feat: La Suite email/messages, buildkitd, monitoring, vault and storage updates
- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS proxy, worker, DKIM config, and theme customization - Add Collabora deployment for document collaboration - Add Drive frontend nginx config and values - Add buildkitd namespace for in-cluster container builds - Add SeaweedFS remote sync and additional S3 buckets - Update vault secrets across namespaces (devtools, lasuite, media, monitoring, ory, storage) with expanded credential management - Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus remote write and additional scrape configs - Update local/production overlays with resource patches - Remove stale login-ui resource patch from production overlay
This commit is contained in:
183
base/lasuite/messages-backend-deployment.yaml
Normal file
183
base/lasuite/messages-backend-deployment.yaml
Normal file
@@ -0,0 +1,183 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: messages-backend
|
||||
namespace: lasuite
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: messages-backend
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: messages-backend
|
||||
spec:
|
||||
initContainers:
|
||||
- name: migrate
|
||||
image: messages-backend
|
||||
command: ["python", "manage.py", "migrate", "--no-input"]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: messages-config
|
||||
- configMapRef:
|
||||
name: lasuite-postgres
|
||||
- configMapRef:
|
||||
name: lasuite-valkey
|
||||
- configMapRef:
|
||||
name: lasuite-s3
|
||||
- configMapRef:
|
||||
name: lasuite-oidc-provider
|
||||
env:
|
||||
- name: DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-db-credentials
|
||||
key: password
|
||||
- name: DJANGO_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-django-secret
|
||||
key: DJANGO_SECRET_KEY
|
||||
- name: SALT_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-django-secret
|
||||
key: SALT_KEY
|
||||
- name: MDA_API_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-django-secret
|
||||
key: MDA_API_SECRET
|
||||
- name: OIDC_RP_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-messages
|
||||
key: CLIENT_ID
|
||||
- name: OIDC_RP_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-messages
|
||||
key: CLIENT_SECRET
|
||||
- name: AWS_S3_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: seaweedfs-s3-credentials
|
||||
key: S3_ACCESS_KEY
|
||||
- name: AWS_S3_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: seaweedfs-s3-credentials
|
||||
key: S3_SECRET_KEY
|
||||
- name: RSPAMD_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-mpa-credentials
|
||||
key: RSPAMD_password
|
||||
- name: OIDC_STORE_REFRESH_TOKEN_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-django-secret
|
||||
key: OIDC_STORE_REFRESH_TOKEN_KEY
|
||||
- name: OIDC_RP_SCOPES
|
||||
value: "openid email profile offline_access"
|
||||
resources:
|
||||
limits:
|
||||
memory: 1Gi
|
||||
cpu: 500m
|
||||
requests:
|
||||
memory: 256Mi
|
||||
cpu: 100m
|
||||
containers:
|
||||
- name: messages-backend
|
||||
image: messages-backend
|
||||
command:
|
||||
- gunicorn
|
||||
- -c
|
||||
- /app/gunicorn.conf.py
|
||||
- messages.wsgi:application
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: messages-config
|
||||
- configMapRef:
|
||||
name: lasuite-postgres
|
||||
- configMapRef:
|
||||
name: lasuite-valkey
|
||||
- configMapRef:
|
||||
name: lasuite-s3
|
||||
- configMapRef:
|
||||
name: lasuite-oidc-provider
|
||||
env:
|
||||
- name: DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-db-credentials
|
||||
key: password
|
||||
- name: DJANGO_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-django-secret
|
||||
key: DJANGO_SECRET_KEY
|
||||
- name: SALT_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-django-secret
|
||||
key: SALT_KEY
|
||||
- name: MDA_API_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-django-secret
|
||||
key: MDA_API_SECRET
|
||||
- name: OIDC_RP_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-messages
|
||||
key: CLIENT_ID
|
||||
- name: OIDC_RP_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-messages
|
||||
key: CLIENT_SECRET
|
||||
- name: AWS_S3_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: seaweedfs-s3-credentials
|
||||
key: S3_ACCESS_KEY
|
||||
- name: AWS_S3_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: seaweedfs-s3-credentials
|
||||
key: S3_SECRET_KEY
|
||||
- name: RSPAMD_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-mpa-credentials
|
||||
key: RSPAMD_password
|
||||
- name: OIDC_STORE_REFRESH_TOKEN_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: messages-django-secret
|
||||
key: OIDC_STORE_REFRESH_TOKEN_KEY
|
||||
- name: OIDC_RP_SCOPES
|
||||
value: "openid email profile offline_access"
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /__heartbeat__/
|
||||
port: 8000
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 20
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /__heartbeat__/
|
||||
port: 8000
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
limits:
|
||||
memory: 1Gi
|
||||
cpu: 500m
|
||||
requests:
|
||||
memory: 256Mi
|
||||
cpu: 100m
|
||||
Reference in New Issue
Block a user