forked from k-space/kube
156 lines
3.5 KiB
YAML
156 lines
3.5 KiB
YAML
---
|
|
apiVersion: codemowers.cloud/v1beta1
|
|
kind: OIDCMiddlewareClient
|
|
metadata:
|
|
name: webmail
|
|
spec:
|
|
displayName: Wildduck Webmail
|
|
uri: 'https://webmail.k-space.ee'
|
|
allowedGroups:
|
|
- k-space:floor
|
|
- k-space:friends
|
|
headerMapping:
|
|
user: Remote-Username
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: webmail-config
|
|
namespace: wildduck
|
|
data:
|
|
www.toml: |-
|
|
[service]
|
|
identities=1
|
|
allowIdentityEdit=false
|
|
allowJoin=false
|
|
domains=["k-space.ee"]
|
|
allowSendFromOtherDomains=false
|
|
[service.sso.http]
|
|
enabled = true
|
|
header = "Remote-Username"
|
|
logoutRedirect = "https://auth.k-space.ee/" #TODO: host is not templated
|
|
[u2f]
|
|
enabled=false
|
|
[log]
|
|
level="info"
|
|
[setup.imap]
|
|
hostname="mail.k-space.ee"
|
|
secure=true
|
|
port=993
|
|
[setup.pop3]
|
|
hostname="mail.k-space.ee"
|
|
secure=true
|
|
port=995
|
|
[setup.smtp]
|
|
hostname="mail.k-space.ee"
|
|
secure=true
|
|
port=465
|
|
[api]
|
|
url="http://wildduck-api:8080"
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: webmail
|
|
namespace: wildduck
|
|
spec:
|
|
revisionHistoryLimit: 0
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: webmail
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: webmail
|
|
spec:
|
|
containers:
|
|
- name: webmail
|
|
image: mirror.gcr.io/nodemailer/wildduck-webmail:latest
|
|
command:
|
|
- node
|
|
- server.js
|
|
- --config=/etc/wildduck/www.toml
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 100Mi
|
|
requests:
|
|
cpu: 1m
|
|
memory: 50Mi
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|
|
volumeMounts:
|
|
- name: webmail-config
|
|
mountPath: /etc/wildduck
|
|
readOnly: true
|
|
env:
|
|
- name: APPCONF_api_accessToken
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: wildduck
|
|
key: WILDDUCK_API_TOKEN
|
|
- name: APPCONF_dbs_redis
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: session-storage
|
|
key: REDIS_WEBMAIL_URI
|
|
volumes:
|
|
- name: webmail-config
|
|
projected:
|
|
sources:
|
|
- configMap:
|
|
name: webmail-config
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: webmail
|
|
namespace: wildduck
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/name: webmail
|
|
ports:
|
|
- protocol: TCP
|
|
port: 80
|
|
targetPort: 3000
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: webmail
|
|
namespace: wildduck
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.middlewares: wildduck-webmail@kubernetescrd,wildduck-webmail-redirect@kubernetescrd
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
|
spec:
|
|
rules:
|
|
- host: webmail.k-space.ee
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: "/"
|
|
backend:
|
|
service:
|
|
name: webmail
|
|
port:
|
|
number: 80
|
|
tls:
|
|
- hosts:
|
|
- "*.k-space.ee"
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: webmail-redirect
|
|
spec:
|
|
redirectRegex:
|
|
regex: ^https://webmail.k-space.ee/$
|
|
replacement: https://webmail.k-space.ee/webmail/
|
|
permanent: false
|