fix(k8s): persist Caddy TLS certificates with PVC

Caddy ingress was using emptyDir for /data storage, causing TLS certificates to be lost on pod restarts or cluster recreations. This led to Let's Encrypt rate limit issues from repeatedly requesting new certificates. Add a PersistentVolumeClaim for Caddy's data directory to persist ACME certificates across redeployments. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-24 18:57:55 -05:00 · 2026-01-24 18:57:55 -05:00 · d5e1a6652c
commit d5e1a6652c
parent 55b76b9b57
1 changed files with 17 additions and 1 deletions
--- a/stack_orchestrator/data/k8s/components/ingress/ingress-caddy-kind-deploy.yaml
+++ b/stack_orchestrator/data/k8s/components/ingress/ingress-caddy-kind-deploy.yaml
@ -243,10 +243,26 @@ spec:
              mountPath: /config
      volumes:
        - name: caddy-data
-          emptyDir: {}
+          persistentVolumeClaim:
+            claimName: caddy-data-pvc
        - name: caddy-config
          emptyDir: {}
 ---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: caddy-data-pvc
+  namespace: caddy-system
+  labels:
+    app.kubernetes.io/name: caddy-ingress-controller
+    app.kubernetes.io/instance: caddy-ingress
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+---
 apiVersion: networking.k8s.io/v1
 kind: IngressClass
 metadata: