f3s/radicale/helm-chart/templates/deployment.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

apiVersion: apps/v1
kind: Deployment
metadata:
  name: radicale
  namespace: services
spec:
  replicas: 1
  # Recreate so the old pod fully terminates before the new one starts —
  # avoids NFS-lock races on the hostPath-backed PVC during rolling updates.
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: radicale
  template:
    metadata:
      labels:
        app: radicale
    spec:
      initContainers:
      - name: nfs-check-collections
        image: busybox:stable
        command:
        - sh
        - -c
        - |
          test -f /mnt/.nfs-sentinel || (
            echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel"
            echo "refusing to start; node likely has NFS unmounted"
            echo "pod would otherwise bind-mount the local-XFS shadow"
            exit 1
          )
        volumeMounts:
        - name: radicale-collections
          mountPath: /mnt
          readOnly: true
      - name: nfs-check-auth
        image: busybox:stable
        command:
        - sh
        - -c
        - |
          test -f /mnt/.nfs-sentinel || (
            echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel"
            echo "refusing to start; node likely has NFS unmounted"
            echo "pod would otherwise bind-mount the local-XFS shadow"
            exit 1
          )
        volumeMounts:
        - name: radicale-auth
          mountPath: /mnt
          readOnly: true
      - name: debug-auth-and-mounts
        image: busybox:1.36
        command: ["/bin/sh", "-c"]
        args:
        - |
          set -eu
          echo "=== /proc/mounts ===" && cat /proc/mounts || true
          echo "=== df -h ===" && df -h || true
          echo "=== ls -lna / ===" && ls -lna / || true
          echo "=== ls -lna /auth ===" && ls -lna /auth || true
          echo "=== ls -lna /collections ===" && ls -lna /collections || true
          echo "=== find /auth (maxdepth 2) ===" && find /auth -maxdepth 2 || true
          [ -f /auth/htpasswd ] && { echo "=== stat /auth/htpasswd ==="; stat /auth/htpasswd || true; } || echo "htpasswd missing in init"
        volumeMounts:
        - name: radicale-collections
          mountPath: /collections
        - name: radicale-auth
          mountPath: /auth
      containers:
      - name: radicale
        image: registry.lan.buetow.org:30001/radicale:latest
        ports:
        - containerPort: 8080
        volumeMounts:
        - name: radicale-collections
          mountPath: /collections
        - name: radicale-auth
          mountPath: /auth
      volumes:
      - name: radicale-collections
        persistentVolumeClaim:
          claimName: radicale-collections-pvc
      - name: radicale-auth
        persistentVolumeClaim:
          claimName: radicale-auth-pvc
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: radicale
  annotations:
    prometheus.io/scrape: "false"
  name: radicale-service
  namespace: services
spec:
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 8080
  selector:
    app: radicale