Add radicale

This commit is contained in:
Rob Watson 2022-06-19 04:46:48 +02:00
parent e64020a299
commit 6bf11341d0
9 changed files with 257 additions and 0 deletions

View File

@ -84,3 +84,13 @@ spec:
name: netflux-homepage
port:
name: http
- host: caldav.internal
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: radicale
port:
name: caldav

View File

@ -93,6 +93,9 @@ resources:
- deploy-netflux-homepage.yaml
- svc-netflux-homepage.yaml
- statefulset-radicale.yaml
- svc-radicale.yaml
configMapGenerator:
- name: gitea-scripts
files:

View File

@ -0,0 +1,84 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: radicale
labels:
app: radicale
component: web
app.kubernetes.io/name: radicale
app.kubernetes.io/instance: radicale
spec:
serviceName: radicale
selector:
matchLabels:
app: radicale
component: web
template:
metadata:
labels:
app: radicale
component: web
app.kubernetes.io/name: radicale
app.kubernetes.io/instance: radicale
spec:
containers:
- name: radicale
image: tomsquest/docker-radicale
imagePullPolicy: IfNotPresent
ports:
- name: caldav
protocol: TCP
containerPort: 5232
env:
- name: TAKE_FILE_OWNERSHIP
value: "false"
volumeMounts:
- mountPath: /config/config
subPath: config.toml
name: config
- mountPath: /etc/radicale/users
subPath: users
name: config
- mountPath: /data
name: data
resources:
requests:
memory: "64Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "250m"
livenessProbe:
httpGet:
path: /.web/
port: caldav
scheme: HTTP
initialDelaySeconds: 10
successThreshold: 1
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 1
securityContext:
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
add:
- SETUID
- SETGID
- KILL
volumes:
- name: config
configMap:
name: radicale-config
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

View File

@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: radicale
component: web
app.kubernetes.io/instance: radicale
app.kubernetes.io/name: radicale
name: radicale
spec:
ports:
- name: caldav
port: 5232
protocol: TCP
targetPort: 5232
selector:
app: radicale
component: web
type: ClusterIP

View File

@ -52,6 +52,13 @@ configMapGenerator:
options:
labels:
app: drone
- name: radicale-config
files:
- config.toml=radicale-config.toml
- users=radicale-users
options:
labels:
app: radicale
secretGenerator:
- name: grafana-credentials
literals:

View File

@ -0,0 +1,122 @@
# -*- mode: conf -*-
# vim:ft=cfg
# Config file for Radicale - A simple calendar server
#
# Place it into /etc/radicale/config (global)
# or ~/.config/radicale/config (user)
#
# The current values are the default ones
[server]
# CalDAV server hostnames separated by a comma
# IPv4 syntax: address:port
# IPv6 syntax: [address]:port
# For example: 0.0.0.0:9999, [::]:9999
#hosts = localhost:5232
hosts = 0.0.0.0:5232
# Max parallel connections
#max_connections = 8
# Max size of request body (bytes)
#max_content_length = 100000000
# Socket timeout (seconds)
#timeout = 30
# SSL flag, enable HTTPS protocol
#ssl = False
# SSL certificate path
#certificate = /etc/ssl/radicale.cert.pem
# SSL private key
#key = /etc/ssl/radicale.key.pem
# CA certificate for validating clients. This can be used to secure
# TCP traffic between Radicale and a reverse proxy
#certificate_authority =
[encoding]
# Encoding for responding requests
#request = utf-8
# Encoding for storing local collections
#stock = utf-8
[auth]
# Authentication method
# Value: none | htpasswd | remote_user | http_x_remote_user
type = htpasswd
# Htpasswd filename
htpasswd_filename = /etc/radicale/users
# Htpasswd encryption method
# Value: plain | bcrypt | md5
# bcrypt requires the installation of radicale[bcrypt].
htpasswd_encryption = bcrypt
# Incorrect authentication delay (seconds)
delay = 1
# Message displayed in the client when a password is needed
#realm = Radicale - Password Required
[rights]
# Rights backend
# Value: none | authenticated | owner_only | owner_write | from_file
type = owner_only
# File for rights management from_file
#file = /etc/radicale/rights
[storage]
# Storage backend
# Value: multifilesystem | multifilesystem_nolock
#type = multifilesystem
# Folder for storing local collections, created if not present
#filesystem_folder = /var/lib/radicale/collections
filesystem_folder = /data/collections
# Delete sync token that are older (seconds)
#max_sync_token_age = 2592000
# Command that is run after changes to storage
# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
#hook =
[web]
# Web interface backend
# Value: none | internal
#type = internal
[logging]
# Threshold for the logger
# Value: debug | info | warning | error | critical
level = info
# Don't include passwords in logs
mask_passwords = True
[headers]
# Additional HTTP headers
#Access-Control-Allow-Origin = *

View File

@ -0,0 +1 @@
rob:$2y$05$6ITQM3WPMDZL.vAi/L0whOXI2NxHwU6fq7PJUuQorP7oGoxWqGik2

View File

@ -16,6 +16,7 @@
- drone.netflux.io
- synapse.netflux.io
- netflux.io
- caldav.netflux.io
secretName: prod-ingress-tls
- op: replace
path: /spec/rules/0/host
@ -38,3 +39,6 @@
- op: replace
path: /spec/rules/6/host
value: netflux.io
- op: replace
path: /spec/rules/7/host
value: caldav.netflux.io

View File

@ -38,6 +38,13 @@ configMapGenerator:
options:
labels:
app: drone
- name: radicale-config
files:
- config.toml=secrets/radicale-config.toml
- users=secrets/radicale-users
options:
labels:
app: radicale
secretGenerator:
- name: prometheus-credentials
files: