From 56b990fa9dbd45708acc38b9da5335d44141f212 Mon Sep 17 00:00:00 2001 From: Sett17 Date: Wed, 16 Mar 2022 10:27:21 +0100 Subject: [PATCH] k8s: My current state of work This commits my current progress in re-creating the docker-compose pipeline for PeekabooAV in Kubernetes. That includes deployments, services, and hard-coded config files for each step in the pipeline, modeled after what was done in the [pipeline](/Sett17/PeekabooAV-Installer/tree/pipeline). The yamls for cortex, and the set-up job, are included, although cortex does currently not work inside of Kubernetes, due to the missing docker runner. There is an open [PR](/TheHive-Project/Cortex/pull/349) and corresponding issue. Except for above mentioned cortex, the pipeline is fully functional. Meaning one can send an email to the postfix_tx deployment, which is then sent to the postfix_rx deployment and then processed by rspamd and Peekaboo. This was tested and developed with microk8s and a single node. --- k8s/cortex_own.yaml | 150 +++++++++++++++++++++ k8s/cortex_setup.yaml | 49 +++++++ k8s/elassticsearch.yaml | 56 ++++++++ k8s/mariadb.yaml | 57 ++++++++ k8s/peekabooav.yaml | 284 ++++++++++++++++++++++++++++++++++++++++ k8s/pipeline_ns.yaml | 4 + k8s/postfix_rx.yaml | 71 ++++++++++ k8s/postfix_tx.yaml | 59 +++++++++ k8s/rspamd.yaml | 37 ++++++ 9 files changed, 767 insertions(+) create mode 100644 k8s/cortex_own.yaml create mode 100644 k8s/cortex_setup.yaml create mode 100644 k8s/elassticsearch.yaml create mode 100644 k8s/mariadb.yaml create mode 100644 k8s/peekabooav.yaml create mode 100644 k8s/pipeline_ns.yaml create mode 100644 k8s/postfix_rx.yaml create mode 100644 k8s/postfix_tx.yaml create mode 100644 k8s/rspamd.yaml diff --git a/k8s/cortex_own.yaml b/k8s/cortex_own.yaml new file mode 100644 index 0000000..8fd1118 --- /dev/null +++ b/k8s/cortex_own.yaml @@ -0,0 +1,150 @@ +apiVersion: v1 +kind: Service +metadata: + name: cortex + namespace: peekabooav-pipeline +spec: + selector: + app: cortex + sessionAffinity: None + type: NodePort + ports: + - name: cortex + port: 9001 + protocol: TCP + targetPort: 9001 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cortex + namespace: peekabooav-pipeline + labels: + app: cortex +spec: + replicas: 1 + selector: + matchLabels: + app: cortex + template: + metadata: + labels: + app: cortex + spec: + containers: + - name: cortex + image: thehiveproject/cortex:3.1.4 + volumeMounts: + - name: application + mountPath: /etc/cortex/application.conf + subPath: application.conf + - name: analyzers + mountPath: /etc/cortex/analyzers.json + subPath: analyzers.json + env: + - name: CORTEX_ADMIN_PASSWORD + value: dikka + - name: analyzer_urls + value: /etc/cortex/analyzers.json + ports: + - containerPort: 9001 + name: cortex + protocol: TCP + dnsPolicy: ClusterFirst + volumes: + - name: application + configMap: + name: cortex-application-conf + - name: analyzers + configMap: + name: cortex-analyzers-json +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cortex-application-conf + namespace: peekabooav-pipeline + selfLink: /api/v1/namespaces/peekabooav-pipeline/configmaps/cortex-application-conf +data: + application.conf: | + auth.method.basic=true +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cortex-analyzers-json + namespace: peekabooav-pipeline + selfLink: /api/v1/namespaces/peekabooav-pipeline/configmaps/cortex-analyzers-json +data: + analyzers.json: | + [ + { + "name": "FileInfo", + "version": "8.0", + "author": "TheHive-Project", + "url": "https://github.com/TheHive-Project/Cortex-Analyzers", + "license": "AGPL-V3", + "description": "Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files...", + "dataTypeList": ["file"], + "baseConfig": "FileInfo", + "configurationItems": [ + { + "name": "manalyze_enable", + "description": "Wether to enable manalyze submodule or not.", + "type": "boolean", + "required": true, + "multi": false, + "defaultValue": false + }, + { + "name": "manalyze_enable_docker", + "description": "Use docker to run Manalyze. Can be used only if not using the docker image of FileInfo", + "type": "boolean", + "required": false, + "multi": false, + "defaultValue": false + }, + { + "name": "manalyze_enable_binary", + "description": "Use local binary to run Manalyze. Need to compile it before!", + "type": "boolean", + "required": false, + "multi": false, + "defaultValue": true + }, + { + "name": "manalyze_binary_path", + "description": "Path to the Manalyze binary that was compiled before. Keep the default value if using the docker image of FileInfo ", + "type": "string", + "required": false, + "multi": false, + "defaultValue": "/worker/Manalyze/bin/manalyze" + }, + { + "name": "floss_enable", + "description": "Enable the use of FireEye FLARE FLOSS", + "type": "boolean", + "required": false, + "multi": false, + "default": false + }, + { + "name": "floss_binary_path", + "description": "Path to the FLOSS binary.", + "type": "string", + "required": false, + "multi": false, + "default": "/usr/bin/floss" + }, + { + "name": "floss_minimal_string_length", + "description": "Length of strings must be in order to be considered.", + "type": "number", + "required": false, + "multi": false, + "default": 4 + } + ], + "dockerImage": "cortexneurons/fileinfo:8" + } + ] diff --git a/k8s/cortex_setup.yaml b/k8s/cortex_setup.yaml new file mode 100644 index 0000000..4a3e06c --- /dev/null +++ b/k8s/cortex_setup.yaml @@ -0,0 +1,49 @@ +# apiVersion: apps/v1 +# kind: Deployment +# metadata: +# name: cortex-setup +# namespace: peekabooav-pipeline +# labels: +# app: cortex-setup +# spec: +# replicas: 1 +# selector: +# matchLabels: +# app: cortex-setup +# template: +# metadata: +# labels: +# app: cortex-setup +# spec: +# containers: +# - name: cortex-setup +# image: peekabooav_cortex_setup:local +# env: +# - name: ELASTIC_URL +# value: elasticsearch:9200 +# - name: CORTEX_URL +# value: cortex:9001 +# - name: PEEKABOO_CORTEX_API_TOKEN +# value: dikka +# dnsPolicy: ClusterFirst +apiVersion: batch/v1 +kind: Job +metadata: + name: cortex-setup + namespace: peekabooav-pipeline +spec: + template: + spec: + containers: + - name: cortex-setup + image: peekabooav_cortex_setup:local + env: + - name: ELASTIC_URL + value: elasticsearch:9200 + - name: CORTEX_URL + value: cortex:9001 + - name: PEEKABOO_CORTEX_API_TOKEN + value: dikka + - name: CORTEX_ADMIN_PASSWORD + value: dikka + restartPolicy: Never diff --git a/k8s/elassticsearch.yaml b/k8s/elassticsearch.yaml new file mode 100644 index 0000000..5a50723 --- /dev/null +++ b/k8s/elassticsearch.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Service +metadata: + name: elasticsearch + namespace: peekabooav-pipeline +spec: + selector: + app: elasticsearch + sessionAffinity: None + type: NodePort + ports: + - name: elasticsearch + port: 9200 + protocol: TCP + targetPort: 9200 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: elasticsearch + namespace: peekabooav-pipeline + labels: + app: elasticsearch +spec: + replicas: 1 + selector: + matchLabels: + app: elasticsearch + template: + metadata: + labels: + app: elasticsearch + spec: + containers: + - name: elasticsearch + image: elasticsearch:7.16.2 + env: + - name: http.host + value: "0.0.0.0" + - name: discovery.type + value: single-node + - name: script.allowed_types + value: inline + - name: thread_pool.search.queue_size + value: "100000" + - name: thread_pool.write.queue_size + value: "10000" + - name: ES_HEAP_SIZE + value: 1g + - name: xpack.security.enabled + value: "false" + - name: cluster.routing.allocation.disk.watermark.flood_stage + value: 99% + - name: TAKE_FILE_OWNERSHIP + value: "1" + dnsPolicy: ClusterFirst diff --git a/k8s/mariadb.yaml b/k8s/mariadb.yaml new file mode 100644 index 0000000..fad5b7d --- /dev/null +++ b/k8s/mariadb.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: Service +metadata: + name: mariadb + namespace: peekabooav-pipeline +spec: + selector: + app: mariadb + sessionAffinity: None + type: NodePort + ports: + - name: mariadb + port: 3306 + protocol: TCP + targetPort: 3306 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mariadb + namespace: peekabooav-pipeline + labels: + app: mariadb + type: database +spec: + replicas: 1 + selector: + matchLabels: + app: mariadb + template: + metadata: + labels: + app: mariadb + type: database + spec: + containers: + - name: mariadb + image: mariadb:10.3 + readinessProbe: + exec: + command: + - /usr/bin/mysql + - --user=peekaboo + - --password=peekaboo + - --execute + - "SHOW DATABASES;" + initialDelaySeconds: 5 + periodSeconds: 5 + env: + - name: MARIADB_RANDOM_ROOT_PASSWORD + value: "true" + - name: MARIADB_DATABASE + value: peekaboo + - name: MARIADB_USER + value: peekaboo + - name: MARIADB_PASSWORD + value: peekaboo diff --git a/k8s/peekabooav.yaml b/k8s/peekabooav.yaml new file mode 100644 index 0000000..19f3e16 --- /dev/null +++ b/k8s/peekabooav.yaml @@ -0,0 +1,284 @@ +apiVersion: v1 +kind: Service +metadata: + name: peekabooav + namespace: peekabooav-pipeline +spec: + selector: + app: peekabooav + sessionAffinity: None + type: NodePort + ports: + - name: peekabooav + port: 8100 + protocol: TCP + targetPort: 8100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: peekabooav + namespace: peekabooav-pipeline + labels: + app: peekabooav +spec: + replicas: 1 + selector: + matchLabels: + app: peekabooav + template: + metadata: + labels: + app: peekabooav + spec: + containers: + - name: peekabooav + image: peekabooav:local + volumeMounts: + - name: ruleset + mountPath: /opt/peekaboo/etc/ruleset.conf + subPath: ruleset.conf + env: + - name: PEEKABOO_CORTEX_API_TOKEN + value: dikka + - name: PEEKABOO_DB_PASSWORD + value: peekaboo + - name: PEEKABOO_DB_SERVER + value: mariadb + - name: PEEKABOO_CORTEX_URL + value: cortex:9001 + ports: + - containerPort: 8100 + name: peekabooav + protocol: TCP + dnsPolicy: ClusterFirst + terminationGracePeriodSeconds: 75 + volumes: + - name: ruleset + configMap: + name: peekabooav-ruleset-conf +--- +## WITHOUT CORTEX +apiVersion: v1 +kind: ConfigMap +metadata: + name: peekabooav-ruleset-conf + namespace: peekabooav-pipeline + selfLink: /api/v1/namespaces/peekabooav-pipeline/configmaps/peekabooav-ruleset-conf +data: + ruleset.conf: | + # + # Peekaboo ruleset configuration file + # Copyright (C) 2016-2020 science + computing ag + # + + # list of rules to run on samples + [rules] + rule.1 : known + rule.2 : file_larger_than + rule.3 : file_type_on_whitelist + rule.4 : file_type_on_greylist + #rule.5 : office_macro + #rule.6 : office_macro_with_suspicious_keyword + rule.7 : expressions + #rule.8 : cuckoo_evil_sig + #rule.9 : cuckoo_score + #rule.10 : requests_evil_domain + #rule.11 : cuckoo_analysis_failed + #rule.12 : contains_peekabooyar + rule.12 : final_rule + + # rule specific configuration options + # the section name equals the name of the rule + #[file_larger_than] + # defaults: + #bytes : 5 + + [file_type_on_whitelist] + whitelist.1 : text/plain + whitelist.2 : message/rfc822 + whitelist.3 : inode/x-empty + whitelist.4 : application/pkcs7-signature + whitelist.5 : application/x-pkcs7-signature + whitelist.6 : application/pkcs7-mime + whitelist.7 : application/x-pkcs7-mime + whitelist.8 : text/html + + [file_type_on_greylist] + greylist.1 : application/octet-stream + greylist.2 : application/vnd.ms-excel + greylist.3 : application/pdf + greylist.4 : application/javascript + greylist.5 : application/vnd.ms-excel + greylist.6 : application/vnd.ms-excel.sheet.macroEnabled.12 + greylist.7 : application/vnd.ms-word.document.macroEnabled.12 + greylist.8 : application/vnd.openxmlformats-officedocument.wordprocessingml.document + greylist.9 : application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + greylist.10 : application/x-7z-compressed + greylist.11 : application/x-ms-dos-executable + greylist.12 : application/x-dosexec + greylist.13 : application/x-vbscript + greylist.14 : application/zip + greylist.15 : application/x-rar + greylist.16 : application/msword + greylist.17 : text/x-msdos-batch + greylist.18 : text/x-sh + greylist.19 : text/x-python + greylist.20 : image/png + greylist.21 : image/jpeg + greylist.22 : application/zip + greylist.23 : application/x-silverlight + greylist.24 : application/x-python-code + greylist.25 : application/x-msdos-program + greylist.26 : application/vnd.openxmlformats-officedocument.wordprocessingml.document + greylist.27 : application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + greylist.28 : application/vnd.openxmlformats-officedocument.presentationml.presentation + greylist.29 : application/vnd.oasis.opendocument.text + greylist.30 : application/vnd.oasis.opendocument.spreadsheet + greylist.31 : application/vnd.oasis.opendocument.presentation + greylist.32 : application/vnd.ms-word.template.macroEnabled.12 + greylist.33 : application/vnd.ms-powerpoint + greylist.34 : application/vnd.ms-excel.template.macroEnabled.12 + greylist.35 : application/vnd.ms-excel + greylist.36 : application/msword + greylist.37 : application/x-bat + greylist.38 : application/bat + + [office_macro_with_suspicious_keyword] + keyword.1 : AutoOpen + keyword.2 : AutoClose + + [expressions] + # Optionally additional debug logging from the expression parser can be + # enabled: + #log_level : INFO + + # expression.0 : knownreport.known -> knownreport.result + # expression.0 : knownreport.known and knownreport.first < 14 -> knownreport.result + # expression.0 : cortexreport.FileInfoReport.full -> bad # in FileInfoReport wird nix gefunden, hab mit dir() auch nix gefunden + # expression.0 : cortexreport.FileInfoReport -> bad + expression.0 : sample -> bad + expression.1 : {sample.type_declared}|filereport.mime_types <= { + 'text/plain', 'inode/x-empty'} -> ignore + expression.2 : sample.name_declared == /smime.p7[mcs]/ + and sample.type_declared in { + 'application/pkcs7-signature', + 'application/x-pkcs7-signature', + 'application/pkcs7-mime', + 'application/x-pkcs7-mime' + } -> ignore + expression.3 : sample.name_declared == 'signature.asc' + and sample.type_declared in { + 'application/pgp-signature' + } -> ignore + expression.4 : sample.file_extension in { + 'doc', 'docm', 'dotm', 'docx', 'rtf', 'rtx', + 'ppt', 'pptm', 'pptx', 'potm', 'ppam', 'ppsm', + 'xls', 'xlsm', 'xlsx' } + and olereport.has_office_macros == True -> bad + # and cuckooreport.score > 4 -> bad + #expression.5 : cortexreport.VirusTotalQueryReport.n_of_all == 0 + # and cortexreport.VirusTotalQueryReport.level == 'safe' + # -> unknown + # cortex way to access CuckooSandbox and Malscore + #expression.6 : cortexreport.CuckooSandboxFileReport.malscore > 6 -> bad + # inline content will normally be rendered by the mail client and not presented + # as an attachment for the user to open -> no need to scan (if exploiting the + # mail client is not a concern) + expression.7 : sample.content_disposition == 'inline' + and sample.type_declared in { + 'image/png', 'image/jpeg', 'image/gif', 'image/bmp' + } -> ignore + + [cuckoo_evil_sig] + signature.1 : A potential heapspray has been detected. .* + signature.2 : A process attempted to delay the analysis task. + signature.3 : Attempts to detect Cuckoo Sandbox through the presence of a file + signature.4 : Attempts to modify desktop wallpaper + signature.5 : Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available + signature.6 : Checks the version of Bios, possibly for anti-virtualization + signature.7 : Collects information on the system (ipconfig, netstat, systeminfo) + signature.8 : Connects to an IRC server, possibly part of a botnet + signature.9 : Connects to Tor Hidden Services through Tor2Web + signature.10 : Creates a suspicious process + signature.11 : Creates a windows hook that monitors keyboard input (keylogger) + signature.12 : Creates executable files on the filesystem + signature.13 : Creates known Upatre files, registry keys and/or mutexes + signature.14 : Detects the presence of Wine emulator + signature.15 : Detects VirtualBox through the presence of a file + signature.16 : Detects VirtualBox through the presence of a registry key + signature.17 : Detects VirtualBox through the presence of a window + signature.18 : Detects VirtualBox using WNetGetProviderName trick + signature.19 : Detects VMWare through the in instruction feature + signature.20 : Detects VMWare through the presence of a registry key + signature.21 : Detects VMWare through the presence of various files + signature.22 : Executes javascript + signature.23 : Executes one or more WMI queries + signature.24 : File has been identified by .* AntiVirus engines on VirusTotal as malicious + signature.25 : Installs itself for autorun at Windows startup + signature.26 : Looks for known filepaths where sandboxes execute samples + signature.27 : Looks for the Windows Idle Time to determine the uptime + signature.28 : Makes SMTP requests, possibly sending spam + signature.29 : This sample modifies more than .* files through suspicious ways, + signature.30 : Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe + signature.31 : One of the processes launched crashes + signature.32 : One or more of the buffers contains an embedded PE file + signature.33 : One or more potentially interesting buffers were extracted, these generally + signature.34 : Potentially malicious URL found in document + signature.35 : Queries for the computername + signature.36 : Queries the disk size.* + signature.37 : Raised Suricata alerts + signature.38 : Starts servers listening on {0} + signature.39 : Steals private information from local Internet browsers + signature.40 : Suspicious Javascript actions + signature.41 : Tries to detect analysis programs from within the browser + signature.42 : Tries to locate whether any sniffers are installed + signature.43 : Wscript.exe initiated network communications indicative of a script based payload download + signature.44 : The process powershell.exe wrote an executable file to disk + signature.45 : Creates a suspicious Powershell process + signature.46 : Appends a new file extension or content to .* files indicative of a ransomware file encryption process + + #[cuckoo_score] + # defaults: + #higher_than : 4.0 + + [requests_evil_domain] + # define a list of bad domains here + domain.1 : canarytokens.com + + #[cuckoo_analysis_failed] + # This rule checks whether analysis by Cuckoo failed. If so, it reports a + # result of "failed" for this sample and aborts rule processing. In case of + # success, result "unknown" is returned (because successful analysis in itself + # provides no indication about the sample) and rule processing is continued. + # + # The following strings are matched in the order listed against the + # debug/cuckoo log of the report, i.e. the server's messages about the + # analysis. Order of evaluation is failure -> success -> fallback: failure, + # which means: + # + # - if any failure string is contained in any log entry, the analysis is + # considered failed and evaluation is aborted + # - if any success string is contained in any log entry, the analysis is + # considered successfully finished and evaluation is aborted + # - if no string matches, the analysis is considered failed + # + # Failure strings are optional but there has to be at least one success string + # to prevent the rule from always reporting failure. If the rule is supposed to do + # nothing, it should be disabled instead of providing no or very permissive + # match strings. + + # default: + #success.1: analysis completed successfully + # no failure + + # possible more specific config: 'end of analysis reached!' shows that the + # analysis ran beyond the analysis timeout and into the critical timeout which + # is a clear indicator that it did not succeed (for whatever reason) + #failure.1: end of analysis reached! + + # rules without configuration options: + # - known + # - contains_peekabooyar + # - office_macro + # - final_rule diff --git a/k8s/pipeline_ns.yaml b/k8s/pipeline_ns.yaml new file mode 100644 index 0000000..054bc60 --- /dev/null +++ b/k8s/pipeline_ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: peekabooav-pipeline diff --git a/k8s/postfix_rx.yaml b/k8s/postfix_rx.yaml new file mode 100644 index 0000000..7b446e0 --- /dev/null +++ b/k8s/postfix_rx.yaml @@ -0,0 +1,71 @@ +apiVersion: v1 +kind: Service +metadata: + name: postfix-rx + namespace: peekabooav-pipeline +spec: + selector: + app: postfix-rx + sessionAffinity: None + type: NodePort + ports: + - name: postfix-rx + port: 25 + protocol: TCP + targetPort: 25 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postfix-rx + namespace: peekabooav-pipeline + labels: + app: postfix-rx +spec: + replicas: 1 + selector: + matchLabels: + app: postfix-rx + template: + metadata: + labels: + app: postfix-rx + spec: + hostname: postfix-rx + containers: + - name: postfix-rx + image: peekabooav_postfix:local + env: + - name: POSTFIX_MAIN_CF_MAILLOG_FILE + value: /dev/stdout + - name: POSTFIX_MAIN_CF_DEBUG_PEER_LIST + value: 0.0.0.0/32 + - name: POSTFIX_MAIN_CF_MYNETWORKS + value: 0.0.0.0/32, 127.0.0.0/8, 192.168.1.0/24, 172.24.0.0/16 + - name: POSTFIX_MAIN_CF_INET_INTERFACES + value: all + - name: POSTFIX_MAIN_CF_MYDOMAIN + value: postfix-rx + - name: POSTFIX_MAIN_CF_MYORIGIN + value: postfix-rx + - name: POSTFIX_MAIN_CF_MYHOSTNAME + value: postfix-rx + - name: POSTFIX_MAIN_CF_SMTPD_RECIPIENT_RESTRICTIONS + value: permit_mynetworks + - name: POSTFIX_MAIN_CF_MYDESTINATION + value: postfix-rx localhost. localhost postfix-rx.localdomain localdomain + - name: POSTFIX_MAIN_CF_VIRTUAL_ALIAS_MAPS + value: pcre:/etc/postfix/virtual + - name: POSTFIX_VIRTUAL + value: '/.*/ root@localhost' + - name: POSTFIX_MAIN_CF_MILTER_PROTOCOL + value: "6" + - name: POSTFIX_MAIN_CF_MILTER_DEFAULT_ACTION + value: accept + - name: POSTFIX_MAIN_CF_SMTPD_MILTERS + value: inet:rspamd:11332 + ports: + - containerPort: 25 + name: email + protocol: TCP + dnsPolicy: ClusterFirst diff --git a/k8s/postfix_tx.yaml b/k8s/postfix_tx.yaml new file mode 100644 index 0000000..f9780bf --- /dev/null +++ b/k8s/postfix_tx.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Service +metadata: + name: postfix-tx + namespace: peekabooav-pipeline +spec: + selector: + app: postfix-tx + sessionAffinity: None + type: NodePort + ports: + - name: postfix-tx + port: 25 + protocol: TCP + targetPort: 25 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postfix-tx + namespace: peekabooav-pipeline + labels: + app: postfix-tx +spec: + replicas: 1 + selector: + matchLabels: + app: postfix-tx + template: + metadata: + labels: + app: postfix-tx + spec: + hostname: postfix-tx + containers: + - name: postfix-tx + image: peekabooav_postfix:local + env: + - name: POSTFIX_MAIN_CF_MAILLOG_FILE + value: /dev/stdout + - name: POSTFIX_MAIN_CF_DEBUG_PEER_LIST + value: 0.0.0.0/32 + - name: POSTFIX_MAIN_CF_INET_INTERFACES + value: all + - name: POSTFIX_MAIN_CF_MYHOSTNAME + value: postfix-tx + - name: POSTFIX_MAIN_CF_QUEUE_RUN_DELAY + value: 90s + - name: POSTFIX_MAIN_CF_VIRTUAL_ALIAS_DOMAINS + value: localhost + - name: POSTFIX_MAIN_CF_VIRTUAL_ALIAS_MAPS + value: pcre:/etc/postfix/virtual + - name: POSTFIX_VIRTUAL + value: '/.*/ root@postfix-rx.peekabooav-pipeline.svc.cluster.local' + ports: + - containerPort: 25 + name: email + protocol: TCP + dnsPolicy: ClusterFirst diff --git a/k8s/rspamd.yaml b/k8s/rspamd.yaml new file mode 100644 index 0000000..2e4ba2a --- /dev/null +++ b/k8s/rspamd.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Service +metadata: + name: rspamd + namespace: peekabooav-pipeline +spec: + selector: + app: rspamd + sessionAffinity: None + type: NodePort + ports: + - name: rspamd + port: 11332 + protocol: TCP + targetPort: 11332 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rspamd + namespace: peekabooav-pipeline + labels: + app: rspamd +spec: + replicas: 1 + selector: + matchLabels: + app: rspamd + template: + metadata: + labels: + app: rspamd + spec: + containers: + - name: rspamd + image: peekabooav_rspamd:local + dnsPolicy: ClusterFirst