netflux-kubernetes/deploy/base/statefulset-radicale.yaml

89 lines
2.0 KiB
YAML
Raw Normal View History

2022-06-19 04:46:48 +02:00
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: radicale
labels:
app: radicale
component: web
app.kubernetes.io/name: radicale
app.kubernetes.io/instance: radicale
spec:
serviceName: radicale
selector:
matchLabels:
app: radicale
component: web
template:
metadata:
labels:
app: radicale
component: web
app.kubernetes.io/name: radicale
app.kubernetes.io/instance: radicale
spec:
2023-09-11 00:18:13 +02:00
securityContext:
runAsUser: 2999
runAsGroup: 2999
runAsNonRoot: true
2022-06-19 04:46:48 +02:00
containers:
- name: radicale
2023-10-08 19:40:14 +02:00
image: tomsquest/docker-radicale:latest
imagePullPolicy: Always
2022-06-19 04:46:48 +02:00
ports:
- name: caldav
protocol: TCP
containerPort: 5232
env:
- name: TAKE_FILE_OWNERSHIP
value: "false"
volumeMounts:
- mountPath: /config/config
subPath: config.toml
name: config
- mountPath: /etc/radicale/users
subPath: users
name: config
- mountPath: /data
name: data
resources:
requests:
memory: "64Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "250m"
livenessProbe:
httpGet:
path: /.web/
port: caldav
scheme: HTTP
initialDelaySeconds: 10
successThreshold: 1
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 1
securityContext:
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
add:
- SETUID
- SETGID
- KILL
volumes:
- name: config
configMap:
name: radicale-config
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi