mirror of
https://github.com/chillout2k/ExOTA-Milter.git
synced 2025-12-12 18:00:19 +00:00
82 lines
2.4 KiB
YAML
82 lines
2.4 KiB
YAML
---
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: exota-milter
|
|
labels:
|
|
app: exota-milter
|
|
spec:
|
|
replicas: 3
|
|
selector:
|
|
matchLabels:
|
|
app: exota-milter
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: exota-milter
|
|
spec:
|
|
# Do not deploy more than one pods per node
|
|
topologySpreadConstraints:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app: exota-milter
|
|
maxSkew: 1
|
|
topologyKey: kubernetes.io/hostname
|
|
whenUnsatisfiable: DoNotSchedule
|
|
# Pod eviction toleration overrides
|
|
tolerations:
|
|
- key: "node.kubernetes.io/unreachable"
|
|
operator: "Exists"
|
|
effect: "NoExecute"
|
|
tolerationSeconds: 30
|
|
- key: "node.kubernetes.io/not-ready"
|
|
operator: "Exists"
|
|
effect: "NoExecute"
|
|
tolerationSeconds: 30
|
|
restartPolicy: Always
|
|
terminationGracePeriodSeconds: 10
|
|
volumes:
|
|
- name: exota-milter-policy-volume
|
|
configMap:
|
|
name: exota-milter-policy-cmap
|
|
items:
|
|
- key: exota-milter-policy
|
|
path: 'exota-milter-policy.json'
|
|
containers:
|
|
- name: exota-milter
|
|
image: chillout2k/exota-milter
|
|
imagePullPolicy: Always
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: exota-milter-policy-volume
|
|
startupProbe:
|
|
exec:
|
|
command: ["nc", "-v", "-w1", "127.0.0.1", "4321"]
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
env:
|
|
- name: LOG_LEVEL
|
|
value: 'info'
|
|
- name: MILTER_SOCKET
|
|
value: 'inet:4321@127.0.0.1'
|
|
- name: MILTER_POLICY_FILE
|
|
value: '/data/exota-milter-policy.json'
|
|
- name: MILTER_DKIM_ENABLED
|
|
value: 'True'
|
|
- name: MILTER_DKIM_ALIGNMENT_REQUIRED
|
|
value: 'True'
|
|
- name: MILTER_TRUSTED_AUTHSERVID
|
|
value: 'DKIMAuthservID'
|
|
- name: MILTER_X509_ENABLED
|
|
value: 'True'
|
|
- name: MILTER_X509_TRUSTED_CN
|
|
value: 'mail.protection.outlook.com'
|
|
- name: MILTER_X509_IP_WHITELIST
|
|
value: '127.0.0.1,::1'
|
|
- name: MILTER_ADD_HEADER
|
|
value: 'True'
|
|
- name: MILTER_AUTHSERVID
|
|
value: 'some-auth-serv-id'
|
|
- name: MILTER_REJECT_MESSAGE
|
|
value: 'Security policy violation!!'
|