wildduck to kustomize

2026-01-05 01:51:53 +02:00
parent ea02208b0c
commit 98ec867e3a
6 changed files with 37 additions and 11 deletions
--- a/wildduck/README.md
+++ b/wildduck/README.md
@@ -22,10 +22,3 @@ The mail stack consists of several moving parts:
 Outside Kubernetes there is NAT rule on the Mikrotik router
 which rewrites source IP of any TCP port 25 headed traffic to
 originate from the IP address of the mail exchange.
-
-TODO: Figure out how to automate DH parameters generation:
-
-```
-openssl dhparam -out dhparams.pem 2048
-kubectl create secret generic -n wildduck dhparams --from-file=dhparams.pem
-```
--- a/wildduck/kustomization.yaml
+++ b/wildduck/kustomization.yaml
@@ -0,0 +1,23 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: wildduck
+
+resources:
+- ./certificate.yaml
+- ./clamav.yaml
+- ./dns.yaml
+- ./haraka.yaml
+- ./loadbalancer.yaml
+- ./mongo.yaml
+- ./rspamd.yaml
+- ./session-storage.yaml
+- ./srs.yaml
+- ./webmail.yaml
+- ./wildduck-exporter.yaml
+- ./wildduck-operator-rbac.yaml
+- ./wildduck-operator.yaml
+- ./wildduck.yaml
+- ./wildflock.yaml
+- ./zonemta.yaml
+- ssh://git@git.k-space.ee/secretspace/kube/wildduck
--- a/wildduck/webmail.yaml
+++ b/wildduck/webmail.yaml
@@ -91,7 +91,7 @@ spec:
            - name: APPCONF_api_accessToken
              valueFrom:
                secretKeyRef:
-                  name: wildduck
+                  name: wildduck-api
                  key: WILDDUCK_API_TOKEN
            - name: APPCONF_dbs_redis
              valueFrom:
--- a/wildduck/wildduck-operator.yaml
+++ b/wildduck/wildduck-operator.yaml
@@ -28,7 +28,7 @@ spec:
            - name: WILDDUCK_API_TOKEN
              valueFrom:
                secretKeyRef:
-                  name: wildduck
+                  name: wildduck-api
                  key: WILDDUCK_API_TOKEN
          ports:
            - containerPort: 8000
--- a/wildduck/wildduck.yaml
+++ b/wildduck/wildduck.yaml
@@ -80,7 +80,7 @@ spec:
            - name: APPCONF_api_accessToken
              valueFrom:
                secretKeyRef:
-                  name: wildduck
+                  name: wildduck-api
                  key: WILDDUCK_API_TOKEN
            - name: APPCONF_dbs_sender
              value: wildduck
@@ -110,3 +110,13 @@ spec:
        - name: cert
          secret:
            secretName: wildduck-tls
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: wildduck-api
+spec:
+  size: 32
+  mapping:
+    - key: WILDDUCK_API_TOKEN
+      value: "%(plaintext)s"
--- a/wildduck/wildflock.yaml
+++ b/wildduck/wildflock.yaml
@@ -115,7 +115,7 @@ spec:
            - name: WILDDUCK_TOKEN
              valueFrom:
                secretKeyRef:
-                  name: wildduck
+                  name: wildduck-api
                  key: WILDDUCK_API_TOKEN
            - name: SESSION_SECRET
              valueFrom: