forked from k-space/kube
		
	wildduck: migrate to dragonfly, disable network policies, upgrade wildduck-operator
This commit is contained in:
		| @@ -175,8 +175,8 @@ spec: | |||||||
|             - name: REDIS_URI |             - name: REDIS_URI | ||||||
|               valueFrom: |               valueFrom: | ||||||
|                 secretKeyRef: |                 secretKeyRef: | ||||||
|                   name: redis-wildduck-owner-secrets |                   name: dragonfly-auth | ||||||
|                   key: REDIS_MASTER_0_URI |                   key: REDIS_URI | ||||||
|             - name: MONGO_URI |             - name: MONGO_URI | ||||||
|               valueFrom: |               valueFrom: | ||||||
|                 secretKeyRef: |                 secretKeyRef: | ||||||
|   | |||||||
| @@ -96,8 +96,8 @@ spec: | |||||||
|             - name: APPCONF_dbs_redis |             - name: APPCONF_dbs_redis | ||||||
|               valueFrom: |               valueFrom: | ||||||
|                 secretKeyRef: |                 secretKeyRef: | ||||||
|                   name: redis-wildduck-owner-secrets |                   name: dragonfly-auth | ||||||
|                   key: REDIS_MASTER_1_URI |                   key: REDIS_URI | ||||||
|       volumes: |       volumes: | ||||||
|         - name: webmail-config |         - name: webmail-config | ||||||
|           projected: |           projected: | ||||||
| @@ -155,23 +155,23 @@ spec: | |||||||
|     replacement: https://webmail.k-space.ee/webmail/ |     replacement: https://webmail.k-space.ee/webmail/ | ||||||
|     permanent: false |     permanent: false | ||||||
| --- | --- | ||||||
| apiVersion: networking.k8s.io/v1 | # apiVersion: networking.k8s.io/v1 | ||||||
| kind: NetworkPolicy | # kind: NetworkPolicy | ||||||
| metadata: | # metadata: | ||||||
|   name: webmail | #   name: webmail | ||||||
| spec: | # spec: | ||||||
|   podSelector: | #   podSelector: | ||||||
|     matchLabels: | #     matchLabels: | ||||||
|       app.kubernetes.io/name: webmail | #       app.kubernetes.io/name: webmail | ||||||
|   policyTypes: | #   policyTypes: | ||||||
|     - Ingress | #     - Ingress | ||||||
|   ingress: | #   ingress: | ||||||
|     - ports: | #     - ports: | ||||||
|         - port: 3000 | #         - port: 3000 | ||||||
|       from: | #       from: | ||||||
|         - namespaceSelector: | #         - namespaceSelector: | ||||||
|             matchLabels: | #             matchLabels: | ||||||
|               kubernetes.io/metadata.name: traefik | #               kubernetes.io/metadata.name: traefik | ||||||
|           podSelector: | #           podSelector: | ||||||
|             matchLabels: | #             matchLabels: | ||||||
|               app.kubernetes.io/name: traefik | #               app.kubernetes.io/name: traefik | ||||||
|   | |||||||
| @@ -2,20 +2,20 @@ | |||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRole | kind: ClusterRole | ||||||
| metadata: | metadata: | ||||||
|   name: codemowers-io-wildduck-operator |   name: codemowers-cloud-wildduck-operator | ||||||
| rules: | rules: | ||||||
|   - apiGroups: |   - apiGroups: | ||||||
|       - codemowers.io |       - codemowers.cloud | ||||||
|     resources: |     resources: | ||||||
|       - oidcgatewayusers |       - oidcusers | ||||||
|     verbs: |     verbs: | ||||||
|       - get |       - get | ||||||
|       - list |       - list | ||||||
|       - watch |       - watch | ||||||
|   - apiGroups: |   - apiGroups: | ||||||
|       - codemowers.io |       - codemowers.cloud | ||||||
|     resources: |     resources: | ||||||
|       - oidcgatewayusers/status |       - oidcusers/status | ||||||
|     verbs: |     verbs: | ||||||
|       - patch |       - patch | ||||||
|       - update |       - update | ||||||
| @@ -23,18 +23,18 @@ rules: | |||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: ServiceAccount | kind: ServiceAccount | ||||||
| metadata: | metadata: | ||||||
|   name: codemowers-io-wildduck-operator |   name: codemowers-cloud-wildduck-operator | ||||||
|   namespace: wildduck |   namespace: wildduck | ||||||
| --- | --- | ||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRoleBinding | kind: ClusterRoleBinding | ||||||
| metadata: | metadata: | ||||||
|   name: codemowers-io-wildduck-operator |   name: codemowers-cloud-wildduck-operator | ||||||
| roleRef: | roleRef: | ||||||
|   apiGroup: rbac.authorization.k8s.io |   apiGroup: rbac.authorization.k8s.io | ||||||
|   kind: ClusterRole |   kind: ClusterRole | ||||||
|   name: codemowers-io-wildduck-operator |   name: codemowers-cloud-wildduck-operator | ||||||
| subjects: | subjects: | ||||||
|   - kind: ServiceAccount |   - kind: ServiceAccount | ||||||
|     name: codemowers-io-wildduck-operator |     name: codemowers-cloud-wildduck-operator | ||||||
|     namespace: wildduck |     namespace: wildduck | ||||||
|   | |||||||
| @@ -34,7 +34,7 @@ spec: | |||||||
|             - containerPort: 8000 |             - containerPort: 8000 | ||||||
|               name: metrics |               name: metrics | ||||||
|       enableServiceLinks: false |       enableServiceLinks: false | ||||||
|       serviceAccountName: codemowers-io-wildduck-operator |       serviceAccountName: codemowers-cloud-wildduck-operator | ||||||
| --- | --- | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: Service | kind: Service | ||||||
|   | |||||||
| @@ -1,11 +1,29 @@ | |||||||
| --- | --- | ||||||
| apiVersion: codemowers.cloud/v1beta1 | apiVersion: codemowers.cloud/v1beta1 | ||||||
| kind: RedisClaim | kind: SecretClaim | ||||||
| metadata: | metadata: | ||||||
|   name: wildduck |   name: dragonfly-auth | ||||||
| spec: | spec: | ||||||
|   class: ephemeral |   size: 32 | ||||||
|   capacity: 100Mi |   mapping: | ||||||
|  |     - key: password | ||||||
|  |       value: "%(plaintext)s" | ||||||
|  |     - key: REDIS_URI | ||||||
|  |       value: "redis://:%(plaintext)s@dragonfly" | ||||||
|  | --- | ||||||
|  | apiVersion: dragonflydb.io/v1alpha1 | ||||||
|  | kind: Dragonfly | ||||||
|  | metadata: | ||||||
|  |   name: dragonfly | ||||||
|  | spec: | ||||||
|  |   authentication: | ||||||
|  |     passwordFromSecret: | ||||||
|  |       key: password | ||||||
|  |       name: dragonfly-auth | ||||||
|  |   replicas: 3 | ||||||
|  |   resources: | ||||||
|  |     limits: | ||||||
|  |       memory: 5Gi | ||||||
| --- | --- | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: Service | kind: Service | ||||||
| @@ -98,8 +116,8 @@ spec: | |||||||
|             - name: APPCONF_dbs_redis |             - name: APPCONF_dbs_redis | ||||||
|               valueFrom: |               valueFrom: | ||||||
|                 secretKeyRef: |                 secretKeyRef: | ||||||
|                   name: redis-wildduck-owner-secrets |                   name: dragonfly-auth | ||||||
|                   key: REDIS_MASTER_0_URI |                   key: REDIS_URI | ||||||
|           volumeMounts: |           volumeMounts: | ||||||
|             - mountPath: /cert |             - mountPath: /cert | ||||||
|               name: cert |               name: cert | ||||||
|   | |||||||
| @@ -96,8 +96,8 @@ spec: | |||||||
|             - name: REDIS_URL |             - name: REDIS_URL | ||||||
|               valueFrom: |               valueFrom: | ||||||
|                 secretKeyRef: |                 secretKeyRef: | ||||||
|                   name: redis-webmail-owner-secrets |                   name: dragonfly-wildflock-auth | ||||||
|                   key: REDIS_MASTER_1_URI |                   key: REDIS_URI | ||||||
|             - name: CLIENT_URL |             - name: CLIENT_URL | ||||||
|               value: https://wildflock.k-space.ee |               value: https://wildflock.k-space.ee | ||||||
|             - name: WILDDUCK_DOMAIN |             - name: WILDDUCK_DOMAIN | ||||||
| @@ -139,3 +139,29 @@ spec: | |||||||
|           envFrom: |           envFrom: | ||||||
|             - secretRef: |             - secretRef: | ||||||
|                 name: oidc-client-wildflock-owner-secrets |                 name: oidc-client-wildflock-owner-secrets | ||||||
|  | --- | ||||||
|  | apiVersion: codemowers.cloud/v1beta1 | ||||||
|  | kind: SecretClaim | ||||||
|  | metadata: | ||||||
|  |   name: dragonfly-wildflock-auth | ||||||
|  | spec: | ||||||
|  |   size: 32 | ||||||
|  |   mapping: | ||||||
|  |     - key: password | ||||||
|  |       value: "%(plaintext)s" | ||||||
|  |     - key: REDIS_URI | ||||||
|  |       value: "redis://:%(plaintext)s@dragonfly-wildflock" | ||||||
|  | --- | ||||||
|  | apiVersion: dragonflydb.io/v1alpha1 | ||||||
|  | kind: Dragonfly | ||||||
|  | metadata: | ||||||
|  |   name: dragonfly-wildflock | ||||||
|  | spec: | ||||||
|  |   authentication: | ||||||
|  |     passwordFromSecret: | ||||||
|  |       key: password | ||||||
|  |       name: dragonfly-wildflock-auth | ||||||
|  |   replicas: 3 | ||||||
|  |   resources: | ||||||
|  |     limits: | ||||||
|  |       memory: 5Gi | ||||||
|   | |||||||
| @@ -123,8 +123,8 @@ spec: | |||||||
|             - name: APPCONF_dbs_redis |             - name: APPCONF_dbs_redis | ||||||
|               valueFrom: |               valueFrom: | ||||||
|                 secretKeyRef: |                 secretKeyRef: | ||||||
|                   name: redis-wildduck-owner-secrets |                   name: dragonfly-auth | ||||||
|                   key: REDIS_MASTER_0_URI |                   key: REDIS_URI | ||||||
|           volumeMounts: |           volumeMounts: | ||||||
|             - name: cert |             - name: cert | ||||||
|               mountPath: /cert |               mountPath: /cert | ||||||
| @@ -141,17 +141,17 @@ spec: | |||||||
|           secret: |           secret: | ||||||
|             secretName: wildduck-tls |             secretName: wildduck-tls | ||||||
| --- | --- | ||||||
| apiVersion: networking.k8s.io/v1 | # apiVersion: networking.k8s.io/v1 | ||||||
| kind: NetworkPolicy | # kind: NetworkPolicy | ||||||
| metadata: | # metadata: | ||||||
|   name: zonemta | #   name: zonemta | ||||||
| spec: | # spec: | ||||||
|   podSelector: | #   podSelector: | ||||||
|     matchLabels: | #     matchLabels: | ||||||
|       app.kubernetes.io/name: wildduck | #       app.kubernetes.io/name: wildduck | ||||||
|       app.kubernetes.io/component: zonemta | #       app.kubernetes.io/component: zonemta | ||||||
|   policyTypes: | #   policyTypes: | ||||||
|     - Ingress | #     - Ingress | ||||||
|   ingress: | #   ingress: | ||||||
|     - ports: | #     - ports: | ||||||
|       - port: 9465 | #       - port: 9465 | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user