diff --git a/share/wildduck/haraka.tf b/share/wildduck/haraka.tf index 93232f0..1a9cf94 100644 --- a/share/wildduck/haraka.tf +++ b/share/wildduck/haraka.tf @@ -51,7 +51,17 @@ resource "kubectl_manifest" "haraka_deploy" { {} volumeMounts: - name: config - mountPath: /app/config + mountPath: /app/config/me + subPath: me + - name: config + mountPath: /app/config/host_list + subPath: host_list + - name: config + mountPath: /app/config/rspamd.ini + subPath: rspamd.ini + - name: config + mountPath: /app/config/wildduck.yaml + subPath: wildduck.yaml volumes: - name: config configMap: diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml index 11cb0e2..bd240cc 100644 --- a/share/wildduck/index.yaml +++ b/share/wildduck/index.yaml @@ -6,10 +6,15 @@ metadata: name: wildduck description: null options: - domain-name: - default: your_company.com + sub-domain: + default: mail examples: - - your_company.com + - mail + type: string + ingress-class: + default: traefik + examples: + - traefik type: string domain: default: your-company @@ -21,10 +26,15 @@ options: examples: - letsencrypt-prod type: string - ingress-class: - default: traefik + additional-domains: + default: [] + items: + type: string + type: array + domain-name: + default: your_company.com examples: - - traefik + - your_company.com type: string images: default: @@ -222,16 +232,6 @@ options: default: 2Gi type: string type: object - additional-domains: - default: [] - items: - type: string - type: array - sub-domain: - default: mail - examples: - - mail - type: string dependencies: - dist: null category: dbo diff --git a/share/wildduck/wildduck.tf b/share/wildduck/wildduck.tf index 33cfcbe..70bce64 100644 --- a/share/wildduck/wildduck.tf +++ b/share/wildduck/wildduck.tf @@ -62,12 +62,37 @@ resource "kubectl_manifest" "wildduck_deploy" { resources: {} volumeMounts: - - name: wildduck-config-volume - mountPath: /wildduck/config + - name: tls + mountPath: "/var/opt/certs" + readOnly: true + - name: config + mountPath: /wildduck/config/default.toml + subPath: default.toml + - name: config + mountPath: /wildduck/config/api.toml + subPath: api.toml + - name: config + mountPath: /wildduck/config/dbs.toml + subPath: dbs.toml + - name: config + mountPath: /wildduck/config/dkim.toml + subPath: dkim.toml + - name: config + mountPath: /wildduck/config/imap.toml + subPath: imap.toml + - name: config + mountPath: /wildduck/config/pop3.toml + subPath: pop3.toml + - name: config + mountPath: /wildduck/config/sender.toml + subPath: sender.toml volumes: - name: config configMap: name: "${var.instance}-wildduck" + - name: tls + secret: + secretName: "${var.instance}-cert" EOF } @@ -267,7 +292,7 @@ resource "kubectl_manifest" "wildduck_config" { # if `true` then do not autodelete expired messages disableRetention=false # If true, then disables STARTTLS support - disableSTARTTLS=true + disableSTARTTLS=false # If true, then advertises COMPRESS=DEFLATE capability enableCompression=false # If true, then expect HAProxy PROXY header as the first line of data @@ -297,8 +322,8 @@ resource "kubectl_manifest" "wildduck_config" { port=9930 [tls] ## If certificate path is not defined, use global or built-in self-signed certs - #key="/path/to/server/key.pem" - #cert="/path/to/server/cert.pem" + key="/var/opt/certs/tls.key" + cert="/var/opt/certs/tls.crt" ## You can also define extra options for specific TLS settings: #ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS" #secureProtocol="SSLv23_server_method" @@ -335,8 +360,8 @@ resource "kubectl_manifest" "wildduck_config" { #version="1.0.0" [tls] # If certificate path is not defined, use global or built-in self-signed certs - #key="/path/to/server/key.pem" - #cert="/path/to/server/cert.pem" + key="/var/opt/certs/tls.key" + cert="/var/opt/certs/tls.crt" [setup] # Public configuration for POP3 hostname="${var.sub-domain}.${var.domain-name}" diff --git a/share/wildduck/zonemta.tf b/share/wildduck/zonemta.tf index b199017..b2e4cce 100644 --- a/share/wildduck/zonemta.tf +++ b/share/wildduck/zonemta.tf @@ -51,16 +51,23 @@ resource "kubectl_manifest" "zonemta_deploy" { {} volumeMounts: - name: tls - mountPath: "/var/opt/certs" - readOnly: true + mountPath: "/var/opt/certs" + readOnly: true - name: config - mountPath: /app/config - - name: wildduck-zonemta-interfaces-config-volume - mountPath: /app/config/interfaces - - name: wildduck-zonemta-plugins-config-volume - mountPath: /app/config/plugins - - name: wildduck-zonemta-zones-config-volume - mountPath: /app/config/zones + mountPath: /app/config/dbs-production.toml + subPath: dbs-production.toml + - name: config + mountPath: /app/config/pools.toml + subPath: pools.toml + - name: config + mountPath: /app/config/plugins/wildduck.toml + subPath: wildduck.toml + - name: config + mountPath: /app/config/plugins/loop-breaker.toml + subPath: loop-breaker.toml + - name: config + mountPath: /app/config/interfaces/feeder.toml + subPath: feeder.toml volumes: - name: config configMap: