr + - 0.0.0.0:7070 + volumeMounts: + - name: db + mountPath: /data volumes: - - name: auth - secret: - secretName: yarr-auth + - name: db + persistentVolumeClaim: + claimName: yarr-db + --- apiVersion: v1 kind: Service

@@ -46,5 +41,17 @@ selector:

app: yarr ports: - name: http - port: 7070 + port: 80 targetPort: 7070 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: yarr-db +spec: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Mi