apiVersion: apps/v1 kind: StatefulSet metadata: name: radicale labels: app: radicale component: web app.kubernetes.io/name: radicale app.kubernetes.io/instance: radicale spec: serviceName: radicale selector: matchLabels: app: radicale component: web template: metadata: labels: app: radicale component: web app.kubernetes.io/name: radicale app.kubernetes.io/instance: radicale spec: securityContext: runAsUser: 2999 runAsGroup: 2999 runAsNonRoot: true containers: - name: radicale image: tomsquest/docker-radicale:latest imagePullPolicy: Always ports: - name: caldav protocol: TCP containerPort: 5232 env: - name: TAKE_FILE_OWNERSHIP value: "false" volumeMounts: - mountPath: /config/config subPath: config.toml name: config - mountPath: /etc/radicale/users subPath: users name: config - mountPath: /data name: data resources: requests: memory: "64Mi" cpu: "100m" limits: memory: "256Mi" cpu: "250m" livenessProbe: httpGet: path: /.web/ port: caldav scheme: HTTP initialDelaySeconds: 10 successThreshold: 1 failureThreshold: 3 periodSeconds: 30 timeoutSeconds: 1 securityContext: privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL add: - SETUID - SETGID - KILL volumes: - name: config configMap: name: radicale-config volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi