add radicale

Author: soerenschneider

clusters/argo-svc.dd.soeren.cloud/apps/radicale/config-cm.yaml

@@ -0,0 +1,50 @@
+---
+apiVersion: v1
+data:
+  config: |+
+    # -*- mode: conf -*-
+    # vim:ft=cfg
+    [server]
+    # CalDAV server hostnames separated by a comma
+    # IPv4 syntax: address:port
+    # IPv6 syntax: [address]:port
+    # For example: 0.0.0.0:9999, [::]:9999
+    #hosts = localhost:5232
+    hosts = 0.0.0.0:5232
+    [encoding]
+    # Encoding for responding requests
+    request = utf-8
+    # Encoding for storing local collections
+    stock = utf-8
+    [auth]
+    # bcrypt requires the installation of radicale[bcrypt].
+    htpasswd_encryption = bcrypt
+    # Incorrect authentication delay (seconds)
+    delay = 2
+    # Message displayed in the client when a password is needed
+    #realm = Radicale - Password Required
+    [rights]
+    # File for rights management from_file
+    #file = /etc/radicale/rights
+    [storage]
+    type = multifilesystem
+    # Folder for storing local collections, created if not present
+    filesystem_folder = /data/collections
+    # Delete sync token that are older (seconds)
+    #max_sync_token_age = 2592000
+    # Command that is run after changes to storage
+    # Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
+    #hook =
+    [web]
+    # Web interface backend
+    type = internal
+    [logging]
+    level = info
+    # Don't include passwords in logs
+    mask_passwords = True
+    [headers]
+    # Additional HTTP headers
+    #Access-Control-Allow-Origin = *
+kind: ConfigMap
+metadata:
+  name: radicale

clusters/argo-svc.dd.soeren.cloud/apps/radicale/external-secret-radicale-restic.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: "ExternalSecret"
+metadata:
+  name: "radicale-restic-pvc"
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "radicale-restic-pvc"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "AWS_ACCESS_KEY_ID"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/radicale/aws-credentials"
+        property: "AWS_ACCESS_KEY_ID"
+    - secretKey: "AWS_SECRET_ACCESS_KEY"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/radicale/aws-credentials"
+        property: "AWS_SECRET_ACCESS_KEY"
+    - secretKey: "RESTIC_PASSWORD"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/radicale/restic"
+        property: "pass"

clusters/argo-svc.dd.soeren.cloud/apps/radicale/external-secret-radicale.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: "ExternalSecret"
+metadata:
+  name: "radicale"
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "radicale"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "RADICALE_USERS"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/radicale"
+        property: "RADICALE_USERS"

clusters/argo-svc.dd.soeren.cloud/apps/radicale/kustomization.yaml

@@ -0,0 +1,56 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: radicale
+resources:
+  - namespace.yaml
+  - config-cm.yaml
+  - external-secret-radicale.yaml
+  - external-secret-radicale-restic.yaml
+  - ../../../../apps/radicale
+components:
+  - ../../../../apps/radicale/components/istio
+  - ../../../../apps/radicale/components/istio-proxy
+  - ../../../../apps/radicale/components/pvc
+patches:
+  - target:
+      kind: VirtualService
+      name: radicale
+    patch: |-
+      - op: "replace"
+        path: "/spec/hosts"
+        value:
+          - "radicale.svc.dd.soeren.cloud"
+  - target:
+      kind: Deployment
+      name: radicale
+    patch: |-
+      - op: add
+        path: /spec/template/spec/priorityClassName
+        value: prod-default-prio
+      - op: add
+        path: /spec/template/spec/containers/0/volumeMounts/-
+        value:
+          name: config
+          mountPath: /config
+      - op: add
+        path: /spec/template/spec/volumes/-
+        value:
+          name: config
+          configMap:
+            name: radicale
+      - op: add
+        path: /spec/template/spec/containers/0/volumeMounts/-
+        value:
+          name: users
+          mountPath: /etc/radicale/users
+          subPath: users
+      - op: add
+        path: /spec/template/spec/volumes/-
+        value:
+          name: users
+          secret:
+            secretName: radicale
+            items:
+              - key: RADICALE_USERS
+                path: users

clusters/argo-svc.dd.soeren.cloud/apps/radicale/namespace.yaml

@@ -0,0 +1,7 @@
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: radicale
+  labels:
+    name: radicale