remove securityContext to allow s6 init to run as root

value: "please"

README.md

@@ -1,43 +1 @@
-# Kubernetes deployment of calibre-web
+Run deploy.sh to deploy **_calibre web_** to OCP
-
-This is a **Kubernetes** deployment of [calibre-web](https://github.com/janeczku/calibre-web) application which uses [linuxserver/calibre-web](https://hub.docker.com/r/linuxserver/calibre-web) docker image.
-
-## How to
-
-**Note** This deployment assumes the Kubernetes cluster runs the [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx) as ingress controller. If you use another ingress controller, you will have to adapt `ingress.yml` accordingly.
-
-    git clone https://github.com/devtud/calibre-kubernetes
-
-Edit `ingress.yml` and replace your domain name on this line:
-
-```yml
-  - host: <your-domain>
-```
-
-Open `deployment.yml` and adapt the two values on the following lines according to your needs (the user id and group id which own the files on the host machine - **do not set it as root!**).
-
-```yml
-            - name: PUID
-              value: "1001"
-            - name: PGID
-              value: "1001"
-```
-
-Apply the Kubernetes resources:
-
-    kubectl apply -f ns.yml
-    kubectl apply -f pv_books.yml
-    kubectl apply -f pv_config.yml
-    kubectl apply -f pvc_books.yml
-    kubectl apply -f pvc_config.yml
-    kubectl apply -f deployment.yml
-    kubectl apply -f service.yml
-    kubectl apply -f ingress.yml
-
-
-**Important** Even though you can access the deployed `calibre-web` app at your address, you won't be able to use it, because neither the calibre-web app nor the docker image provide a Calibre database. You have to get a Calibre database first and upload it to `/var/data/calibre/books/metadata.db` (note that this is the path on your host machine where the persistent volume [pv_books.yml](pv_books.yml) is pointing to). One way of doing this is to install a fresh Calibre on your computer and copy the `metadata.db` file from your computer to the mentioned path.
-
-After you open the web interface, in the config screen put the following values:
-- `/books` for the db path
-- `/usr/bin/ebook-convert` for the converter path
-- `/usr/bin/unrar` for the unrar path

bootstrap/calibre-application.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: calibre
+  namespace: openshift-gitops
+  annotations:
+spec:
+  orphanedResources:
+    warn: false # Disable warning
+  project: default
+  destination:
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: https://gitea.apilab.us/cscott/calibre.git
+    targetRevision: main
+    path: manifests
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: false
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      - PruneLast=true

manifests/deploy.sh

@@ -0,0 +1,9 @@
+oc apply -f ns.yml
+./scc-updates.sh
+oc apply -f pv_books.yml
+oc apply -f pv_config.yml
+oc apply -f pvc_config.yml
+oc apply -f pvc_books.yml
+oc apply -f deployment.yml
+oc apply -f service.yaml
+oc apply -f route.yaml

manifests/deployment.yml

@@ -5,6 +5,7 @@ metadata:
   namespace: calibre
   labels:
     app: calibre
+    app.kubernetes.io/instance: calibre
     version: latest
     type: third-party
     facing: internal
@@ -21,20 +22,15 @@ spec:
         app: calibre
     spec:
       serviceAccountName: calibre-sa
-      securityContext:
+      securityContext: {}
-        runAsUser: 0
-        runAsGroup: 0
-        fsGroup: 0
       containers:
         - name: calibre
-          image: linuxserver/calibre-web:latest
+          image: docker.io/linuxserver/calibre-web:latest
           env:
-            - name: PUID
+            - name: S6_YES_I_WANT_A_WORLD_WRITABLE_RUN_BECAUSE_KUBERNETES
-              value: "1001"
+              value: "1"
-            - name: PGID
-              value: "1001"
             - name: TZ
-              value: "Europe/Bucharest"
+              value: "Australia/Sydney"
             - name: DOCKER_MODS
               value: "linuxserver/calibre-web:calibre"
           ports:
@@ -46,6 +42,8 @@ spec:
               mountPath: /config
             - name: calibre-books
               mountPath: /books
+            - name: run-dir
+              mountPath: /run
           resources:
             requests:
               memory: "128Mi"
@@ -56,7 +54,9 @@ spec:
       volumes:
         - name: calibre-config
           persistentVolumeClaim:
-            claimName: calibre-config
+            claimName: calibre-config-csi
         - name: calibre-books
           persistentVolumeClaim:
-            claimName: calibre-books
+            claimName: calibre-books-csi
+        - name: run-dir
+          emptyDir: {}

manifests/ns.yml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: calibre
+  labels:
+    app: calibre
+    type: third-party
+    facing: internal
+    argocd.argoproj.io/managed-by: openshift-gitops

manifests/pvc_books.yml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: calibre-books
+  name: calibre-books-csi
   namespace: calibre
 spec:
   accessModes:
@@ -9,5 +9,4 @@ spec:
   resources:
     requests:
       storage: 8Gi
-  storageClassName: nfs
+  storageClassName: nfs-csi
-  volumeName: calibre-books

manifests/pvc_config.yml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: calibre-config
+  name: calibre-config-csi
   namespace: calibre
 spec:
   accessModes:
@@ -9,5 +9,4 @@ spec:
   resources:
     requests:
       storage: 500Mi
-  storageClassName: nfs
+  storageClassName: nfs-csi
-  volumeName: calibre-config

manifests/route.yaml

@@ -6,6 +6,8 @@ metadata:
   annotations:
     cert-manager.io/issuer-kind: ClusterIssuer
     cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
+  labels:
+    app.kubernetes.io/instance: calibre
 spec:
   host: calibre.apilab.us
   path: /

manifests/service.yaml

@@ -5,6 +5,7 @@ metadata:
   namespace: calibre
   labels:
     app: calibre
+    app.kubernetes.io/instance: calibre
 spec:
   selector:
     app: calibre
@@ -13,4 +14,4 @@ spec:
       protocol: TCP
       targetPort: 8083
       port: 80
-
+  type: ClusterIP

ns.yml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-    name: calibre
-    labels:
-        app: calibre
-        type: third-party
-        facing: internal

pv_books.yml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: calibre-books
-  namespace: calibre
-spec:
-  capacity:
-    storage: 8Gi
-  nfs:
-    server: 192.168.0.105
-    path: /nfs/NFS/ocp/calibre/books
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs

pv_config.yml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: calibre-config
-  namespace: calibre
-spec:
-  capacity:
-    storage: 500Mi
-  nfs:
-    server: 192.168.0.105
-    path: /nfs/NFS/ocp/calibre/config
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs

scc-updates.sh

@@ -1,2 +0,0 @@
-oc create sa calibre-sa -n calibre
-oc adm policy add-scc-to-user anyuid -z calibre-sa -n calibre