public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Draft create

Browse source
This commit is contained in:
amit.kumar 2019-06-19 17:08:27 +05:30
parent 974520d48b
commit 3b89eedbb7
12 changed files with 59 additions and 450 deletions
Download patch file Download diff file Expand all files Collapse all files

4
OWNERS Normal file
View file

@ -0,0 +1,4 @@
approvers:
- galaxycard-bot
reviewers:
- galaxycard-bot

6
OWNERS_ALIASES Normal file
View file

@ -0,0 +1,6 @@
aliases:
- galaxycard-bot
best-approvers:
- galaxycard-bot
best-reviewers:
- galaxycard-bot

12
charts/pepper/templates/db-credentials-secret.yaml
View file

@ -1,12 +0,0 @@
apiVersion: v1
data:
password: {{ .Values.database.password | b64enc | quote }}
username: {{ .Values.database.username | b64enc | quote }}
database: {{ .Values.database.database | b64enc | quote }}
hostname: {{ .Values.database.hostname | b64enc | quote }}
kind: Secret
metadata:
name: "{{ .Chart.Name }}-db-credentials"
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
type: Opaque

17
charts/pepper/templates/deployment.yaml
View file

@ -9,11 +9,6 @@ metadata:
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
spec: spec:
replicas: {{ .Values.replicaCount }} replicas: {{ .Values.replicaCount }}
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template: template:
metadata: metadata:
labels: labels:
@ -24,22 +19,14 @@ spec:
{{ toYaml .Values.podAnnotations | indent 8 }} {{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }} {{- end }}
spec: spec:
volumes:
- name: config
secret:
secretName: {{ template "fullname" . }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
volumeMounts:
- readOnly: true
mountPath: server/config
name: config
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
env: env:
{{- range $pkey, $pval := .Values.env }} {{- range $pkey, $pval := .Values.env }}
- name: {{ $pkey }} - name: {{ $pkey }}
value: {{ $pval | quote }} value: {{ $pval }}
{{- end }} {{- end }}
ports: ports:
- containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort }}
@ -61,4 +48,4 @@ spec:
resources: resources:
{{ toYaml .Values.resources | indent 12 }} {{ toYaml .Values.resources | indent 12 }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }} {{- end }}

22
charts/pepper/templates/ksvc.yaml Normal file → Executable file
View file

@ -18,26 +18,6 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
env: env:
- name: MAUTIC_DB_HOST
valueFrom:
secretKeyRef:
name: "{{ .Chart.Name }}-db-credentials"
key: hostname
- name: MAUTIC_DB_USER
valueFrom:
secretKeyRef:
name: "{{ .Chart.Name }}-db-credentials"
key: username
- name: MAUTIC_DB_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Chart.Name }}-db-credentials"
key: password
- name: MAUTIC_DB_NAME
valueFrom:
secretKeyRef:
name: "{{ .Chart.Name }}-db-credentials"
key: database
{{- range $pkey, $pval := .Values.env }} {{- range $pkey, $pval := .Values.env }}
- name: {{ $pkey }} - name: {{ $pkey }}
value: {{ $pval }} value: {{ $pval }}
@ -55,4 +35,6 @@ spec:
periodSeconds: {{ .Values.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }} successThreshold: {{ .Values.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
resources:
{{ toYaml .Values.resources | indent 14 }}
{{- end }} {{- end }}

33
charts/pepper/templates/public-service.yaml
View file

@ -1,33 +0,0 @@
{{- if .Values.knativeDeploy }}
{{- else }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.publicService.name }}
name: {{ .Values.publicService.name }}
{{- else }}
name: {{ template "fullname" . }}
{{- end }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
{{- if (not .Values.publicService.prometheusAnnotations) and (not .Values.publicService.annotations) }}
annotations: {}
{{- else }}
annotations:
{{- if .Values.publicService.annotations }}
{{ toYaml .Values.publicService.annotations | indent 4 }}
{{- end }}
{{- if .Values.publicService.prometheusAnnotations }}
{{ toYaml .Values.publicService.prometheusAnnotations | indent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.publicService.type }}
ports:
- port: {{ .Values.publicService.externalPort }}
targetPort: {{ .Values.publicService.internalPort }}
protocol: TCP
name: http
selector:
app: {{ template "fullname" . }}
{{- end }}

33
charts/pepper/templates/sandbox-service.yaml
View file

@ -1,33 +0,0 @@
{{- if .Values.knativeDeploy }}
{{- else }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.sandboxService.name }}
name: {{ .Values.sandboxService.name }}
{{- else }}
name: {{ template "fullname" . }}
{{- end }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
{{- if (not .Values.sandboxService.prometheusAnnotations) and (not .Values.sandboxService.annotations) }}
annotations: {}
{{- else }}
annotations:
{{- if .Values.sandboxService.annotations }}
{{ toYaml .Values.sandboxService.annotations | indent 4 }}
{{- end }}
{{- if .Values.sandboxService.prometheusAnnotations }}
{{ toYaml .Values.sandboxService.prometheusAnnotations | indent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.sandboxService.type }}
ports:
- port: {{ .Values.sandboxService.externalPort }}
targetPort: {{ .Values.sandboxService.internalPort }}
protocol: TCP
name: http
selector:
app: {{ template "fullname" . }}
{{- end }}

302
charts/pepper/templates/secret.yaml
View file

@ -1,302 +0,0 @@
kind: Secret
apiVersion: v1
metadata:
name: {{ template "fullname" . }}
stringData:
production.yaml: |-
title: mailtrain
gdpr:
deleteDataAfterUnsubscribe:
enabled: false
secondsAfterUnsubscribe: 86400 # 1 day
deleteSubscriptionAfterUnsubscribe:
enabled: false
secondsAfterUnsubscribe: 2592000 # 30 days
editors:
- mosaico
- mosaicoWithFsTemplate
- grapesjs
- ckeditor4
- codeeditor
defaultLanguage: en-US
enabledLanguages:
- en-US
redis:
enabled: {{ .Values.redis.enable }}
host: {{ .Values.redis.host }}
port: 6379
db: 5
log:
level: info
sendStacktracesToClient: false
www:
trustedPort: 3000
sandboxPort: 3003
publicPort: 3004
host: 0.0.0.0
trustedUrlBase: http://localhost:3000
# URL base for sandbox urls (logged-in users). It must be absolute (starting with http:// or https://) and contain the sandbox port.
sandboxUrlBase: http://localhost:3003
# URL base for public urls (campaign recipients). It must be absolute (starting with http:// or https://) and contain the sandbox port.
publicUrlBase: http://localhost:3004
# Secret for signing the session ID cookie
secret: {{ randAlphaNum | quote }}
# Session length in seconds when remember me is checked
remember: 2592000 # 30 days
# logger interface for expressjs morgan
log: dev
# Is the server behind a proxy? true/false
# Set this to true if you are serving Mailtrain as a virtual domain through Nginx or Apache
proxy: true
# maximum POST body size
postSize: 20MB
mysql:
host: {{ .Values.database.hostname }}
user: {{ .Values.database.username }}
password: {{ .Values.database.password }}
database: {{ .Values.database.database }}
port: 3306
charset: utf8mb4
timezone: local
verp:
enabled: false
port: 25
host: 0.0.0.0
ldap:
# enable to use ldap user backend
enabled: false
# method is ldapjs or ldapauth - it chooses the library to be used. If not given, it chooses the one present.
# method: ldapjs
host: localhost
port: 3002
baseDN: ou=users,dc=company
filter: (|(username={{username}})(mail={{username}}))
# Username field in LDAP (uid/cn/username)
uidTag: username
# nameTag identifies the attribute to be used for user's full name
nameTag: username
passwordresetlink:
newUserRole: master
# Global namespace id
newUserNamespaceId: 1
# Use a different user to bind LDAP (final bind DN will be: {{uidTag}}: {{bindUser}},{{baseDN}})
bindUser: name@company.net
bindPassword: mySecretPassword
postfixBounce:
# Enable to allow writing Postfix bounce log to Mailtrain listener
# If enabled, tail mail.log to Mailtrain with the following command:
# tail -f -n +0 /var/log/mail.log | nc localhost 5699 -
enabled: false
port: 5699
# allow connections from localhost only
host: 127.0.0.1
# extra options for nodemailer
nodemailer:
#textEncoding: base64
queue:
# How many parallel sender processes to spawn
processes: 4
cors:
# Allow subscription widgets to be embedded
# origins: ['https://www.example.com']
mosaico:
# Installed templates
fsTemplates:
- key: versafix-1
label: Versafix One
# Inject custom scripts
# customscripts:
# - /mosaico/custom/my-mosaico-plugin.js
fileCache:
blockThumbnails:
maxSize: 100 # megabytes
pruneInterval: 60 # seconds
images:
maxSize: 1024 # megabytes
pruneInterval: 60 # seconds
grapesjs:
# Installed templates
templates:
- key: demo
label: HTML Template
- key: aves
label: MJML Template
reports:
# The whole reporting functionality can be disabled below if the they are not needed and the DB cannot be
# properly protected.
# Reports rely on custom user defined Javascript snippets defined in the report template. The snippets are run on the
# server when generating a report. As these snippets are stored in the DB, they pose a security risk because they can
# help gaining access to the server if the DB cannot
# be properly protected (e.g. if it is shared with another application with security weaknesses).
# Mailtrain mitigates this problem by running the custom Javascript snippets in a chrooted environment and under a
# DB user that cannot modify the database (see userRO in [mysql] above). However the chrooted environment is available
# only if Mailtrain is started as root. The chrooted environment still does not prevent the custom JS script in
# performing network operations and in generating XSS attacks as part of the report.
# The bottom line is that if people who are creating report templates or have write access to the DB cannot be trusted,
# then it's safer to switch off the reporting functionality below.
enabled: true
testServer:
# Starts a vanity server that redirects all mail to /dev/null
# Mostly needed for local development
enabled: false
port: 5587
mailboxServerPort: 3001
host: 0.0.0.0
username: testuser
password: testpass
logger: false
builtinZoneMTA:
enabled: true
host: localhost
port: 2525
mongo: mongodb://127.0.0.1:27017/zone-mta
redis: redis://localhost:6379/2
log:
level: warn
processes: 2
connections: 5
seleniumWebDriver:
browser: phantomjs
roles:
global:
master:
name: Global Master
admin: true
description: All permissions
permissions: [rebuildPermissions, createJavascriptWithROAccess, displayManageUsers, manageBlacklist, manageSettings, setupAutomation]
rootNamespaceRole: master
campaignsAdmin:
name: Campaigns Admin
description: Under the namespace in which the user is located, the user has all permissions for managing lists, templates and campaigns and the permission to send to send configurations.
permissions: [setupAutomation]
ownNamespaceRole: campaignsAdmin
nobody:
name: None
description: No permissions
permissions: []
namespace:
master:
name: Master
description: All permissions
permissions: [view, edit, delete, share, createNamespace, createList, createCustomForm, createReport, createReportTemplate, createTemplate, createMosaicoTemplate, createSendConfiguration, createCampaign, manageUsers]
children:
sendConfiguration: [viewPublic, viewPrivate, edit, delete, share, sendWithoutOverrides, sendWithAllowedOverrides, sendWithAnyOverrides]
list: [view, edit, delete, share, viewFields, manageFields, viewSubscriptions, manageSubscriptions, viewSegments, manageSegments, viewImports, manageImports]
customForm: [view, edit, delete, share]
campaign: [view, edit, delete, share, viewFiles, manageFiles, viewAttachments, manageAttachments, viewTriggers, manageTriggers, send, viewStats, fetchRss]
template: [view, edit, delete, share, viewFiles, manageFiles]
report: [view, edit, delete, share, execute, viewContent, viewOutput]
reportTemplate: [view, edit, delete, share, execute]
mosaicoTemplate: [view, edit, delete, share, viewFiles, manageFiles]
namespace: [view, edit, delete, share, createNamespace, createList, createCustomForm, createReport, createReportTemplate, createTemplate, createMosaicoTemplate, createSendConfiguration, createCampaign, manageUsers]
campaignsAdmin:
name: Campaigns Admin
description: In the respective namespace, the user has all permissions for managing lists, templates and campaigns and the permission to send to send configurations.
permissions: [view, edit, delete, share, createNamespace, createList, createCustomForm, createReport, createTemplate, createMosaicoTemplate, createCampaign]
children:
sendConfiguration: [viewPublic, sendWithoutOverrides, sendWithAllowedOverrides]
list: [view, edit, delete, share, viewFields, manageFields, viewSubscriptions, manageSubscriptions, viewSegments, manageSegments, viewImports, manageImports]
customForm: [view, edit, delete, share]
campaign: [view, edit, delete, share, viewFiles, manageFiles, viewAttachments, manageAttachments, viewTriggers, manageTriggers, send, viewStats, fetchRss]
template: [view, edit, delete, share, viewFiles, manageFiles]
report: [view, edit, delete, share, execute, viewContent, viewOutput]
reportTemplate: [view, share, execute]
mosaicoTemplate: [view, edit, delete, share, viewFiles, manageFiles]
namespace: [view, edit, delete, share, createNamespace, createList, createCustomForm, createReport, createTemplate, createMosaicoTemplate, createCampaign]
campaignsCreator:
name: Campaigns Creator
description: In the respective namespace, the user has all permissions for templates and campaigns.
permissions: [view, createTemplate, createCampaign]
children:
sendConfiguration: [viewPublic]
campaign: [view, edit, delete, share, viewFiles, manageFiles, viewAttachments, manageAttachments, viewTriggers, manageTriggers, fetchRss]
template: [view, edit, delete, share, viewFiles, manageFiles]
sendConfiguration:
master:
name: Master
description: All permissions
permissions: [viewPublic, viewPrivate, edit, delete, share, sendWithoutOverrides, sendWithAllowedOverrides, sendWithAnyOverrides]
campaignsCreator:
name: Campaigns Creator
description: The user can only use the send configuration in setting up a campaign. However, this gives no permission to send.
permissions: [viewPublic]
list:
master:
name: Master
description: All permissions
permissions: [view, edit, delete, share, viewFields, manageFields, viewSubscriptions, manageSubscriptions, viewSegments, manageSegments, viewImports, manageImports]
campaignsCreator:
name: Campaigns Creator
description: The user can only use the list in setting up a campaign. However, this gives no permission to view subscriptions or to send to the list.
permissions: [view, viewFields, viewSegments]
customForm:
master:
name: Master
description: All permissions
permissions: [view, edit, delete, share]
campaign:
master:
name: Master
description: All permissions
permissions: [view, edit, delete, share, viewFiles, manageFiles, viewAttachments, manageAttachments, viewTriggers, manageTriggers, send, viewStats, manageMessages, fetchRss]
campaignsCreator:
name: Campaigns Creator
description: The user can setup the campaign but cannot send it.
permissions: [view, edit, delete, share, viewFiles, manageFiles, viewAttachments, manageAttachments, viewTriggers, manageTriggers, fetchRss]
rssTrigger:
name: RSS Campaign Trigger
description: Allows triggering a fetch of an RSS campaign
permissions: [fetchRss]
template:
master:
name: Master
description: All permissions
permissions: [view, edit, delete, share, viewFiles, manageFiles]
report:
master:
name: Master
description: All permissions
permissions: [view, edit, delete, share, execute, viewContent, viewOutput]
reportTemplate:
master:
name: Master
description: All permissions
permissions: [view, edit, delete, share, execute]
mosaicoTemplate:
master:
name: Master
description: All permissions
permissions: [view, edit, delete, share, viewFiles, manageFiles]

9
charts/pepper/templates/trusted-service.yaml → charts/pepper/templates/service.yaml
View file

@ -10,17 +10,10 @@ metadata:
{{- end }} {{- end }}
labels: labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
{{- if (not .Values.service.prometheusAnnotations) and (not .Values.service.annotations) }}
annotations: {}
{{- else }}
annotations:
{{- if .Values.service.annotations }} {{- if .Values.service.annotations }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }} {{ toYaml .Values.service.annotations | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.service.prometheusAnnotations }}
{{ toYaml .Values.service.prometheusAnnotations | indent 4 }}
{{- end }}
{{- end }}
spec: spec:
type: {{ .Values.service.type }} type: {{ .Values.service.type }}
ports: ports:

42
charts/pepper/values.yaml
View file

@ -6,31 +6,28 @@ image:
repository: draft repository: draft
tag: dev tag: dev
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# define environment variables here as a map of key: value
env:
# enable this flag to use knative serve to deploy the app
knativeDeploy: false
service: service:
name: pepper name: pepper
type: ClusterIP type: ClusterIP
externalPort: 80 externalPort: 80
internalPort: 3000 internalPort: 8080
annotations: {} annotations:
sandboxService: fabric8.io/expose: "true"
name: pepper-sandbox fabric8.io/ingress.annotations: "kubernetes.io/ingress.class: nginx"
type: ClusterIP
externalPort: 80
internalPort: 3003
annotations: {}
publicService:
name: emails
type: ClusterIP
externalPort: 80
internalPort: 3004
annotations: {}
resources: resources:
limits: limits:
cpu: 2000m cpu: 400m
memory: 2Gi memory: 256Mi
requests: requests:
cpu: 500m cpu: 200m
memory: 512Mi memory: 128Mi
probePath: / probePath: /
livenessProbe: livenessProbe:
initialDelaySeconds: 60 initialDelaySeconds: 60
@ -41,12 +38,3 @@ readinessProbe:
periodSeconds: 10 periodSeconds: 10
successThreshold: 1 successThreshold: 1
timeoutSeconds: 1 timeoutSeconds: 1
terminationGracePeriodSeconds: 10
knativeDeploy: false
database:
hostname: localhost
username: root
password: password
database: pepper

1
jenkins-x.yml Executable file
View file

@ -0,0 +1 @@
buildPack: javascript

28
skaffold.yaml Normal file
View file

@ -0,0 +1,28 @@
apiVersion: skaffold/v1beta2
kind: Config
build:
artifacts:
- image: galaxycard/pepper
context: .
docker: {}
tagPolicy:
envTemplate:
template: '{{.DOCKER_REGISTRY}}/{{.IMAGE_NAME}}:{{.VERSION}}'
local: {}
deploy:
kubectl: {}
profiles:
- name: dev
build:
tagPolicy:
envTemplate:
template: '{{.DOCKER_REGISTRY}}/{{.IMAGE_NAME}}:{{.DIGEST_HEX}}'
local: {}
deploy:
helm:
releases:
- name: pepper
chartPath: charts/pepper
setValueTemplates:
image.repository: '{{.DOCKER_REGISTRY}}/{{.IMAGE_NAME}}'
image.tag: '{{.DIGEST_HEX}}'