--- # tasks file for mail - name: Create ConfigMap for mail k8s: state: present api_version: v1 kind: ConfigMap name: mail namespace: "eom-{{ target_namespace }}" definition: data: server.crt: "{{ proxy_server_crt }}" server.key: "{{ proxy_server_key }}" - name: Create persistent volume for mail k8s: state: present definition: apiVersion: v1 kind: PersistentVolume metadata: name: "eom-{{ target_namespace }}-mail" spec: capacity: storage: 32Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: standard hostPath: path: "/data/store-0/eom/mail" nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - alpha-worker-0 - name: Create a persistent volume claim for mail k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mail namespace: "eom-{{ target_namespace }}" spec: accessModes: - ReadWriteOnce resources: requests: storage: 32Gi storageClassName: standard volumeName: "eom-{{ target_namespace }}-mail" - name: Create a deployment k8s: definition: apiVersion: v1 kind: Deployment metadata: name: mail namespace: "eom-{{ target_namespace }}" spec: replicas: 1 selector: matchLabels: app: mail template: metadata: labels: app: mail spec: containers: - name: mail image: mailserver/docker-mailserver volumeMounts: - name: ssl mountPath: /etc/letsencrypt - name: mail mountPath: /var/mail ports: - containerPort: 25 - containerPort: 465 - containerPort: 587 - containerPort: 993 env: - name: OVERRIDE_HOSTNAME value: "mail.eom.dev" - name: ACCOUNT_PROVISIONER value: "LDAP" - name: LDAP_SERVER_HOST value: "ldap://openldap/" - name: LDAP_SEARCH_BASE value: "dc=eom,dc=dev" - name: LDAP_BIND_DN value: "cn=admin,dc=eom,dc=dev" - name: LDAP_BIND_PW value: "{{ ldap_admin_password }}" - name: LDAP_QUERY_FILTER_USER value: "(&(mail=%s))" - name: LDAP_QUERY_FILTER_GROUP value: "(&(mailGroupMember=%s)(mailEnabled=TRUE))" - name: LDAP_QUERY_FILTER_ALIAS value: "(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE)))" - name: LDAP_QUERY_FILTER_DOMAIN value: "(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))" - name: DOVECOT_PASS_FILTER value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" - name: DOVECOT_USER_FILTER value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" - name: ENABLE_SASLAUTHD value: "1" - name: SASLAUTHD_MECHANISMS value: "ldap" - name: SASLAUTHD_LDAP_SERVER value: "ldap://openldap/" - name: SASLAUTHD_LDAP_BIND_DN value: "cn=admin,dc=eom,dc=dev" - name: SASLAUTHD_LDAP_PASSWORD value: "{{ ldap_admin_password }}" - name: SASLAUTHD_LDAP_SEARCH_BASE value: "dc=eom,dc=dev" - name: SASLAUTHD_LDAP_FILTER value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%U))" - name: POSTMASTER_ADDRESS value: "admin@mail.eom.dev" - name: SSL_TYPE value: "manual" - name: SSL_CERT_PATH value: "/etc/letsencrypt/server.crt" - name: SSL_KEY_PATH value: "/etc/letsencrypt/server.key" volumes: - name: ssl configMap: name: mail - name: mail persistentVolumeClaim: claimName: mail - name: Expose deployment as a service k8s: definition: apiVersion: v1 kind: Service metadata: name: mail namespace: "eom-{{ target_namespace }}" spec: selector: app: mail ports: - port: 25 name: mail-25 nodePort: 30025 - port: 465 name: mail-465 nodePort: 30465 - port: 587 name: mail-587 nodePort: 30587 - port: 993 name: mail-993 nodePort: 30993 type: NodePort