--- apiVersion: codemowers.cloud/v1beta1 kind: OIDCMiddlewareClient metadata: name: freescout spec: displayName: Freescout Middleware uri: 'https://freescout.k-space.ee' allowedGroups: - k-space:floor headerMapping: email: Remote-Email groups: Remote-Groups name: Remote-Name user: Remote-User --- apiVersion: codemowers.cloud/v1beta1 kind: OIDCClient metadata: name: freescout spec: displayName: Freescout uri: https://freescout.k-space.ee redirectUris: - https://freescout.k-space.ee/oauth_callback allowedGroups: - k-space:floor grantTypes: - authorization_code - refresh_token responseTypes: - code availableScopes: - openid - profile pkce: false secretRefreshPod: apiVersion: v1 kind: Pod spec: volumes: - name: tmp emptyDir: {} initContainers: - name: jq image: >- alpine/k8s:1.24.16@sha256:06f8942d87fa17b40795bb9a8eff029a9be3fc3c9bcc13d62071de4cc3324153 command: - /bin/bash - '-c' - >- rm -fv /tmp/update.sql; jq '{"name":"oauth.client_id","value":$ENV.OIDC_CLIENT_ID} | "UPDATE options SET value=\(.value|tostring|@sh) WHERE name=\(.name|tostring|@sh) LIMIT 1;"' -n -r >> /tmp/update.sql; jq '{"name":"oauth.client_secret","value":$ENV.OIDC_CLIENT_SECRET} | "UPDATE options SET value=\(.value|tostring|@sh) WHERE name=\(.name|tostring|@sh) LIMIT 1;"' -n -r >> /tmp/update.sql; jq '{"name":"oauth.auth_url","value":$ENV.OIDC_IDP_AUTH_URI} | "UPDATE options SET value=\(.value + "?scope=openid+profile" |tostring|@sh) WHERE name=\(.name|tostring|@sh) LIMIT 1;"' -n -r >> /tmp/update.sql; jq '{"name":"oauth.token_url","value":$ENV.OIDC_IDP_TOKEN_URI} | "UPDATE options SET value=\(.value|tostring|@sh) WHERE name=\(.name|tostring|@sh) LIMIT 1;"' -n -r >> /tmp/update.sql; jq '{"name":"oauth.user_url","value":$ENV.OIDC_IDP_USERINFO_URI} | "UPDATE options SET value=\(.value|tostring|@sh) WHERE name=\(.name|tostring|@sh) LIMIT 1;"' -n -r >> /tmp/update.sql; cat /tmp/update.sql envFrom: - secretRef: name: oidc-client-freescout-owner-secrets resources: {} volumeMounts: - name: tmp mountPath: /tmp terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent containers: - name: mysql image: mysql command: - /bin/bash - '-c' - >- mysql -u kspace_freescout kspace_freescout -h 172.20.36.1 -p${MYSQL_PWD} < /tmp/update.sql env: - name: MYSQL_PWD valueFrom: secretKeyRef: name: freescout-secrets key: DB_PASS resources: {} volumeMounts: - name: tmp mountPath: /tmp terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent restartPolicy: OnFailure --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: freescout annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.k-space.ee traefik.ingress.kubernetes.io/router.middlewares: freescout-freescout@kubernetescrd spec: rules: - host: freescout.k-space.ee http: paths: - pathType: Prefix path: "/" backend: service: name: freescout port: number: 80 tls: - hosts: - "*.k-space.ee" --- apiVersion: v1 kind: Service metadata: name: freescout spec: type: ClusterIP selector: app: freescout ports: - protocol: TCP port: 80 targetPort: 8080 --- apiVersion: apps/v1 kind: Deployment metadata: name: freescout labels: app: freescout spec: selector: matchLabels: app: freescout replicas: 1 template: metadata: labels: app: freescout spec: containers: - name: freescout image: harbor.k-space.ee/k-space/freescout ports: - containerPort: 8080 env: - name: DISPLAY_ERRORS value: 'true' - name: SITE_URL value: 'https://freescout.k-space.ee' - name: APP_URL value: 'https://freescout.k-space.ee' - name: DB_HOST value: mariadb.infra.k-space.ee - name: DB_PORT value: "3306" - name: DB_DATABASE value: kspace_freescout - name: DB_USERNAME value: kspace_freescout - name: ADMIN_EMAIL value: lauri@k-space.ee - name: ADMIN_PASS value: Salakala1! - name: TIMEZONE value: Europe/Tallinn - name: FREESCOUT_ATTACHMENTS_DRIVER value: s3 - name: DB_PASSWORD valueFrom: secretKeyRef: name: freescout-secrets key: DB_PASS - name: AWS_USE_PATH_STYLE_ENDPOINT value: "true" - name: AWS_BUCKET valueFrom: secretKeyRef: name: miniobucket-attachments-owner-secrets key: BUCKET_NAME - name: APP_KEY valueFrom: secretKeyRef: name: freescout-app key: APP_KEY envFrom: - secretRef: name: miniobucket-attachments-owner-secrets --- apiVersion: batch/v1 kind: CronJob metadata: name: freescout-cron spec: schedule: "0,30 * * * *" # Should be every minute in theory, keeps hanging jobTemplate: spec: activeDeadlineSeconds: 1800 # this is unholy https://github.com/freescout-helpdesk/freescout/blob/dist/app/Console/Kernel.php ttlSecondsAfterFinished: 100 template: spec: containers: - name: freescout-cron image: harbor.k-space.ee/k-space/freescout imagePullPolicy: Always command: - php - artisan - schedule:run env: - name: DISPLAY_ERRORS value: 'true' - name: SITE_URL value: 'https://freescout.k-space.ee' - name: APP_URL value: 'https://freescout.k-space.ee' - name: DB_HOST value: mariadb.infra.k-space.ee - name: DB_PORT value: "3306" - name: DB_DATABASE value: kspace_freescout - name: DB_USERNAME value: kspace_freescout - name: ADMIN_EMAIL value: lauri@k-space.ee - name: ADMIN_PASS value: Salakala1! - name: TIMEZONE value: Europe/Tallinn - name: FREESCOUT_ATTACHMENTS_DRIVER value: s3 - name: DB_PASSWORD valueFrom: secretKeyRef: name: freescout-secrets key: DB_PASS - name: AWS_USE_PATH_STYLE_ENDPOINT value: "true" - name: AWS_BUCKET valueFrom: secretKeyRef: name: miniobucket-attachments-owner-secrets key: BUCKET_NAME - name: APP_KEY valueFrom: secretKeyRef: name: freescout-app key: APP_KEY envFrom: - secretRef: name: miniobucket-attachments-owner-secrets restartPolicy: Never --- apiVersion: codemowers.cloud/v1beta1 kind: MinioBucketClaim metadata: name: attachments spec: capacity: 10Gi class: external --- apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: freescout spec: groups: - name: freescout rules: - alert: FreescoutSyncBroken expr: time() - wildduck_last_login{email=~"(info|accounting)@k-space.ee"} > 300 for: 10m labels: severity: warning annotations: summary: Freescout mailbox synchronization is broken