# This file is derived from https://github.com/Mailu/Mailu/blob/master/docs/kubernetes/mailu/security.yaml # (file is split into rspamd.yaml and clamav.yaml) apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "mailu.fullname" . }}-rspamd spec: selector: matchLabels: app: {{ include "mailu.fullname" . }} component: rspamd replicas: 1 template: metadata: labels: app: {{ include "mailu.fullname" . }} component: rspamd spec: serviceAccount: {{ include "mailu.serviceAccountName" . }} securityContext: runAsUser: 0 {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.rspamd.affinity | default .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} hostname: rspamd # https://github.com/Mailu/helm-charts/issues/95 containers: - name: rspamd image: {{ template "imageRegistry" . -}} {{ .Values.rspamd.image.repository }}:{{ default .Values.mailuVersion .Values.rspamd.image.tag }} imagePullPolicy: Always volumeMounts: - name: data subPath: rspamd mountPath: /var/lib/rspamd - name: data subPath: dkim mountPath: /dkim {{- if .Values.timezone }} - name: zoneinfo mountPath: /usr/share/zoneinfo readOnly: true - name: zoneinfo subPath: {{ .Values.timezone }} mountPath: /etc/localtime readOnly: true {{- end }} env: - name: LOG_LEVEL value: {{ default .Values.logLevel .Values.rspamd.logLevel }} - name: FRONT_ADDRESS value: {{ include "mailu.fullname" . }}-front - name: REDIS_ADDRESS value: {{ include "mailu.fullname" . }}-redis {{- if .Values.clamav.enabled }} - name: ANTIVIRUS value: clamav - name: ANTIVIRUS_ADDRESS value: {{ include "mailu.fullname" . }}-clamav:3310 {{- else }} - name: ANTIVIRUS value: none - name: ANTIVIRUS_ADDRESS value: localhost {{- end }} - name: SUBNET value: "{{ .Values.subnet }}" ports: - name: rspamd containerPort: 11332 protocol: TCP - name: rspamd-http containerPort: 11334 protocol: TCP {{- with .Values.rspamd.resources }} resources: {{- .|toYaml|nindent 10}} {{- end }} {{- if .Values.rspamd.startupProbe}} startupProbe: httpGet: path: / port: rspamd-http periodSeconds: {{ default 10 .Values.rspamd.startupProbe.periodSeconds }} failureThreshold: {{ default 90 .Values.rspamd.startupProbe.failureThreshold }} timeoutSeconds: {{ default 5 .Values.rspamd.startupProbe.timeoutSeconds }} {{- end }} {{- if .Values.rspamd.livenessProbe}} livenessProbe: httpGet: path: / port: rspamd-http periodSeconds: {{ default 10 .Values.rspamd.livenessProbe.periodSeconds }} failureThreshold: {{ default 90 .Values.rspamd.livenessProbe.failureThreshold }} timeoutSeconds: {{ default 5 .Values.rspamd.livenessProbe.timeoutSeconds }} {{- end }} {{- if .Values.rspamd.readinessProbe}} readinessProbe: httpGet: path: / port: rspamd-http periodSeconds: {{ default 10 .Values.rspamd.readinessProbe.periodSeconds }} failureThreshold: {{ default 90 .Values.rspamd.readinessProbe.failureThreshold }} timeoutSeconds: {{ default 5 .Values.rspamd.readinessProbe.timeoutSeconds }} {{- end }} volumes: - name: data persistentVolumeClaim: claimName: {{ include "mailu.rspamdClamavAdminClaimName" . }} {{- if .Values.timezone }} - name: zoneinfo hostPath: path: /usr/share/zoneinfo type: Directory {{- end }} --- apiVersion: v1 kind: Service metadata: name: {{ include "mailu.fullname" . }}-rspamd labels: app: {{ include "mailu.fullname" . }} component: rspamd spec: selector: app: {{ include "mailu.fullname" . }} component: rspamd ports: - name: rspamd port: 11332 protocol: TCP - name: rspamd-http protocol: TCP port: 11334