diff --git a/CHANGELOG.md b/CHANGELOG.md index ddcb7f9..dbee84f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). ## Unreleased +## 1.4.0 + - adding mailgun domain for better validation if domain is active - fixing removal of route if it don't have a router id diff --git a/releases/1.4.0/kustomization.yaml b/releases/1.4.0/kustomization.yaml new file mode 100644 index 0000000..31d56bc --- /dev/null +++ b/releases/1.4.0/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - manager.yaml diff --git a/releases/1.4.0/manager.yaml b/releases/1.4.0/manager.yaml new file mode 100644 index 0000000..6132c2e --- /dev/null +++ b/releases/1.4.0/manager.yaml @@ -0,0 +1,789 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + control-plane: controller-manager + name: mailgun-operator-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: domains.domain.mailgun.com +spec: + group: domain.mailgun.com + names: + kind: Domain + listKind: DomainList + plural: domains + singular: domain + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Domain is the Schema for the domains API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DomainSpec defines the desired state of Domain + properties: + dkim_key_size: + type: integer + domain: + description: Domain is a domain name which we need to create on Mailgun + type: string + export_credentials: + description: Export SMTP or API credentials to a secret + type: boolean + export_secret_login_key: + description: Export secret key for login + type: string + export_secret_name: + description: Export SMTP credentials to a secret + type: string + export_secret_password_key: + description: Export secret key for password + type: string + external_dns: + description: Support for External-DNS + type: boolean + external_dns_records: + items: + description: Endpoint is a high-level way of a connection between + a service and an IP + properties: + dnsName: + description: The hostname of the DNS record + type: string + labels: + additionalProperties: + type: string + description: Labels stores labels defined for the Endpoint + type: object + providerSpecific: + description: ProviderSpecific stores provider specific config + items: + description: ProviderSpecificProperty holds the name and value + of a configuration which is specific to individual DNS providers + properties: + name: + type: string + value: + type: string + type: object + type: array + recordTTL: + description: TTL for the record + format: int64 + type: integer + recordType: + description: RecordType type of record, e.g. CNAME, A, AAAA, + SRV, TXT etc + type: string + setIdentifier: + description: Identifier to distinguish multiple records with + the same name and type (e.g. Route53 records with routing + policies other than 'simple') + type: string + targets: + description: The targets the DNS record points to + items: + type: string + type: array + type: object + type: array + force_dkim_authority: + type: boolean + force_mx_check: + description: Force validation of MX records for receiving mail + type: boolean + ips: + items: + type: string + minItems: 0 + type: array + x-kubernetes-list-type: set + spam_action: + type: string + web_scheme: + description: See https://documentation.mailgun.com/en/latest/api-domains.html#domains + type: string + wildcard: + type: boolean + required: + - domain + type: object + status: + description: DomainStatus defines the observed state of Domain + properties: + dns_entrypoint_created: + description: A pointer to ExternalDNS Entrypoint + type: boolean + domain_state: + description: State of the domain on Mailgun + type: string + last_domain_validation_time: + description: Time when we last time requested a Validation of domain + on Mailgun + format: date-time + type: string + mailgun_error: + description: Mailgun errors + type: string + not_managed: + description: If domain is not managed by this operator (e.g. created + manually) + type: boolean + receiving_dns_records: + description: list of DNS records for receiving emails + items: + properties: + name: + type: string + priority: + type: string + record_type: + type: string + valid: + type: string + value: + type: string + required: + - record_type + - valid + - value + type: object + type: array + sending_dns_records: + description: list of DNS records for sending emails + items: + properties: + name: + type: string + priority: + type: string + record_type: + type: string + valid: + type: string + value: + type: string + required: + - record_type + - valid + - value + type: object + type: array + state: + description: Global state of the record + type: string + validation_count: + description: Domain validation counts + type: integer + required: + - domain_state + - state + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: routes.domain.mailgun.com +spec: + group: domain.mailgun.com + names: + kind: Route + listKind: RouteList + plural: routes + singular: route + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Route is the Schema for the routes API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RouteSpec defines the desired state of Route + properties: + actions: + description: Action to be taken when the route matches an incoming + email + items: + type: string + type: array + description: + description: Description of the route + type: string + domain: + description: |- + Domain of related route + It will help to not going into loop for domains which is not valid yet + type: string + expression: + description: Matching expression for the route + type: string + priority: + description: |- + Priority of route + Smaller number indicates higher priority. Higher priority routes are handled first. + type: integer + required: + - actions + - description + - expression + type: object + status: + description: RouteStatus defines the observed state of Route + properties: + mailgun_error: + description: Mailgun error message if any error occurred during route + creation or deletion + type: string + route_id: + description: ID of created route on mailgun + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: webhooks.domain.mailgun.com +spec: + group: domain.mailgun.com + names: + kind: Webhook + listKind: WebhookList + plural: webhooks + singular: webhook + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Webhook is the Schema for the webhooks API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: WebhookSpec defines the desired state of Webhook + properties: + foo: + description: Foo is an example field of Webhook. Edit webhook_types.go + to remove/update + type: string + type: object + status: + description: WebhookStatus defines the observed state of Webhook + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + name: mailgun-controller-manager + namespace: mailgun-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + name: mailgun-leader-election-role + namespace: mailgun-operator-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + name: mailgun-domain-domain-editor-role +rules: +- apiGroups: + - domain.mailgun.com + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - domain.mailgun.com + resources: + - domains/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + name: mailgun-domain-domain-viewer-role +rules: +- apiGroups: + - domain.mailgun.com + resources: + - domains + verbs: + - get + - list + - watch +- apiGroups: + - domain.mailgun.com + resources: + - domains/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + name: mailgun-domain-route-editor-role +rules: +- apiGroups: + - domain.mailgun.com + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - domain.mailgun.com + resources: + - routes/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + name: mailgun-domain-route-viewer-role +rules: +- apiGroups: + - domain.mailgun.com + resources: + - routes + verbs: + - get + - list + - watch +- apiGroups: + - domain.mailgun.com + resources: + - routes/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + name: mailgun-domain-webhook-editor-role +rules: +- apiGroups: + - domain.mailgun.com + resources: + - webhooks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - domain.mailgun.com + resources: + - webhooks/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + name: mailgun-domain-webhook-viewer-role +rules: +- apiGroups: + - domain.mailgun.com + resources: + - webhooks + verbs: + - get + - list + - watch +- apiGroups: + - domain.mailgun.com + resources: + - webhooks/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: mailgun-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - domain.mailgun.com + resources: + - domains + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - domain.mailgun.com + resources: + - domains/finalizers + - routes/finalizers + verbs: + - update +- apiGroups: + - domain.mailgun.com + resources: + - domains/status + - routes/status + verbs: + - get + - patch + - update +- apiGroups: + - externaldns.k8s.io + resources: + - dnsendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: mailgun-metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: mailgun-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + name: mailgun-leader-election-rolebinding + namespace: mailgun-operator-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: mailgun-leader-election-role +subjects: +- kind: ServiceAccount + name: mailgun-controller-manager + namespace: mailgun-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + name: mailgun-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mailgun-manager-role +subjects: +- kind: ServiceAccount + name: mailgun-controller-manager + namespace: mailgun-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: mailgun-metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mailgun-metrics-auth-role +subjects: +- kind: ServiceAccount + name: mailgun-controller-manager + namespace: mailgun-operator-system +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + name: mailgun-controller-manager-config + namespace: mailgun-operator-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + control-plane: controller-manager + name: mailgun-controller-manager-metrics-service + namespace: mailgun-operator-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mailgun-operator + control-plane: controller-manager + name: mailgun-controller-manager + namespace: mailgun-operator-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-bind-address=:8443 + - --leader-elect + - --health-probe-bind-address=:8081 + - --config-map-name=mailgun-controller-manager-config + - --zap-log-level=1 + - --secret-name=mailgun-controller-manager-config + command: + - /manager + env: + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/amoniacou/mailgun-operator:1.4.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: mailgun-controller-manager + terminationGracePeriodSeconds: 10