kube/wildduck/haraka.yaml

201 lines
5.0 KiB
YAML
Raw Permalink Normal View History

2023-08-24 16:53:07 +00:00
---
apiVersion: v1
kind: ConfigMap
metadata:
name: haraka
data:
loglevel: info
plugin_timeout: "180"
queue_dir: /var/lib/haraka/queue
me: |-
mail.k-space.ee
2023-08-24 16:53:07 +00:00
plugins: |-
spf
clamd
rspamd
2023-08-27 17:24:36 +00:00
dkim_verify
2023-08-24 16:53:07 +00:00
wildduck
2023-08-27 17:24:36 +00:00
tls
2023-08-24 16:53:07 +00:00
rspamd.ini: |-
host = rspamd
port = 11333
add_headers = always
timeout = 30
[dkim]
enabled = true
[header]
bar = X-Rspamd-Bar
report = X-Rspamd-Report
score = X-Rspamd-Score
spam = X-Rspamd-Spam
[check]
authenticated = true
private_ip = true
[reject]
spam = false
[soft_reject]
enabled = true
[rmilter_headers]
enabled = true
[spambar]
positive = +
negative = -
neutral = /
clamd.ini: |-
clamd_socket = clamav:3310
[reject]
virus=true
error=false
smtp.ini: |-
listen=0.0.0.0:2525
nodes=1
tls.ini: |-
key=/cert/tls.key
cert=/cert/tls.crt
dhparam=dhparams.pem
2023-08-24 16:53:07 +00:00
wildduck.js: |-
module.exports = {
"redis": process.env.REDIS_URI,
"mongo": {
"url": process.env.MONGO_URI,
"sender": "wildduck",
2023-08-24 16:53:07 +00:00
},
"sender": {
"enabled": true,
"zone": "default",
"gfs": "mail",
"collection": "zone-queue"
},
"srs": {
2023-08-27 17:24:36 +00:00
"secret": process.env.SRS_SECRET
2023-08-24 16:53:07 +00:00
},
"attachments": {
"type": "gridstore",
"bucket": "attachments",
"decodeBase64": true
},
"log": {
"authlogExpireDays": 30
},
"limits": {
"windowSize": 3600,
"rcptIp": 100,
"rcptWindowSize": 60,
"rcpt": 60
},
"gelf": {
"enabled": false
},
"rspamd": {
"forwardSkip": 10,
"blacklist": [
"DMARC_POLICY_REJECT"
],
"softlist": [
"RBL_ZONE"
],
"responses": {
"DMARC_POLICY_REJECT": "Unauthenticated email from {host} is not accepted due to domain's DMARC policy",
"RBL_ZONE": "[{host}] was found from Zone RBL"
}
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: haraka
spec:
strategy:
type: Recreate
replicas: 2
2023-08-24 16:53:07 +00:00
selector:
matchLabels:
app.kubernetes.io/name: wildduck
app.kubernetes.io/component: haraka
template:
metadata:
labels:
app.kubernetes.io/name: wildduck
app.kubernetes.io/component: haraka
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- wildduck
- key: app.kubernetes.io/component
operator: In
values:
- haraka
topologyKey: topology.kubernetes.io/zone
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- wildduck
- key: app.kubernetes.io/component
operator: In
values:
- wildduck
topologyKey: kubernetes.io/hostname
2023-08-24 16:53:07 +00:00
containers:
- name: haraka
2024-08-24 14:44:19 +00:00
image: mirror.gcr.io/codemowers/wildduck-haraka-inbound:latest@sha256:5b9ec221d9686604a8f247e894727dfaa3413ac75d31428773441d31bb4feaa6
2023-08-24 16:53:07 +00:00
imagePullPolicy: IfNotPresent
ports:
- containerPort: 2525
name: haraka-mta
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
volumeMounts:
- name: wildduck-haraka-config
mountPath: /etc/haraka
readOnly: true
- name: wildduck-haraka-config
mountPath: /etc/haraka/config
readOnly: true
- name: var-lib-haraka
mountPath: /var/lib/haraka
- mountPath: /cert
name: cert
env:
2023-08-27 17:24:36 +00:00
- name: SRS_SECRET
valueFrom:
secretKeyRef:
name: srs
key: secret
2023-08-24 16:53:07 +00:00
- name: REDIS_URI
valueFrom:
secretKeyRef:
2024-08-15 06:49:48 +00:00
name: session-storage
key: REDIS_WILDDUCK_URI
2023-08-24 16:53:07 +00:00
- name: MONGO_URI
valueFrom:
secretKeyRef:
2024-08-13 17:18:47 +00:00
name: wildduck-mongodb
key: MONGO_URI
2023-08-24 16:53:07 +00:00
volumes:
- name: cert
secret:
secretName: wildduck-tls
- name: wildduck-haraka-config
projected:
sources:
2023-08-27 17:24:36 +00:00
- secret:
name: dhparams
2023-08-24 16:53:07 +00:00
- configMap:
name: haraka
- name: var-lib-haraka
emptyDir:
sizeLimit: 500Mi