106 lines
2.9 KiB
HCL
106 lines
2.9 KiB
HCL
locals {
|
|
rspamd-labels = merge(local.common_labels, {
|
|
"app.kubernetes.io/component" = "rspamd"
|
|
})
|
|
}
|
|
|
|
resource "kubectl_manifest" "rspamd_deploy" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: "${var.instance}-rspamd"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.rspamd-labels)}
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels: ${jsonencode(local.rspamd-labels)}
|
|
template:
|
|
metadata:
|
|
labels: ${jsonencode(local.rspamd-labels)}
|
|
spec:
|
|
securityContext:
|
|
fsGroup: 101
|
|
containers:
|
|
- name: wildduck
|
|
securityContext:
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 100
|
|
image: "${var.images.rspamd.registry}/${var.images.rspamd.repository}:${var.images.rspamd.tag}"
|
|
imagePullPolicy: "${var.images.rspamd.pull_policy}"
|
|
ports:
|
|
- name: rspamd
|
|
containerPort: 11333
|
|
protocol: TCP
|
|
resources:
|
|
{}
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /app/rspamd/worker-normal.conf
|
|
subPath: worker-normal.conf
|
|
- name: config
|
|
mountPath: /etc/rspamd/override.d/dmarc.conf
|
|
subPath: dmarc.conf
|
|
- name: config
|
|
mountPath: /etc/rspamd/override.d/redis.conf
|
|
subPath: redis.conf
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: "${var.instance}-rspamd"
|
|
EOF
|
|
}
|
|
|
|
resource "kubernetes_config_map_v1" "rspamd_config" {
|
|
metadata {
|
|
name = "${var.instance}-rspamd"
|
|
namespace = "${var.namespace}"
|
|
labels = local.rspamd-labels
|
|
}
|
|
data = yamldecode(<<-EOF
|
|
worker-normal.conf: |-
|
|
# Included from top-level .conf file
|
|
|
|
worker "normal" {
|
|
bind_socket = "*:11333";
|
|
.include "$CONFDIR/worker-normal.inc"
|
|
.include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-normal.inc"
|
|
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-normal.inc"
|
|
}
|
|
dmarc.conf: |-
|
|
actions = {
|
|
quarantine = "add_header";
|
|
reject = "reject";
|
|
}
|
|
redis.conf: |-
|
|
servers = "${var.instance}-${var.component}-redis.${var.namespace}.svc:6379";
|
|
db = "4";
|
|
EOF
|
|
)
|
|
}
|
|
|
|
resource "kubectl_manifest" "rspamd_service" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: "${var.instance}-rspamd"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.rspamd-labels)}
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 11333
|
|
targetPort: rspamd
|
|
protocol: TCP
|
|
name: rspamd
|
|
selector: ${jsonencode(local.rspamd-labels)}
|
|
EOF
|
|
}
|
|
|