wildduck: migrate to dragonfly, disable network policies, upgrade wildduck-operator

This commit is contained in:
Erki Aas 2024-07-28 16:56:15 +03:00
parent 73d185b2ee
commit 2d25377090
7 changed files with 102 additions and 58 deletions

View File

@ -175,8 +175,8 @@ spec:
- name: REDIS_URI - name: REDIS_URI
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: redis-wildduck-owner-secrets name: dragonfly-auth
key: REDIS_MASTER_0_URI key: REDIS_URI
- name: MONGO_URI - name: MONGO_URI
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

View File

@ -96,8 +96,8 @@ spec:
- name: APPCONF_dbs_redis - name: APPCONF_dbs_redis
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: redis-wildduck-owner-secrets name: dragonfly-auth
key: REDIS_MASTER_1_URI key: REDIS_URI
volumes: volumes:
- name: webmail-config - name: webmail-config
projected: projected:
@ -155,23 +155,23 @@ spec:
replacement: https://webmail.k-space.ee/webmail/ replacement: https://webmail.k-space.ee/webmail/
permanent: false permanent: false
--- ---
apiVersion: networking.k8s.io/v1 # apiVersion: networking.k8s.io/v1
kind: NetworkPolicy # kind: NetworkPolicy
metadata: # metadata:
name: webmail # name: webmail
spec: # spec:
podSelector: # podSelector:
matchLabels: # matchLabels:
app.kubernetes.io/name: webmail # app.kubernetes.io/name: webmail
policyTypes: # policyTypes:
- Ingress # - Ingress
ingress: # ingress:
- ports: # - ports:
- port: 3000 # - port: 3000
from: # from:
- namespaceSelector: # - namespaceSelector:
matchLabels: # matchLabels:
kubernetes.io/metadata.name: traefik # kubernetes.io/metadata.name: traefik
podSelector: # podSelector:
matchLabels: # matchLabels:
app.kubernetes.io/name: traefik # app.kubernetes.io/name: traefik

View File

@ -2,20 +2,20 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: codemowers-io-wildduck-operator name: codemowers-cloud-wildduck-operator
rules: rules:
- apiGroups: - apiGroups:
- codemowers.io - codemowers.cloud
resources: resources:
- oidcgatewayusers - oidcusers
verbs: verbs:
- get - get
- list - list
- watch - watch
- apiGroups: - apiGroups:
- codemowers.io - codemowers.cloud
resources: resources:
- oidcgatewayusers/status - oidcusers/status
verbs: verbs:
- patch - patch
- update - update
@ -23,18 +23,18 @@ rules:
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: codemowers-io-wildduck-operator name: codemowers-cloud-wildduck-operator
namespace: wildduck namespace: wildduck
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: codemowers-io-wildduck-operator name: codemowers-cloud-wildduck-operator
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: codemowers-io-wildduck-operator name: codemowers-cloud-wildduck-operator
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: codemowers-io-wildduck-operator name: codemowers-cloud-wildduck-operator
namespace: wildduck namespace: wildduck

View File

@ -34,7 +34,7 @@ spec:
- containerPort: 8000 - containerPort: 8000
name: metrics name: metrics
enableServiceLinks: false enableServiceLinks: false
serviceAccountName: codemowers-io-wildduck-operator serviceAccountName: codemowers-cloud-wildduck-operator
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service

View File

@ -1,11 +1,29 @@
--- ---
apiVersion: codemowers.cloud/v1beta1 apiVersion: codemowers.cloud/v1beta1
kind: RedisClaim kind: SecretClaim
metadata: metadata:
name: wildduck name: dragonfly-auth
spec: spec:
class: ephemeral size: 32
capacity: 100Mi mapping:
- key: password
value: "%(plaintext)s"
- key: REDIS_URI
value: "redis://:%(plaintext)s@dragonfly"
---
apiVersion: dragonflydb.io/v1alpha1
kind: Dragonfly
metadata:
name: dragonfly
spec:
authentication:
passwordFromSecret:
key: password
name: dragonfly-auth
replicas: 3
resources:
limits:
memory: 5Gi
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -98,8 +116,8 @@ spec:
- name: APPCONF_dbs_redis - name: APPCONF_dbs_redis
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: redis-wildduck-owner-secrets name: dragonfly-auth
key: REDIS_MASTER_0_URI key: REDIS_URI
volumeMounts: volumeMounts:
- mountPath: /cert - mountPath: /cert
name: cert name: cert

View File

@ -96,8 +96,8 @@ spec:
- name: REDIS_URL - name: REDIS_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: redis-webmail-owner-secrets name: dragonfly-wildflock-auth
key: REDIS_MASTER_1_URI key: REDIS_URI
- name: CLIENT_URL - name: CLIENT_URL
value: https://wildflock.k-space.ee value: https://wildflock.k-space.ee
- name: WILDDUCK_DOMAIN - name: WILDDUCK_DOMAIN
@ -139,3 +139,29 @@ spec:
envFrom: envFrom:
- secretRef: - secretRef:
name: oidc-client-wildflock-owner-secrets name: oidc-client-wildflock-owner-secrets
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
name: dragonfly-wildflock-auth
spec:
size: 32
mapping:
- key: password
value: "%(plaintext)s"
- key: REDIS_URI
value: "redis://:%(plaintext)s@dragonfly-wildflock"
---
apiVersion: dragonflydb.io/v1alpha1
kind: Dragonfly
metadata:
name: dragonfly-wildflock
spec:
authentication:
passwordFromSecret:
key: password
name: dragonfly-wildflock-auth
replicas: 3
resources:
limits:
memory: 5Gi

View File

@ -123,8 +123,8 @@ spec:
- name: APPCONF_dbs_redis - name: APPCONF_dbs_redis
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: redis-wildduck-owner-secrets name: dragonfly-auth
key: REDIS_MASTER_0_URI key: REDIS_URI
volumeMounts: volumeMounts:
- name: cert - name: cert
mountPath: /cert mountPath: /cert
@ -141,17 +141,17 @@ spec:
secret: secret:
secretName: wildduck-tls secretName: wildduck-tls
--- ---
apiVersion: networking.k8s.io/v1 # apiVersion: networking.k8s.io/v1
kind: NetworkPolicy # kind: NetworkPolicy
metadata: # metadata:
name: zonemta # name: zonemta
spec: # spec:
podSelector: # podSelector:
matchLabels: # matchLabels:
app.kubernetes.io/name: wildduck # app.kubernetes.io/name: wildduck
app.kubernetes.io/component: zonemta # app.kubernetes.io/component: zonemta
policyTypes: # policyTypes:
- Ingress # - Ingress
ingress: # ingress:
- ports: # - ports:
- port: 9465 # - port: 9465