apiVersion: apps/v1 kind: Deployment metadata: name: mailu-front namespace: bakery-ia labels: app: mailu component: front spec: replicas: 1 selector: matchLabels: app: mailu component: front template: metadata: labels: app: mailu component: front spec: containers: - name: front image: ghcr.io/mailu/nginx:2024.06 imagePullPolicy: IfNotPresent ports: - containerPort: 80 name: http - containerPort: 443 name: https envFrom: - configMapRef: name: mailu-config - secretRef: name: mailu-secrets volumeMounts: - name: mailu-data mountPath: /data - name: mailu-tls mountPath: /certs readOnly: true resources: requests: cpu: 100m memory: 128Mi limits: cpu: 200m memory: 256Mi volumes: - name: mailu-data persistentVolumeClaim: claimName: mailu-data - name: mailu-tls secret: # TLS secret name is environment-specific: # - Dev: bakery-dev-tls-cert (self-signed, from dev-certificate.yaml) # - Prod: bakery-ia-prod-tls-cert (Let's Encrypt, from prod-certificate.yaml) # Patched via kustomize overlays in dev/prod kustomization.yaml secretName: MAILU_TLS_SECRET_PLACEHOLDER items: - key: tls.crt path: cert.pem - key: tls.key path: key.pem --- apiVersion: apps/v1 kind: Deployment metadata: name: mailu-admin namespace: bakery-ia labels: app: mailu component: admin spec: replicas: 1 selector: matchLabels: app: mailu component: admin template: metadata: labels: app: mailu component: admin spec: containers: - name: admin image: ghcr.io/mailu/admin:2024.06 imagePullPolicy: IfNotPresent ports: - containerPort: 80 name: http envFrom: - configMapRef: name: mailu-config - secretRef: name: mailu-secrets volumeMounts: - name: mailu-data mountPath: /data resources: requests: cpu: 100m memory: 256Mi limits: cpu: 300m memory: 512Mi volumes: - name: mailu-data persistentVolumeClaim: claimName: mailu-data --- apiVersion: apps/v1 kind: Deployment metadata: name: mailu-smtp namespace: bakery-ia labels: app: mailu component: smtp spec: replicas: 1 selector: matchLabels: app: mailu component: smtp template: metadata: labels: app: mailu component: smtp spec: containers: - name: smtp image: ghcr.io/mailu/postfix:2024.06 imagePullPolicy: IfNotPresent ports: - containerPort: 25 name: smtp - containerPort: 587 name: submission envFrom: - configMapRef: name: mailu-config - secretRef: name: mailu-secrets volumeMounts: - name: mailu-data mountPath: /data resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi volumes: - name: mailu-data persistentVolumeClaim: claimName: mailu-data --- apiVersion: apps/v1 kind: Deployment metadata: name: mailu-imap namespace: bakery-ia labels: app: mailu component: imap spec: replicas: 1 selector: matchLabels: app: mailu component: imap template: metadata: labels: app: mailu component: imap spec: containers: - name: imap image: ghcr.io/mailu/dovecot:2024.06 imagePullPolicy: IfNotPresent ports: - containerPort: 143 name: imap - containerPort: 993 name: imaps envFrom: - configMapRef: name: mailu-config - secretRef: name: mailu-secrets volumeMounts: - name: mailu-data mountPath: /data resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi volumes: - name: mailu-data persistentVolumeClaim: claimName: mailu-data