Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 1cf54318580c7255ec674b44d3516807a1226edc / . / apps / maddy / install.yaml
blob: f8a0926458cf2ef73caa2ed808e2608e9d10269a [file] [log] [blame]
giolekva565fcdc2021-09-23 18:34:30 +0400[diff] [blame]1apiVersion: v1
2kind: Namespace
3metadata:
4 name: app-maddy
5---
6apiVersion: v1
7kind: Service
8metadata:
9 name: maddy
10 namespace: app-maddy
11spec:
12 type: LoadBalancer
13 externalTrafficPolicy: Local
14 selector:
15 app: maddy
16 ports:
17 - port: 25
18 protocol: TCP
19 name: a
20 - port: 143
21 protocol: TCP
22 name: b
23 - port: 993
24 protocol: TCP
25 name: c
26 - port: 587
27 protocol: TCP
28 name: d
29 - port: 465
30 protocol: TCP
31 name: e
32---
giolekva1cf54312021-09-23 21:27:20 +0400[diff] [blame^]33apiVersion: v1
34kind: Service
35metadata:
36 name: web
37 namespace: app-maddy
38spec:
39 type: ClusterIP
40 selector:
41 app: maddy
42 ports:
43 - name: http
44 port: 80
45 targetPort: http
46 protocol: TCP
47---
48apiVersion: networking.k8s.io/v1
49kind: Ingress
50metadata:
51 name: web-ingress
52 namespace: app-maddy
53 annotations:
54 cert-manager.io/cluster-issuer: "selfsigned-ca"
55 acme.cert-manager.io/http01-edit-in-place: "true"
56spec:
57 ingressClassName: nginx-private
58 tls:
59 - hosts:
60 - maddy.pcloud
61 secretName: cert-maddy-web.pcloud
62 rules:
63 - host: maddy.pcloud
64 http:
65 paths:
66 - path: /
67 pathType: Prefix
68 backend:
69 service:
70 name: web
71 port:
72 name: http
73---
giolekva565fcdc2021-09-23 18:34:30 +0400[diff] [blame]74apiVersion: cert-manager.io/v1
75kind: Certificate
76metadata:
77 name: wildcard-lekva.me # mx1
78 namespace: app-maddy
79spec:
80 dnsNames:
81 - 'mx1.lekva.me'
82 issuerRef:
83 name: letsencrypt-prod-dns
84 kind: ClusterIssuer
85 secretName: cert-mx1.lekva.me
86---
87apiVersion: v1
88kind: PersistentVolumeClaim
89metadata:
90 name: data
91 namespace: app-maddy
92spec:
93 accessModes:
94 - ReadWriteOnce
95 resources:
96 requests:
97 storage: 100Gi
98---
99apiVersion: apps/v1
100kind: Deployment
101metadata:
102 name: maddy
103 namespace: app-maddy
104spec:
105 selector:
106 matchLabels:
107 app: maddy
108 replicas: 1
109 template:
110 metadata:
111 labels:
112 app: maddy
113 spec:
114 volumes:
115 - name: config
116 configMap:
117 name: config
118 - name: certs
119 secret:
120 secretName: cert-mx1.lekva.me
121 - name: data
122 persistentVolumeClaim:
123 claimName: data
124 containers:
125 - name: maddy
126 image: giolekva/maddy:v0.4.4
127 imagePullPolicy: Always
128 ports:
129 - containerPort: 25
130 - containerPort: 143
131 - containerPort: 993
132 - containerPort: 587
133 - containerPort: 465
134 command: ["maddy"]
135 args: ["-config", "/etc/maddy/config/maddy.conf"]
136 volumeMounts:
137 - name: config
138 mountPath: /etc/maddy/config
139 - name: certs
140 mountPath: /etc/maddy/certs
141 - name: data
142 mountPath: /var/lib/maddy
giolekva1cf54312021-09-23 21:27:20 +0400[diff] [blame^]143 - name: web
144 image: giolekva/maddy-web:latest
145 imagePullPolicy: Always
146 ports:
147 - name: http
148 containerPort: 80
149 protocol: TCP
150 command: ["maddy-web"]
151 args: ["-port", "80", "-maddy-config", "/etc/maddy/config/maddy.conf"]
152 volumeMounts:
153 - name: config
154 mountPath: /etc/maddy/config
155 - name: certs
156 mountPath: /etc/maddy/certs
157 - name: data
158 mountPath: /var/lib/maddy
giolekva565fcdc2021-09-23 18:34:30 +0400[diff] [blame]159---
160apiVersion: v1
161kind: ConfigMap
162metadata:
163 name: mta-sts
164 namespace: app-maddy
165data:
166 mta-sts.txt: |
167 version: STSv1
168 mode: enforce
169 max_age: 604800
170 mx: mx1.lekva.me
171---
172apiVersion: apps/v1
173kind: Deployment
174metadata:
175 name: mta-sts
176 namespace: app-maddy
177spec:
178 selector:
179 matchLabels:
180 app: mta-sts
181 replicas: 1
182 template:
183 metadata:
184 labels:
185 app: mta-sts
186 spec:
187 volumes:
188 - name: mta-sts
189 configMap:
190 name: mta-sts
191 containers:
192 - name: maddy
193 image: giolekva/static-file-server:latest
194 imagePullPolicy: Always
195 ports:
196 - name: http
197 containerPort: 80
198 command: ["static-file-server"]
199 args: ["-port=80", "-dir=/etc/static-file-server/data"]
200 volumeMounts:
201 - name: mta-sts
202 mountPath: /etc/static-file-server/data/.well-known
203 readOnly: true
204---
205apiVersion: v1
206kind: Service
207metadata:
208 name: mta-sts
209 namespace: app-maddy
210spec:
211 type: ClusterIP
212 selector:
213 app: mta-sts
214 ports:
215 - name: http
216 port: 80
217 targetPort: http
218 protocol: TCP
219---
220apiVersion: networking.k8s.io/v1
221kind: Ingress
222metadata:
223 name: mta-sts
224 namespace: app-maddy
225 annotations:
226 nginx.ingress.kubernetes.io/ssl-redirect: "false"
227spec:
228 ingressClassName: nginx
229 rules:
230 - host: mta-sts.lekva.me
231 http:
232 paths:
233 - pathType: Prefix
234 path: "/"
235 backend:
236 service:
237 name: mta-sts
238 port:
239 name: http