kube/wildduck/zonemta.yaml

158 lines
4.1 KiB
YAML

---
apiVersion: v1
kind: ConfigMap
metadata:
name: zonemta
namespace: wildduck
data:
pools.toml: |-
[[default]]
address="0.0.0.0"
name="mail.k-space.ee"
plugin-wildduck.toml: |-
[wildduck]
enabled=["receiver", "sender"]
interfaces=["feeder"]
hostname="mail.k-space.ee"
authlogExpireDays=30
[wildduck.srs]
enabled=true
rewriteDomain="k-space.ee"
zonemta.toml: |-
[log]
level="info"
[smtpInterfaces.feeder]
key="/cert/tls.key"
cert="/cert/tls.crt"
port=9465
host="0.0.0.0"
secure=true
processes=1
authentication = true
maxRecipients=100
starttls=false
[plugins]
# @include "plugin-wildduck.toml"
[pools]
# @include "pools.toml"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: zonemta
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: wildduck
app.kubernetes.io/component: zonemta
template:
metadata:
labels:
app.kubernetes.io/name: wildduck
app.kubernetes.io/component: zonemta
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- wildduck
- key: app.kubernetes.io/component
operator: In
values:
- zonemta
topologyKey: topology.kubernetes.io/zone
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- wildduck
- key: app.kubernetes.io/component
operator: In
values:
- wildduck
topologyKey: kubernetes.io/hostname
containers:
- name: zonemta
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:0878c803164e636820398f11a3811f3d92b7771c6202cfe229f97449d0009119
imagePullPolicy: IfNotPresent
command:
- /sbin/tini
- --
- node
- index.js
- --config
- /etc/zonemta/zonemta.toml
ports:
- containerPort: 9465
name: zonemta-msa
- containerPort: 10280
name: api
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
resources:
limits:
cpu: 500m
memory: 1000Mi
requests:
cpu: 10m
memory: 500Mi
env:
- name: APPCONF_plugins_wildduck_srs_secret
valueFrom:
secretKeyRef:
name: srs
key: secret
- name: APPCONF_dbs_sender
value: wildduck
- name: APPCONF_dbs_mongo
valueFrom:
secretKeyRef:
name: wildduck-mongodb-wildduck-readwrite
key: connectionString.standard
- name: APPCONF_dbs_redis
valueFrom:
secretKeyRef:
name: redis-wildduck-owner-secrets
key: REDIS_MASTER_0_URI
volumeMounts:
- name: cert
mountPath: /cert
- name: zonemta-config
mountPath: /etc/zonemta
readOnly: true
volumes:
- name: zonemta-config
projected:
sources:
- configMap:
name: zonemta
- name: cert
secret:
secretName: wildduck-tls
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: zonemta
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: wildduck
app.kubernetes.io/component: zonemta
policyTypes:
- Ingress
ingress:
- ports:
- port: 9465