Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 75ee27167691521d040bae25be3edb856795da30^! / . / charts / maddy / templates / mta-sts.yaml
commit75ee27167691521d040bae25be3edb856795da30[log] [tgz]
authorgiolekva <giolekva@gmail.com>Fri Nov 26 13:57:12 2021 +0400
committergiolekva <giolekva@gmail.com>Fri Nov 26 13:57:12 2021 +0400
tree8340561edc8e7352045cfaf16af2902cac6cec63
parent7fe15197e5a36d6c524721b35152923f9d6ec94b [diff] [blame]
mail-gateway

diff --git a/charts/maddy/templates/mta-sts.yaml b/charts/maddy/templates/mta-sts.yaml
new file mode 100644
index 0000000..bad3794
--- /dev/null
+++ b/charts/maddy/templates/mta-sts.yaml

@@ -0,0 +1,101 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mta-sts
+  namespace: {{ .Release.Namespace }}
+data:
+  mta-sts.txt: |
+    version: STSv1
+    mode: enforce
+    max_age: 604800
+    mx: {{ .Values.mailGateway.mxHostname}}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mta-sts.{{ .Values.ingress.public.domain }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/resource-policy": keep
+spec:
+  dnsNames:
+  - 'mta-sts.{{ .Values.ingress.public.domain }}'
+  issuerRef:
+    name: {{ .Values.ingress.public.certificateIssuer }}
+    kind: ClusterIssuer
+  secretName: cert-mta-sts.{{ .Values.ingress.public.domain }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mta-sts
+  namespace: {{ .Release.Namespace }}
+spec:
+  ingressClassName: {{ .Values.ingress.public.className }}
+  tls:
+  - hosts:
+    - mta-sts.{{ .Values.ingress.public.domain }}
+    secretName: cert-mta-sts.{{ .Values.ingress.public.domain }}
+  rules:
+  - host: mta-sts.{{ .Values.ingress.public.domain }}
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: mta-sts
+            port:
+              name: http
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mta-sts
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    app: mta-sts
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+      protocol: TCP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mta-sts
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app: mta-sts
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mta-sts
+    spec:
+      volumes:
+      - name: mta-sts
+        configMap:
+          name: mta-sts
+      containers:
+      - name: maddy
+        image: giolekva/static-file-server:latest
+        imagePullPolicy: Always
+        ports:
+        - name: http
+          containerPort: 80
+          protocol: TCP
+        command:
+        - static-file-server
+        - --port=80
+        - --dir=/etc/static-file-server/data
+        volumeMounts:
+        - name: mta-sts
+          mountPath: /etc/static-file-server/data/.well-known
+          readOnly: true