badhouseplants/k8s-cluster-config
Archived
4
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Activity

feat: Mailu is installed and it's working

Browse Source
This commit is contained in:
Nikolai Rodionov
2023-04-22 19:14:11 +02:00
parent a5e526ebfc
commit 968a1ac12e
7 changed files with 184 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@@ -14,4 +14,4 @@ postgresql:
secretKeys:
adminPasswordKey: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb
userPasswordKey: 4tTyKckG6y7rnfx3DHsPo6VxXBiRmP
replicationPasswordKey: VMhJQ4emdpZS65h2yo58pSNXY82Yvz
replicationPasswordKey: VMhJQ4emdpZS65h2yo58pSNXY82Yvz

17
badhouseplants/values/.decrypted~secrets.mailu.yaml Normal file
View File

@@ -0,0 +1,17 @@
secretKey: FXBF3jpV4izpB8tz9GNdXpSg8kHi7k
initialAccount:
username: overlord@badhouseplants.net
domain: badhouseplants.net
password: hYX4D5vCjz6KbKkUyqifHQNzc
postgresql:
auth:
password: H5aYgqzc3U5fwX3vd54xf52wi9W4sR
postgresPassword: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb
secretKeys:
adminPasswordKey: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb
replicationPasswordKey: VMhJQ4emdpZS65h2yo58pSNXY82Yvz
userPasswordKey: 4tTyKckG6y7rnfx3DHsPo6VxXBiRmP
global:
database:
roundcube:
password: 3pN_ge_z@l

20
badhouseplants/values/secrets.mailu.yaml
View File

@@ -1,8 +1,20 @@
secretKey: ENC[AES256_GCM,data:AY41e2XkC0e32L/9MWxK4YkbeGj/piZpgIGjU7Bd,iv:3DRmPKD3YHgqizBq2EAy/BC0qc0mSmpLLMCxRXdakRc=,tag:HgnEjhISDMqUkoObbpf3NA==,type:str]
initialAccount:
username: ENC[AES256_GCM,data:ugeeeEKt/m4=,iv:M/7s36QP7o/m2rxtdsVcl4qd5opvQvznhHvI0cD2g90=,tag:NW7+HVa923/Nams8+Qw1QQ==,type:str]
username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str]
domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str]
password: ENC[AES256_GCM,data:5MxZgd275wrm0fiery2n31sfEtwu8zxzqnuoGpv5,iv:fXtmmzwPxfeIOYLfbUJN1oe6v1TsR/y3ReoDjYibefY=,tag:lqB8yym/Vz58D26J7Ao7mA==,type:str]
password: ENC[AES256_GCM,data:HR5qr3fZIOs7ye4DkwtacY2BcQbxu+27Yw==,iv:pq+0zNOhxAAWGsy579HQCrymcq0dfbOph1xyzkgPdcA=,tag:dSR8CW94YNaRujBK/Ysmtw==,type:str]
postgresql:
auth:
password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str]
postgresPassword: ENC[AES256_GCM,data:2+RrJdHwGQVU910BkXH5ZogDfh8zoOPDcJazg7Iv,iv:CKH/lhkTYNbJ0sKQCwgZ4CDg+7ITsbJq3wcQiJWogtI=,tag:xZX3HSfpC2Wrz1sCOtQwYQ==,type:str]
secretKeys:
adminPasswordKey: ENC[AES256_GCM,data:LbBjpvmdVgIDLtlL5ccufC7Pe28ZVO5CYxTzVoZD,iv:dsVuk1ZluIAhtYN1s9xH+2Jk2CyVYGRU2LoxnC5Lgb0=,tag:lWZohYLUyVnrMKhvwIz7uw==,type:str]
replicationPasswordKey: ENC[AES256_GCM,data:asv/FCVAPir07vw5kW1uqSPGEKTR/ukwtOXY5q8j,iv:SnEftPnqXdPK3Zw9nd8Qnj412tHrPSK6hR0V3rLfn3A=,tag:xKqOjOuSyMKSo02r8GyVbg==,type:str]
userPasswordKey: ENC[AES256_GCM,data:NNUZ8zVSem5Aov/PxFbc7OjANRVa5g5WjyMLRX1V,iv:c3XDq6nyea5ErJZHMKwxEqNfpjBYVGiqbAgqko5nsjI=,tag:HrhLvBxraIKFhNPaulM+uQ==,type:str]
global:
database:
roundcube:
password: ENC[AES256_GCM,data:V7Ml++sPS94LzA==,iv:aQ36cTMR5ArSows/3+z10nFIRppCkSvQx6VwtB30hno=,tag:2yVIXNHJ3HbA/sr6vnX7XA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -18,8 +30,8 @@ sops:
RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp
QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-21T12:47:54Z"
mac: ENC[AES256_GCM,data:erMUPtaX67xTGbJAB2aCi3J+j2Sjc9HRLQR+U139nrEoGCOAAes+OvyhrSlpW59pH58V6ltwUUxn1aoI5GF79HaTUK2uLQ+5Gy8jIjxgF1okYJfQFzVsZJPIasxr1fZmYewnsiUU9iNqmxLm6W6GbuMzO8dN5o6LHzceJn8cjj4=,iv:ryDfDqfXuNbqu3ju/wgz1ke4eAYsXLYp1lv91MeiIoc=,tag:1Wb/XyG4P/dybrhHuQ1LAg==,type:str]
lastmodified: "2023-04-22T17:13:44Z"
mac: ENC[AES256_GCM,data:GMqaB9uNNkO2oLFncxOIql2vQyLneopSCIZ75sbEQJpbEtc+UltcQ46EaK8MeII3vEuxa5EvEZQbaz04+zfi33lDyYIv/0IsIyKkZg1WtC+6pEzoXUCSAfSLFaPPSsvaycerU+S9rUl4hXPJJmyg/tdm75HWg9KrA0LSnlO2PSI=,iv:XbFgdnsDa8kbX2EwEmyTDiktq3VWm3QBbfpTCB8LCWo=,tag:kLLsjih/YJkQa9K07791oQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

31
badhouseplants/values/values.istio-ingressgateway.yaml
View File

@@ -22,6 +22,37 @@ service:
port: 1194
protocol: TCP
targetPort: 1194
# -----------
# -- Email
# -----------
- name: smtp
port: 25
protocol: TCP
targetPort: 25
- name: smtps
port: 465
protocol: TCP
targetPort: 465
- name: smtp-startls
port: 587
protocol: TCP
targetPort: 587
- name: imap
port: 143
protocol: TCP
targetPort: 143
- name: imaps
port: 993
protocol: TCP
targetPort: 993
- name: pop3
port: 110
protocol: TCP
targetPort: 110
- name: pop3s
port: 995
protocol: TCP
targetPort: 995
resources:
requests:
cpu: 100m

103
badhouseplants/values/values.mailu.yaml
View File

@@ -1,16 +1,89 @@
---
certificate:
enabled: true
certificate:
- name: mailu
secretName: mailu-certificate
issuer:
kind: ClusterIssuer
name: badhouseplants-issuer
dnsNames:
- badhouseplants.net
- "*.badhouseplants.net"
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: mailu-web
kind: http
gateway: badhouseplants-net
hostname: email.badhouseplants.net
service: mailu-front
port: 80
- name: mailu-smpt
kind: tcp
gateway: badhouseplants-mail
service: mailu-front
hostname: "*"
port_match: 25
port: 25
- name: mailu-smpts
kind: tcp
gateway: badhouseplants-mail
port_match: 465
hostname: "*"
service: mailu-front
port: 465
- name: mailu-smpt-startls
kind: tcp
gateway: badhouseplants-mail
hostname: "*"
port_match: 587
service: mailu-front
port: 587
- name: mailu-imap
kind: tcp
hostname: "*"
gateway: badhouseplants-mail
port_match: 143
service: mailu-front
port: 143
- name: mailu-imaps
kind: tcp
gateway: badhouseplants-mail
hostname: "*"
port_match: 993
service: mailu-front
port: 993
- name: mailu-pop3
kind: tcp
gateway: badhouseplants-mail
port_match: 110
hostname: "*"
service: mailu-front
port: 110
- name: mailu-pop3s
kind: tcp
gateway: badhouseplants-mail
port_match: 993
hostname: "*"
service: mailu-front
port: 993
subnet: 10.1.0.0/16
sessionCookieSecure: false
hostnames:
- mail.badhouseplants.net
- imap.badhouseplants.net
- email.badhouseplants.net
domain: badhouseplants.net
persistence:
single_pvc: false
ingress:
tls: true
selfSigned: true
# tlsFlavor: mail-letsencrypt
# externalIngress: false
# annotations:
# kubernetes.io/ingress.class: istio
enabled: false
tls: false
selfSigned: false
existingSecret: mailu-certificate
admin:
resources:
requests:
@@ -42,13 +115,14 @@ postfix:
persistence:
size: 1Gi
dovecot:
logLevel: DEBUG
resources:
requests:
memory: 100Mi
cpu: 70m
limits:
memory: 200Mi
cpu: 200m
memory: 400Mi
cpu: 300m
persistence:
size: 1Gi
roundcube:
@@ -74,8 +148,11 @@ postgresql:
storageClass: ""
accessMode: ReadWriteOnce
size: 1Gi
rspamd:
front:
logLevel: DEBUG
hostPort:
enabled: false
rspamd:
resources:
requests:
memory: 100Mi
@@ -91,8 +168,8 @@ rspamd:
readinessProbe: {}
webmail:
persistence:
size: 1Gi
size: 2Gi
storageClass: ""
accessModes: [ReadWriteOnce]
claimNameOverride: ""
annotations: {}
annotations: {}

20
common/values.certificate.yaml Normal file
View File

@@ -0,0 +1,20 @@
---
certificate:
templates:
- |
{{ range .Values.certificate }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .name }}
spec:
dnsNames:
{{- range .dnsNames }}
- {{ . | quote }}
{{- end }}
issuerRef:
kind: {{ .issuer.kind }}
name: {{ .issuer.name }}
secretName: {{ .secretName }}
{{ end }}

9
releases.yaml
View File

@@ -45,6 +45,14 @@ templates:
alias: istio
values:
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
ext-certificate:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: certificate
values:
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
service-monitor:
dependencies:
- chart: bedag/raw
@@ -206,3 +214,4 @@ templates:
- template: default-env-values
- template: default-env-secrets
- template: ext-istio-resource
- template: ext-certificate