2026-01-28 01:48:32 -03:00
|
|
|
# services/mailu/oneoffs/mailu-sync-job.yaml
|
|
|
|
|
# One-off job for mailu-mailserver/mailu-sync-9.
|
|
|
|
|
# Purpose: mailu sync 9 (see container args/env in this file).
|
|
|
|
|
# Run by setting spec.suspend to false, reconcile, then set it back to true.
|
|
|
|
|
# Safe to delete the finished Job/pod; it should not run continuously.
|
2025-12-12 22:09:04 -03:00
|
|
|
apiVersion: batch/v1
|
|
|
|
|
kind: Job
|
|
|
|
|
metadata:
|
2026-01-19 02:45:19 -03:00
|
|
|
name: mailu-sync-9
|
2025-12-12 22:09:04 -03:00
|
|
|
namespace: mailu-mailserver
|
|
|
|
|
spec:
|
2026-01-28 01:48:32 -03:00
|
|
|
suspend: true
|
2025-12-12 22:09:04 -03:00
|
|
|
template:
|
2026-01-14 14:17:26 -03:00
|
|
|
metadata:
|
|
|
|
|
annotations:
|
|
|
|
|
vault.hashicorp.com/agent-inject: "true"
|
2026-01-14 14:29:29 -03:00
|
|
|
vault.hashicorp.com/agent-pre-populate-only: "true"
|
2026-01-14 14:17:26 -03:00
|
|
|
vault.hashicorp.com/role: "mailu-mailserver"
|
|
|
|
|
vault.hashicorp.com/agent-inject-secret-mailu-db-secret__database: "kv/data/atlas/mailu/mailu-db-secret"
|
|
|
|
|
vault.hashicorp.com/agent-inject-template-mailu-db-secret__database: |
|
|
|
|
|
{{- with secret "kv/data/atlas/mailu/mailu-db-secret" -}}{{ .Data.data.database }}{{- end -}}
|
|
|
|
|
vault.hashicorp.com/agent-inject-secret-mailu-db-secret__username: "kv/data/atlas/mailu/mailu-db-secret"
|
|
|
|
|
vault.hashicorp.com/agent-inject-template-mailu-db-secret__username: |
|
|
|
|
|
{{- with secret "kv/data/atlas/mailu/mailu-db-secret" -}}{{ .Data.data.username }}{{- end -}}
|
|
|
|
|
vault.hashicorp.com/agent-inject-secret-mailu-db-secret__password: "kv/data/atlas/mailu/mailu-db-secret"
|
|
|
|
|
vault.hashicorp.com/agent-inject-template-mailu-db-secret__password: |
|
|
|
|
|
{{- with secret "kv/data/atlas/mailu/mailu-db-secret" -}}{{ .Data.data.password }}{{- end -}}
|
|
|
|
|
vault.hashicorp.com/agent-inject-secret-mailu-sync-credentials__client-id: "kv/data/atlas/mailu/mailu-sync-credentials"
|
|
|
|
|
vault.hashicorp.com/agent-inject-template-mailu-sync-credentials__client-id: |
|
|
|
|
|
{{- with secret "kv/data/atlas/mailu/mailu-sync-credentials" -}}{{ index .Data.data "client-id" }}{{- end -}}
|
|
|
|
|
vault.hashicorp.com/agent-inject-secret-mailu-sync-credentials__client-secret: "kv/data/atlas/mailu/mailu-sync-credentials"
|
|
|
|
|
vault.hashicorp.com/agent-inject-template-mailu-sync-credentials__client-secret: |
|
|
|
|
|
{{- with secret "kv/data/atlas/mailu/mailu-sync-credentials" -}}{{ index .Data.data "client-secret" }}{{- end -}}
|
2026-01-19 01:40:27 -03:00
|
|
|
vault.hashicorp.com/agent-inject-secret-mailu-initial-account-secret__password: "kv/data/atlas/mailu/mailu-initial-account-secret"
|
|
|
|
|
vault.hashicorp.com/agent-inject-template-mailu-initial-account-secret__password: |
|
|
|
|
|
{{- with secret "kv/data/atlas/mailu/mailu-initial-account-secret" -}}{{ .Data.data.password }}{{- end -}}
|
2025-12-12 22:09:04 -03:00
|
|
|
spec:
|
|
|
|
|
restartPolicy: OnFailure
|
2026-01-17 01:47:53 -03:00
|
|
|
affinity:
|
|
|
|
|
nodeAffinity:
|
|
|
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
|
nodeSelectorTerms:
|
|
|
|
|
- matchExpressions:
|
|
|
|
|
- key: node-role.kubernetes.io/worker
|
|
|
|
|
operator: Exists
|
|
|
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
|
- weight: 100
|
|
|
|
|
preference:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
- key: kubernetes.io/arch
|
|
|
|
|
operator: In
|
|
|
|
|
values: ["arm64"]
|
2026-01-14 05:07:23 -03:00
|
|
|
serviceAccountName: mailu-vault-sync
|
2025-12-12 22:09:04 -03:00
|
|
|
containers:
|
|
|
|
|
- name: mailu-sync
|
|
|
|
|
image: python:3.11-alpine
|
|
|
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
|
command: ["/bin/sh", "-c"]
|
|
|
|
|
args:
|
|
|
|
|
- |
|
2026-01-14 05:07:23 -03:00
|
|
|
set -euo pipefail
|
|
|
|
|
. /vault/scripts/mailu_vault_env.sh
|
2025-12-12 22:09:04 -03:00
|
|
|
pip install --no-cache-dir requests psycopg2-binary passlib >/tmp/pip.log \
|
2026-01-14 05:07:23 -03:00
|
|
|
&& python /app/sync.py
|
2025-12-12 22:09:04 -03:00
|
|
|
env:
|
|
|
|
|
- name: KEYCLOAK_BASE_URL
|
|
|
|
|
value: http://keycloak.sso.svc.cluster.local
|
|
|
|
|
- name: KEYCLOAK_REALM
|
|
|
|
|
value: atlas
|
|
|
|
|
- name: MAILU_DOMAIN
|
|
|
|
|
value: bstein.dev
|
|
|
|
|
- name: MAILU_DEFAULT_QUOTA
|
2025-12-14 14:21:40 -03:00
|
|
|
value: "20000000000"
|
2026-01-19 01:40:27 -03:00
|
|
|
- name: MAILU_SYSTEM_USERS
|
2026-01-19 02:17:16 -03:00
|
|
|
value: no-reply-portal@bstein.dev,no-reply-vaultwarden@bstein.dev
|
2025-12-12 22:09:04 -03:00
|
|
|
- name: MAILU_DB_HOST
|
|
|
|
|
value: postgres-service.postgres.svc.cluster.local
|
|
|
|
|
- name: MAILU_DB_PORT
|
|
|
|
|
value: "5432"
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- name: sync-script
|
|
|
|
|
mountPath: /app/sync.py
|
|
|
|
|
subPath: sync.py
|
2026-01-14 05:07:23 -03:00
|
|
|
- name: vault-scripts
|
|
|
|
|
mountPath: /vault/scripts
|
|
|
|
|
readOnly: true
|
2025-12-12 22:09:04 -03:00
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
cpu: 50m
|
|
|
|
|
memory: 128Mi
|
|
|
|
|
limits:
|
|
|
|
|
cpu: 200m
|
|
|
|
|
memory: 256Mi
|
|
|
|
|
volumes:
|
|
|
|
|
- name: sync-script
|
|
|
|
|
configMap:
|
|
|
|
|
name: mailu-sync-script
|
|
|
|
|
defaultMode: 0444
|
2026-01-14 05:07:23 -03:00
|
|
|
- name: vault-scripts
|
|
|
|
|
configMap:
|
|
|
|
|
name: mailu-vault-env
|
2026-01-17 01:47:53 -03:00
|
|
|
defaultMode: 0555
|
