Sienna Meridian Satterwhite
3c7460f4a6
Add K8s manifests for calendars backend, frontend (Caddy), CalDAV server, and Celery worker. Wire Pingora routing for cal.sunbeam.pt with path-based backend/caldav/static splits. Add OAuth2Client for OIDC, VaultDynamicSecret for DB credentials, VaultStaticSecret for Django/CalDAV keys, and TLS cert coverage for the cal subdomain. Register calendars in the integration service gaufre widget.
164 lines
4.9 KiB
YAML
164 lines
4.9 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: calendars-backend
|
|
namespace: lasuite
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: calendars-backend
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: calendars-backend
|
|
spec:
|
|
initContainers:
|
|
- name: migrate
|
|
image: calendars-backend
|
|
command: ["python", "manage.py", "migrate", "--no-input"]
|
|
envFrom:
|
|
- configMapRef:
|
|
name: calendars-config
|
|
- configMapRef:
|
|
name: lasuite-postgres
|
|
- configMapRef:
|
|
name: lasuite-oidc-provider
|
|
env:
|
|
- name: DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-db-credentials
|
|
key: password
|
|
- name: DJANGO_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-django-secret
|
|
key: DJANGO_SECRET_KEY
|
|
- name: SALT_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-django-secret
|
|
key: SALT_KEY
|
|
- name: CALDAV_INBOUND_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-django-secret
|
|
key: CALDAV_INBOUND_API_KEY
|
|
- name: CALDAV_OUTBOUND_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-django-secret
|
|
key: CALDAV_OUTBOUND_API_KEY
|
|
- name: CALDAV_INTERNAL_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-django-secret
|
|
key: CALDAV_INTERNAL_API_KEY
|
|
- name: OIDC_RP_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-calendars
|
|
key: CLIENT_ID
|
|
- name: OIDC_RP_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-calendars
|
|
key: CLIENT_SECRET
|
|
resources:
|
|
limits:
|
|
memory: 512Mi
|
|
cpu: 500m
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
containers:
|
|
- name: calendars-backend
|
|
image: calendars-backend
|
|
command:
|
|
- gunicorn
|
|
- -c
|
|
- /app/gunicorn.conf.py
|
|
- calendars.wsgi:application
|
|
ports:
|
|
- containerPort: 8000
|
|
envFrom:
|
|
- configMapRef:
|
|
name: calendars-config
|
|
- configMapRef:
|
|
name: lasuite-postgres
|
|
- configMapRef:
|
|
name: lasuite-oidc-provider
|
|
env:
|
|
- name: DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-db-credentials
|
|
key: password
|
|
- name: DJANGO_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-django-secret
|
|
key: DJANGO_SECRET_KEY
|
|
- name: SALT_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-django-secret
|
|
key: SALT_KEY
|
|
- name: CALDAV_INBOUND_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-django-secret
|
|
key: CALDAV_INBOUND_API_KEY
|
|
- name: CALDAV_OUTBOUND_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-django-secret
|
|
key: CALDAV_OUTBOUND_API_KEY
|
|
- name: CALDAV_INTERNAL_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: calendars-django-secret
|
|
key: CALDAV_INTERNAL_API_KEY
|
|
- name: OIDC_RP_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-calendars
|
|
key: CLIENT_ID
|
|
- name: OIDC_RP_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-calendars
|
|
key: CLIENT_SECRET
|
|
volumeMounts:
|
|
- name: theme
|
|
mountPath: /app/theme.json
|
|
subPath: theme.json
|
|
- name: translations
|
|
mountPath: /data/translations.json
|
|
subPath: translations.json
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: 8000
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 20
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: 8000
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
resources:
|
|
limits:
|
|
memory: 512Mi
|
|
cpu: 500m
|
|
requests:
|
|
memory: 256Mi
|
|
cpu: 100m
|
|
volumes:
|
|
- name: theme
|
|
configMap:
|
|
name: calendars-theme
|
|
- name: translations
|
|
configMap:
|
|
name: calendars-translations
|