forked from k-space/kube
wildduck: migrate to dragonfly, disable network policies, upgrade wildduck-operator
This commit is contained in:
parent
73d185b2ee
commit
2d25377090
@ -175,8 +175,8 @@ spec:
|
|||||||
- name: REDIS_URI
|
- name: REDIS_URI
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: redis-wildduck-owner-secrets
|
name: dragonfly-auth
|
||||||
key: REDIS_MASTER_0_URI
|
key: REDIS_URI
|
||||||
- name: MONGO_URI
|
- name: MONGO_URI
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
@ -96,8 +96,8 @@ spec:
|
|||||||
- name: APPCONF_dbs_redis
|
- name: APPCONF_dbs_redis
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: redis-wildduck-owner-secrets
|
name: dragonfly-auth
|
||||||
key: REDIS_MASTER_1_URI
|
key: REDIS_URI
|
||||||
volumes:
|
volumes:
|
||||||
- name: webmail-config
|
- name: webmail-config
|
||||||
projected:
|
projected:
|
||||||
@ -155,23 +155,23 @@ spec:
|
|||||||
replacement: https://webmail.k-space.ee/webmail/
|
replacement: https://webmail.k-space.ee/webmail/
|
||||||
permanent: false
|
permanent: false
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
# apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
# kind: NetworkPolicy
|
||||||
metadata:
|
# metadata:
|
||||||
name: webmail
|
# name: webmail
|
||||||
spec:
|
# spec:
|
||||||
podSelector:
|
# podSelector:
|
||||||
matchLabels:
|
# matchLabels:
|
||||||
app.kubernetes.io/name: webmail
|
# app.kubernetes.io/name: webmail
|
||||||
policyTypes:
|
# policyTypes:
|
||||||
- Ingress
|
# - Ingress
|
||||||
ingress:
|
# ingress:
|
||||||
- ports:
|
# - ports:
|
||||||
- port: 3000
|
# - port: 3000
|
||||||
from:
|
# from:
|
||||||
- namespaceSelector:
|
# - namespaceSelector:
|
||||||
matchLabels:
|
# matchLabels:
|
||||||
kubernetes.io/metadata.name: traefik
|
# kubernetes.io/metadata.name: traefik
|
||||||
podSelector:
|
# podSelector:
|
||||||
matchLabels:
|
# matchLabels:
|
||||||
app.kubernetes.io/name: traefik
|
# app.kubernetes.io/name: traefik
|
||||||
|
@ -2,20 +2,20 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
name: codemowers-io-wildduck-operator
|
name: codemowers-cloud-wildduck-operator
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- codemowers.io
|
- codemowers.cloud
|
||||||
resources:
|
resources:
|
||||||
- oidcgatewayusers
|
- oidcusers
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
- watch
|
- watch
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- codemowers.io
|
- codemowers.cloud
|
||||||
resources:
|
resources:
|
||||||
- oidcgatewayusers/status
|
- oidcusers/status
|
||||||
verbs:
|
verbs:
|
||||||
- patch
|
- patch
|
||||||
- update
|
- update
|
||||||
@ -23,18 +23,18 @@ rules:
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: codemowers-io-wildduck-operator
|
name: codemowers-cloud-wildduck-operator
|
||||||
namespace: wildduck
|
namespace: wildduck
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: codemowers-io-wildduck-operator
|
name: codemowers-cloud-wildduck-operator
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: codemowers-io-wildduck-operator
|
name: codemowers-cloud-wildduck-operator
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: codemowers-io-wildduck-operator
|
name: codemowers-cloud-wildduck-operator
|
||||||
namespace: wildduck
|
namespace: wildduck
|
||||||
|
@ -34,7 +34,7 @@ spec:
|
|||||||
- containerPort: 8000
|
- containerPort: 8000
|
||||||
name: metrics
|
name: metrics
|
||||||
enableServiceLinks: false
|
enableServiceLinks: false
|
||||||
serviceAccountName: codemowers-io-wildduck-operator
|
serviceAccountName: codemowers-cloud-wildduck-operator
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
|
@ -1,11 +1,29 @@
|
|||||||
---
|
---
|
||||||
apiVersion: codemowers.cloud/v1beta1
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
kind: RedisClaim
|
kind: SecretClaim
|
||||||
metadata:
|
metadata:
|
||||||
name: wildduck
|
name: dragonfly-auth
|
||||||
spec:
|
spec:
|
||||||
class: ephemeral
|
size: 32
|
||||||
capacity: 100Mi
|
mapping:
|
||||||
|
- key: password
|
||||||
|
value: "%(plaintext)s"
|
||||||
|
- key: REDIS_URI
|
||||||
|
value: "redis://:%(plaintext)s@dragonfly"
|
||||||
|
---
|
||||||
|
apiVersion: dragonflydb.io/v1alpha1
|
||||||
|
kind: Dragonfly
|
||||||
|
metadata:
|
||||||
|
name: dragonfly
|
||||||
|
spec:
|
||||||
|
authentication:
|
||||||
|
passwordFromSecret:
|
||||||
|
key: password
|
||||||
|
name: dragonfly-auth
|
||||||
|
replicas: 3
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
memory: 5Gi
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
@ -98,8 +116,8 @@ spec:
|
|||||||
- name: APPCONF_dbs_redis
|
- name: APPCONF_dbs_redis
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: redis-wildduck-owner-secrets
|
name: dragonfly-auth
|
||||||
key: REDIS_MASTER_0_URI
|
key: REDIS_URI
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /cert
|
- mountPath: /cert
|
||||||
name: cert
|
name: cert
|
||||||
|
@ -96,8 +96,8 @@ spec:
|
|||||||
- name: REDIS_URL
|
- name: REDIS_URL
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: redis-webmail-owner-secrets
|
name: dragonfly-wildflock-auth
|
||||||
key: REDIS_MASTER_1_URI
|
key: REDIS_URI
|
||||||
- name: CLIENT_URL
|
- name: CLIENT_URL
|
||||||
value: https://wildflock.k-space.ee
|
value: https://wildflock.k-space.ee
|
||||||
- name: WILDDUCK_DOMAIN
|
- name: WILDDUCK_DOMAIN
|
||||||
@ -139,3 +139,29 @@ spec:
|
|||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: oidc-client-wildflock-owner-secrets
|
name: oidc-client-wildflock-owner-secrets
|
||||||
|
---
|
||||||
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
|
kind: SecretClaim
|
||||||
|
metadata:
|
||||||
|
name: dragonfly-wildflock-auth
|
||||||
|
spec:
|
||||||
|
size: 32
|
||||||
|
mapping:
|
||||||
|
- key: password
|
||||||
|
value: "%(plaintext)s"
|
||||||
|
- key: REDIS_URI
|
||||||
|
value: "redis://:%(plaintext)s@dragonfly-wildflock"
|
||||||
|
---
|
||||||
|
apiVersion: dragonflydb.io/v1alpha1
|
||||||
|
kind: Dragonfly
|
||||||
|
metadata:
|
||||||
|
name: dragonfly-wildflock
|
||||||
|
spec:
|
||||||
|
authentication:
|
||||||
|
passwordFromSecret:
|
||||||
|
key: password
|
||||||
|
name: dragonfly-wildflock-auth
|
||||||
|
replicas: 3
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
memory: 5Gi
|
||||||
|
@ -123,8 +123,8 @@ spec:
|
|||||||
- name: APPCONF_dbs_redis
|
- name: APPCONF_dbs_redis
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: redis-wildduck-owner-secrets
|
name: dragonfly-auth
|
||||||
key: REDIS_MASTER_0_URI
|
key: REDIS_URI
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: cert
|
- name: cert
|
||||||
mountPath: /cert
|
mountPath: /cert
|
||||||
@ -141,17 +141,17 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: wildduck-tls
|
secretName: wildduck-tls
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
# apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
# kind: NetworkPolicy
|
||||||
metadata:
|
# metadata:
|
||||||
name: zonemta
|
# name: zonemta
|
||||||
spec:
|
# spec:
|
||||||
podSelector:
|
# podSelector:
|
||||||
matchLabels:
|
# matchLabels:
|
||||||
app.kubernetes.io/name: wildduck
|
# app.kubernetes.io/name: wildduck
|
||||||
app.kubernetes.io/component: zonemta
|
# app.kubernetes.io/component: zonemta
|
||||||
policyTypes:
|
# policyTypes:
|
||||||
- Ingress
|
# - Ingress
|
||||||
ingress:
|
# ingress:
|
||||||
- ports:
|
# - ports:
|
||||||
- port: 9465
|
# - port: 9465
|
||||||
|
Loading…
Reference in New Issue
Block a user