summaryrefslogtreecommitdiff
path: root/f3s/protonbridge/helm-chart/templates/deployment.yaml
AgeCommit message (Collapse)Author
2 daysprotonbridge: switch to --noninteractive daemon mode for clean k8s exec loginPaul Buetow
The faketty pipe approach from the shenxn image caused CrashLoopBackOff: writing to the FIFO via echo sends EOF which terminates cat and bridge. Instead: override entrypoint to run bridge --noninteractive directly (the bridge binary at /usr/lib/protonmail/bridge/bridge). Bridge v3 embeds a gRPC server; the separate 'bridge --cli' exec connects to it as a client. Login flow: kubectl exec -it <pod> -- /usr/lib/protonmail/bridge/bridge --cli socat port forwarding (25→1025, 143→1143) preserved in the entrypoint. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3 daysprotonbridge: use init container for GPG+pass setup; fix TTY+home issuesPaul Buetow
Root causes of prior CrashLoopBackOff: 1. %no-passphrase unsupported; %no-protection needed instead 2. GPG agent couldn't use pinentry without a TTY 3. Container runs as root (HOME=/root) so mounting at /home/protonmail was wrong Fix: dedicated setup-pass init container (shares image, has gpg+pass) that configures allow-loopback-pinentry in gpg-agent.conf + gpg.conf, then generates a passphrase-free key and inits the pass store. All state is written to /bridge-data (PVC mount), with GNUPGHOME and PASSWORD_STORE_DIR env vars so the main container finds the store. Main container no longer overrides the default entrypoint. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3 daysprotonbridge: fix startup — init GPG+pass on first run, mount full homePaul Buetow
Bridge v3 requires 'pass' as keychain store. The startup script now initializes a passphrase-free GPG key and pass store on first run (all persisted on the NFS PVC so restarts reconnect without re-login). Mounts the full /home/protonmail instead of just .config to cover .gnupg and .password-store. First-time ProtonMail login via bridge --cli still required; see deployment comment for instructions. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3 daysprotonbridge: add k8s helm chart and ArgoCD app manifestPaul Buetow
Deploys Proton Bridge (shenxn/protonmail-bridge) as a headless pod in the services namespace. Config persisted on NFS-backed PVC; nfs-sentinel initContainer guards against local-XFS shadow on NFS mount failure. Exposes IMAP (STARTTLS) on NodePort 30143 and SMTP (STARTTLS) on NodePort 30025 for LAN access. Initial ProtonMail authentication is done once via: kubectl exec -it <pod> -n services -- bridge --cli Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-22 15:32:07 +0000