admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ae999eca42086a8b32c16357b33762fbdc867ad
homelab-manifests/orsi-system/revfulop-calendar.yaml
T
admin 509b5f9b4e updated to 1.6.2
2026-02-07 12:00:57 +01:00

243 lines
8.6 KiB
YAML
Raw Blame History

# =============================================================================
# Révfülöp Nyaraló Naptár - Kubernetes Deployment
# =============================================================================
# Domain: revfulop.dooplex.hu
# Namespace: orsi-system (shared with Orsi's Glance dashboard)
#
# AUTH OPTIONS (pick one):
# Option A: No auth (public, geo-blocked to HU only) - DEFAULT below
# Option B: Simple password auth - uncomment SIMPLE_AUTH_PASSWORD env var
# Option C: Authentik proxy - use the alternate ingress at the bottom
#
# BUILD & PUSH:
# docker build -t gitea.dooplex.hu/viktor/revfulop-calendar:1.2.0 .
# docker push gitea.dooplex.hu/viktor/revfulop-calendar:1.2.0
# =============================================================================
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
app.kubernetes.io/version: "1.6.2"
name: revfulop-calendar
namespace: orsi-system
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
app.kubernetes.io/version: "1.6.2"
spec:
securityContext:
fsGroup: 1000
containers:
- name: revfulop-calendar
image: gitea.dooplex.hu/admin/revfulop-calendar:1.6.2
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: Europe/Budapest
- name: PORT
value: "3000"
- name: DB_PATH
value: /data/revfulop.db
# UI font sizes (in px) — change and restart pod, no rebuild needed
- name: UI_FONT_SIZE
value: "17" # body text (default: 15)
- name: UI_TITLE_SIZE
value: "34" # main title (default: 32)
- name: UI_CALENDAR_SIZE
value: "16" # calendar day numbers (default: 14)
- name: UI_BUTTON_SIZE
value: "16" # buttons, inputs, dropdowns (default: 14)
# Optional: customize site branding
- name: UI_SITE_NAME
value: "Nyaraló Naptár"
- name: UI_SITE_SUBTITLE
value: "Révfülöp · Balaton"
- name: UI_LOGIN_TAGLINE
value: "A mi nyaralónk, a mi naptárunk."
# ------------------------------------------------------------------
# Option B: Simple password auth
# Uncomment the line below and set a shared family password.
# Everyone uses the same password to access the site.
# ------------------------------------------------------------------
- name: SIMPLE_AUTH_PASSWORD
value: "nyaralo2026"
# ------------------------------------------------------------------
# Optional: Override family members (JSON array)
# ------------------------------------------------------------------
- name: FAMILY_MEMBERS
value: '[{"id":"katinka","name":"Katinka","color":"#513EFF"},{"id":"orsi","name":"Orsi","color":"#A15DD8"},{"id":"lili","name":"Lili","color":"#FFE70C"},{"id":"bazsi","name":"Bazsi","color":"#32943E"}]'
ports:
- containerPort: 3000
name: http
protocol: TCP
livenessProbe:
httpGet:
path: /api/auth-status
port: http
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /api/auth-status
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
resources:
limits:
cpu: 200m
memory: 128Mi
requests:
cpu: 20m
memory: 32Mi
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: revfulop-calendar-data
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
name: revfulop-calendar
namespace: orsi-system
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
type: ClusterIP
---
# =============================================================================
# Option A & B: Standard Ingress (geo-blocked, no Authentik)
# =============================================================================
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/hostname: revfulop.dooplex.hu
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
set $geo_allowed 0;
if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
if ($geo_allowed = 0) {
return 403 "Access restricted to Hungary";
}
labels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
name: revfulop-calendar
namespace: orsi-system
spec:
ingressClassName: nginx-internal
rules:
- host: revfulop.dooplex.hu
http:
paths:
- backend:
service:
name: revfulop-calendar
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- revfulop.dooplex.hu
secretName: revfulop-calendar-tls
---
# =============================================================================
# Option C: Authentik Proxy Ingress (ALTERNATIVE - replace the ingress above)
# =============================================================================
# Authentik setup steps:
# 1. Create Application: "revfulop-calendar" in Authentik
# 2. Create Proxy Provider: external host = https://revfulop.dooplex.hu
# 3. Create Outpost: "revfulop-outpost" (or reuse existing one)
# 4. Create users for family members in Authentik
# 5. Uncomment the ingress below and remove/comment the one above
# =============================================================================
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-prod
# external-dns.alpha.kubernetes.io/hostname: revfulop.dooplex.hu
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-revfulop-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
# nginx.ingress.kubernetes.io/auth-signin: https://revfulop.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri
# nginx.ingress.kubernetes.io/auth-snippet: |
# proxy_set_header X-Forwarded-Host $http_host;
# nginx.ingress.kubernetes.io/configuration-snippet: |
# set $geo_allowed 0;
# if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
# if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
# if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
# if ($geo_allowed = 0) {
# return 403 "Access restricted to Hungary";
# }
# labels:
# app.kubernetes.io/instance: revfulop-calendar
# app.kubernetes.io/name: revfulop-calendar
# name: revfulop-calendar
# namespace: orsi-system
# spec:
# ingressClassName: nginx-internal
# rules:
# - host: revfulop.dooplex.hu
# http:
# paths:
# - backend:
# service:
# name: revfulop-calendar
# port:
# number: 3000
# path: /
# pathType: Prefix
# tls:
# - hosts:
# - revfulop.dooplex.hu
# secretName: revfulop-calendar-tls
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
name: revfulop-calendar-data
namespace: orsi-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 256Mi
storageClassName: longhorn
Reference in New Issue View Git Blame Copy Permalink