diff --git a/wildduck/clamav.yaml b/wildduck/clamav.yaml index 734ce32..79fb73d 100644 --- a/wildduck/clamav.yaml +++ b/wildduck/clamav.yaml @@ -19,8 +19,8 @@ spec: image: mirror.gcr.io/clamav/clamav:1.1 imagePullPolicy: IfNotPresent ports: - - containerPort: 3310 - name: api + - containerPort: 3310 + name: api volumeMounts: - mountPath: /var/lib/clamav name: avdata @@ -41,5 +41,5 @@ spec: selector: app.kubernetes.io/name: clamav ports: - - port: 3310 - name: clamav + - port: 3310 + name: clamav diff --git a/wildduck/dns.yaml b/wildduck/dns.yaml index 220099a..d306a38 100644 --- a/wildduck/dns.yaml +++ b/wildduck/dns.yaml @@ -5,13 +5,13 @@ metadata: name: wildduck-mx spec: endpoints: - - dnsName: k-space.ee - recordTTL: 300 - recordType: MX - targets: - - "10 mail.k-space.ee" - - dnsName: k-space.ee - recordTTL: 300 - recordType: TXT - targets: - - "v=spf1 mx include:servers.mcsv.net -all" + - dnsName: k-space.ee + recordTTL: 300 + recordType: MX + targets: + - "10 mail.k-space.ee" + - dnsName: k-space.ee + recordTTL: 300 + recordType: TXT + targets: + - "v=spf1 mx include:servers.mcsv.net -all" diff --git a/wildduck/haraka.yaml b/wildduck/haraka.yaml index 38c9473..f176ea7 100644 --- a/wildduck/haraka.yaml +++ b/wildduck/haraka.yaml @@ -177,8 +177,8 @@ spec: - name: REDIS_URI valueFrom: secretKeyRef: - name: dragonfly-auth - key: REDIS_URI + name: session-storage + key: REDIS_WILDDUCK_URI - name: MONGO_URI valueFrom: secretKeyRef: diff --git a/wildduck/loadbalancer.yaml b/wildduck/loadbalancer.yaml index fc5123d..a5801c1 100644 --- a/wildduck/loadbalancer.yaml +++ b/wildduck/loadbalancer.yaml @@ -13,12 +13,12 @@ spec: selector: app.kubernetes.io/name: wildduck ports: - - port: 993 - name: wildduck-mda - targetPort: wildduck-mda - - port: 465 - name: zonemta-msa - targetPort: zonemta-msa - - port: 25 - name: haraka-mta - targetPort: haraka-mta + - port: 993 + name: wildduck-mda + targetPort: wildduck-mda + - port: 465 + name: zonemta-msa + targetPort: zonemta-msa + - port: 25 + name: haraka-mta + targetPort: haraka-mta diff --git a/wildduck/rspamd.yaml b/wildduck/rspamd.yaml index ece870e..86cddf0 100644 --- a/wildduck/rspamd.yaml +++ b/wildduck/rspamd.yaml @@ -75,5 +75,5 @@ spec: selector: app.kubernetes.io/name: rspamd ports: - - port: 11333 - name: rspamd + - port: 11333 + name: rspamd diff --git a/wildduck/session-storage.yaml b/wildduck/session-storage.yaml new file mode 100644 index 0000000..48d1a83 --- /dev/null +++ b/wildduck/session-storage.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: codemowers.cloud/v1beta1 +kind: SecretClaim +metadata: + name: session-storage +spec: + size: 32 + mapping: + - key: password + value: "%(plaintext)s" + - key: REDIS_WILDDUCK_URI + value: "redis://:%(plaintext)s@session-storage/1" + - key: REDIS_WEBMAIL_URI + value: "redis://:%(plaintext)s@session-storage/2" + - key: REDIS_WILDFLOCK_URI + value: "redis://:%(plaintext)s@session-storage/2" +--- +apiVersion: dragonflydb.io/v1alpha1 +kind: Dragonfly +metadata: + name: session-storage +spec: + authentication: + passwordFromSecret: + key: password + name: session-storage + replicas: 3 + resources: + limits: + memory: 1Gi + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: session-storage + app.kubernetes.io/part-of: dragonfly +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: session-storage +spec: + selector: + matchLabels: + app: session-storage + app.kubernetes.io/part-of: dragonfly + podMetricsEndpoints: + - port: admin diff --git a/wildduck/webmail.yaml b/wildduck/webmail.yaml index 45f1bcc..68e4861 100644 --- a/wildduck/webmail.yaml +++ b/wildduck/webmail.yaml @@ -1,13 +1,3 @@ -# --- -# Commented out by argocd config drift -# -# apiVersion: codemowers.cloud/v1beta1 -# kind: RedisClaim -# metadata: -# name: webmail -# spec: -# class: ephemeral -# capacity: 100Mi --- apiVersion: codemowers.cloud/v1beta1 kind: OIDCMiddlewareClient @@ -98,8 +88,8 @@ spec: - name: APPCONF_dbs_redis valueFrom: secretKeyRef: - name: dragonfly-auth - key: REDIS_URI + name: session-storage + key: REDIS_WEBMAIL_URI volumes: - name: webmail-config projected: @@ -116,9 +106,9 @@ spec: selector: app.kubernetes.io/name: webmail ports: - - protocol: TCP - port: 80 - targetPort: 3000 + - protocol: TCP + port: 80 + targetPort: 3000 --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -133,19 +123,19 @@ metadata: external-dns.alpha.kubernetes.io/target: traefik.k-space.ee spec: rules: - - host: webmail.k-space.ee - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: webmail - port: - number: 80 + - host: webmail.k-space.ee + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: webmail + port: + number: 80 tls: - - hosts: - - "*.k-space.ee" + - hosts: + - "*.k-space.ee" --- apiVersion: traefik.io/v1alpha1 kind: Middleware @@ -156,24 +146,3 @@ spec: regex: ^https://webmail.k-space.ee/$ replacement: https://webmail.k-space.ee/webmail/ permanent: false -# --- -# apiVersion: networking.k8s.io/v1 -# kind: NetworkPolicy -# metadata: -# name: webmail -# spec: -# podSelector: -# matchLabels: -# app.kubernetes.io/name: webmail -# policyTypes: -# - Ingress -# ingress: -# - ports: -# - port: 3000 -# from: -# - namespaceSelector: -# matchLabels: -# kubernetes.io/metadata.name: traefik -# podSelector: -# matchLabels: -# app.kubernetes.io/name: traefik diff --git a/wildduck/wildduck.yaml b/wildduck/wildduck.yaml index 81b877d..ab5f688 100644 --- a/wildduck/wildduck.yaml +++ b/wildduck/wildduck.yaml @@ -1,30 +1,4 @@ --- -apiVersion: codemowers.cloud/v1beta1 -kind: SecretClaim -metadata: - name: dragonfly-auth -spec: - size: 32 - mapping: - - key: password - value: "%(plaintext)s" - - key: REDIS_URI - value: "redis://:%(plaintext)s@dragonfly" ---- -apiVersion: dragonflydb.io/v1alpha1 -kind: Dragonfly -metadata: - name: dragonfly -spec: - authentication: - passwordFromSecret: - key: password - name: dragonfly-auth - replicas: 3 - resources: - limits: - memory: 5Gi ---- apiVersion: v1 kind: Service metadata: @@ -118,8 +92,8 @@ spec: - name: APPCONF_dbs_redis valueFrom: secretKeyRef: - name: dragonfly-auth - key: REDIS_URI + name: session-storage + key: REDIS_WILDDUCK_URI volumeMounts: - mountPath: /cert name: cert diff --git a/wildduck/wildflock.yaml b/wildduck/wildflock.yaml index 9ff34b8..fbaf8c7 100644 --- a/wildduck/wildflock.yaml +++ b/wildduck/wildflock.yaml @@ -96,8 +96,8 @@ spec: - name: REDIS_URL valueFrom: secretKeyRef: - name: dragonfly-wildflock-auth - key: REDIS_URI + name: session-storage + key: REDIS_WILDFLOCK_URI - name: CLIENT_URL value: https://wildflock.k-space.ee - name: WILDDUCK_DOMAIN @@ -120,48 +120,22 @@ spec: valueFrom: secretKeyRef: key: OIDC_IDP_URI - name: oidc-client-wildflock-owner-secrets + name: oidc-client-wildflock-owner-secrets - name: OIDC_GATEWAY_AUTH_URI valueFrom: secretKeyRef: key: OIDC_IDP_AUTH_URI - name: oidc-client-wildflock-owner-secrets + name: oidc-client-wildflock-owner-secrets - name: OIDC_GATEWAY_TOKEN_URI valueFrom: secretKeyRef: key: OIDC_IDP_TOKEN_URI - name: oidc-client-wildflock-owner-secrets + name: oidc-client-wildflock-owner-secrets - name: OIDC_GATEWAY_USERINFO_URI valueFrom: secretKeyRef: key: OIDC_IDP_USERINFO_URI - name: oidc-client-wildflock-owner-secrets + name: oidc-client-wildflock-owner-secrets envFrom: - secretRef: name: oidc-client-wildflock-owner-secrets ---- -apiVersion: codemowers.cloud/v1beta1 -kind: SecretClaim -metadata: - name: dragonfly-wildflock-auth -spec: - size: 32 - mapping: - - key: password - value: "%(plaintext)s" - - key: REDIS_URI - value: "redis://:%(plaintext)s@dragonfly-wildflock" ---- -apiVersion: dragonflydb.io/v1alpha1 -kind: Dragonfly -metadata: - name: dragonfly-wildflock -spec: - authentication: - passwordFromSecret: - key: password - name: dragonfly-wildflock-auth - replicas: 3 - resources: - limits: - memory: 5Gi diff --git a/wildduck/zonemta.yaml b/wildduck/zonemta.yaml index 4cc568a..35407e8 100644 --- a/wildduck/zonemta.yaml +++ b/wildduck/zonemta.yaml @@ -125,8 +125,8 @@ spec: - name: APPCONF_dbs_redis valueFrom: secretKeyRef: - name: dragonfly-auth - key: REDIS_URI + name: session-storage + key: REDIS_WILDDUCK_URI volumeMounts: - name: cert mountPath: /cert