studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ccfe8b877a1db4725dc06d6772dafd71f2127d09
sbbb/base/lasuite/messages-backend-deployment.yaml
Sienna Meridian Satterwhite ccfe8b877a feat: La Suite email/messages, buildkitd, monitoring, vault and storage updates 
- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS
  proxy, worker, DKIM config, and theme customization
- Add Collabora deployment for document collaboration
- Add Drive frontend nginx config and values
- Add buildkitd namespace for in-cluster container builds
- Add SeaweedFS remote sync and additional S3 buckets
- Update vault secrets across namespaces (devtools, lasuite, media,
  monitoring, ory, storage) with expanded credential management
- Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus
  remote write and additional scrape configs
- Update local/production overlays with resource patches
- Remove stale login-ui resource patch from production overlay
2026-03-10 19:00:57 +00:00

184 lines
5.7 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: messages-backend
namespace: lasuite
spec:
replicas: 1
selector:
matchLabels:
app: messages-backend
template:
metadata:
labels:
app: messages-backend
spec:
initContainers:
- name: migrate
image: messages-backend
command: ["python", "manage.py", "migrate", "--no-input"]
envFrom:
- configMapRef:
name: messages-config
- configMapRef:
name: lasuite-postgres
- configMapRef:
name: lasuite-valkey
- configMapRef:
name: lasuite-s3
- configMapRef:
name: lasuite-oidc-provider
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: messages-db-credentials
key: password
- name: DJANGO_SECRET_KEY
valueFrom:
secretKeyRef:
name: messages-django-secret
key: DJANGO_SECRET_KEY
- name: SALT_KEY
valueFrom:
secretKeyRef:
name: messages-django-secret
key: SALT_KEY
- name: MDA_API_SECRET
valueFrom:
secretKeyRef:
name: messages-django-secret
key: MDA_API_SECRET
- name: OIDC_RP_CLIENT_ID
valueFrom:
secretKeyRef:
name: oidc-messages
key: CLIENT_ID
- name: OIDC_RP_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: oidc-messages
key: CLIENT_SECRET
- name: AWS_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: seaweedfs-s3-credentials
key: S3_ACCESS_KEY
- name: AWS_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: seaweedfs-s3-credentials
key: S3_SECRET_KEY
- name: RSPAMD_PASSWORD
valueFrom:
secretKeyRef:
name: messages-mpa-credentials
key: RSPAMD_password
- name: OIDC_STORE_REFRESH_TOKEN_KEY
valueFrom:
secretKeyRef:
name: messages-django-secret
key: OIDC_STORE_REFRESH_TOKEN_KEY
- name: OIDC_RP_SCOPES
value: "openid email profile offline_access"
resources:
limits:
memory: 1Gi
cpu: 500m
requests:
memory: 256Mi
cpu: 100m
containers:
- name: messages-backend
image: messages-backend
command:
- gunicorn
- -c
- /app/gunicorn.conf.py
- messages.wsgi:application
ports:
- containerPort: 8000
envFrom:
- configMapRef:
name: messages-config
- configMapRef:
name: lasuite-postgres
- configMapRef:
name: lasuite-valkey
- configMapRef:
name: lasuite-s3
- configMapRef:
name: lasuite-oidc-provider
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: messages-db-credentials
key: password
- name: DJANGO_SECRET_KEY
valueFrom:
secretKeyRef:
name: messages-django-secret
key: DJANGO_SECRET_KEY
- name: SALT_KEY
valueFrom:
secretKeyRef:
name: messages-django-secret
key: SALT_KEY
- name: MDA_API_SECRET
valueFrom:
secretKeyRef:
name: messages-django-secret
key: MDA_API_SECRET
- name: OIDC_RP_CLIENT_ID
valueFrom:
secretKeyRef:
name: oidc-messages
key: CLIENT_ID
- name: OIDC_RP_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: oidc-messages
key: CLIENT_SECRET
- name: AWS_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: seaweedfs-s3-credentials
key: S3_ACCESS_KEY
- name: AWS_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: seaweedfs-s3-credentials
key: S3_SECRET_KEY
- name: RSPAMD_PASSWORD
valueFrom:
secretKeyRef:
name: messages-mpa-credentials
key: RSPAMD_password
- name: OIDC_STORE_REFRESH_TOKEN_KEY
valueFrom:
secretKeyRef:
name: messages-django-secret
key: OIDC_STORE_REFRESH_TOKEN_KEY
- name: OIDC_RP_SCOPES
value: "openid email profile offline_access"
livenessProbe:
httpGet:
path: /__heartbeat__/
port: 8000
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /__heartbeat__/
port: 8000
initialDelaySeconds: 10
periodSeconds: 10
resources:
limits:
memory: 1Gi
cpu: 500m
requests:
memory: 256Mi
cpu: 100m
Reference in New Issue View Git Blame Copy Permalink