Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 7fe15197e5a36d6c524721b35152923f9d6ec94b / . / charts / maddy / templates / install.yaml
blob: 1ecc7a9ce0178cf49f09f91e57f96ea45d4cff62 [file] [log] [blame]
apiVersion: v1
kind: Service
metadata:
name: maddy
namespace: {{ .Release.Namespace }}
spec:
type: ClusterIP
selector:
app: maddy
ports:
- name: imap
port: 143
protocol: TCP
- name: imaps
port: 993
protocol: TCP
- name: smtp
port: 25
protocol: TCP
- name: smtps
port: 465
protocol: TCP
- name: submission
port: 587
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: manage
namespace: {{ .Release.Namespace }}
spec:
type: ClusterIP
selector:
app: maddy
ports:
- name: http
port: 80
targetPort: http
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: manage
namespace: {{ .Release.Namespace }}
spec:
ingressClassName: {{ .Values.ingress.private.className }}
tls:
- hosts:
- mail.{{ .Values.ingress.private.domain }}
secretName: cert-mail.{{ .Values.ingress.private.domain }}
rules:
- host: mail.{{ .Values.ingress.private.domain }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: manage
port:
name: http
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: mail.{{ .Values.ingress.public.domain }}
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/resource-policy": keep
spec:
dnsNames:
- 'mail.{{ .Values.ingress.public.domain }}'
issuerRef:
name: {{ .Values.ingress.public.certificateIssuer }}
kind: ClusterIssuer
secretName: cert-mail.{{ .Values.ingress.public.domain }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.storage.size }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: maddy
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app: maddy
replicas: 1
template:
metadata:
labels:
app: maddy
spec:
volumes:
- name: config
configMap:
name: config
- name: certs
secret:
secretName: cert-mail.{{ .Values.ingress.public.domain}}
- name: data
persistentVolumeClaim:
claimName: data
containers:
- name: maddy
image: giolekva/maddy:v0.4.4
imagePullPolicy: Always
ports:
- name: imap
containerPort: 143
protocol: TCP
- name: imaps
containerPort: 993
protocol: TCP
- name: smtp
containerPort: 25
protocol: TCP
- name: smtps
containerPort: 465
protocol: TCP
- name: submission
containerPort: 587
protocol: TCP
command:
- maddy
- -config
- /etc/maddy/config/maddy.conf
volumeMounts:
- name: config
mountPath: /etc/maddy/config
- name: certs
mountPath: /etc/maddy/certs
- name: data
mountPath: /var/lib/maddy
- name: web
image: giolekva/maddy-web:latest
imagePullPolicy: Always
ports:
- name: http
containerPort: 80
protocol: TCP
command:
- maddy-web
- --port=80
- --maddy-config=/etc/maddy/config/maddy.conf
- --export-dkim=/var/lib/maddy/dkim_keys/{{ .Values.ingress.public.domain }}_default.dns
volumeMounts:
- name: config
mountPath: /etc/maddy/config
- name: certs
mountPath: /etc/maddy/certs
- name: data
mountPath: /var/lib/maddy
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mta-sts
namespace: {{ .Release.Namespace }}
data:
mta-sts.txt: |
version: STSv1
mode: enforce
max_age: 604800
mx: mail.{{ .Values.ingress.public.domain }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mta-sts
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app: mta-sts
replicas: 1
template:
metadata:
labels:
app: mta-sts
spec:
volumes:
- name: mta-sts
configMap:
name: mta-sts
containers:
- name: maddy
image: giolekva/static-file-server:latest
imagePullPolicy: Always
ports:
- name: http
containerPort: 80
protocol: TCP
command:
- static-file-server
- --port=80
- --dir=/etc/static-file-server/data
volumeMounts:
- name: mta-sts
mountPath: /etc/static-file-server/data/.well-known
readOnly: true
---
apiVersion: v1
kind: Service
metadata:
name: mta-sts
namespace: {{ .Release.Namespace }}
spec:
type: ClusterIP
selector:
app: mta-sts
ports:
- name: http
port: 80
targetPort: http
protocol: TCP
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: mta-sts.{{ .Values.ingress.public.domain }}
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/resource-policy": keep
spec:
dnsNames:
- 'mta-sts.{{ .Values.ingress.public.domain }}'
issuerRef:
name: {{ .Values.ingress.public.certificateIssuer }}
kind: ClusterIssuer
secretName: cert-mta-sts.{{ .Values.ingress.public.domain }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mta-sts
namespace: {{ .Release.Namespace }}
spec:
ingressClassName: {{ .Values.ingress.public.className }}
tls:
- hosts:
- mta-sts.{{ .Values.ingress.public.domain }}
secretName: cert-mta-sts.{{ .Values.ingress.public.domain }}
rules:
- host: mta-sts.{{ .Values.ingress.public.domain }}
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: mta-sts
port:
name: http