68 lines
2.0 KiB
YAML
68 lines
2.0 KiB
YAML
# services/mailu/mailu-sync-job.yaml
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: mailu-sync-2
|
|
namespace: mailu-mailserver
|
|
spec:
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
serviceAccountName: mailu-vault-sync
|
|
containers:
|
|
- name: mailu-sync
|
|
image: python:3.11-alpine
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- |
|
|
set -euo pipefail
|
|
. /vault/scripts/mailu_vault_env.sh
|
|
pip install --no-cache-dir requests psycopg2-binary passlib >/tmp/pip.log \
|
|
&& python /app/sync.py
|
|
env:
|
|
- name: KEYCLOAK_BASE_URL
|
|
value: http://keycloak.sso.svc.cluster.local
|
|
- name: KEYCLOAK_REALM
|
|
value: atlas
|
|
- name: MAILU_DOMAIN
|
|
value: bstein.dev
|
|
- name: MAILU_DEFAULT_QUOTA
|
|
value: "20000000000"
|
|
- name: MAILU_DB_HOST
|
|
value: postgres-service.postgres.svc.cluster.local
|
|
- name: MAILU_DB_PORT
|
|
value: "5432"
|
|
volumeMounts:
|
|
- name: sync-script
|
|
mountPath: /app/sync.py
|
|
subPath: sync.py
|
|
- name: vault-secrets
|
|
mountPath: /vault/secrets
|
|
readOnly: true
|
|
- name: vault-scripts
|
|
mountPath: /vault/scripts
|
|
readOnly: true
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
volumes:
|
|
- name: sync-script
|
|
configMap:
|
|
name: mailu-sync-script
|
|
defaultMode: 0444
|
|
- name: vault-secrets
|
|
csi:
|
|
driver: secrets-store.csi.k8s.io
|
|
readOnly: true
|
|
volumeAttributes:
|
|
secretProviderClass: mailu-vault
|
|
- name: vault-scripts
|
|
configMap:
|
|
name: mailu-vault-env
|
|
defaultMode: 0555
|