Migrate the rest of Wildduck stack
This commit is contained in:
parent
b98f173441
commit
0ed3010fed
12
wildduck/certificate.yaml
Normal file
12
wildduck/certificate.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: mail
|
||||||
|
spec:
|
||||||
|
dnsNames:
|
||||||
|
- mail.k-space.ee
|
||||||
|
issuerRef:
|
||||||
|
kind: ClusterIssuer
|
||||||
|
name: default
|
||||||
|
secretName: wildduck-tls
|
17
wildduck/dns.yaml
Normal file
17
wildduck/dns.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
apiVersion: externaldns.k8s.io/v1alpha1
|
||||||
|
kind: DNSEndpoint
|
||||||
|
metadata:
|
||||||
|
name: wildduck-mx
|
||||||
|
spec:
|
||||||
|
endpoints:
|
||||||
|
- dnsName: k-space.ee
|
||||||
|
recordTTL: 300
|
||||||
|
recordType: MX
|
||||||
|
targets:
|
||||||
|
- "10 mail.k-space.ee"
|
||||||
|
- dnsName: k-space.ee
|
||||||
|
recordTTL: 300
|
||||||
|
recordType: TXT
|
||||||
|
targets:
|
||||||
|
- "v=spf1 mx include:servers.mcsv.net -all"
|
167
wildduck/haraka.yaml
Normal file
167
wildduck/haraka.yaml
Normal file
@ -0,0 +1,167 @@
|
|||||||
|
---
|
||||||
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
|
kind: RedisClaim
|
||||||
|
metadata:
|
||||||
|
name: haraka
|
||||||
|
spec:
|
||||||
|
class: ephemeral
|
||||||
|
capacity: 100Mi
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: haraka
|
||||||
|
data:
|
||||||
|
loglevel: info
|
||||||
|
plugin_timeout: "180"
|
||||||
|
queue_dir: /var/lib/haraka/queue
|
||||||
|
plugins: |-
|
||||||
|
spf
|
||||||
|
clamd
|
||||||
|
rspamd
|
||||||
|
wildduck
|
||||||
|
rspamd.ini: |-
|
||||||
|
host = rspamd
|
||||||
|
port = 11333
|
||||||
|
add_headers = always
|
||||||
|
timeout = 30
|
||||||
|
[dkim]
|
||||||
|
enabled = true
|
||||||
|
[header]
|
||||||
|
bar = X-Rspamd-Bar
|
||||||
|
report = X-Rspamd-Report
|
||||||
|
score = X-Rspamd-Score
|
||||||
|
spam = X-Rspamd-Spam
|
||||||
|
[check]
|
||||||
|
authenticated = true
|
||||||
|
private_ip = true
|
||||||
|
[reject]
|
||||||
|
spam = false
|
||||||
|
[soft_reject]
|
||||||
|
enabled = true
|
||||||
|
[rmilter_headers]
|
||||||
|
enabled = true
|
||||||
|
[spambar]
|
||||||
|
positive = +
|
||||||
|
negative = -
|
||||||
|
neutral = /
|
||||||
|
clamd.ini: |-
|
||||||
|
clamd_socket = clamav:3310
|
||||||
|
[reject]
|
||||||
|
virus=true
|
||||||
|
error=false
|
||||||
|
smtp.ini: |-
|
||||||
|
listen=0.0.0.0:2525
|
||||||
|
nodes=1
|
||||||
|
tls.ini: |-
|
||||||
|
key=/cert/tls.key
|
||||||
|
cert=/cert/tls.crt
|
||||||
|
wildduck.js: |-
|
||||||
|
module.exports = {
|
||||||
|
"redis": process.env.REDIS_URI,
|
||||||
|
"mongo": {
|
||||||
|
"url": process.env.MONGO_URI,
|
||||||
|
"sender": "application"
|
||||||
|
},
|
||||||
|
"sender": {
|
||||||
|
"enabled": true,
|
||||||
|
"zone": "default",
|
||||||
|
"gfs": "mail",
|
||||||
|
"collection": "zone-queue"
|
||||||
|
},
|
||||||
|
"srs": {
|
||||||
|
"secret": "foobar"
|
||||||
|
},
|
||||||
|
"attachments": {
|
||||||
|
"type": "gridstore",
|
||||||
|
"bucket": "attachments",
|
||||||
|
"decodeBase64": true
|
||||||
|
},
|
||||||
|
"log": {
|
||||||
|
"authlogExpireDays": 30
|
||||||
|
},
|
||||||
|
"limits": {
|
||||||
|
"windowSize": 3600,
|
||||||
|
"rcptIp": 100,
|
||||||
|
"rcptWindowSize": 60,
|
||||||
|
"rcpt": 60
|
||||||
|
},
|
||||||
|
"gelf": {
|
||||||
|
"enabled": false
|
||||||
|
},
|
||||||
|
"rspamd": {
|
||||||
|
"forwardSkip": 10,
|
||||||
|
"blacklist": [
|
||||||
|
"DMARC_POLICY_REJECT"
|
||||||
|
],
|
||||||
|
"softlist": [
|
||||||
|
"RBL_ZONE"
|
||||||
|
],
|
||||||
|
"responses": {
|
||||||
|
"DMARC_POLICY_REJECT": "Unauthenticated email from {host} is not accepted due to domain's DMARC policy",
|
||||||
|
"RBL_ZONE": "[{host}] was found from Zone RBL"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: haraka
|
||||||
|
spec:
|
||||||
|
replicas: 2
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: wildduck
|
||||||
|
app.kubernetes.io/component: haraka
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: wildduck
|
||||||
|
app.kubernetes.io/component: haraka
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: haraka
|
||||||
|
image: docker.io/codemowers/wildduck-haraka-inbound:latest@sha256:a130cc6a60ab2a47cb5971355ed2474136254613b4b8bd30aeabc6e123695ea3
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
ports:
|
||||||
|
- containerPort: 2525
|
||||||
|
name: haraka-mta
|
||||||
|
securityContext:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 65534
|
||||||
|
volumeMounts:
|
||||||
|
- name: wildduck-haraka-config
|
||||||
|
mountPath: /etc/haraka
|
||||||
|
readOnly: true
|
||||||
|
- name: wildduck-haraka-config
|
||||||
|
mountPath: /etc/haraka/config
|
||||||
|
readOnly: true
|
||||||
|
- name: var-lib-haraka
|
||||||
|
mountPath: /var/lib/haraka
|
||||||
|
- mountPath: /cert
|
||||||
|
name: cert
|
||||||
|
env:
|
||||||
|
- name: REDIS_URI
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: redis-wildduck-owner-secrets
|
||||||
|
key: REDIS_MASTER_0_URI
|
||||||
|
- name: MONGO_URI
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: wildduck
|
||||||
|
key: MONGO_URI
|
||||||
|
volumes:
|
||||||
|
- name: cert
|
||||||
|
secret:
|
||||||
|
secretName: wildduck-tls
|
||||||
|
- name: wildduck-haraka-config
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- configMap:
|
||||||
|
name: haraka
|
||||||
|
- name: var-lib-haraka
|
||||||
|
emptyDir:
|
||||||
|
sizeLimit: 500Mi
|
28
wildduck/loadbalancer.yaml
Normal file
28
wildduck/loadbalancer.yaml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: wildduck
|
||||||
|
annotations:
|
||||||
|
external-dns.alpha.kubernetes.io/hostname: mail.k-space.ee
|
||||||
|
metallb.universe.tf/address-pool: wildduck
|
||||||
|
spec:
|
||||||
|
loadBalancerIP: 193.40.103.25
|
||||||
|
type: LoadBalancer
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: wildduck
|
||||||
|
ports:
|
||||||
|
- port: 8080
|
||||||
|
name: wildduck-api
|
||||||
|
targetPort: wildduck-api
|
||||||
|
- port: 993
|
||||||
|
name: wildduck-mda
|
||||||
|
targetPort: wildduck-mda
|
||||||
|
- port: 465
|
||||||
|
name: zonemta-msa
|
||||||
|
targetPort: zonemta-msa
|
||||||
|
- port: 25
|
||||||
|
name: haraka-mta
|
||||||
|
targetPort: haraka-mta
|
||||||
|
|
100
wildduck/mongo.yaml
Normal file
100
wildduck/mongo.yaml
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
---
|
||||||
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
|
kind: SecretClaim
|
||||||
|
metadata:
|
||||||
|
name: wildduck-readwrite-password
|
||||||
|
spec:
|
||||||
|
mapping:
|
||||||
|
- key: password
|
||||||
|
value: "%(plaintext)s"
|
||||||
|
---
|
||||||
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
|
kind: SecretClaim
|
||||||
|
metadata:
|
||||||
|
name: wildduck-readonly-password
|
||||||
|
spec:
|
||||||
|
mapping:
|
||||||
|
- key: password
|
||||||
|
value: "%(plaintext)s"
|
||||||
|
---
|
||||||
|
apiVersion: mongodbcommunity.mongodb.com/v1
|
||||||
|
kind: MongoDBCommunity
|
||||||
|
metadata:
|
||||||
|
name: wildduck-mongodb
|
||||||
|
spec:
|
||||||
|
additionalMongodConfig:
|
||||||
|
systemLog:
|
||||||
|
quiet: true
|
||||||
|
members: 2
|
||||||
|
arbiters: 1
|
||||||
|
type: ReplicaSet
|
||||||
|
version: "6.0.3"
|
||||||
|
security:
|
||||||
|
authentication:
|
||||||
|
modes: ["SCRAM"]
|
||||||
|
users:
|
||||||
|
- name: readwrite
|
||||||
|
db: application
|
||||||
|
passwordSecretRef:
|
||||||
|
name: wildduck-readwrite-password
|
||||||
|
roles:
|
||||||
|
- name: readWrite
|
||||||
|
db: application
|
||||||
|
scramCredentialsSecretName: wildduck-readwrite
|
||||||
|
- name: readonly
|
||||||
|
db: application
|
||||||
|
passwordSecretRef:
|
||||||
|
name: wildduck-readonly-password
|
||||||
|
roles:
|
||||||
|
- name: read
|
||||||
|
db: application
|
||||||
|
scramCredentialsSecretName: wildduck-readonly
|
||||||
|
statefulSet:
|
||||||
|
spec:
|
||||||
|
logLevel: WARN
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: mongod
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 1Gi
|
||||||
|
limits:
|
||||||
|
cpu: 4000m
|
||||||
|
memory: 1Gi
|
||||||
|
- name: mongodb-agent
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 1m
|
||||||
|
memory: 100Mi
|
||||||
|
limits: {}
|
||||||
|
affinity:
|
||||||
|
podAntiAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
- labelSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: app
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- wildduck-svc
|
||||||
|
topologyKey: topology.kubernetes.io/zone
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: logs-volume
|
||||||
|
spec:
|
||||||
|
storageClassName: mongo
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 512Mi
|
||||||
|
- metadata:
|
||||||
|
name: data-volume
|
||||||
|
spec:
|
||||||
|
storageClassName: mongo
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 10Gi
|
@ -1,4 +1,15 @@
|
|||||||
---
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: rspamd
|
||||||
|
data:
|
||||||
|
logging.inc: |
|
||||||
|
type = console;
|
||||||
|
level = "notice";
|
||||||
|
worker-normal.inc: |
|
||||||
|
bind_socket = "*:11333";
|
||||||
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
@ -20,9 +31,6 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: rspamd
|
- name: rspamd
|
||||||
image: docker.io/codemowers/rspamd
|
image: docker.io/codemowers/rspamd
|
||||||
command:
|
|
||||||
- /usr/bin/rspamd
|
|
||||||
- -f
|
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 11333
|
- containerPort: 11333
|
||||||
name: rspamd
|
name: rspamd
|
||||||
@ -38,6 +46,11 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: var-lib-rspamd
|
- name: var-lib-rspamd
|
||||||
mountPath: /var/lib/rspamd
|
mountPath: /var/lib/rspamd
|
||||||
|
- name: var-run
|
||||||
|
mountPath: /run/rspamd
|
||||||
|
- name: rspamd-config
|
||||||
|
mountPath: /etc/rspamd/local.d
|
||||||
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: var-lib-rspamd
|
- name: var-lib-rspamd
|
||||||
emptyDir:
|
emptyDir:
|
||||||
@ -48,6 +61,11 @@ spec:
|
|||||||
- name: var-lib-nginx-tmp
|
- name: var-lib-nginx-tmp
|
||||||
emptyDir:
|
emptyDir:
|
||||||
medium: Memory
|
medium: Memory
|
||||||
|
- name: rspamd-config
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- configMap:
|
||||||
|
name: rspamd
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
|
@ -54,7 +54,7 @@ data:
|
|||||||
secure=true
|
secure=true
|
||||||
port=465
|
port=465
|
||||||
[api]
|
[api]
|
||||||
url="https://mail.k-space.ee"
|
url="http://wildduck-api:8080"
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
@ -96,8 +96,8 @@ spec:
|
|||||||
- name: APPCONF_dbs_redis
|
- name: APPCONF_dbs_redis
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: redis-webmail-owner-secrets
|
name: redis-wildduck-owner-secrets
|
||||||
key: REDIS_MASTER_0_URI
|
key: REDIS_MASTER_1_URI
|
||||||
volumes:
|
volumes:
|
||||||
- name: webmail-config
|
- name: webmail-config
|
||||||
projected:
|
projected:
|
||||||
@ -126,7 +126,7 @@ metadata:
|
|||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: wildduck-webmail@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: wildduck-webmail@kubernetescrd,wildduck-webmail-redirect@kubernetescrd
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
spec:
|
spec:
|
||||||
@ -144,3 +144,13 @@ spec:
|
|||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "*.k-space.ee"
|
- "*.k-space.ee"
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: webmail-redirect
|
||||||
|
spec:
|
||||||
|
redirectRegex:
|
||||||
|
regex: ^https://webmail.k-space.ee/$
|
||||||
|
replacement: https://webmail.k-space.ee/webmail/
|
||||||
|
permanent: false
|
||||||
|
85
wildduck/wildduck.yaml
Normal file
85
wildduck/wildduck.yaml
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
---
|
||||||
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
|
kind: RedisClaim
|
||||||
|
metadata:
|
||||||
|
name: wildduck
|
||||||
|
spec:
|
||||||
|
class: ephemeral
|
||||||
|
capacity: 100Mi
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: wildduck-api
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: wildduck
|
||||||
|
app.kubernetes.io/component: wildduck
|
||||||
|
ports:
|
||||||
|
- port: 8080
|
||||||
|
name: wildduck-api
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: wildduck
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: wildduck
|
||||||
|
app.kubernetes.io/component: wildduck
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: wildduck
|
||||||
|
app.kubernetes.io/component: wildduck
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: wildduck
|
||||||
|
image: docker.io/nodemailer/wildduck
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
name: wildduck-api
|
||||||
|
- containerPort: 9993
|
||||||
|
name: wildduck-mda
|
||||||
|
securityContext:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 200Mi
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 100Mi
|
||||||
|
env:
|
||||||
|
- name: APPCONF_tls_key
|
||||||
|
value: /cert/tls.key
|
||||||
|
- name: APPCONF_tls_cert
|
||||||
|
value: /cert/tls.crt
|
||||||
|
- name: APPCONF_api_host
|
||||||
|
value: "0.0.0.0"
|
||||||
|
- name: APPCONF_api_accessToken
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: wildduck
|
||||||
|
key: WILDDUCK_API_TOKEN
|
||||||
|
- name: APPCONF_dbs_mongo
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: wildduck
|
||||||
|
key: MONGO_URI
|
||||||
|
- name: APPCONF_dbs_redis
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: redis-wildduck-owner-secrets
|
||||||
|
key: REDIS_MASTER_0_URI
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /cert
|
||||||
|
name: cert
|
||||||
|
volumes:
|
||||||
|
- name: cert
|
||||||
|
secret:
|
||||||
|
secretName: wildduck-tls
|
72
wildduck/zonemta.yaml
Normal file
72
wildduck/zonemta.yaml
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: zonemta
|
||||||
|
spec:
|
||||||
|
replicas: 2
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: wildduck
|
||||||
|
app.kubernetes.io/component: zonemta
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: wildduck
|
||||||
|
app.kubernetes.io/component: zonemta
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: wildduck
|
||||||
|
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:a35453409c29882bacb4a758909a38ed62daa875ad72cf706996bb144703ef49
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command:
|
||||||
|
- /sbin/tini
|
||||||
|
- --
|
||||||
|
- node
|
||||||
|
- index.js
|
||||||
|
ports:
|
||||||
|
- containerPort: 9465
|
||||||
|
name: zonemta-msa
|
||||||
|
- containerPort: 10280
|
||||||
|
name: api
|
||||||
|
securityContext:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 1000Mi
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 500Mi
|
||||||
|
env:
|
||||||
|
- name: APPCONF_smtpInterfaces_feeder_key
|
||||||
|
value: /cert/tls.key
|
||||||
|
- name: APPCONF_smtpInterfaces_feeder_cert
|
||||||
|
value: /cert/tls.crt
|
||||||
|
- name: APPCONF_smtpInterfaces_feeder_port
|
||||||
|
value: "9465"
|
||||||
|
- name: APPCONF_smtpInterfaces_feeder_host
|
||||||
|
value: "0.0.0.0"
|
||||||
|
- name: APPCONF_smtpInterfaces_feeder_secure
|
||||||
|
value: "true"
|
||||||
|
- name: APPCONF_dbs_sender
|
||||||
|
value: zone-mta
|
||||||
|
- name: APPCONF_dbs_mongo
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: wildduck
|
||||||
|
key: MONGO_URI
|
||||||
|
- name: APPCONF_dbs_redis
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: redis-wildduck-owner-secrets
|
||||||
|
key: REDIS_MASTER_0_URI
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /cert
|
||||||
|
name: cert
|
||||||
|
volumes:
|
||||||
|
- name: cert
|
||||||
|
secret:
|
||||||
|
secretName: wildduck-tls
|
Loading…
Reference in New Issue
Block a user