k-space
/
kube
10
1
Fork 1
Code Issues 17 Pull Requests Projects Activity
kube/wildduck/webmail.yaml

178 lines
3.9 KiB
YAML
Raw Blame History

---
apiVersion: codemowers.cloud/v1beta1
kind: RedisClaim
metadata:
name: webmail
spec:
class: ephemeral
capacity: 100Mi
---
apiVersion: codemowers.io/v1alpha1
kind: OIDCGWMiddlewareClient
metadata:
name: webmail
spec:
displayName: Wildduck Webmail
uri: 'https://webmail.k-space.ee'
allowedGroups:
- k-space:floor
- k-space:friends
headerMapping:
user: Remote-Username
---
apiVersion: v1
kind: ConfigMap
metadata:
name: webmail-config
namespace: wildduck
data:
www.toml: |-
[service]
identities=1
allowIdentityEdit=false
allowJoin=false
domains=["k-space.ee"]
allowSendFromOtherDomains=false
[service.sso.http]
enabled = true
header = "Remote-Username"
logoutRedirect = "https://auth2.k-space.ee/"
[u2f]
enabled=false
[log]
level="info"
[setup.imap]
hostname="mail.k-space.ee"
secure=true
port=993
[setup.pop3]
hostname="mail.k-space.ee"
secure=true
port=995
[setup.smtp]
hostname="mail.k-space.ee"
secure=true
port=465
[api]
url="http://wildduck-api:8080"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: webmail
namespace: wildduck
spec:
revisionHistoryLimit: 0
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: webmail
template:
metadata:
labels:
app.kubernetes.io/name: webmail
spec:
containers:
- name: webmail
image: nodemailer/wildduck-webmail:latest
command:
- node
- server.js
- --config=/etc/wildduck/www.toml
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
volumeMounts:
- name: webmail-config
mountPath: /etc/wildduck
readOnly: true
env:
- name: APPCONF_api_accessToken
valueFrom:
secretKeyRef:
name: wildduck
key: WILDDUCK_API_TOKEN
- name: APPCONF_dbs_redis
valueFrom:
secretKeyRef:
name: redis-wildduck-owner-secrets
key: REDIS_MASTER_1_URI
volumes:
- name: webmail-config
projected:
sources:
- configMap:
name: webmail-config
---
apiVersion: v1
kind: Service
metadata:
name: webmail
namespace: wildduck
spec:
selector:
app.kubernetes.io/name: webmail
ports:
- protocol: TCP
port: 80
targetPort: 3000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webmail
namespace: wildduck
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: wildduck-webmail@kubernetescrd,wildduck-webmail-redirect@kubernetescrd
traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
rules:
- host: webmail.k-space.ee
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: webmail
port:
number: 80
tls:
- hosts:
- "*.k-space.ee"
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: webmail-redirect
spec:
redirectRegex:
regex: ^https://webmail.k-space.ee/$
replacement: https://webmail.k-space.ee/webmail/
permanent: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: webmail
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: webmail
policyTypes:
- Ingress
ingress:
- ports:
- port: 3000
from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: traefik
podSelector:
matchLabels:
app.kubernetes.io/name: traefik
Reference in New Issue View Git Blame Copy Permalink