# --- # Commented out by argocd config drift # # apiVersion: codemowers.cloud/v1beta1 # kind: RedisClaim # metadata: # name: webmail # spec: # class: ephemeral # capacity: 100Mi --- apiVersion: codemowers.cloud/v1beta1 kind: OIDCMiddlewareClient metadata: name: webmail spec: displayName: Wildduck Webmail uri: 'https://webmail.k-space.ee' allowedGroups: - k-space:floor - k-space:friends headerMapping: user: Remote-Username --- apiVersion: v1 kind: ConfigMap metadata: name: webmail-config namespace: wildduck data: www.toml: |- [service] identities=1 allowIdentityEdit=false allowJoin=false domains=["k-space.ee"] allowSendFromOtherDomains=false [service.sso.http] enabled = true header = "Remote-Username" logoutRedirect = "https://auth.k-space.ee/" #TODO: host is not templated [u2f] enabled=false [log] level="info" [setup.imap] hostname="mail.k-space.ee" secure=true port=993 [setup.pop3] hostname="mail.k-space.ee" secure=true port=995 [setup.smtp] hostname="mail.k-space.ee" secure=true port=465 [api] url="http://wildduck-api:8080" --- apiVersion: apps/v1 kind: Deployment metadata: name: webmail namespace: wildduck spec: revisionHistoryLimit: 0 replicas: 2 selector: matchLabels: app.kubernetes.io/name: webmail template: metadata: labels: app.kubernetes.io/name: webmail spec: containers: - name: webmail image: nodemailer/wildduck-webmail:latest command: - node - server.js - --config=/etc/wildduck/www.toml securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 65534 volumeMounts: - name: webmail-config mountPath: /etc/wildduck readOnly: true env: - name: APPCONF_api_accessToken valueFrom: secretKeyRef: name: wildduck key: WILDDUCK_API_TOKEN - name: APPCONF_dbs_redis valueFrom: secretKeyRef: name: dragonfly-auth key: REDIS_URI volumes: - name: webmail-config projected: sources: - configMap: name: webmail-config --- apiVersion: v1 kind: Service metadata: name: webmail namespace: wildduck spec: selector: app.kubernetes.io/name: webmail ports: - protocol: TCP port: 80 targetPort: 3000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: webmail namespace: wildduck annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: wildduck-webmail@kubernetescrd,wildduck-webmail-redirect@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.k-space.ee spec: rules: - host: webmail.k-space.ee http: paths: - pathType: Prefix path: "/" backend: service: name: webmail port: number: 80 tls: - hosts: - "*.k-space.ee" --- apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: webmail-redirect spec: redirectRegex: regex: ^https://webmail.k-space.ee/$ replacement: https://webmail.k-space.ee/webmail/ permanent: false # --- # apiVersion: networking.k8s.io/v1 # kind: NetworkPolicy # metadata: # name: webmail # spec: # podSelector: # matchLabels: # app.kubernetes.io/name: webmail # policyTypes: # - Ingress # ingress: # - ports: # - port: 3000 # from: # - namespaceSelector: # matchLabels: # kubernetes.io/metadata.name: traefik # podSelector: # matchLabels: # app.kubernetes.io/name: traefik