Add new infra architecture

2026-01-19 11:55:17 +01:00
parent 21d35ea92b
commit 35f164f0cd
311 changed files with 13241 additions and 3700 deletions
--- a/infrastructure/platform/mail/mailu/mailu-deployment.yaml
+++ b/infrastructure/platform/mail/mailu/mailu-deployment.yaml
@@ -0,0 +1,208 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mailu-front
+  namespace: bakery-ia
+  labels:
+    app: mailu
+    component: front
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mailu
+      component: front
+  template:
+    metadata:
+      labels:
+        app: mailu
+        component: front
+    spec:
+      containers:
+      - name: front
+        image: ghcr.io/mailu/nginx:2024.06
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 80
+          name: http
+        - containerPort: 443
+          name: https
+        envFrom:
+        - configMapRef:
+            name: mailu-config
+        - secretRef:
+            name: mailu-secrets
+        volumeMounts:
+        - name: mailu-data
+          mountPath: /data
+        - name: mailu-tls
+          mountPath: /certs
+          readOnly: true
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 200m
+            memory: 256Mi
+      volumes:
+      - name: mailu-data
+        persistentVolumeClaim:
+          claimName: mailu-data
+      - name: mailu-tls
+        secret:
+          # TLS secret name is environment-specific:
+          # - Dev: bakery-dev-tls-cert (self-signed, from dev-certificate.yaml)
+          # - Prod: bakery-ia-prod-tls-cert (Let's Encrypt, from prod-certificate.yaml)
+          # Patched via kustomize overlays in dev/prod kustomization.yaml
+          secretName: MAILU_TLS_SECRET_PLACEHOLDER
+          items:
+          - key: tls.crt
+            path: cert.pem
+          - key: tls.key
+            path: key.pem
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mailu-admin
+  namespace: bakery-ia
+  labels:
+    app: mailu
+    component: admin
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mailu
+      component: admin
+  template:
+    metadata:
+      labels:
+        app: mailu
+        component: admin
+    spec:
+      containers:
+      - name: admin
+        image: ghcr.io/mailu/admin:2024.06
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 80
+          name: http
+        envFrom:
+        - configMapRef:
+            name: mailu-config
+        - secretRef:
+            name: mailu-secrets
+        volumeMounts:
+        - name: mailu-data
+          mountPath: /data
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 300m
+            memory: 512Mi
+      volumes:
+      - name: mailu-data
+        persistentVolumeClaim:
+          claimName: mailu-data
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mailu-smtp
+  namespace: bakery-ia
+  labels:
+    app: mailu
+    component: smtp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mailu
+      component: smtp
+  template:
+    metadata:
+      labels:
+        app: mailu
+        component: smtp
+    spec:
+      containers:
+      - name: smtp
+        image: ghcr.io/mailu/postfix:2024.06
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 25
+          name: smtp
+        - containerPort: 587
+          name: submission
+        envFrom:
+        - configMapRef:
+            name: mailu-config
+        - secretRef:
+            name: mailu-secrets
+        volumeMounts:
+        - name: mailu-data
+          mountPath: /data
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+      volumes:
+      - name: mailu-data
+        persistentVolumeClaim:
+          claimName: mailu-data
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mailu-imap
+  namespace: bakery-ia
+  labels:
+    app: mailu
+    component: imap
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mailu
+      component: imap
+  template:
+    metadata:
+      labels:
+        app: mailu
+        component: imap
+    spec:
+      containers:
+      - name: imap
+        image: ghcr.io/mailu/dovecot:2024.06
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 143
+          name: imap
+        - containerPort: 993
+          name: imaps
+        envFrom:
+        - configMapRef:
+            name: mailu-config
+        - secretRef:
+            name: mailu-secrets
+        volumeMounts:
+        - name: mailu-data
+          mountPath: /data
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+      volumes:
+      - name: mailu-data
+        persistentVolumeClaim:
+          claimName: mailu-data