--- apiVersion: v1 kind: ConfigMap metadata: name: zonemta namespace: wildduck data: pools.toml: |- [[default]] address="0.0.0.0" name="mail.k-space.ee" plugin-wildduck.toml: |- [wildduck] enabled=["receiver", "sender"] interfaces=["feeder"] hostname="mail.k-space.ee" authlogExpireDays=30 [wildduck.srs] enabled=true rewriteDomain="k-space.ee" zonemta.toml: |- [log] level="info" [smtpInterfaces.feeder] key="/cert/tls.key" cert="/cert/tls.crt" port=9465 host="0.0.0.0" secure=true processes=1 authentication = true maxRecipients=100 starttls=false [plugins] # @include "plugin-wildduck.toml" [pools] # @include "pools.toml" --- apiVersion: apps/v1 kind: Deployment metadata: name: zonemta spec: strategy: type: Recreate replicas: 2 selector: matchLabels: app.kubernetes.io/name: wildduck app.kubernetes.io/component: zonemta template: metadata: labels: app.kubernetes.io/name: wildduck app.kubernetes.io/component: zonemta spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - wildduck - key: app.kubernetes.io/component operator: In values: - zonemta topologyKey: topology.kubernetes.io/zone podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - wildduck - key: app.kubernetes.io/component operator: In values: - wildduck topologyKey: kubernetes.io/hostname containers: - name: zonemta image: mirror.gcr.io/codemowers/wildduck-zonemta-outbound:latest@sha256:d19d92adc4325ee812ff75060f789012eba487f2bd50efa219f3f0b799636a7b imagePullPolicy: IfNotPresent command: - /sbin/tini - -- - node - index.js - --config - /etc/zonemta/zonemta.toml ports: - containerPort: 9465 name: zonemta-msa - containerPort: 10280 name: api securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 resources: limits: cpu: 500m memory: 1000Mi requests: cpu: 10m memory: 500Mi env: - name: APPCONF_plugins_wildduck_srs_secret valueFrom: secretKeyRef: name: srs key: secret - name: APPCONF_dbs_sender value: wildduck - name: APPCONF_dbs_mongo valueFrom: secretKeyRef: name: wildduck-mongodb key: MONGO_URI - name: APPCONF_dbs_redis valueFrom: secretKeyRef: name: session-storage key: REDIS_WILDDUCK_URI volumeMounts: - name: cert mountPath: /cert - name: zonemta-config mountPath: /etc/zonemta readOnly: true volumes: - name: zonemta-config projected: sources: - configMap: name: zonemta - name: cert secret: secretName: wildduck-tls --- # apiVersion: networking.k8s.io/v1 # kind: NetworkPolicy # metadata: # name: zonemta # spec: # podSelector: # matchLabels: # app.kubernetes.io/name: wildduck # app.kubernetes.io/component: zonemta # policyTypes: # - Ingress # ingress: # - ports: # - port: 9465