apiVersion: v1
kind: ConfigMap
metadata:
  name: webmail-config
  namespace: wildduck
data:
  www.toml: |-
    name="Wild Duck Mail"
    title="wildduck-www"
    [service]
    domain="k-space.ee"
    identities=1
    allowIdentityEdit=false
    allowJoin=false
    domains=[]
    [service.sso.http]
    enabled = true
    header = "Remote-User"
    logoutRedirect = "https://auth.k-space.ee/logout"
    [u2f]
    enabled=false
    [log]
    level="info"
    [setup.imap]
    hostname="mail.k-space.ee"
    secure=true
    port=993
    [setup.pop3]
    hostname="mail.k-space.ee"
    secure=true
    port=995
    [setup.smtp]
    hostname="mail.k-space.ee"
    secure=true
    port=465
    [api]
    url="https://mail.k-space.ee"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: webmail
  namespace: wildduck
spec:
  replicas: 2
  selector:
    matchLabels:
      app: webmail
  template:
    metadata:
      labels:
        app: webmail
    spec:
      containers:
        - name: webmail
          image: harbor.k-space.ee/k-space/wildduck-webmail:latest
          command:
            - node
            - server.js
            - --config=/etc/wildduck/www.toml
          securityContext:
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 65534
          volumeMounts:
            - name: webmail-config
              mountPath: /etc/wildduck
              readOnly: true
          env:
            - name: APPCONF_api_accessToken
              valueFrom:
                secretKeyRef:
                  name: wildduck
                  key: WILDDUCK_API_TOKEN
            - name: APPCONF_dbs_redis
              valueFrom:
                secretKeyRef:
                  name: redis-secrets
                  key: REDIS_URI
      volumes:
        - name: webmail-config
          projected:
            sources:
              - configMap:
                  name: webmail-config
---
apiVersion: v1
kind: Service
metadata:
  name: webmail
  namespace: wildduck
spec:
  selector:
    app: webmail
  ports:
  - protocol: TCP
    port: 80
    targetPort: 5000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: webmail
  namespace: wildduck
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
    traefik.ingress.kubernetes.io/router.tls: "true"
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
  rules:
  - host: webmail.k-space.ee
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webmail
            port:
              number: 80
  tls:
  - hosts:
    - "*.k-space.ee"
---
apiVersion: codemowers.io/v1alpha1
kind: KeyDBCluster
metadata:
  name: redis
spec:
  replicas: 3