---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: dav-deployment
  namespace: default
  labels:
    app: dav
spec:
  replicas: 1
  selector:
    matchLabels:
      app: dav
  template:
    metadata:
      labels:
        app: dav
      annotations:
        diun.enable: "true"
        diun.include_tags: '^\d+\.\d+\.\d+\.\d+$'
    spec:
      containers:
        - image: tomsquest/docker-radicale:3.5.9.0
          name: radicale
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 5232
          volumeMounts:
            - name: radicale-data-vol
              mountPath: /data
            - name: radicale-config-vol
              mountPath: /config
      volumes:
        - name: radicale-data-vol
          hostPath:
            path: /mnt/radicale/data
            type: Directory
        - name: radicale-config-vol
          hostPath:
            path: /mnt/radicale/config
            type: Directory
      nodeSelector:
        kubernetes.io/arch: arm64
---
apiVersion: v1
kind: Service
metadata:
  name: dav
  namespace: default
  labels:
    app: dav
spec:
  type: ClusterIP
  selector:
    app: dav
  ports:
  - port: 80
    targetPort: 5232
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: dav.bodicsek.host
spec:
  secretName: dav.bodicsek.host
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
    - dav.bodicsek.host
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: dav
  namespace: default
spec:
  entryPoints:
    - websecure
  routes:
  - kind: Rule
    match: Host(`dav.bodicsek.host`)
    services:
    - kind: Service
      name: dav
      namespace: default
      passHostHeader: true
      port: 80
  tls:
    secretName: dav.bodicsek.host