commit ac4b3a9d0bcfbf105f25a6910b8d23187f359cbf Author: Conan Scott Date: Sun Nov 16 20:18:30 2025 +0800 first commit diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..548d668 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +appVersion: v1.0.1 +description: An e-mail testing tool for developers +home: http://iankent.uk/project/mailhog/ +icon: https://raw.githubusercontent.com/mailhog/MailHog-UI/master/assets/images/hog.png +keywords: +- mailhog +- mail +- smtp +- email +- e-mail +- testing +maintainers: +- email: unguiculus@gmail.com + name: unguiculus +name: mailhog +sources: +- https://github.com/mailhog/MailHog +type: application +version: 5.2.3 diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..bcf7762 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,26 @@ +pipeline { + agent any + + stages { + stage('Build') { + steps { + echo 'Building..' + echo sh(script: 'env|sort', returnStdout: true) + echo "${GIT_URL}" + checkout scmGit(branches: [[name: '*/main']], extensions: [], gitTool: 'Default', userRemoteConfigs: [[credentialsId: '0a6bde36-8857-4631-bbf8-68b44626eb27', url: "${GIT_URL}"]]) + + + } + } + stage('Test') { + steps { + echo 'Testing..' + } + } + stage('Deploy') { + steps { + echo 'Deploying....' + } + } + } +} diff --git a/README.md b/README.md new file mode 100644 index 0000000..bfae743 --- /dev/null +++ b/README.md @@ -0,0 +1,119 @@ +# Mailhog + +[Mailhog](http://iankent.uk/project/mailhog/) is an e-mail testing tool for developers. + +## TL;DR; + +```bash +$ helm repo add codecentric https://codecentric.github.io/helm-charts +$ helm install mailhog codecentric/mailhog +``` + +## Introduction + +This chart creates a [Mailhog](http://iankent.uk/project/mailhog/) deployment on a [Kubernetes](http://kubernetes.io) +cluster using the [Helm](https://helm.sh) package manager. + +## Installing the Chart + +To install the chart with the release name `mailhog`: + +```bash +$ helm install mailhog codecentric/mailhog +``` + +The command deploys Mailhog on the Kubernetes cluster in the default configuration. The [configuration](#configuration) +section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `mailhog` deployment: + +```bash +$ helm uninstall mailhog +``` +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the Mailhog chart and their default values. + +Parameter | Description | Default +--- | --- | --- +`extraContainers` | Additional containers to be added to the application pod | `[]` +`image.repository` | Docker image repository | `mailhog/mailhog` +`image.tag` | Docker image tag whose default is the chart version | `""` +`image.pullPolicy` | Docker image pull policy | `IfNotPresent` +`imagePullSecrets` | Docker image pull secrets | `[]` +`auth.enabled` | Specifies whether basic authentication is enabled, see [Auth.md](https://github.com/mailhog/MailHog/blob/master/docs/Auth.md) | `false` +`auth.existingSecret` | If auth is enabled, uses an existing secret with this name; otherwise a secret is created | `""` +`auth.fileName` | The name of the auth file | `auth.txt` +`auth.fileContents` | The contents of the auth file | `""` +`affinity` | Node affinity for pod assignment | `{}` +`containerPort.http.name` | Configure the Http name of the Mailhog container | `http` +`containerPort.http.port` | Configure the Http port of the Mailhog container | `8025` +`containerPort.smtp.name` | Configure the Smtp name of the Mailhog container | `tcp-smtp` +`containerPort.smtp.port` | Configure the Smtp port of the Mailhog container | `1025` +`nodeSelector` | Node labels for pod assignment | `{}` +`podReplicas` | The number of pod replicas | `1` +`podAnnotations` | Extra annotations to add to pod | `{}` +`podLabels` | Extra labels to add to pod | `{}` +`resources` | Pod resource requests and limits | `{}` +`tolerations` | Node taints to tolerate | `[]` +`priorityClassName` | Name of the existing priority class to be used by Mailhog pod, priority class needs to be created beforehand | `""` +`livenessProbe` | The Liveness Probe to add to pod | `{ "initialDelaySeconds": 10, "tcpPort": { "port": "1025" }, "timeoutSeconds": 1 }` +`readinessProbe` | The Readiness Probe to add to pod | `{"tcpPort": { "port": "1025" }` +`serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +`serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | +`serviceAccount.imagePullSecrets` | Image pull secrets that are attached to the ServiceAccount | `[]` | +`automountServiceAccountToken` | Indicates whether the service account token should be automatically mounted | `false` | +`service.annotations` | Annotations for the service | `{}` +`service.clusterIP` | Internal cluster service IP | `""` +`service.externalIPs` | Service external IP addresses | `[]` +`service.extraPorts` | Additional ports to the service | `[]` +`service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` +`service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` +`service.type` | Type of service to create | `ClusterIP` +`service.namedTargetPort` | Use named target port for service | `true` +`service.port.http` | HTTP port of service | `""` +`service.port.smtp` | SMTP port of service | `""` +`service.nodePort.http` | If `service.type` is `NodePort` and this is non-empty, sets the http node port of the service | `""` +`service.nodePort.smtp` | If `service.type` is `NodePort` and this is non-empty, sets the smtp node port of the service | `""` +`securityContext` | Pod security context | `{ runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true }` +`ingress.enabled` | If `true`, an ingress is created | `false` +`ingress.ingressClassName` | If set the created Ingress resource will have this class name. kubernetes.io/ingress.class is [deprecated](https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation) | `nil` +`ingress.annotations` | Annotations for the ingress | `{}` +`ingress.labels` | Labels for the ingress | `{}` +`ingress.hosts` | A list of ingress hosts | `{ host: mailhog.example.com, paths: [{ path: "/", pathType: Prefix }] }` +`ingress.tls` | A list of [IngressTLS](https://v1-8.docs.kubernetes.io/docs/api-reference/v1.8/#ingresstls-v1beta1-extensions) items | `[]` +`extraEnv` | Additional environment variables, see [CONFIG.md](https://github.com/mailhog/MailHog/blob/master/docs/CONFIG.md) | `{}` + +## Upgrading + +### From chart < 5.0.0 + + Ingress path definitions are extended to describe path and pathType. Previously only the path was configured. Please adapt your configuration as shown below: + + Old: + ```yaml + ingress: + # ... + hosts: + - host: mailhog.example.com + # Paths for the host + paths: + - / + ``` + New: + ```yaml + ingress: + # ... + hosts: + - host: mailhog.example.com + # Paths for the host + paths: + - path: / + pathType: Prefix + ``` + + This allows to configure specific `pathType` configurations, e.g. `pathType: ImplementationSpecific` for [GKE Ingress on Google Cloud Platform](https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#default_backend). diff --git a/ci/ingress-values.yaml b/ci/ingress-values.yaml new file mode 100644 index 0000000..b52a0b2 --- /dev/null +++ b/ci/ingress-values.yaml @@ -0,0 +1,13 @@ +ingress: + enabled: true + annotations: + test-annotation1: annotationValue1 + test-annotation2: annotationValue2 + labels: + test-label1: labelValue1 + test-label2: labelValue2 + hosts: + - host: mailhog.example.com + paths: + - path: "/" + pathType: Prefix diff --git a/templates/NOTES.txt b/templates/NOTES.txt new file mode 100644 index 0000000..678ad48 --- /dev/null +++ b/templates/NOTES.txt @@ -0,0 +1,16 @@ +Mailhog can be accessed via ports {{ .Values.service.port.http }} (HTTP) and {{ .Values.service.port.smtp }} (SMTP) on the following DNS name from within your cluster: +{{ include "mailhog.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +If you'd like to test your instance, forward the ports locally: + +Web UI: +======= + +export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mailhog.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") +kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8025 + +SMTP Server: +============ + +export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mailhog.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") +kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 1025 diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..64897b5 --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,83 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mailhog.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mailhog.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "mailhog.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "mailhog.labels" -}} +helm.sh/chart: {{ include "mailhog.chart" . }} +{{ include "mailhog.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "mailhog.selectorLabels" -}} +app.kubernetes.io/name: {{ include "mailhog.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mailhog.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "mailhog.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the name for the auth secret. +*/}} +{{- define "mailhog.authFileSecret" -}} + {{- if .Values.auth.existingSecret -}} + {{- .Values.auth.existingSecret -}} + {{- else -}} + {{- template "mailhog.fullname" . -}}-auth + {{- end -}} +{{- end -}} + +{{/* +Create the name for the outgoing-smtp secret. +*/}} +{{- define "mailhog.outgoingSMTPSecret" -}} + {{- if .Values.outgoingSMTP.existingSecret -}} + {{- .Values.outgoingSMTP.existingSecret -}} + {{- else -}} + {{- template "mailhog.fullname" . -}}-outgoing-smtp + {{- end -}} +{{- end -}} diff --git a/templates/auth-secret.yaml b/templates/auth-secret.yaml new file mode 100644 index 0000000..60624da --- /dev/null +++ b/templates/auth-secret.yaml @@ -0,0 +1,12 @@ +{{- if and (.Values.auth.enabled) (not .Values.auth.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + labels: + {{- include "mailhog.labels" . | nindent 4 }} + name: {{ template "mailhog.authFileSecret" . }} + namespace: {{ .Release.Namespace | quote }} +type: Opaque +data: + {{ .Values.auth.fileName }}: {{ .Values.auth.fileContents | b64enc }} +{{- end -}} diff --git a/templates/deployment.yaml b/templates/deployment.yaml new file mode 100644 index 0000000..0f0678e --- /dev/null +++ b/templates/deployment.yaml @@ -0,0 +1,129 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mailhog.fullname" . }} + labels: + {{- include "mailhog.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace | quote }} +spec: + replicas: {{ .Values.podReplicas }} + selector: + matchLabels: + {{- include "mailhog.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "mailhog.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "mailhog.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ template "mailhog.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + env: + {{- $vars := list }} + {{- range .Values.extraEnv }} + {{- $vars = append $vars .name }} + {{- end }} + {{- if not (has "MH_HOSTNAME" $vars) }} + - name: MH_HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- end }} + {{- if .Values.auth.enabled }} + - name: MH_AUTH_FILE + value: /authdir/{{ .Values.auth.fileName }} + {{- end }} + {{- if .Values.outgoingSMTP.enabled }} + - name: MH_OUTGOING_SMTP + value: /config/{{ .Values.outgoingSMTP.fileName }} + {{- end }} + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: {{ .Values.containerPort.http.name }} + containerPort: {{ .Values.containerPort.http.port }} + protocol: TCP + - name: {{ .Values.containerPort.smtp.name }} + containerPort: {{ .Values.containerPort.smtp.port }} + protocol: TCP + livenessProbe: + tcpSocket: + port: {{ .Values.containerPort.smtp.port }} + {{- if .Values.livenessProbe }} + {{- toYaml .Values.livenessProbe | nindent 12 }} + {{- end }} + readinessProbe: + tcpSocket: + port: {{ .Values.containerPort.smtp.port }} + {{- if .Values.readinessProbe }} + {{- toYaml .Values.readinessProbe | nindent 12 }} + {{- end }} + {{- if or .Values.auth.enabled .Values.outgoingSMTP.enabled }} + volumeMounts: + {{- if .Values.auth.enabled }} + - name: authdir + mountPath: /authdir + readOnly: true + {{- end }} + {{- if .Values.outgoingSMTP.enabled }} + - name: outsmtpdir + mountPath: /config + readOnly: true + {{- end }} + {{- end }} + {{- with .Values.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.auth.enabled .Values.outgoingSMTP.enabled }} + volumes: + {{- if .Values.auth.enabled }} + - name: authdir + secret: + secretName: {{ template "mailhog.authFileSecret" . }} + {{- end }} + {{- if .Values.outgoingSMTP.enabled }} + - name: outsmtpdir + secret: + secretName: {{ template "mailhog.outgoingSMTPSecret" . }} + {{- end }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml new file mode 100644 index 0000000..653ebe4 --- /dev/null +++ b/templates/ingress.yaml @@ -0,0 +1,64 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "mailhog.fullname" . -}} +{{- $apiV1 := false -}} +{{- $apiVersion := "extensions/v1beta1" -}} +{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= v1.19.0-0" .Capabilities.KubeVersion.Version) -}} + {{- $apiVersion = "networking.k8s.io/v1" -}} + {{- $apiV1 = true -}} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} + {{- $apiVersion = "networking.k8s.io/v1beta1" -}} +{{- else -}} + {{- $apiVersion = "extensions/v1beta1" -}} +{{- end }} +apiVersion: {{ $apiVersion }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "mailhog.labels" . | nindent 4 }} + {{- with .Values.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} +{{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + {{- with .secretName }} + secretName: {{ . }} + {{- end }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if $apiV1 }} + pathType: {{ .pathType }} + backend: + service: + name: {{ $fullName }} + port: + name: http + {{- else }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/service.yaml b/templates/service.yaml new file mode 100644 index 0000000..1b9c7a5 --- /dev/null +++ b/templates/service.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailhog.fullname" . }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "mailhog.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace | quote }} +spec: + type: "{{ .Values.service.type }}" + {{- with .Values.service.clusterIP }} + clusterIP: "{{ . }}" + {{- end }} + {{- with .Values.service.externalIPs }} + externalIPs: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ . }}" + {{- end }} + {{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} + ports: + {{- $httpPortName := .Values.containerPort.http.name }} + {{- $smtpPortName := .Values.containerPort.smtp.name }} + - name: {{ $httpPortName }} + port: {{ .Values.service.port.http }} + protocol: TCP + targetPort: {{- if .Values.service.namedTargetPort }} {{ $httpPortName }} {{- else }} {{ .Values.containerPort.http.port }} {{- end }} + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort.http))) }} + nodePort: {{ .Values.service.nodePort.http }} + {{- end }} + - name: {{ $smtpPortName }} + port: {{ .Values.service.port.smtp }} + protocol: TCP + targetPort: {{- if .Values.service.namedTargetPort }} {{ $smtpPortName }} {{- else }} {{ .Values.containerPort.smtp.port }} {{- end }} + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort.smtp))) }} + nodePort: {{ .Values.service.nodePort.smtp }} + {{- end }} + {{- if .Values.service.extraPorts }} + {{- toYaml .Values.service.extraPorts | nindent 4 }} + {{- end }} + selector: + {{- include "mailhog.selectorLabels" . | nindent 4 }} diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml new file mode 100644 index 0000000..c33514c --- /dev/null +++ b/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mailhog.serviceAccountName" . }} + labels: + {{- include "mailhog.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace | quote }} +imagePullSecrets: + {{- toYaml .Values.serviceAccount.imagePullSecrets | nindent 4 }} +{{- end }} diff --git a/templates/smtp-secret.yaml b/templates/smtp-secret.yaml new file mode 100644 index 0000000..b2e0586 --- /dev/null +++ b/templates/smtp-secret.yaml @@ -0,0 +1,12 @@ +{{- if and (.Values.outgoingSMTP.enabled) (not .Values.outgoingSMTP.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + labels: + {{- include "mailhog.labels" . | nindent 4 }} + name: {{ template "mailhog.outgoingSMTPSecret" . }} + namespace: {{ .Release.Namespace | quote }} +type: Opaque +data: + {{ .Values.outgoingSMTP.fileName }}: {{ .Values.outgoingSMTP.fileContents | toJson | b64enc }} +{{- end -}} diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..c912830 --- /dev/null +++ b/values.yaml @@ -0,0 +1,145 @@ +image: + repository: docker.io/mailhog/mailhog + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] + +extraContainers: [] + +nameOverride: "" +fullnameOverride: "" + +containerPort: + http: + name: http + port: 8025 + smtp: + name: tcp-smtp + port: 1025 + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # Image pull secrets that are attached to the ServiceAccount + imagePullSecrets: [] + +automountServiceAccountToken: false + +service: + annotations: {} + extraPorts: [] + clusterIP: "" + externalIPs: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + type: ClusterIP + # Named target ports are not supported by GCE health checks, so when deploying on GKE + # and exposing it via GCE ingress, the health checks fail and the load balancer returns a 502. + namedTargetPort: true + port: + http: 8025 + smtp: 1025 + nodePort: + http: "" + smtp: + "" + + #securityContext: + #runAsUser: 1000 + #runAsGroup: 1000 + #runAsNonRoot: true + #fsGroup: 1000 + +containerSecurityContext: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + +ingress: + enabled: false + ingressClassName: openshift-default + annotations: + kubernetes.io/ingress.class: openshift-default + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: "letsencrypt-dns01-cloudflare" + labels: {} + hosts: + - host: mailhog.apilab.us + paths: + - path: "/" + pathType: Prefix + + tls: + - secretName: mailhog-tls + hosts: + - mailhog.apilab.us + +auth: + enabled: false + existingSecret: "" + fileName: auth.txt + fileContents: "" + +# JSON file defining outgoing SMTP servers +outgoingSMTP: + enabled: false + existingSecret: "" + fileName: outgoing-smtp.json + fileContents: {} + # See https://github.com/mailhog/MailHog/blob/master/docs/CONFIG.md#outgoing-smtp-configuration + # Only name, host and port are required. + # + # server_name1: + # name: "server_name1" + # host: "mail.example.com" + # port: "25" # NOTE: go requires this port number to be a string... otherwise the container won't start + # email: "" + # username: "" + # password: "" + # mechanism: "PLAIN|CRAM-MD5" + # server_name2: + # name: "server_name2" + # host: "mail2.example.com" + # port: "587" # NOTE: go requires this port number to be a string... otherwise the container won't start + +podReplicas: 1 + +podAnnotations: {} + +podLabels: {} + +extraEnv: [] + +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +livenessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 1 + +readinessProbe: {} + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +affinity: {} + +nodeSelector: {} + +tolerations: [] + +priorityClassName: diff --git a/wildcart-cert.yaml b/wildcart-cert.yaml new file mode 100644 index 0000000..c344b5f --- /dev/null +++ b/wildcart-cert.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: apilab-wildcard + namespace: authentik # keep it with authentik if that's controlling your routes +spec: + secretName: apilab-wildcard-tls # <— single secret for all apps + issuerRef: + kind: ClusterIssuer + name: letsencrypt-dns01-cloudflare + dnsNames: + - "*.apilab.us"