kube/wildduck/wildduck.yaml

---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
  name: dragonfly-auth
spec:
  size: 32
  mapping:
    - key: password
      value: "%(plaintext)s"
    - key: REDIS_URI
      value: "redis://:%(plaintext)s@dragonfly"
---
apiVersion: dragonflydb.io/v1alpha1
kind: Dragonfly
metadata:
  name: dragonfly
spec:
  authentication:
    passwordFromSecret:
      key: password
      name: dragonfly-auth
  replicas: 3
  resources:
    limits:
      memory: 5Gi
---
apiVersion: v1
kind: Service
metadata:
  name: wildduck-api
spec:
  selector:
    app.kubernetes.io/name: wildduck
    app.kubernetes.io/component: wildduck
  ports:
  - port: 8080
    name: wildduck-api
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wildduck
spec:
  replicas: 2
  selector:
    matchLabels:
      app.kubernetes.io/name: wildduck
      app.kubernetes.io/component: wildduck
  template:
    metadata:
      labels:
        app.kubernetes.io/name: wildduck
        app.kubernetes.io/component: wildduck
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values:
                      - wildduck
                  - key: app.kubernetes.io/component
                    operator: In
                    values:
                      - wildduck
              topologyKey: topology.kubernetes.io/zone
      containers:
        - name: wildduck
          image: mirror.gcr.io/nodemailer/wildduck
          ports:
            - containerPort: 8080
              name: wildduck-api
            - containerPort: 9993
              name: wildduck-mda
          securityContext:
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
          resources:
            limits:
              cpu: 500m
              memory: 200Mi
            requests:
              cpu: 10m
              memory: 100Mi
          env:
            - name: APPCONF_emailDomain
              value: k-space.ee
            - name: APPCONF_log_level
              value: info
            - name: APPCONF_maxForwards
              value: "2000"
            - name: APPCONF_hostname
              value: mail.k-space.ee
            - name: APPCONF_tls_key
              value: /cert/tls.key
            - name: APPCONF_tls_cert
              value: /cert/tls.crt
            - name: APPCONF_api_host
              value: "0.0.0.0"
            - name: APPCONF_api_accessToken
              valueFrom:
                secretKeyRef:
                  name: wildduck
                  key: WILDDUCK_API_TOKEN
            - name: APPCONF_dbs_sender
              value: wildduck
            - name: APPCONF_dbs_mongo
              valueFrom:
                secretKeyRef:
                  name: wildduck-mongodb-wildduck-readwrite
                  key: connectionString.standard
            - name: APPCONF_dbs_redis
              valueFrom:
                secretKeyRef:
                  name: dragonfly-auth
                  key: REDIS_URI
          volumeMounts:
            - mountPath: /cert
              name: cert
      volumes:
        - name: cert
          secret:
            secretName: wildduck-tls