kube/wildduck/zonemta.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: zonemta
  namespace: wildduck
data:
  pools.toml: |-
    [[default]]
    address="0.0.0.0"
    name="mail.k-space.ee"
  plugin-wildduck.toml: |-
    [wildduck]
    enabled=["receiver", "sender"]
    interfaces=["feeder"]
    hostname="mail.k-space.ee"
    authlogExpireDays=30
    [wildduck.srs]
    enabled=true
    rewriteDomain="k-space.ee"
  zonemta.toml: |-
    [log]
    level="info"
    [smtpInterfaces.feeder]
    key="/cert/tls.key"
    cert="/cert/tls.crt"
    port=9465
    host="0.0.0.0"
    secure=true
    processes=1
    authentication = true
    maxRecipients=100
    starttls=false

    [plugins]
    # @include "plugin-wildduck.toml"
    [pools]
    # @include "pools.toml"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: zonemta
spec:
  strategy:
    type: Recreate
  replicas: 2
  selector:
    matchLabels:
      app.kubernetes.io/name: wildduck
      app.kubernetes.io/component: zonemta
  template:
    metadata:
      labels:
        app.kubernetes.io/name: wildduck
        app.kubernetes.io/component: zonemta
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values:
                      - wildduck
                  - key: app.kubernetes.io/component
                    operator: In
                    values:
                      - zonemta
              topologyKey: topology.kubernetes.io/zone
        podAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values:
                      - wildduck
                  - key: app.kubernetes.io/component
                    operator: In
                    values:
                      - wildduck
              topologyKey: kubernetes.io/hostname
      containers:
        - name: zonemta
          image: mirror.gcr.io/codemowers/wildduck-zonemta-outbound:latest@sha256:0878c803164e636820398f11a3811f3d92b7771c6202cfe229f97449d0009119
          imagePullPolicy: IfNotPresent
          command:
            - /sbin/tini
            - --
            - node
            - index.js
            - --config
            - /etc/zonemta/zonemta.toml
          ports:
            - containerPort: 9465
              name: zonemta-msa
            - containerPort: 10280
              name: api
          securityContext:
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
          resources:
            limits:
              cpu: 500m
              memory: 1000Mi
            requests:
              cpu: 10m
              memory: 500Mi
          env:
            - name: APPCONF_plugins_wildduck_srs_secret
              valueFrom:
                secretKeyRef:
                  name: srs
                  key: secret
            - name: APPCONF_dbs_sender
              value: wildduck
            - name: APPCONF_dbs_mongo
              valueFrom:
                secretKeyRef:
                  name: wildduck-mongodb
                  key: MONGO_URI
            - name: APPCONF_dbs_redis
              valueFrom:
                secretKeyRef:
                  name: dragonfly-auth
                  key: REDIS_URI
          volumeMounts:
            - name: cert
              mountPath: /cert
            - name: zonemta-config
              mountPath: /etc/zonemta
              readOnly: true
      volumes:
        - name: zonemta-config
          projected:
            sources:
              - configMap:
                  name: zonemta
        - name: cert
          secret:
            secretName: wildduck-tls
---
# apiVersion: networking.k8s.io/v1
# kind: NetworkPolicy
# metadata:
#   name: zonemta
# spec:
#   podSelector:
#     matchLabels:
#       app.kubernetes.io/name: wildduck
#       app.kubernetes.io/component: zonemta
#   policyTypes:
#     - Ingress
#   ingress:
#     - ports:
#       - port: 9465
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`---`
wildduck: Use toml files for ZoneMTA config 2023-08-25 06:40:03 +00:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: zonemta`
			`namespace: wildduck`
			`data:`
			`pools.toml: \|-`
			`[[default]]`
			`address="0.0.0.0"`
			`name="mail.k-space.ee"`
			`plugin-wildduck.toml: \|-`
			`[wildduck]`
			`enabled=["receiver", "sender"]`
			`interfaces=["feeder"]`
			`hostname="mail.k-space.ee"`
			`authlogExpireDays=30`
			`[wildduck.srs]`
wildduck: Clean up configs 2023-08-27 17:24:36 +00:00			`enabled=true`
wildduck: Use toml files for ZoneMTA config 2023-08-25 06:40:03 +00:00			`rewriteDomain="k-space.ee"`
			`zonemta.toml: \|-`
			`[log]`
			`level="info"`
wildduck: ZoneMTA config fixes 2023-08-27 13:55:48 +00:00			`[smtpInterfaces.feeder]`
wildduck: Use toml files for ZoneMTA config 2023-08-25 06:40:03 +00:00			`key="/cert/tls.key"`
			`cert="/cert/tls.crt"`
			`port=9465`
			`host="0.0.0.0"`
			`secure=true`
wildduck: ZoneMTA config fixes 2023-08-27 13:55:48 +00:00			`processes=1`
			`authentication = true`
			`maxRecipients=100`
			`starttls=false`

wildduck: Use toml files for ZoneMTA config 2023-08-25 06:40:03 +00:00			`[plugins]`
			`# @include "plugin-wildduck.toml"`
			`[pools]`
			`# @include "pools.toml"`
			`---`
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: zonemta`
			`spec:`
wildduck: Use recreate strategy to avoid Kube scheduling deadlock 2024-08-15 06:24:16 +00:00			`strategy:`
			`type: Recreate`
wildduck: Make sure Haraka, Wildduck and ZoneMTA are scheduled on same hosts for MetalLB 2023-09-17 07:21:47 +00:00			`replicas: 2`
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`selector:`
			`matchLabels:`
			`app.kubernetes.io/name: wildduck`
			`app.kubernetes.io/component: zonemta`
			`template:`
			`metadata:`
			`labels:`
			`app.kubernetes.io/name: wildduck`
			`app.kubernetes.io/component: zonemta`
			`spec:`
wildduck: Make sure Haraka, Wildduck and ZoneMTA are scheduled on same hosts for MetalLB 2023-09-17 07:21:47 +00:00			`affinity:`
			`podAntiAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`- labelSelector:`
			`matchExpressions:`
			`- key: app.kubernetes.io/name`
			`operator: In`
			`values:`
			`- wildduck`
			`- key: app.kubernetes.io/component`
			`operator: In`
			`values:`
			`- zonemta`
			`topologyKey: topology.kubernetes.io/zone`
			`podAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`- labelSelector:`
			`matchExpressions:`
			`- key: app.kubernetes.io/name`
			`operator: In`
			`values:`
			`- wildduck`
			`- key: app.kubernetes.io/component`
			`operator: In`
			`values:`
			`- wildduck`
			`topologyKey: kubernetes.io/hostname`
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`containers:`
wildduck: ZoneMTA config fixes 2023-08-27 13:55:48 +00:00			`- name: zonemta`
use gcr mirror for images with full docker.io path cluster constantly failing due to rate limits, please find a better solution 2024-04-28 01:58:50 +00:00			`image: mirror.gcr.io/codemowers/wildduck-zonemta-outbound:latest@sha256:0878c803164e636820398f11a3811f3d92b7771c6202cfe229f97449d0009119`
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`imagePullPolicy: IfNotPresent`
			`command:`
			`- /sbin/tini`
			`- --`
			`- node`
			`- index.js`
wildduck: Use toml files for ZoneMTA config 2023-08-25 06:40:03 +00:00			`- --config`
			`- /etc/zonemta/zonemta.toml`
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`ports:`
			`- containerPort: 9465`
			`name: zonemta-msa`
			`- containerPort: 10280`
			`name: api`
			`securityContext:`
			`readOnlyRootFilesystem: true`
			`runAsNonRoot: true`
			`runAsUser: 1000`
			`resources:`
			`limits:`
			`cpu: 500m`
			`memory: 1000Mi`
			`requests:`
			`cpu: 10m`
			`memory: 500Mi`
			`env:`
wildduck: Clean up configs 2023-08-27 17:24:36 +00:00			`- name: APPCONF_plugins_wildduck_srs_secret`
			`valueFrom:`
			`secretKeyRef:`
			`name: srs`
			`key: secret`
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`- name: APPCONF_dbs_sender`
wildduck: Switch to operator managed Mongo 2023-09-15 15:08:58 +00:00			`value: wildduck`
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`- name: APPCONF_dbs_mongo`
			`valueFrom:`
			`secretKeyRef:`
migrate wildduck to external mongo 2024-08-13 17:18:47 +00:00			`name: wildduck-mongodb`
			`key: MONGO_URI`
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`- name: APPCONF_dbs_redis`
			`valueFrom:`
			`secretKeyRef:`
wildduck: migrate to dragonfly, disable network policies, upgrade wildduck-operator 2024-07-28 13:56:15 +00:00			`name: dragonfly-auth`
			`key: REDIS_URI`
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`volumeMounts:`
wildduck: Use toml files for ZoneMTA config 2023-08-25 06:40:03 +00:00			`- name: cert`
			`mountPath: /cert`
			`- name: zonemta-config`
			`mountPath: /etc/zonemta`
			`readOnly: true`
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`volumes:`
wildduck: Use toml files for ZoneMTA config 2023-08-25 06:40:03 +00:00			`- name: zonemta-config`
			`projected:`
			`sources:`
			`- configMap:`
			`name: zonemta`
Migrate the rest of Wildduck stack 2023-08-24 16:53:07 +00:00			`- name: cert`
			`secret:`
			`secretName: wildduck-tls`
wildduck: Add network policies for ZoneMTA and webmail 2023-09-17 08:52:52 +00:00			`---`
wildduck: migrate to dragonfly, disable network policies, upgrade wildduck-operator 2024-07-28 13:56:15 +00:00			`# apiVersion: networking.k8s.io/v1`
			`# kind: NetworkPolicy`
			`# metadata:`
			`# name: zonemta`
			`# spec:`
			`# podSelector:`
			`# matchLabels:`
			`# app.kubernetes.io/name: wildduck`
			`# app.kubernetes.io/component: zonemta`
			`# policyTypes:`
			`# - Ingress`
			`# ingress:`
			`# - ports:`
			`# - port: 9465`