-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcaddy.yml
143 lines (143 loc) · 3.36 KB
/
caddy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
apiVersion: v1
kind: Service
metadata:
name: caddy-service-lb
namespace: downloads
spec:
selector:
app: caddy
type: LoadBalancer
loadBalancerIP: 10.100.0.246
ports:
- name: http
protocol: TCP
port: 80
targetPort: cont-port-http
- name: https
protocol: TCP
port: 443
targetPort: cont-port-https
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: caddy-config-longhorn-pv
namespace: downloads
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
capacity:
storage: 30Gi
csi:
driver: driver.longhorn.io
fsType: ext4
volumeHandle: caddy-config
persistentVolumeReclaimPolicy: Retain
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: caddy-config-longhorn-pvc
namespace: downloads
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 30Gi
storageClassName: longhorn
volumeName: caddy-config-longhorn-pv
---
apiVersion: v1
kind: ConfigMap
metadata:
name: caddy-config
namespace: downloads
data:
Caddyfile: |
komga.{$MY_DOMAIN} {
reverse_proxy https://komga.cynexia.net {
header_up Host {upstream_hostport}
transport http {tls}
}
basicauth { # create with caddy hash-password -p - must use email address
[email protected] $2a$14$GywIinA2nrs1Fc0AFxDM7uALnwP/7qZWHl6RI25R2MHSkZBSsEISa
[email protected] $2a$14$brSiH7g78hheLGQdcxVVGuLM.frab7XibJkWpu.r3Gd3zecokxZ1W
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: caddy
namespace: downloads
spec:
selector:
matchLabels:
app: caddy
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
strategy:
type: Recreate
template:
metadata:
labels:
app: caddy
spec:
dnsConfig:
nameservers:
- 8.8.8.8
- 8.8.4.4
dnsPolicy: None
containers:
- env:
- name: MY_DOMAIN
value: "proxy.cynexia.net"
- name: TZ
value: "Europe/London"
image: caddy:latest
resources:
limits:
memory: 1Gi
cpu: "1"
requests:
memory: 256Mi
cpu: "0.2"
imagePullPolicy: Always
securityContext:
allowPrivilegeEscalation: false
# dropping capabilities seems to be incompatible with longhorn
privileged: false
readOnlyRootFilesystem: false
runAsUser: 1999 # UID
runAsGroup: 1999 # GID
name: caddy
ports:
- containerPort: 443
name: cont-port-https
protocol: TCP
- containerPort: 80
name: cont-port-http
protocol: TCP
volumeMounts:
- name: caddy-config-volume
mountPath: /config
subPath: caddy_config
- name: caddy-config-volume
mountPath: /data
subPath: caddy_data
- name: caddyfile-configmap
mountPath: /etc/caddy/Caddyfile
subPath: Caddyfile # This is the key from the ConfigMap
restartPolicy: Always
terminationGracePeriodSeconds: 30
volumes:
- name: caddy-config-volume
persistentVolumeClaim:
claimName: caddy-config-longhorn-pvc
- name: caddyfile-configmap
configMap:
name: caddy-config # This is the name of the ConfigMap