--- apiVersion: v1 kind: ConfigMap metadata: name: zonemta namespace: wildduck data: pools.toml: |- [[default]] address="0.0.0.0" name="mail.k-space.ee" plugin-wildduck.toml: |- [wildduck] enabled=["receiver", "sender"] interfaces=["feeder"] hostname="mail.k-space.ee" authlogExpireDays=30 [wildduck.srs] enabled=true rewriteDomain="k-space.ee" zonemta.toml: |- [log] level="info" [smtpInterfaces.feeder] key="/cert/tls.key" cert="/cert/tls.crt" port=9465 host="0.0.0.0" secure=true processes=1 authentication = true maxRecipients=100 starttls=false [plugins] # @include "plugin-wildduck.toml" [pools] # @include "pools.toml" --- apiVersion: apps/v1 kind: Deployment metadata: name: zonemta spec: replicas: 2 selector: matchLabels: app.kubernetes.io/name: wildduck app.kubernetes.io/component: zonemta template: metadata: labels: app.kubernetes.io/name: wildduck app.kubernetes.io/component: zonemta spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - wildduck - key: app.kubernetes.io/component operator: In values: - zonemta topologyKey: topology.kubernetes.io/zone podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - wildduck - key: app.kubernetes.io/component operator: In values: - wildduck topologyKey: kubernetes.io/hostname containers: - name: zonemta image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:0878c803164e636820398f11a3811f3d92b7771c6202cfe229f97449d0009119 imagePullPolicy: IfNotPresent command: - /sbin/tini - -- - node - index.js - --config - /etc/zonemta/zonemta.toml ports: - containerPort: 9465 name: zonemta-msa - containerPort: 10280 name: api securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 resources: limits: cpu: 500m memory: 1000Mi requests: cpu: 10m memory: 500Mi env: - name: APPCONF_plugins_wildduck_srs_secret valueFrom: secretKeyRef: name: srs key: secret - name: APPCONF_dbs_sender value: wildduck - name: APPCONF_dbs_mongo valueFrom: secretKeyRef: name: wildduck-mongodb-wildduck-readwrite key: connectionString.standard - name: APPCONF_dbs_redis valueFrom: secretKeyRef: name: redis-wildduck-owner-secrets key: REDIS_MASTER_0_URI volumeMounts: - name: cert mountPath: /cert - name: zonemta-config mountPath: /etc/zonemta readOnly: true volumes: - name: zonemta-config projected: sources: - configMap: name: zonemta - name: cert secret: secretName: wildduck-tls --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: zonemta spec: podSelector: matchLabels: app.kubernetes.io/name: wildduck app.kubernetes.io/component: zonemta policyTypes: - Ingress ingress: - ports: - port: 9465