Closes #44
This commit is contained in:
parent
69b989a112
commit
259c4aa83f
@ -90,6 +90,38 @@
|
|||||||
requests:
|
requests:
|
||||||
storage: 2Ti
|
storage: 2Ti
|
||||||
|
|
||||||
|
- name: Create a ConfigMap for encryption
|
||||||
|
k8s:
|
||||||
|
state: present
|
||||||
|
definition:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: certs
|
||||||
|
namespace: mail
|
||||||
|
data:
|
||||||
|
privkey.pem: "{{ mail_encryption_privkey }}"
|
||||||
|
pubkey.pem: "{{ mail_encryption_pubkey }}"
|
||||||
|
|
||||||
|
- name: Create a ConfigMap for Dovecot
|
||||||
|
k8s:
|
||||||
|
state: present
|
||||||
|
definition:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: dovecot
|
||||||
|
namespace: mail
|
||||||
|
data:
|
||||||
|
10-encryption.conf: |
|
||||||
|
# Enables mail_crypt for all services (pop3, pop3, etc)
|
||||||
|
mail_plugins = $mail_plugins mail_crypt
|
||||||
|
plugin {
|
||||||
|
mail_crypt_global_private_key = </certs/privkey.pem
|
||||||
|
mail_crypt_global_public_key = </certs/pubkey.pem
|
||||||
|
mail_crypt_save_version = 2
|
||||||
|
}
|
||||||
|
|
||||||
- name: Create a deployment
|
- name: Create a deployment
|
||||||
k8s:
|
k8s:
|
||||||
definition:
|
definition:
|
||||||
@ -141,8 +173,13 @@
|
|||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: certs
|
||||||
|
mountPath: /certs
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /tmp/docker-mailserver
|
mountPath: /tmp/docker-mailserver
|
||||||
|
- name: dovecot
|
||||||
|
mountPath: /etc/dovecot/conf.d/10-encryption.conf
|
||||||
|
subPath: 10-encryption.conf
|
||||||
- name: ssl
|
- name: ssl
|
||||||
mountPath: /etc/letsencrypt
|
mountPath: /etc/letsencrypt
|
||||||
- name: mail
|
- name: mail
|
||||||
@ -207,6 +244,9 @@
|
|||||||
- name: SSL_KEY_PATH
|
- name: SSL_KEY_PATH
|
||||||
value: "/etc/letsencrypt/tls.key"
|
value: "/etc/letsencrypt/tls.key"
|
||||||
volumes:
|
volumes:
|
||||||
|
- name: certs
|
||||||
|
configMap:
|
||||||
|
name: certs
|
||||||
- name: ssl
|
- name: ssl
|
||||||
secret:
|
secret:
|
||||||
secretName: mail
|
secretName: mail
|
||||||
@ -219,6 +259,9 @@
|
|||||||
- name: dkim
|
- name: dkim
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: dkim
|
claimName: dkim
|
||||||
|
- name: dovecot
|
||||||
|
configMap:
|
||||||
|
name: dovecot
|
||||||
|
|
||||||
- name: Expose deployment as a service
|
- name: Expose deployment as a service
|
||||||
k8s:
|
k8s:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user