Adding wildduck for testing

share/wildduck/rspamd.tf

@@ -0,0 +1,106 @@
+locals {
+  rspamd-labels = merge(local.common-labels, {
+    "app.kubernetes.io/component" = "rspamd"
+  })
+}
+
+resource "kubectl_manifest" "rspamd_deploy" {
+  yaml_body  = <<-EOF
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: "${var.instance}-rspamd"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.rspamd-labels)}
+    spec:
+      replicas: 1
+      selector:
+        matchLabels: ${jsonencode(local.rspamd-labels)}
+      template:
+        metadata:
+          labels: ${jsonencode(local.rspamd-labels)}
+        spec:
+          securityContext:
+            fsGroup: 101
+          containers:
+          - name: wildduck
+            securityContext:
+              capabilities:
+                drop:
+                - ALL
+              readOnlyRootFilesystem: true
+              runAsNonRoot: true
+              runAsUser: 100
+            image: "${var.images.rspamd.registry}/${var.images.rspamd.repository}:${var.images.rspamd.tag}"
+            imagePullPolicy: "${var.images.rspamd.pullPolicy}"
+            ports:
+            - name: rspamd
+              containerPort: 11333
+              protocol: TCP
+            resources:
+              {}
+            volumeMounts:
+            - name: config
+              mountPath: /app/rspamd/worker-normal.conf
+              subPath: worker-normal.conf
+            - name: config
+              mountPath: /etc/rspamd/override.d/dmarc.conf
+              subPath: dmarc.conf
+            - name: config
+              mountPath: /etc/rspamd/override.d/redis.conf
+              subPath: redis.conf
+        volumes:
+        - name: config
+          configMap:
+            name: "${var.instance}-rspamd"
+  EOF
+}
+
+resource "kubectl_manifest" "rspamd_config" {
+  yaml_body  = <<-EOF
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: "${var.instance}-rspamd"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.rspamd-labels)}
+    data:
+      worker-normal.conf: |-
+        # Included from top-level .conf file
+
+        worker "normal" {
+            bind_socket = "*:11333";
+            .include "$CONFDIR/worker-normal.inc"
+            .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-normal.inc"
+            .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-normal.inc"
+        }
+      dmarc.conf: |-
+        actions = {
+            quarantine = "add_header";
+            reject = "reject";
+        }
+      redis.conf: |-
+        servers = "${var.instance}-${var.component}-redis.${var.namespace}.svc:6379";
+        db = "4";
+  EOF
+}
+
+resource "kubectl_manifest" "rspamd_service" {
+  yaml_body  = <<-EOF
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: "${var.instance}-rspamd"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.rspamd-labels)}
+    spec:
+      type: ClusterIP
+      ports:
+      - port: 11333
+        targetPort: rspamd
+        protocol: TCP
+        name: rspamd
+      selector: ${jsonencode(local.rspamd-labels)}
+  EOF
+}
+