diff --git a/apps/base/mail/kustomization.yaml b/apps/base/mail/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4b15aa9e977da9a8dda1230b10811936465a4e88 --- /dev/null +++ b/apps/base/mail/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: mail +resources: + - namespace.yaml + - release.yaml diff --git a/apps/base/mail/namespace.yaml b/apps/base/mail/namespace.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7e1eb63f862136b4ef686fdf9ad5629c490ad5bd --- /dev/null +++ b/apps/base/mail/namespace.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: mail +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flux-reconciler + namespace: mail +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: flux-reconciler + namespace: mail +rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: flux-reconciler + namespace: mail +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: flux-reconciler +subjects: + - kind: ServiceAccount + name: flux-reconciler + namespace: mail diff --git a/apps/base/mail/release.yaml b/apps/base/mail/release.yaml new file mode 100644 index 0000000000000000000000000000000000000000..904d5b21b6a06bfa6c7ed59434b6254af687242d --- /dev/null +++ b/apps/base/mail/release.yaml @@ -0,0 +1,21 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: mail + namespace: mail +spec: + serviceAccountName: flux-reconciler + releaseName: mail + chart: + spec: + chart: ./charts/mok + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + interval: 5m + valuesFrom: + - kind: Secret + name: mail-override-values + valuesKey: values-overrides.yaml + optional: false diff --git a/apps/k8s01/mail/certificate.yaml b/apps/k8s01/mail/certificate.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7dac0e4101b9b155f587eb8f9e9269f1dfdd88c4 --- /dev/null +++ b/apps/k8s01/mail/certificate.yaml @@ -0,0 +1,65 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mail-tls +spec: + dnsNames: + - ENC[AES256_GCM,data:z7nlxGy7CKTYmeAo4yTe9Z8lsaTfxiQ4,iv:8aNGQZW379u3Q8hoBmtAaG5Gfz9zwV0FI63Ge3UhBkg=,tag:S0IvfcA4qOOY+SwBxMxd5w==,type:str] + - ENC[AES256_GCM,data:97XTao4ZNqpKepDdDHgLUPIFoZmZmY0t,iv:Wgru8AZYqOclgATdbVz7VQyqUOdimIXELLrwHE4JlJg=,tag:xenX4JaMAHIsJ4SI6E6ENA==,type:str] + - ENC[AES256_GCM,data:s9y4Ug11EO2XCQ5SgDxfdbyaP3DurwHVwA==,iv:GdI1+58IGF6JIBHChVwDdgVRU4tQuztm9CW0S5g/ERQ=,tag:aed/0zfur0xfC41oovBhVQ==,type:str] + issuerRef: + name: letsencrypt + kind: ClusterIssuer + secretName: mail-tls +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-26T21:07:58Z" + mac: ENC[AES256_GCM,data:04iEckB7o4EZCGwzFdK3cmshFn5PmTgbqkTEZLtJyBZ5IMYu+hKwaSTpyevHB0dZWFiYoh/+PE5Mbwh2HuIWZp0tHgShl84QfjjbA/BW/D5IShAuuvRObCtWTomLIT+HtZqGtR1omQ0KfQ8aOALYBRL9ha8ly5W51iFFcZZ/Gik=,iv:hkbG70i+nxIvW2HNLJNycaqdQ3XXOVtWg9sU7/H1nHI=,tag:PkCIMIYdxqnyxWIwlBg4cg==,type:str] + pgp: + - created_at: "2022-06-26T21:07:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcARAANe0TNc3Cyl/dqAYykwIYrfg5xWgH25m/SDw9qjY01e8u + 0qHgolydl0+WJV1vx2GRUbdUqzLjcMeJABslfgL2LuhP5Uc5bQpGF8JDcx2l3IS+ + /n2hZv2JtaptVW116gij+HcVPKWE5d6w3J7O5v5Enq0Szm4AsPxSO7t6o9IrWXr4 + 04ANt4Dyvt4gJMgUbTdF383w9e6U00m/L57f8AG6evh2ZE4H9j+4zhSdlz57iOTX + YDA4iFlFK5+2b0nxBwUy9A1oToOhzqeCaJTISNtd+DSaiEzeto24dtmurZfnqwCe + xd//UAfnOYlnN+tPD1mL1kDQm2gFwgn5E9ibIVuM8EbHAhd5Yejxa6VpESICgZVA + cVCg2LfS1ioNxn3NMWygYn53dGl8mPX1DihZD5/5pbmJXknSTc3PeImzVX/aq0T/ + RzT0dlV3FDRwmyNoyhpaI4xZkqzw4omxkpiScOSHPtzsumdd1LrnyTIdDYww8rk1 + iThal6pZevmUp/rkLji/9o+4yMi1LN1wA/wxCVcPh+kNm8cT/OyL7bxQJ/KiPUR6 + yk8XBshc/bteAJWpA1AKTbTMlMrik4cWUBr1sGAT5Np9IXlZGe+7yPiKLsV/5K10 + TtvE4EC777KknguwMsnSrtNZuBQiGsxdilTfVNKfKcMD6znyhPukn8xrz3eCkFPS + 5gE8J6xFi8ShediP84bEKH5evXXuREgWGXqmqa3BX2f8RDePUHIezt3JRsbEv6qJ + RvtAhv2UWeoGpEgVKh98QnTk4P96MhNVyktPdFSbnwu98OIyuXKZAA== + =Gh2M + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-06-26T21:07:57Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPARAAjojC9+Pfq2c3FcTiDG1xrw11TR3csrtM+0Ovij4hDiF8 + c9Nh3kpaDAD3P8hrLPppxdr9+zrH2S13hqlJQ7+msbje4WAm2GW2rhuQDn2vWtag + rIH2UfFcONuPrC1taqL6iw3vz1lc9GAYvly/IdFm69A1+kGWj6rOzbq3AaAMqeDT + 5O0G3bwB4yLY0g373bmg1/PW3tQb1p1X7wkbRV+86nv8KrB0pCJmwLNzEk/FVLSR + bae4VUKx/wpGa+YvReoqRBz0WgUytXSav+U+dIEmupxh2k9Fqh7Eul9hob8mLPNs + 4JqZKvfCRxZh6LXvC73zB2RL9sAK7hEPGfQDdEUBX8g9NjcDtXp3CVLuhq68gg7e + 184ynbXJ+bDyEXs7Qtxp7Q8MHNom+SBzweJSgjtb68A7TxdQebHlLOorZNt2vI3J + XE9VxR2ARJ41RMyel4krOF+VY1Zdq6fD3TR3J2aSycqLOfm4Zx5Dn3o3Qv40BvpD + OTC35curjickrZhuHgbqVoz7ZSL/rGGQmKgROPPRcl7uYVXPpVfCWLNRIEsnVS9p + U4QVYimCFA3kJGrUUbef4XxusiUq7bo20kv3ssWho9qtbZ4hDQVvqoQGRilfgY0e + LJixf5SS01g6YuBpY9yFMEXT+6L7MDby/JPtEGIAf9o7WR4B/4R1cRRhB4c02MXU + aAEJAhADGKW7Tcjqkprt3rRisEE9dyQcCkux+J1Ju2SFlnexslEal//G+bcNQEnA + l4fBrLmEd1WHkiJa8IMOFgumhCz1bLkBOLqSCuQz4JVs310bTt06n2nbZlg6ajrX + z2PNteV9PZPa + =rI0j + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey)$ + version: 3.7.1 diff --git a/apps/k8s01/mail/kustomization.yaml b/apps/k8s01/mail/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4131d44ebcf19598ab2dc8990c55c399f230d082 --- /dev/null +++ b/apps/k8s01/mail/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: mail +resources: + - ../../base/mail + - certificate.yaml + - mail-values.yaml + - ../../../shared/resourcequotas/default.yaml diff --git a/apps/k8s01/mail/mail-values.yaml b/apps/k8s01/mail/mail-values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..db89b1d27d0f7893c611b6526a347d04953bc2de --- /dev/null +++ b/apps/k8s01/mail/mail-values.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mail-override-values + namespace: mail +type: Opaque +stringData: + values-overrides.yaml: ENC[AES256_GCM,data:J4Ws9KzUEaYaxNH6jugU4q+K3RfoASRnB+/IzQYLrA9EVK5puei77oMHAKAUf15lP7CW8MKxWyVnFbE6fP664LDriS1xNHUgE0NVLXb5bdbo/zAHIaq3fDk1iklYRNphy/GCUQqJBYSzsaATsQprs5Sz/odYVjT2HWmHiT3z5f31Oy0U2f59xz0TGRyUIxOhslP/VryEc8xtjwIpnA8UxCJXta6s7u7KBTHFvQ1rG2hbXwWAtWGwcRVNa//D4hhCppkNGiN/RHYLDCk2/pI9RKhSagYXM2+CT7jS1lG6c2X5CxQyWKZgiwISubeqAK39pT4nYFFOC0eZv5y5Octd2kZBepoNeZCPPliIjfD/Q1DolQ0RfdPG7kxSRvcqxeRZenwd/R/gOo6ugXVQX/yV+Wanaozm6TqBDaLtn+rjx+LXcVEkaGMQ7UYAz8e+RaGXeoj0UwF3YHhEBSE5DGHZ8oHE7XZoxDj3nsnNt8HZnpbFNSWDzFoTw4ba4qRoHGTdpRFpe96VBAWNjXzn4CEBg1MB2zu2l83GynrnlzDbiSXSd8nA5nukJ+8RbOJVAcBRK3/WFPBc0X11wzrS4qg+nBRzmepUVRaP35EH5it4m3nD0cU2lq0SX1bRWb/I/jGn0iadcpQ/y0mXT/r/BKK8yDUow7+u7wjM2WnGuH31ZrwQPq5nbxNNWLQ2K5DmeRnWDG4PUy89/m1D7Uq8FyJ4tsxKoJCw43sWy+SVNvbmtz//M78kl+apneEymdIhaCiJQczqC2Z13umcSpD5QUu8SH2Fe19z6+6L19Wy3BUGrrh7dz/8hybTImNO+OuPJh9zK6vktQi1ooGJt21OUkCMdWERHVMpgsGdCtF3Ds4pLCdFG8H5/1EfLLFTzHuSrAcx8YT1Y8MW4/xqeLBa+2HHkKw//lpQIxfDKbXHF6TQCG++tcEh8bIHUwYUuhwxHMTfaMWMQ0h6Wpp7ck29Qm5SJqz+7ZKWx8tS6T5HXH+TdMWFQe+ObYE86se0/MAKNziUuBHMRQGbGtIGLOq9AnU180r4y7d3ji8dWLIRkK1udXJc7+wXWV4ntHu+m4152janc7cnJWxZ9XJ9AwaMvySaByazkO3tg1u/REE587rAWJqKxzz8AGEccWE0oJA2AQJluIR+M2hxCnQ47tUE8fbwKorFy3SR9XJ9zbCv2XdMabgmsA0z9pbMbyWBkRSGS3OqtdP6DjG1FfddQ4tF2gexjI1YZg==,iv:44m5tiAyAp89C8lE8zB4agHyNfo9kFRdu0mMRrd9Uik=,tag:9QtJ/TPWZ2nOyEA0isrujQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-26T21:04:03Z" + mac: ENC[AES256_GCM,data:8EwGqZ0/JvdGLuX53iin8IFC8j0QTYI5OynaQnBF/MZER8Q/3oUZ8wajX7e3iLk/0k9wYjQfeCb/ljrMEpPVXEQ0GSnYOByEuJvCsYvoQBRikaD+MFmSS3Mvv7JwOOmEemyut2O+pzqjsVIyr14jXsAdud0e9su5XcqpnDiYuow=,iv:/TqNevubPSt5A/5/WHsLvNBOYKMxlaUp3HhO2vAXFT8=,tag:CV+IWiOVaB8sGcQAK/nTpw==,type:str] + pgp: + - created_at: "2022-04-19T15:47:33Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcARAAQewbu6GAicH3oQVEnPX8+ajTct3xvJJVPrCemiOFVe/A + yPQhXM66aCnYpiQg/T4U/rrzbeYbcw2rRs0SdD0ji9M7FM8CdTNlv1yhOJ7+6RRp + 0rGKUUM8JqHESayzFLTNT8CKlRTfm9mv5bsv6yLsDwHhQ1YgOuLaqJgxVWhfmIgk + 7v92c+ZJAUZIAm3uaupbzJeyjUpHlkC2+Dk58Tvzfdo7DQ466En23U80Pq9mVDw7 + 7+P68KVtBm0KrDMTUEynERJfohxLLzHg+PDT99hEONQ6E4vNKrXUqFvzPkmu1liY + klPNgCWh6/jCpy8rOnyfbeu/O9VrB7hPXWs8w3z57ei7edBM6bHHkGwk5j08+qMT + oYfeC2qGpgO5rGG+laIokd0a0ajkgSi4dxdjDW+GD16XP+30KzDxnukLfmwN2CjX + b9FzV24cUZGTJLfDMysRU4wgxJV/Tdtsma0RApS61GsMJWktLe8HK7tab9SAGLXv + oGhh/2trEn5vX89KmfuabEBG5lBLhRFP1xZ7eSLG3KSeErWHDyRU04MHxjeF5673 + 8XD2Ft9wGUeEQfkQxsQ51p3RRLFZhun1hHw+K6NNcjarqY83aVsxGMST2lWP2hMt + OrVYf1uCX+AxL1vGLOTGjU5YjSf6vbWGz093oM4vmcQMLeEE/2xAFwNy4nUHXw7S + 5gFNvc0SIBpwL/veysuWGwwRt569bLCR+xYQrrE1xZD0PApIpLVQPn5Sk0uMCoYd + 2HtDOftrUJcr0uuc+HyX5hLkhxRn/OT+rzN9uM0MeU7lEOI6sDV+AA== + =jjmF + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-04-19T15:47:33Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPAQ//SJDf5zWt2TT8S2nJwzXgV7i//WzUThC5ui2aeJ5PFp8i + XngQWb5JwMy6Xsmbse5LuMjgCrwZAwlF9x78QROfNzdlKC16ynPzgoQJQDjQbNq8 + 5xAUCHd8X3GJY9wnf4l4asJXutdL9FPVAiMaW63HkSRvyWaJeTCiohcCw+Mn6PO9 + FfCNBUAxlST+vInnG7WGEMMaGh9eqitgd39Pe2cJ7ABaNEY23AJ2btvYwn0alZ5p + JJxDqS4L9wiaK8mjG2YR+mLnojSGSw4Yk3bBf5cMG7gwHleTYT3SP9wADZWRmTx/ + UOn74UdcnoVBDRuhGgAyjaFJ/QY+NeWz1fvfeDCGkF60CH0LVFQ55UijdA2UD/Ej + Z/CPhomJYyVPdLwhkri+HVOyXYq3XdaJKoghY3ZWyPMkgFxaXQku4PP3VaodtnXK + 3rx/vTLRORkbteWBO0HIg7PP7MHQ+dgcE9NxN1dpZkiEFJ0R02+4+hTOh0yaL7Er + 6JRsWAt3Gz2JzdWgpstOPe7XCFkaSArv/BLDC2swm0D/R7sgTv+sT892fCWnSNpw + eC4JaX3eHKEfWvmxCG+ftv41O83bAp37s6zJFVQ8IlsSGyitYa83Tne3wrNuIpId + f3H0JmEpKpW++nqQtyx6Io/7wb1JGn9+02MfN27hYMVxmwcAo4ZinFtqhW7LJ4LU + aAEJAhABKHAnUIzbrd34+1aaJeXSVh+vaTX9dpkSe63t2rRaUQNGQdV3Tl5atEfL + 01TZTMcPE5fgLiKAfgIzW6GCxhGW6nL6LCsqg6YYdcpGkfuLfwNEEWCXfIehRbF9 + l0bvVvCWbu21 + =JbGi + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey)$ + version: 3.7.1