1
0
forked from k-space/kube
kube/wildduck/webmail.yaml

178 lines
3.9 KiB
YAML
Raw Normal View History

2023-07-28 09:21:50 +00:00
---
2023-07-30 08:55:17 +00:00
apiVersion: codemowers.cloud/v1beta1
kind: RedisClaim
metadata:
name: webmail
spec:
class: ephemeral
capacity: 100Mi
---
2023-07-28 09:21:50 +00:00
apiVersion: codemowers.io/v1alpha1
kind: OIDCGWMiddlewareClient
metadata:
name: webmail
spec:
displayName: Wildduck Webmail
uri: 'https://webmail.k-space.ee'
2023-08-04 15:09:16 +00:00
allowedGroups:
- k-space:floor
- k-space:friends
2023-07-28 09:21:50 +00:00
headerMapping:
user: Remote-Username
---
2022-08-16 09:40:54 +00:00
apiVersion: v1
kind: ConfigMap
metadata:
name: webmail-config
namespace: wildduck
data:
www.toml: |-
[service]
identities=1
allowIdentityEdit=false
allowJoin=false
domains=["k-space.ee"]
allowSendFromOtherDomains=false
2022-08-16 09:40:54 +00:00
[service.sso.http]
enabled = true
2023-07-28 09:21:50 +00:00
header = "Remote-Username"
logoutRedirect = "https://auth2.k-space.ee/"
2022-08-16 09:40:54 +00:00
[u2f]
enabled=false
[log]
level="info"
[setup.imap]
hostname="mail.k-space.ee"
secure=true
port=993
[setup.pop3]
hostname="mail.k-space.ee"
secure=true
port=995
[setup.smtp]
hostname="mail.k-space.ee"
secure=true
port=465
[api]
2023-08-24 16:53:07 +00:00
url="http://wildduck-api:8080"
2022-08-16 09:40:54 +00:00
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: webmail
namespace: wildduck
spec:
2023-08-19 07:01:09 +00:00
revisionHistoryLimit: 0
2022-08-28 08:08:52 +00:00
replicas: 2
2022-08-16 09:40:54 +00:00
selector:
matchLabels:
app.kubernetes.io/name: webmail
2022-08-16 09:40:54 +00:00
template:
metadata:
labels:
app.kubernetes.io/name: webmail
2022-08-16 09:40:54 +00:00
spec:
containers:
- name: webmail
image: nodemailer/wildduck-webmail:latest
2022-08-16 09:40:54 +00:00
command:
- node
- server.js
- --config=/etc/wildduck/www.toml
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
volumeMounts:
- name: webmail-config
mountPath: /etc/wildduck
readOnly: true
env:
- name: APPCONF_api_accessToken
valueFrom:
secretKeyRef:
name: wildduck
key: WILDDUCK_API_TOKEN
- name: APPCONF_dbs_redis
valueFrom:
secretKeyRef:
2023-08-24 16:53:07 +00:00
name: redis-wildduck-owner-secrets
key: REDIS_MASTER_1_URI
2022-08-16 09:40:54 +00:00
volumes:
- name: webmail-config
projected:
sources:
- configMap:
name: webmail-config
---
apiVersion: v1
kind: Service
metadata:
name: webmail
namespace: wildduck
spec:
selector:
app.kubernetes.io/name: webmail
2022-08-16 09:40:54 +00:00
ports:
- protocol: TCP
port: 80
targetPort: 3000
2022-08-16 09:40:54 +00:00
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webmail
namespace: wildduck
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
2023-08-24 16:53:07 +00:00
traefik.ingress.kubernetes.io/router.middlewares: wildduck-webmail@kubernetescrd,wildduck-webmail-redirect@kubernetescrd
2022-08-16 09:40:54 +00:00
traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
rules:
- host: webmail.k-space.ee
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: webmail
port:
number: 80
tls:
- hosts:
- "*.k-space.ee"
2023-08-24 16:53:07 +00:00
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: webmail-redirect
spec:
redirectRegex:
regex: ^https://webmail.k-space.ee/$
replacement: https://webmail.k-space.ee/webmail/
permanent: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: webmail
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: webmail
policyTypes:
- Ingress
ingress:
- ports:
- port: 3000
from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: traefik
podSelector:
matchLabels:
app.kubernetes.io/name: traefik