feat(lasuite): add calendars service deployment manifests

Add K8s manifests for calendars backend, frontend (Caddy), CalDAV server, and Celery worker. Wire Pingora routing for cal.sunbeam.pt with path-based backend/caldav/static splits. Add OAuth2Client for OIDC, VaultDynamicSecret for DB credentials, VaultStaticSecret for Django/CalDAV keys, and TLS cert coverage for the cal subdomain. Register calendars in the integration service gaufre widget.
2026-03-18 18:36:05 +00:00
parent ccfe8b877a
commit 3c7460f4a6
18 changed files with 659 additions and 0 deletions
--- a/base/lasuite/vault-secrets.yaml
+++ b/base/lasuite/vault-secrets.yaml
@@ -572,3 +572,68 @@ spec:
          text: "{{ index .Secrets \"mta-out-smtp-username\" }}"
        SMTP_PASSWORD:
          text: "{{ index .Secrets \"mta-out-smtp-password\" }}"
+---
+# Calendars DB credentials from OpenBao database secrets engine (static role, 24h rotation).
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultDynamicSecret
+metadata:
+  name: calendars-db-credentials
+  namespace: lasuite
+spec:
+  vaultAuthRef: vso-auth
+  mount: database
+  path: static-creds/calendars
+  allowStaticCreds: true
+  refreshAfter: 5m
+  rolloutRestartTargets:
+    - kind: Deployment
+      name: calendars-backend
+    - kind: Deployment
+      name: calendars-worker
+    - kind: Deployment
+      name: calendars-caldav
+  destination:
+    name: calendars-db-credentials
+    create: true
+    overwrite: true
+    transformation:
+      excludeRaw: true
+      templates:
+        password:
+          text: "{{ index .Secrets \"password\" }}"
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: calendars-django-secret
+  namespace: lasuite
+spec:
+  vaultAuthRef: vso-auth
+  mount: secret
+  type: kv-v2
+  path: calendars
+  refreshAfter: 30s
+  rolloutRestartTargets:
+    - kind: Deployment
+      name: calendars-backend
+    - kind: Deployment
+      name: calendars-worker
+    - kind: Deployment
+      name: calendars-caldav
+  destination:
+    name: calendars-django-secret
+    create: true
+    overwrite: true
+    transformation:
+      excludeRaw: true
+      templates:
+        DJANGO_SECRET_KEY:
+          text: "{{ index .Secrets \"django-secret-key\" }}"
+        SALT_KEY:
+          text: "{{ index .Secrets \"salt-key\" }}"
+        CALDAV_INBOUND_API_KEY:
+          text: "{{ index .Secrets \"caldav-inbound-api-key\" }}"
+        CALDAV_OUTBOUND_API_KEY:
+          text: "{{ index .Secrets \"caldav-outbound-api-key\" }}"
+        CALDAV_INTERNAL_API_KEY:
+          text: "{{ index .Secrets \"caldav-internal-api-key\" }}"