From 98ec867e3a2dfedd6dd830a124c5293b92845e0b Mon Sep 17 00:00:00 2001 From: rasmus Date: Mon, 5 Jan 2026 01:51:53 +0200 Subject: [PATCH] wildduck to kustomize --- wildduck/README.md | 7 ------- wildduck/kustomization.yaml | 23 +++++++++++++++++++++++ wildduck/webmail.yaml | 2 +- wildduck/wildduck-operator.yaml | 2 +- wildduck/wildduck.yaml | 12 +++++++++++- wildduck/wildflock.yaml | 2 +- 6 files changed, 37 insertions(+), 11 deletions(-) create mode 100644 wildduck/kustomization.yaml diff --git a/wildduck/README.md b/wildduck/README.md index 98b4bce..4714e69 100644 --- a/wildduck/README.md +++ b/wildduck/README.md @@ -22,10 +22,3 @@ The mail stack consists of several moving parts: Outside Kubernetes there is NAT rule on the Mikrotik router which rewrites source IP of any TCP port 25 headed traffic to originate from the IP address of the mail exchange. - -TODO: Figure out how to automate DH parameters generation: - -``` -openssl dhparam -out dhparams.pem 2048 -kubectl create secret generic -n wildduck dhparams --from-file=dhparams.pem -``` diff --git a/wildduck/kustomization.yaml b/wildduck/kustomization.yaml new file mode 100644 index 0000000..26fc066 --- /dev/null +++ b/wildduck/kustomization.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: wildduck + +resources: +- ./certificate.yaml +- ./clamav.yaml +- ./dns.yaml +- ./haraka.yaml +- ./loadbalancer.yaml +- ./mongo.yaml +- ./rspamd.yaml +- ./session-storage.yaml +- ./srs.yaml +- ./webmail.yaml +- ./wildduck-exporter.yaml +- ./wildduck-operator-rbac.yaml +- ./wildduck-operator.yaml +- ./wildduck.yaml +- ./wildflock.yaml +- ./zonemta.yaml +- ssh://git@git.k-space.ee/secretspace/kube/wildduck diff --git a/wildduck/webmail.yaml b/wildduck/webmail.yaml index ae306bb..572788b 100644 --- a/wildduck/webmail.yaml +++ b/wildduck/webmail.yaml @@ -91,7 +91,7 @@ spec: - name: APPCONF_api_accessToken valueFrom: secretKeyRef: - name: wildduck + name: wildduck-api key: WILDDUCK_API_TOKEN - name: APPCONF_dbs_redis valueFrom: diff --git a/wildduck/wildduck-operator.yaml b/wildduck/wildduck-operator.yaml index d0b5c15..cda37df 100644 --- a/wildduck/wildduck-operator.yaml +++ b/wildduck/wildduck-operator.yaml @@ -28,7 +28,7 @@ spec: - name: WILDDUCK_API_TOKEN valueFrom: secretKeyRef: - name: wildduck + name: wildduck-api key: WILDDUCK_API_TOKEN ports: - containerPort: 8000 diff --git a/wildduck/wildduck.yaml b/wildduck/wildduck.yaml index ddf58d7..77f3ac7 100644 --- a/wildduck/wildduck.yaml +++ b/wildduck/wildduck.yaml @@ -80,7 +80,7 @@ spec: - name: APPCONF_api_accessToken valueFrom: secretKeyRef: - name: wildduck + name: wildduck-api key: WILDDUCK_API_TOKEN - name: APPCONF_dbs_sender value: wildduck @@ -110,3 +110,13 @@ spec: - name: cert secret: secretName: wildduck-tls +--- +apiVersion: codemowers.cloud/v1beta1 +kind: SecretClaim +metadata: + name: wildduck-api +spec: + size: 32 + mapping: + - key: WILDDUCK_API_TOKEN + value: "%(plaintext)s" diff --git a/wildduck/wildflock.yaml b/wildduck/wildflock.yaml index 0c0f004..4f48ee3 100644 --- a/wildduck/wildflock.yaml +++ b/wildduck/wildflock.yaml @@ -115,7 +115,7 @@ spec: - name: WILDDUCK_TOKEN valueFrom: secretKeyRef: - name: wildduck + name: wildduck-api key: WILDDUCK_API_TOKEN - name: SESSION_SECRET valueFrom: