Merge remote-tracking branch 'upstream/master' into passlib
commit
2ba0d552e0
@ -1,7 +1,7 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% block content %}
|
||||
{% call macros.box() %}
|
||||
{% call macros.card() %}
|
||||
{{ macros.form(form) }}
|
||||
{% endcall %}
|
||||
{% endblock %}
|
||||
|
@ -1,120 +1,144 @@
|
||||
<section class="sidebar">
|
||||
<div class="sidebar">
|
||||
{% if current_user.is_authenticated %}
|
||||
<h4 class="text-center text-primary">{{ current_user }}</h4>
|
||||
<div class="user-panel mt-3 pb-3 mb-3 d-flex">
|
||||
<div class="info">
|
||||
<span class="text-center text-primary">{{ current_user }}</span>
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
<ul class="sidebar-menu" data-widget="tree">
|
||||
<nav class="mt-2">
|
||||
<ul class="nav nav-pills nav-sidebar flex-column" role="menu">
|
||||
{% if current_user.is_authenticated %}
|
||||
<li class="header">{% trans %}My account{% endtrans %}</li>
|
||||
<li>
|
||||
<a href="{{ url_for('.user_settings') }}">
|
||||
<i class="fa fa-wrench"></i> <span>{% trans %}Settings{% endtrans %}</span>
|
||||
<li class="nav-header">{% trans %}My account{% endtrans %}</li>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.user_settings') }}" class="nav-link">
|
||||
<i class="nav-icon fa fa-wrench"></i>
|
||||
<p class="text">{% trans %}Settings{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ url_for('.user_password') }}">
|
||||
<i class="fa fa-lock"></i> <span>{% trans %}Update password{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.user_password') }}" class="nav-link">
|
||||
<i class="nav-icon fa fa-lock"></i>
|
||||
<p class="text">{% trans %}Update password{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ url_for('.user_reply') }}">
|
||||
<i class="fa fa-plane"></i> <span>{% trans %}Auto-reply{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.user_reply') }}" class="nav-link">
|
||||
<i class="nav-icon fa fa-plane"></i>
|
||||
<p class="text">{% trans %}Auto-reply{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ url_for('.fetch_list') }}">
|
||||
<i class="fa fa-download"></i> <span>{% trans %}Fetched accounts{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.fetch_list') }}" class="nav-link">
|
||||
<i class="nav-icon fas fa-download"></i>
|
||||
<p class="text">{% trans %}Fetched accounts{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ url_for('.token_list') }}">
|
||||
<i class="fa fa-ticket"></i> <span>{% trans %}Authentication tokens{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.token_list') }}" class="nav-link">
|
||||
<i class="nav-icon fas fa-ticket-alt"></i>
|
||||
<p class="text">{% trans %}Authentication tokens{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
|
||||
{% if current_user.manager_of or current_user.global_admin %}
|
||||
<li class="header">{% trans %}Administration{% endtrans %}</li>
|
||||
<li class="nav-header">{% trans %}Administration{% endtrans %}</li>
|
||||
{% endif %}
|
||||
{% if current_user.global_admin %}
|
||||
<li>
|
||||
<a href="{{ url_for('.announcement') }}">
|
||||
<i class="fa fa-bullhorn"></i> <span>{% trans %}Announcement{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.announcement') }}" class="nav-link">
|
||||
<i class="nav-icon fa fa-bullhorn"></i>
|
||||
<p class="text">{% trans %}Announcement{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ url_for('.admin_list') }}">
|
||||
<i class="fa fa-user"></i> <span>{% trans %}Administrators{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.admin_list') }}" class="nav-link">
|
||||
<i class="nav-icon fa fa-user"></i>
|
||||
<p class="text">{% trans %}Administrators{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ url_for('.relay_list') }}">
|
||||
<i class="fa fa-reply-all"></i> <span>{% trans %}Relayed domains{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.relay_list') }}" class="nav-link">
|
||||
<i class="nav-icon fa fa-reply-all"></i>
|
||||
<p class="text">{% trans %}Relayed domains{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ config["WEB_ADMIN"] }}/antispam/" target="_blank">
|
||||
<i class="fa fa-trash-o"></i> <span>{% trans %}Antispam{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ config["WEB_ADMIN"] }}/antispam/" target="_blank" class="nav-link">
|
||||
<i class="nav-icon fas fa-trash-alt"></i>
|
||||
<p class="text">{% trans %}Antispam{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if current_user.manager_of or current_user.global_admin %}
|
||||
<li>
|
||||
<a href="{{ url_for('.domain_list') }}">
|
||||
<i class="fa fa-envelope"></i> <span>{% trans %}Mail domains{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.domain_list') }}" class="nav-link">
|
||||
<i class="nav-icon fa fa-envelope"></i>
|
||||
<p class="text">{% trans %}Mail domains{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
<li class="header">{% trans %}Go to{% endtrans %}</li>
|
||||
<li class="nav-header">{% trans %}Go to{% endtrans %}</li>
|
||||
{% if config["WEBMAIL"] != "none" %}
|
||||
<li>
|
||||
<a href="{{ config["WEB_WEBMAIL"] }}" target="_blank">
|
||||
<i class="fa fa-envelope-o"></i> <span>{% trans %}Webmail{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ config["WEB_WEBMAIL"] }}" target="_blank" class="nav-link">
|
||||
<i class="nav-icon far fa-envelope"></i>
|
||||
<p class="text">{% trans %}Webmail{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
<li>
|
||||
<a href="{{ url_for('.client') }}">
|
||||
<i class="fa fa-laptop"></i> <span>{% trans %}Client setup{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.client') }}" class="nav-link">
|
||||
<i class="nav-icon fa fa-laptop"></i>
|
||||
<p class="text">{% trans %}Client setup{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ config["WEBSITE"] }}" target="_blank">
|
||||
<i class="fa fa-globe"></i> <span>{% trans %}Website{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ config["WEBSITE"] }}" target="_blank" class="nav-link">
|
||||
<i class="nav-icon fa fa-globe"></i>
|
||||
<p class="text">{% trans %}Website{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="https://mailu.io" target="_blank">
|
||||
<i class="fa fa-life-ring"></i> <span>{% trans %}Help{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="https://mailu.io" target="_blank" class="nav-link">
|
||||
<i class="nav-icon fa fa-life-ring"></i>
|
||||
<p class="text">{% trans %}Help{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
{% if config['DOMAIN_REGISTRATION'] %}
|
||||
<li>
|
||||
<a href="{{ url_for('.domain_signup') }}">
|
||||
<i class="fa fa-plus-square"></i> <span>{% trans %}Register a domain{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.domain_signup') }}" class="nav-link">
|
||||
<i class="nav-icon fa fa-plus-square"></i>
|
||||
<p class="text">{% trans %}Register a domain{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if current_user.is_authenticated %}
|
||||
<li>
|
||||
<a href="{{ url_for('.logout') }}">
|
||||
<i class="fa fa-sign-out"></i> <span>{% trans %}Sign out{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.logout') }}" class="nav-link">
|
||||
<i class="nav-icon fas fa-sign-out-alt"></i>
|
||||
<p class="text">{% trans %}Sign out{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
{% else %}
|
||||
<li>
|
||||
<a href="{{ url_for('.login') }}">
|
||||
<i class="fa fa-sign-in"></i> <span>{% trans %}Sign in{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.login') }}" class="nav-link">
|
||||
<i class="nav-icon fas fa-sign-in-alt"></i>
|
||||
<p class="text">{% trans %}Sign in{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
{% if signup_domains %}
|
||||
<li>
|
||||
<a href="{{ url_for('.user_signup') }}">
|
||||
<i class="fa fa-user-plus"></i> <span>{% trans %}Sign up{% endtrans %}</span>
|
||||
<li class="nav-item">
|
||||
<a href="{{ url_for('.user_signup') }}" class="nav-link">
|
||||
<i class="nav-icon fa fa-user-plus"></i>
|
||||
<p class="text">{% trans %}Sign up{% endtrans %}</p>
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
</ul>
|
||||
</section>
|
||||
</nav>
|
||||
</div>
|
||||
|
@ -1,4 +1,4 @@
|
||||
__all__ = [
|
||||
'admins', 'aliases', 'alternatives', 'base', 'domains', 'fetches',
|
||||
'managers', 'users', 'relays', 'tokens'
|
||||
'managers', 'users', 'relays', 'tokens', 'languages'
|
||||
]
|
||||
|
@ -0,0 +1,9 @@
|
||||
from mailu.ui import ui, forms, access
|
||||
|
||||
import flask
|
||||
|
||||
|
||||
@ui.route('/language/<language>', methods=['GET'])
|
||||
def set_language(language=None):
|
||||
flask.session['language'] = language
|
||||
return flask.redirect(flask.url_for('.user_settings'))
|
@ -1,5 +1,12 @@
|
||||
#!/bin/bash
|
||||
|
||||
tee >(rspamc -h {{ ANTISPAM_WEBUI_ADDRESS }} -P mailu learn_ham /dev/stdin) \
|
||||
>(rspamc -h {{ ANTISPAM_WEBUI_ADDRESS }} -P mailu -f 11 fuzzy_del /dev/stdin) \
|
||||
| rspamc -h {{ ANTISPAM_WEBUI_ADDRESS }} -P mailu -f 13 fuzzy_add /dev/stdin
|
||||
RSPAMD_HOST="$(getent hosts {{ ANTISPAM_WEBUI_ADDRESS }}|cut -d\ -f1)"
|
||||
if [[ $? -ne 0 ]]
|
||||
then
|
||||
echo "Failed to lookup {{ ANTISPAM_WEBUI_ADDRESS }}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
tee >(rspamc -h $RSPAMD_HOST -P mailu learn_ham /dev/stdin) \
|
||||
>(rspamc -h $RSPAMD_HOST -P mailu -f 11 fuzzy_del /dev/stdin) \
|
||||
| rspamc -h $RSPAMD_HOST -P mailu -f 13 fuzzy_add /dev/stdin
|
||||
|
@ -1,5 +1,13 @@
|
||||
#!/bin/bash
|
||||
|
||||
tee >(rspamc -h {{ ANTISPAM_WEBUI_ADDRESS }} -P mailu learn_spam /dev/stdin) \
|
||||
>(rspamc -h {{ ANTISPAM_WEBUI_ADDRESS }} -P mailu -f 13 fuzzy_del /dev/stdin) \
|
||||
| rspamc -h {{ ANTISPAM_WEBUI_ADDRESS }} -P mailu -f 11 fuzzy_add /dev/stdin
|
||||
RSPAMD_HOST="$(getent hosts {{ ANTISPAM_WEBUI_ADDRESS }}|cut -d\ -f1)"
|
||||
if [[ $? -ne 0 ]]
|
||||
then
|
||||
echo "Failed to lookup {{ ANTISPAM_WEBUI_ADDRESS }}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
tee >(rspamc -h $RSPAMD_HOST -P mailu learn_spam /dev/stdin) \
|
||||
>(rspamc -h $RSPAMD_HOST -P mailu -f 13 fuzzy_del /dev/stdin) \
|
||||
| rspamc -h $RSPAMD_HOST -P mailu -f 11 fuzzy_add /dev/stdin
|
||||
|
@ -1,13 +1,11 @@
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||||
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||||
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||||
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||||
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||||
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
|
||||
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
|
||||
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
|
||||
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
|
||||
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
|
||||
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
|
||||
MIIBiAKCAYEAtQlUSOKGjpdXJ154qmMEa1pEs+9CdSxWiZFkiXBJb0lTafOh8cfF
|
||||
2IkcWSwzxWwjW4Ad26UQQFh1poGf2QBzVk2vuKCekYzPAs/WqH8VwiXBiWR5R9lh
|
||||
v/+CkEBYuQOzAhXLN6ZGdPPa2sjdI49rlaIqyLJE4D0TI/VHYmC/vEwqkJUgaGrS
|
||||
19LhHZimnmouvrnyBPyf00czXlMow0RnmYeHVZ7W5hu7t9TH9o3QAN/GKiFfxFj+
|
||||
RkdLM7beQdS0He5YeTaElM5l1YT5d5gHFbOzEQyKHd10ux+bgVcgUeVbBnI1SAIC
|
||||
w53yc1PkDAiRijSP5j5aWq1djtJPheS13o35HyIf0cHzkNYhKfX5JWPj/cbgdM+C
|
||||
FL1bnRc8sL5oxmkDoGJhiNZIf4n2WtS8Zu28gUgat6S+vCm/4yavIc/T1g6UiNKE
|
||||
X41HPbsma/QWUwOL6S+b2qr+7rKqjI5TzVek8vBMellEV4mBvfQU3NDSQ4WvxbTq
|
||||
ZEOgLPA178nrAgEC
|
||||
-----END DH PARAMETERS-----
|
||||
|
@ -1,6 +1,12 @@
|
||||
# Default proxy setup
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header True-Client-IP $remote_addr;
|
||||
proxy_set_header Forwarded "";
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
{% if REAL_IP_HEADER and REAL_IP_FROM %}
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
{% else %}
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
{% endif %}
|
||||
proxy_http_version 1.1;
|
||||
|
@ -1,6 +1,6 @@
|
||||
# This is an idle image to dynamically replace any component if disabled.
|
||||
|
||||
ARG DISTRO=alpine:3.12
|
||||
ARG DISTRO=alpine:3.14
|
||||
FROM $DISTRO
|
||||
|
||||
CMD sleep 1000000d
|
||||
|
@ -1 +1,2 @@
|
||||
{{ RELAYHOST }} {{ RELAYUSER }}:{{ RELAYPASSWORD }}
|
||||
|
||||
|
@ -1,63 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mailu-admin
|
||||
namespace: mailu-mailserver
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mailu-admin
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
containers:
|
||||
- name: admin
|
||||
image: mailu/admin:master
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: mailu-config
|
||||
volumeMounts:
|
||||
- name: maildata
|
||||
mountPath: /data
|
||||
subPath: maildata
|
||||
- name: maildata
|
||||
mountPath: /dkim
|
||||
subPath: dkim
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
resources:
|
||||
requests:
|
||||
memory: 500Mi
|
||||
cpu: 500m
|
||||
limits:
|
||||
memory: 500Mi
|
||||
cpu: 500m
|
||||
volumes:
|
||||
- name: maildata
|
||||
persistentVolumeClaim:
|
||||
claimName: mail-storage
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: admin
|
||||
namespace: mailu-mailserver
|
||||
labels:
|
||||
app: mailu-admin
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
selector:
|
||||
app: mailu-admin
|
||||
role: mail
|
||||
tier: backend
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
@ -1,175 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: mailu-config
|
||||
namespace: mailu-mailserver
|
||||
data:
|
||||
# Mailu main configuration file
|
||||
#
|
||||
# Most configuration variables can be modified through the Web interface,
|
||||
# these few settings must however be configured before starting the mail
|
||||
# server and require a restart upon change.
|
||||
|
||||
###################################
|
||||
# Common configuration variables
|
||||
###################################
|
||||
|
||||
# Set this to the path where Mailu data and configuration is stored
|
||||
ROOT: "/mailu"
|
||||
|
||||
# Mailu version to run (1.0, 1.1, etc. or master)
|
||||
VERSION: "master"
|
||||
|
||||
# Set to a randomly generated 16 bytes string
|
||||
SECRET_KEY: "MySup3rS3cr3tPas"
|
||||
|
||||
# Address where listening ports should bind
|
||||
BIND_ADDRESS4: "127.0.0.1"
|
||||
#BIND_ADDRESS6: "::1"
|
||||
|
||||
# Main mail domain
|
||||
DOMAIN: "example.com"
|
||||
|
||||
# Hostnames for this server, separated with comas
|
||||
HOSTNAMES: "mail.example.com"
|
||||
|
||||
# Postmaster local part (will append the main mail domain)
|
||||
POSTMASTER: "admin"
|
||||
|
||||
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
|
||||
TLS_FLAVOR: "cert"
|
||||
|
||||
# Authentication rate limit (per source IP address)
|
||||
AUTH_RATELIMIT: "10/minute;1000/hour"
|
||||
|
||||
# Opt-out of statistics, replace with "True" to opt out
|
||||
DISABLE_STATISTICS: "False"
|
||||
|
||||
###################################
|
||||
# Kubernetes configuration
|
||||
###################################
|
||||
|
||||
# Use Kubernetes Ingress Controller to handle all actions on port 80 and 443
|
||||
# This way we can make use of the advantages of the cert-manager deployment
|
||||
KUBERNETES_INGRESS: "true"
|
||||
|
||||
# POD_ADDRESS_RANGE is normally provided by default with Kubernetes
|
||||
# Only use this value when you are using Flannel, Calico or a special kind of CNI
|
||||
# Provide the IPs of your network interface or bridge which is used for VXLAN network traffic
|
||||
# POD_ADDRESS_RANGE: 10.2.0.0/16,10.1.6.0/24
|
||||
|
||||
###################################
|
||||
# Optional features
|
||||
###################################
|
||||
|
||||
# Expose the admin interface (value: true, false)
|
||||
ADMIN: "true"
|
||||
# Run the admin interface in debug mode
|
||||
#DEBUG: "True"
|
||||
|
||||
# Choose which webmail to run if any (values: roundcube, rainloop, none)
|
||||
WEBMAIL: "roundcube"
|
||||
|
||||
# Dav server implementation (value: radicale, none)
|
||||
WEBDAV: "radicale"
|
||||
|
||||
# Antivirus solution (value: clamav, none)
|
||||
ANTIVIRUS: "clamav"
|
||||
|
||||
###################################
|
||||
# Mail settings
|
||||
###################################
|
||||
|
||||
# Message size limit in bytes
|
||||
# Default: accept messages up to 50MB
|
||||
MESSAGE_SIZE_LIMIT: "50000000"
|
||||
|
||||
# Will relay all outgoing mails if configured
|
||||
#RELAYHOST=
|
||||
|
||||
# This part is needed for the XCLIENT login for postfix. This should be the POD ADDRESS range
|
||||
FRONT_ADDRESS: "front.mailu-mailserver.svc.cluster.local"
|
||||
|
||||
# This value is needed by the webmail to find the correct imap backend
|
||||
IMAP_ADDRESS: "imap.mailu-mailserver.svc.cluster.local"
|
||||
|
||||
# This value is used by Dovecot to find the Redis server in the cluster
|
||||
REDIS_ADDRESS: "redis.mailu-mailserver.svc.cluster.local"
|
||||
|
||||
# Fetchmail delay
|
||||
FETCHMAIL_DELAY: "600"
|
||||
|
||||
# Recipient delimiter, character used to delimiter localpart from custom address part
|
||||
# e.g. localpart+custom@domain;tld
|
||||
RECIPIENT_DELIMITER: "+"
|
||||
|
||||
# DMARC rua and ruf email
|
||||
DMARC_RUA: "root"
|
||||
DMARC_RUF: "root"
|
||||
|
||||
# Welcome email, enable and set a topic and body if you wish to send welcome
|
||||
# emails to all users.
|
||||
WELCOME: "false"
|
||||
WELCOME_SUBJECT: "Welcome to your new email account"
|
||||
WELCOME_BODY: "Welcome to your new email account, if you can read this, then it is configured properly!"
|
||||
|
||||
###################################
|
||||
# Web settings
|
||||
###################################
|
||||
|
||||
# Path to the admin interface if enabled
|
||||
# Kubernetes addition: You need to change ALL the ingresses, when you want this URL to be different!!!
|
||||
WEB_ADMIN: "/admin"
|
||||
|
||||
# Path to the webmail if enabled
|
||||
# Currently, this is not used, because we intended to use a different subdomain: webmail.example.com
|
||||
# This option can be added in a feature release
|
||||
WEB_WEBMAIL: "/webmail"
|
||||
|
||||
# Website name
|
||||
SITENAME: "Mailu"
|
||||
|
||||
# Linked Website URL
|
||||
WEBSITE: "https://example.com"
|
||||
|
||||
# Registration reCaptcha settings (warning, this has some privacy impact)
|
||||
# RECAPTCHA_PUBLIC_KEY=
|
||||
# RECAPTCHA_PRIVATE_KEY=
|
||||
|
||||
# Domain registration, uncomment to enable
|
||||
# DOMAIN_REGISTRATION=true
|
||||
|
||||
###################################
|
||||
# Advanced settings
|
||||
###################################
|
||||
|
||||
# Create an admin account if it does not exist yet. It will also create the email domain for the account.
|
||||
# INITIAL_ADMIN_ACCOUNT: "admin"
|
||||
# INITIAL_ADMIN_DOMAIN: "example.com"
|
||||
# INITIAL_ADMIN_PW: "s3cr3t"
|
||||
|
||||
# Docker-compose project name, this will prepended to containers names.
|
||||
COMPOSE_PROJECT_NAME: "mailu"
|
||||
|
||||
# Default password scheme used for newly created accounts and changed passwords
|
||||
# (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
|
||||
PASSWORD_SCHEME: "SHA512-CRYPT"
|
||||
|
||||
# Header to take the real ip from
|
||||
#REAL_IP_HEADER:
|
||||
|
||||
# IPs for nginx set_real_ip_from (CIDR list separated by commas)
|
||||
#REAL_IP_FROM:
|
||||
|
||||
# Host settings
|
||||
HOST_IMAP: "imap.mailu-mailserver.svc.cluster.local"
|
||||
HOST_POP3: "imap.mailu-mailserver.svc.cluster.local"
|
||||
HOST_SMTP: "smtp.mailu-mailserver.svc.cluster.local"
|
||||
HOST_AUTHSMTP: "smtp.mailu-mailserver.svc.cluster.local"
|
||||
HOST_WEBMAIL: "webmail.mailu-mailserver.svc.cluster.local"
|
||||
HOST_ADMIN: "admin.mailu-mailserver.svc.cluster.local"
|
||||
HOST_WEBDAV: "webdav.mailu-mailserver.svc.cluster.local:5232"
|
||||
HOST_ANTISPAM_MILTER: "antispam.mailu-mailserver.svc.cluster.local:11332"
|
||||
HOST_ANTISPAM_WEBUI: "antispam.mailu-mailserver.svc.cluster.local:11334"
|
||||
HOST_ANTIVIRUS: "antivirus.mailu-mailserver.svc.cluster.local:3310"
|
||||
HOST_REDIS: "redis.mailu-mailserver.svc.cluster.local"
|
@ -1,39 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mailu-fetchmail
|
||||
namespace: mailu-mailserver
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mailu-fetchmail
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
containers:
|
||||
- name: fetchmail
|
||||
image: mailu/fetchmail:master
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: mailu-config
|
||||
volumeMounts:
|
||||
- name: maildata
|
||||
mountPath: /data
|
||||
subPath: maildata
|
||||
ports:
|
||||
- containerPort: 5232
|
||||
- containerPort: 80
|
||||
resources:
|
||||
requests:
|
||||
memory: 100Mi
|
||||
cpu: 100m
|
||||
limits:
|
||||
memory: 100Mi
|
||||
cpu: 100m
|
||||
volumes:
|
||||
- name: maildata
|
||||
persistentVolumeClaim:
|
||||
claimName: mail-storage
|
@ -1,148 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: mailu-front
|
||||
namespace: mailu-mailserver
|
||||
labels:
|
||||
k8s-app: mail-loadbalancer
|
||||
component: ingress-controller
|
||||
type: nginx
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: mail-loadbalancer
|
||||
component: ingress-controller
|
||||
type: nginx
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: mail-loadbalancer
|
||||
component: ingress-controller
|
||||
type: nginx
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: node-role.kubernetes.io/node
|
||||
operator: Exists
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/node: ""
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
restartPolicy: Always
|
||||
terminationGracePeriodSeconds: 60
|
||||
containers:
|
||||
- name: front
|
||||
image: mailu/nginx:master
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: mailu-config
|
||||
volumeMounts:
|
||||
- name: certs
|
||||
mountPath: /certs
|
||||
ports:
|
||||
- name: pop3
|
||||
containerPort: 110
|
||||
hostPort: 110
|
||||
protocol: TCP
|
||||
- name: pop3s
|
||||
containerPort: 995
|
||||
hostPort: 995
|
||||
protocol: TCP
|
||||
- name: imap
|
||||
containerPort: 143
|
||||
hostPort: 143
|
||||
protocol: TCP
|
||||
- name: imaps
|
||||
containerPort: 993
|
||||
hostPort: 993
|
||||
protocol: TCP
|
||||
- name: smtp
|
||||
containerPort: 25
|
||||
hostPort: 25
|
||||
protocol: TCP
|
||||
- name: smtps
|
||||
containerPort: 465
|
||||
hostPort: 465
|
||||
protocol: TCP
|
||||
- name: smtpd
|
||||
containerPort: 587
|
||||
hostPort: 587
|
||||
protocol: TCP
|
||||
# internal services (not exposed externally)
|
||||
- name: smtp-auth
|
||||
containerPort: 10025
|
||||
protocol: TCP
|
||||
- name: imap-auth
|
||||
containerPort: 10143
|
||||
protocol: TCP
|
||||
- name: auth
|
||||
containerPort: 8000
|
||||
protocol: TCP
|
||||
- name: http
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
resources:
|
||||
requests:
|
||||
memory: 100Mi
|
||||
cpu: 100m
|
||||
limits:
|
||||
memory: 200Mi
|
||||
cpu: 200m
|
||||
volumes:
|
||||
- name: certs
|
||||
secret:
|
||||
items:
|
||||
- key: tls.crt
|
||||
path: cert.pem
|
||||
- key: tls.key
|
||||
path: key.pem
|
||||
secretName: letsencrypt-certs-all
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: front
|
||||
namespace: mailu-mailserver
|
||||
labels:
|
||||
k8s-app: mail-loadbalancer
|
||||
component: ingress-controller
|
||||
type: nginx
|
||||
spec:
|
||||
selector:
|
||||
k8s-app: mail-loadbalancer
|
||||
component: ingress-controller
|
||||
type: nginx
|
||||
ports:
|
||||
- name: pop3
|
||||
port: 110
|
||||
protocol: TCP
|
||||
- name: pop3s
|
||||
port: 995
|
||||
protocol: TCP
|
||||
- name: imap
|
||||
port: 143
|
||||
protocol: TCP
|
||||
- name: imaps
|
||||
port: 993
|
||||
protocol: TCP
|
||||
- name: smtp
|
||||
port: 25
|
||||
protocol: TCP
|
||||
- name: smtps
|
||||
port: 465
|
||||
protocol: TCP
|
||||
- name: smtpd
|
||||
port: 587
|
||||
protocol: TCP
|
||||
- name: smtp-auth
|
||||
port: 10025
|
||||
protocol: TCP
|
||||
- name: imap-auth
|
||||
port: 10143
|
||||
protocol: TCP
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
@ -1,84 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mailu-imap
|
||||
namespace: mailu-mailserver
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mailu-imap
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
containers:
|
||||
- name: imap
|
||||
image: mailu/dovecot:master
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: mailu-config
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: maildata
|
||||
subPath: maildata
|
||||
- mountPath: /mail
|
||||
name: maildata
|
||||
subPath: mailstate
|
||||
- mountPath: /overrides
|
||||
name: maildata
|
||||
subPath: overrides
|
||||
ports:
|
||||
- name: imap-auth
|
||||
containerPort: 2102
|
||||
- name: imap-transport
|
||||
containerPort: 2525
|
||||
- name: pop3
|
||||
containerPort: 110
|
||||
- name: imap-default
|
||||
containerPort: 143
|
||||
- name: sieve
|
||||
containerPort: 4190
|
||||
resources:
|
||||
requests:
|
||||
memory: 1Gi
|
||||
cpu: 1000m
|
||||
limits:
|
||||
memory: 1Gi
|
||||
cpu: 1000m
|
||||
volumes:
|
||||
- name: maildata
|
||||
persistentVolumeClaim:
|
||||
claimName: mail-storage
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: imap
|
||||
namespace: mailu-mailserver
|
||||
labels:
|
||||
app: mailu
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
selector:
|
||||
app: mailu-imap
|
||||
role: mail
|
||||
tier: backend
|
||||
ports:
|
||||
- name: imap-auth
|
||||
port: 2102
|
||||
protocol: TCP
|
||||
- name: imap-transport
|
||||
port: 2525
|
||||
protocol: TCP
|
||||
- name: pop3
|
||||
port: 110
|
||||
protocol: TCP
|
||||
- name: imap-default
|
||||
port: 143
|
||||
protocol: TCP
|
||||
- name: sieve
|
||||
port: 4190
|
||||
protocol: TCP
|
@ -1,25 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: mailu-ingress
|
||||
namespace: mailu-mailserver
|
||||
annotations:
|
||||
kubernetes.io/tls-acme: "true"
|
||||
certmanager.k8s.io/cluster-issuer: letsencrypt-stage
|
||||
labels:
|
||||
app: mailu
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- "mail.example.com"
|
||||
secretName: letsencrypt-certs-all # If unsure how to generate these, check out https://github.com/ployst/docker-letsencrypt
|
||||
rules:
|
||||
- host: "mail.example.com"
|
||||
http:
|
||||
paths:
|
||||
- path: "/"
|
||||
backend:
|
||||
serviceName: front
|
||||
servicePort: 80
|
@ -1,27 +0,0 @@
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: redis-hdd
|
||||
namespace: mailu-mailserver
|
||||
annotations:
|
||||
volume.beta.kubernetes.io/storage-class: "glusterblock-hdd"
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
---
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: mail-storage
|
||||
namespace: mailu-mailserver
|
||||
annotations:
|
||||
volume.beta.kubernetes.io/storage-class: "gluster-heketi-hdd"
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 100Gi
|
@ -1,4 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: mailu-mailserver
|
@ -1,60 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mailu-redis
|
||||
namespace: mailu-mailserver
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: mailu-redis
|
||||
role: mail
|
||||
tier: backend
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mailu-redis
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
containers:
|
||||
- name: redis
|
||||
image: redis:5-alpine
|
||||
imagePullPolicy: Always
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: redisdata
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
name: redis
|
||||
protocol: TCP
|
||||
resources:
|
||||
requests:
|
||||
memory: 200Mi
|
||||
cpu: 100m
|
||||
limits:
|
||||
memory: 300Mi
|
||||
cpu: 200m
|
||||
volumes:
|
||||
- name: redisdata
|
||||
persistentVolumeClaim:
|
||||
claimName: redis-hdd
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: redis
|
||||
namespace: mailu-mailserver
|
||||
labels:
|
||||
app: mailu-redis
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
selector:
|
||||
app: mailu-redis
|
||||
role: mail
|
||||
tier: backend
|
||||
ports:
|
||||
- name: redis
|
||||
port: 6379
|
||||
protocol: TCP
|
@ -1,115 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mailu-security
|
||||
namespace: mailu-mailserver
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mailu-security
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
containers:
|
||||
- name: antispam
|
||||
image: mailu/rspamd:master
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: mailu-config
|
||||
resources:
|
||||
requests:
|
||||
memory: 100Mi
|
||||
cpu: 100m
|
||||
limits:
|
||||
memory: 200Mi
|
||||
cpu: 200m
|
||||
ports:
|
||||
- name: antispam
|
||||
containerPort: 11332
|
||||
protocol: TCP
|
||||
- name: antispam-http
|
||||
containerPort: 11334
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: filter
|
||||
subPath: filter
|
||||
mountPath: /var/lib/rspamd
|
||||
- name: filter
|
||||
mountPath: /dkim
|
||||
subPath: dkim
|
||||
- name: filter
|
||||
mountPath: /etc/rspamd/override.d
|
||||
subPath: rspamd-overrides
|
||||
- name: antivirus
|
||||
image: mailu/clamav:master
|
||||
imagePullPolicy: Always
|
||||
resources:
|
||||
requests:
|
||||
memory: 1Gi
|
||||
cpu: 1000m
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 1000m
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: mailu-config
|
||||
ports:
|
||||
- name: antivirus
|
||||
containerPort: 3310
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: filter
|
||||
subPath: filter
|
||||
mountPath: /data
|
||||
volumes:
|
||||
- name: filter
|
||||
persistentVolumeClaim:
|
||||
claimName: mail-storage
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: antispam
|
||||
namespace: mailu-mailserver
|
||||
labels:
|
||||
app: mailu-antispam
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
selector:
|
||||
app: mailu-security
|
||||
role: mail
|
||||
tier: backend
|
||||
ports:
|
||||
- name: antispam
|
||||
port: 11332
|
||||
protocol: TCP
|
||||
- name: antispam-http
|
||||
protocol: TCP
|
||||
port: 11334
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: antivirus
|
||||
namespace: mailu-mailserver
|
||||
labels:
|
||||
app: mailu-antivirus
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
selector:
|
||||
app: mailu-security
|
||||
role: mail
|
||||
tier: backend
|
||||
ports:
|
||||
- name: antivirus
|
||||
port: 3310
|
||||
protocol: TCP
|
@ -1,80 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mailu-smtp
|
||||
namespace: mailu-mailserver
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mailu-smtp
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
containers:
|
||||
- name: smtp
|
||||
image: mailu/postfix:master
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: mailu-config
|
||||
resources:
|
||||
requests:
|
||||
memory: 2Gi
|
||||
cpu: 500m
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 500m
|
||||
volumeMounts:
|
||||
- mountPath: /queue
|
||||
name: maildata
|
||||
subPath: mailqueue
|
||||
- mountPath: /overrides
|
||||
name: maildata
|
||||
subPath: overrides
|
||||
ports:
|
||||
- name: smtp
|
||||
containerPort: 25
|
||||
protocol: TCP
|
||||
- name: smtp-ssl
|
||||
containerPort: 465
|
||||
protocol: TCP
|
||||
- name: smtp-starttls
|
||||
containerPort: 587
|
||||
protocol: TCP
|
||||
- name: smtp-auth
|
||||
containerPort: 10025
|
||||
protocol: TCP
|
||||
volumes:
|
||||
- name: maildata
|
||||
persistentVolumeClaim:
|
||||
claimName: mail-storage
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: smtp
|
||||
namespace: mailu-mailserver
|
||||
labels:
|
||||
app: mailu
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
selector:
|
||||
app: mailu-smtp
|
||||
role: mail
|
||||
tier: backend
|
||||
ports:
|
||||
- name: smtp
|
||||
port: 25
|
||||
protocol: TCP
|
||||
- name: smtp-ssl
|
||||
port: 465
|
||||
protocol: TCP
|
||||
- name: smtp-starttls
|
||||
port: 587
|
||||
protocol: TCP
|
||||
- name: smtp-auth
|
||||
port: 10025
|
||||
protocol: TCP
|
@ -1,63 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mailu-webdav
|
||||
namespace: mailu-mailserver
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mailu-webdav
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
containers:
|
||||
- name: radicale
|
||||
image: mailu/radicale:master
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: mailu-config
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: maildata
|
||||
subPath: dav
|
||||
ports:
|
||||
- containerPort: 5232
|
||||
- containerPort: 80
|
||||
resources:
|
||||
requests:
|
||||
memory: 100Mi
|
||||
cpu: 100m
|
||||
limits:
|
||||
memory: 100Mi
|
||||
cpu: 100m
|
||||
volumes:
|
||||
- name: maildata
|
||||
persistentVolumeClaim:
|
||||
claimName: mail-storage
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: webdav
|
||||
namespace: mailu-mailserver
|
||||
labels:
|
||||
app: mailu-webdav
|
||||
role: mail
|
||||
tier: backend
|
||||
spec:
|
||||
selector:
|
||||
app: mailu-webdav
|
||||
role: mail
|
||||
tier: backend
|
||||
ports:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
- name: http-ui
|
||||
port: 5232
|
||||
protocol: TCP
|
@ -1,57 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mailu-roundcube
|
||||
namespace: mailu-mailserver
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mailu-roundcube
|
||||
role: mail
|
||||
tier: frontend
|
||||
spec:
|
||||
containers:
|
||||
- name: roundcube
|
||||
image: mailu/roundcube:master
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: mailu-config
|
||||
resources:
|
||||
requests:
|
||||
memory: 100Mi
|
||||
cpu: 100m
|
||||
limits:
|
||||
memory: 200Mi
|
||||
cpu: 200m
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: maildata
|
||||
subPath: webmail
|
||||
ports:
|
||||
- containerPort: 80
|
||||
volumes:
|
||||
- name: maildata
|
||||
persistentVolumeClaim:
|
||||
claimName: mail-storage
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: webmail
|
||||
namespace: mailu-mailserver
|
||||
labels:
|
||||
app: mailu-roundcube
|
||||
role: mail
|
||||
tier: frontend
|
||||
spec:
|
||||
selector:
|
||||
app: mailu-roundcube
|
||||
role: mail
|
||||
tier: frontend
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
@ -1,55 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: default-http-backend
|
||||
labels:
|
||||
app: default-http-backend
|
||||
namespace: kube-ingress
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: default-http-backend
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: default-http-backend
|
||||
spec:
|
||||
terminationGracePeriodSeconds: 60
|
||||
containers:
|
||||
- name: default-http-backend
|
||||
# Any image is permissible as long as:
|
||||
# 1. It serves a 404 page at /
|
||||
# 2. It serves 200 on a /healthz endpoint
|
||||
image: gcr.io/google_containers/defaultbackend:1.4
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8080
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 5
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
resources:
|
||||
limits:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: default-http-backend
|
||||
namespace: kube-ingress
|
||||
labels:
|
||||
app: default-http-backend
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: default-http-backend
|
@ -1,127 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
# keep it under 24 chars
|
||||
name: ingress-lb
|
||||
namespace: kube-ingress
|
||||
labels:
|
||||
k8s-app: ingress-lb
|
||||
component: ingress-controller
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
k8s-app: ingress-lb
|
||||
component: ingress-controller
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
- name: https
|
||||
protocol: TCP
|
||||
port: 443
|
||||
targetPort: 443
|
||||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: udp-services
|
||||
namespace: kube-ingress
|
||||
|
||||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: tcp-services
|
||||
namespace: kube-ingress
|
||||
data:
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
enable-vts-status: "true"
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nginx-ingress-lb-conf
|
||||
namespace: kube-ingress
|
||||
---
|
||||
apiVersion: apps/v1beta2
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: ingress-controller
|
||||
namespace: kube-ingress
|
||||
annotations:
|
||||
prometheus.io/port: "10254"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
k8s-app: ingress-lb
|
||||
component: ingress-controller
|
||||
type: nginx
|
||||
spec:
|
||||
updateStrategy:
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
type: RollingUpdate
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: ingress-lb
|
||||
component: ingress-controller
|
||||
type: nginx
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: ingress-lb
|
||||
component: ingress-controller
|
||||
type: nginx
|
||||
spec:
|
||||
serviceAccount: kube-nginx-ingress
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: node-role.kubernetes.io/master
|
||||
operator: DoesNotExist
|
||||
containers:
|
||||
- name: nginx-ingress-lb
|
||||
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.2
|
||||
args:
|
||||
- /nginx-ingress-controller
|
||||
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
|
||||
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
|
||||
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
|
||||
- --annotations-prefix=ingress.kubernetes.io
|
||||
- --enable-ssl-passthrough
|
||||
# use downward API
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
- name: https
|
||||
containerPort: 443
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 10254
|
||||
scheme: HTTP
|
||||
livenessProbe:
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 1
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 10254
|
||||
scheme: HTTP
|
||||
hostNetwork: true
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/node: ""
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
restartPolicy: Always
|
||||
terminationGracePeriodSeconds: 60
|
@ -1,129 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: kube-ingress
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: kube-nginx-ingress
|
||||
namespace: kube-ingress
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: kube-nginx-ingress
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- endpoints
|
||||
- nodes
|
||||
- pods
|
||||
- secrets
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- "extensions"
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- apiGroups:
|
||||
- "extensions"
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: kube-nginx-ingress
|
||||
namespace: kube-ingress
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- pods
|
||||
- secrets
|
||||
- namespaces
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
resourceNames:
|
||||
- "ingress-controller-leader-nginx"
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: kube-nginx-ingress
|
||||
namespace: kube-ingress
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: kube-nginx-ingress
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kube-nginx-ingress
|
||||
namespace: kube-ingress
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kube-nginx-ingress
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kube-nginx-ingress
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kube-nginx-ingress
|
||||
namespace: kube-ingress
|
@ -1,4 +1,4 @@
|
||||
flask
|
||||
flask-bootstrap
|
||||
redis
|
||||
gunicorn
|
||||
Flask==1.0.2
|
||||
Flask-Bootstrap==3.3.7.1
|
||||
gunicorn==19.9.0
|
||||
redis==3.2.1
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue