restore docs after gitignore change

mailu: fix admin dns and tame vip
2025-12-12 00:50:02 -03:00 · 2025-12-12 00:49:45 -03:00
3 changed files with 80 additions and 1 deletions
--- a/services/mailu/helmrelease.yaml
+++ b/services/mailu/helmrelease.yaml
@ -55,6 +55,8 @@ spec:
    front:
      hostnames: [mail.bstein.dev]
      proxied: true
+      hostPort:
+        enabled: false
      https:
        enabled: true
        external: true
@ -62,7 +64,7 @@ spec:
      externalService:
        enabled: true
        type: LoadBalancer
-        externalTrafficPolicy: Local
+        externalTrafficPolicy: Cluster
        nodePorts:
          pop3: 30010
          pop3s: 30011
@ -92,6 +94,11 @@ spec:
          value: 127.0.0.1,10.42.0.0/16
        - name: DNS_RESOLVERS
          value: 1.1.1.1,9.9.9.9
+      dnsPolicy: None
+      dnsConfig:
+        nameservers:
+          - 1.1.1.1
+          - 9.9.9.9
    clamav:
      logLevel: DEBUG
      nodeSelector:
--- a/services/mailu/kustomization.yaml
+++ b/services/mailu/kustomization.yaml
@ -6,3 +6,4 @@ resources:
  - namespace.yaml
  - helmrelease.yaml
  - certificate.yaml
+  - vip-controller.yaml
--- a/services/mailu/vip-controller.yaml
+++ b/services/mailu/vip-controller.yaml
@ -0,0 +1,71 @@
+# services/mailu/vip-controller.yaml
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vip-controller
+  namespace: mailu-mailserver
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: vip-controller-role
+  namespace: mailu-mailserver
+rules:
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list", "patch", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: vip-controller-binding
+  namespace: mailu-mailserver
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: vip-controller-role
+subjects:
+  - kind: ServiceAccount
+    name: vip-controller
+    namespace: mailu-mailserver
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: vip-controller
+  namespace: mailu-mailserver
+spec:
+  selector:
+    matchLabels:
+      app: vip-controller
+  template:
+    metadata:
+      labels:
+        app: vip-controller
+    spec:
+      serviceAccountName: vip-controller
+      hostNetwork: true
+      nodeSelector:
+        mailu.bstein.dev/vip: "true"
+      containers:
+        - name: vip-controller
+          image: lachlanevenson/k8s-kubectl:latest
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+            - -c
+          args:
+            - |
+              set -e
+              while true; do
+                if ip addr show end0 | grep -q 'inet 192\.168\.22\.9/32'; then
+                  NODE=$(hostname)
+                  echo "VIP found on node ${NODE}."
+                  kubectl patch deployment mailu-front -n mailu-mailserver --type='merge' \
+                    -p "{\"spec\":{\"template\":{\"spec\":{\"nodeSelector\":{\"kubernetes.io/hostname\":\"${NODE}\"}}}}}"
+                else
+                  echo "No VIP on node ${HOSTNAME}."
+                fi
+                sleep 60
+              done
Author	SHA1	Message	Date
Brad Stein	6c77b8e7f8	restore docs after gitignore change	2025-12-12 00:50:02 -03:00
Brad Stein	78195c4685	mailu: fix admin dns and tame vip	2025-12-12 00:49:45 -03:00