158 lines
4.1 KiB
YAML
158 lines
4.1 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: zonemta
|
|
namespace: wildduck
|
|
data:
|
|
pools.toml: |-
|
|
[[default]]
|
|
address="0.0.0.0"
|
|
name="mail.k-space.ee"
|
|
plugin-wildduck.toml: |-
|
|
[wildduck]
|
|
enabled=["receiver", "sender"]
|
|
interfaces=["feeder"]
|
|
hostname="mail.k-space.ee"
|
|
authlogExpireDays=30
|
|
[wildduck.srs]
|
|
enabled=true
|
|
rewriteDomain="k-space.ee"
|
|
zonemta.toml: |-
|
|
[log]
|
|
level="info"
|
|
[smtpInterfaces.feeder]
|
|
key="/cert/tls.key"
|
|
cert="/cert/tls.crt"
|
|
port=9465
|
|
host="0.0.0.0"
|
|
secure=true
|
|
processes=1
|
|
authentication = true
|
|
maxRecipients=100
|
|
starttls=false
|
|
|
|
[plugins]
|
|
# @include "plugin-wildduck.toml"
|
|
[pools]
|
|
# @include "pools.toml"
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: zonemta
|
|
spec:
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: wildduck
|
|
app.kubernetes.io/component: zonemta
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: wildduck
|
|
app.kubernetes.io/component: zonemta
|
|
spec:
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: app.kubernetes.io/name
|
|
operator: In
|
|
values:
|
|
- wildduck
|
|
- key: app.kubernetes.io/component
|
|
operator: In
|
|
values:
|
|
- zonemta
|
|
topologyKey: topology.kubernetes.io/zone
|
|
podAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: app.kubernetes.io/name
|
|
operator: In
|
|
values:
|
|
- wildduck
|
|
- key: app.kubernetes.io/component
|
|
operator: In
|
|
values:
|
|
- wildduck
|
|
topologyKey: kubernetes.io/hostname
|
|
containers:
|
|
- name: zonemta
|
|
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:0878c803164e636820398f11a3811f3d92b7771c6202cfe229f97449d0009119
|
|
imagePullPolicy: IfNotPresent
|
|
command:
|
|
- /sbin/tini
|
|
- --
|
|
- node
|
|
- index.js
|
|
- --config
|
|
- /etc/zonemta/zonemta.toml
|
|
ports:
|
|
- containerPort: 9465
|
|
name: zonemta-msa
|
|
- containerPort: 10280
|
|
name: api
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 1000Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 500Mi
|
|
env:
|
|
- name: APPCONF_plugins_wildduck_srs_secret
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: srs
|
|
key: secret
|
|
- name: APPCONF_dbs_sender
|
|
value: wildduck
|
|
- name: APPCONF_dbs_mongo
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: wildduck-mongodb-wildduck-readwrite
|
|
key: connectionString.standard
|
|
- name: APPCONF_dbs_redis
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: redis-wildduck-owner-secrets
|
|
key: REDIS_MASTER_0_URI
|
|
volumeMounts:
|
|
- name: cert
|
|
mountPath: /cert
|
|
- name: zonemta-config
|
|
mountPath: /etc/zonemta
|
|
readOnly: true
|
|
volumes:
|
|
- name: zonemta-config
|
|
projected:
|
|
sources:
|
|
- configMap:
|
|
name: zonemta
|
|
- name: cert
|
|
secret:
|
|
secretName: wildduck-tls
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: zonemta
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: wildduck
|
|
app.kubernetes.io/component: zonemta
|
|
policyTypes:
|
|
- Ingress
|
|
ingress:
|
|
- ports:
|
|
- port: 9465
|