bakery-ia/mailu-values-fixed.yaml

# Mailu Helm values with fixes for development environment

# Domain configuration
domain: bakery-ia.local
hostnames:
  - mail.bakery-ia.local

# Mailu version
mailuVersion: "2024.06"
secretKey: "cb61b934d47029a64117c0e4110c93f66bbcf5eaa15c84c42727fad78f7"

# Timezone
timezone: "Etc/UTC"

# Postmaster configuration
postmaster: "admin"

# TLS configuration
tls:
  flavor: "notls"  # Since we're using ingress for TLS

# Limits configuration
limits:
  messageSizeLimitInMegabytes: 50
  authRatelimit:
    ip: "60/hour"
    user: "100/day"
  messageRatelimit:
    value: "200/day"

# External relay configuration (Mailgun)
externalRelay:
  host: "[smtp.mailgun.org]:587"
  username: "postmaster@bakery-ia.local"
  password: "mailgun-api-key-replace-in-production"

# Webmail configuration
webmail:
  enabled: true
  flavor: "roundcube"

# Antivirus and antispam configuration
antivirus:
  enabled: false  # Disabled in dev to save resources
antispam:
  enabled: true
  flavor: "rspamd"

# Welcome message
welcomeMessage:
  enabled: false  # Disabled during development

# Logging
logLevel: "DEBUG"

# Network configuration
subnet: "10.42.0.0/16"

# Use internal database instead of external
externalDatabase:
  enabled: false

# PostgreSQL configuration (internal)
postgresql:
  enabled: true
  architecture: standalone
  auth:
    enablePostgresUser: true
    postgresPassword: "strong-postgres-password"
    username: "mailu"
    password: "mailu-db-password"
    database: "mailu"
  
  primary:
    persistence:
      enabled: true
      size: 8Gi
      storageClass: "standard"

# Use internal Redis instead of external
externalRedis:
  enabled: false

# Redis configuration (internal)
redis:
  enabled: true
  architecture: standalone
  auth:
    enabled: false  # Disable authentication for internal use
  
  master:
    persistence:
      enabled: true
      size: 1Gi
      storageClass: "standard"

# Persistence configuration
persistence:
  single_pvc: true
  size: 10Gi
  storageClass: ""
  accessModes: [ReadWriteOnce]

# Ingress configuration - disabled to use with existing ingress
ingress:
  enabled: false  # Disable chart's Ingress; use existing one
  tls: false      # Disable TLS in chart since ingress handles it
  tlsFlavorOverride: notls  # No TLS on internal NGINX; expect external proxy to handle TLS
  realIpHeader: X-Forwarded-For  # Header for client IP from your Ingress
  realIpFrom: 0.0.0.0/0  # Trust all proxies (restrict to your Ingress pod CIDR for security)
  path: /
  pathType: ImplementationSpecific

  # Optional: Enable PROXY protocol for mail protocols if your Ingress supports TCP proxying
  proxyProtocol:
    smtp: false
    smtps: false
    submission: false
    imap: false
    imaps: false
    pop3: false
    pop3s: false
    manageSieve: false

# Front configuration
front:
  image:
    tag: "2024.06"
  replicaCount: 1
  service:
    type: ClusterIP
    ports:
      http: 80
      https: 443
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits:
      cpu: 200m
      memory: 256Mi

# Admin configuration - with DNSSEC workaround
admin:
  image:
    tag: "2024.06"
  replicaCount: 1
  service:
    type: ClusterIP
    port: 80
  resources:
    requests:
      cpu: 100m
      memory: 256Mi
    limits:
      cpu: 300m
      memory: 512Mi
  # Add environment variables to disable DNSSEC validation
  extraEnvVars:
    - name: "FLASK_SKIP_DNSSEC_VALIDATION"
      value: "true"

# Postfix configuration
postfix:
  image:
    tag: "2024.06"
  replicaCount: 1
  service:
    type: ClusterIP
    ports:
      smtp: 25
      submission: 587
  resources:
    requests:
      cpu: 100m
      memory: 256Mi
    limits:
      cpu: 500m
      memory: 512Mi

# Dovecot configuration
dovecot:
  image:
    tag: "2024.06"
  replicaCount: 1
  service:
    type: ClusterIP
    ports:
      imap: 143
      imaps: 993
  resources:
    requests:
      cpu: 100m
      memory: 256Mi
    limits:
      cpu: 500m
      memory: 512Mi

# Rspamd configuration
rspamd:
  image:
    tag: "2024.06"
  replicaCount: 1
  service:
    type: ClusterIP
    ports:
      rspamd: 11333
      rspamd-admin: 11334
  resources:
    requests:
      cpu: 200m
      memory: 512Mi
    limits:
      cpu: 1000m
      memory: 1Gi

# Network Policy
networkPolicy:
  enabled: true
  ingressController:
    namespace: ingress-nginx
    podSelector: |
      matchLabels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/component: controller
  monitoring:
    namespace: monitoring
    podSelector: |
      matchLabels:
        app: signoz-prometheus
Add new infra architecture 3 2026-01-19 13:57:50 +01:00			`# Mailu Helm values with fixes for development environment`

			`# Domain configuration`
			`domain: bakery-ia.local`
			`hostnames:`
			`- mail.bakery-ia.local`

			`# Mailu version`
			`mailuVersion: "2024.06"`
			`secretKey: "cb61b934d47029a64117c0e4110c93f66bbcf5eaa15c84c42727fad78f7"`

			`# Timezone`
			`timezone: "Etc/UTC"`

			`# Postmaster configuration`
			`postmaster: "admin"`

			`# TLS configuration`
			`tls:`
			`flavor: "notls" # Since we're using ingress for TLS`

			`# Limits configuration`
			`limits:`
			`messageSizeLimitInMegabytes: 50`
			`authRatelimit:`
			`ip: "60/hour"`
			`user: "100/day"`
			`messageRatelimit:`
			`value: "200/day"`

			`# External relay configuration (Mailgun)`
			`externalRelay:`
			`host: "[smtp.mailgun.org]:587"`
			`username: "postmaster@bakery-ia.local"`
			`password: "mailgun-api-key-replace-in-production"`

			`# Webmail configuration`
			`webmail:`
			`enabled: true`
			`flavor: "roundcube"`

			`# Antivirus and antispam configuration`
			`antivirus:`
			`enabled: false # Disabled in dev to save resources`
			`antispam:`
			`enabled: true`
			`flavor: "rspamd"`

			`# Welcome message`
			`welcomeMessage:`
			`enabled: false # Disabled during development`

			`# Logging`
			`logLevel: "DEBUG"`

			`# Network configuration`
			`subnet: "10.42.0.0/16"`

			`# Use internal database instead of external`
			`externalDatabase:`
			`enabled: false`

			`# PostgreSQL configuration (internal)`
			`postgresql:`
			`enabled: true`
			`architecture: standalone`
			`auth:`
			`enablePostgresUser: true`
			`postgresPassword: "strong-postgres-password"`
			`username: "mailu"`
			`password: "mailu-db-password"`
			`database: "mailu"`

			`primary:`
			`persistence:`
			`enabled: true`
			`size: 8Gi`
			`storageClass: "standard"`

			`# Use internal Redis instead of external`
			`externalRedis:`
			`enabled: false`

			`# Redis configuration (internal)`
			`redis:`
			`enabled: true`
			`architecture: standalone`
			`auth:`
			`enabled: false # Disable authentication for internal use`

			`master:`
			`persistence:`
			`enabled: true`
			`size: 1Gi`
			`storageClass: "standard"`

			`# Persistence configuration`
			`persistence:`
			`single_pvc: true`
			`size: 10Gi`
			`storageClass: ""`
			`accessModes: [ReadWriteOnce]`

			`# Ingress configuration - disabled to use with existing ingress`
			`ingress:`
			`enabled: false # Disable chart's Ingress; use existing one`
			`tls: false # Disable TLS in chart since ingress handles it`
			`tlsFlavorOverride: notls # No TLS on internal NGINX; expect external proxy to handle TLS`
			`realIpHeader: X-Forwarded-For # Header for client IP from your Ingress`
			`realIpFrom: 0.0.0.0/0 # Trust all proxies (restrict to your Ingress pod CIDR for security)`
			`path: /`
			`pathType: ImplementationSpecific`

			`# Optional: Enable PROXY protocol for mail protocols if your Ingress supports TCP proxying`
			`proxyProtocol:`
			`smtp: false`
			`smtps: false`
			`submission: false`
			`imap: false`
			`imaps: false`
			`pop3: false`
			`pop3s: false`
			`manageSieve: false`

			`# Front configuration`
			`front:`
			`image:`
			`tag: "2024.06"`
			`replicaCount: 1`
			`service:`
			`type: ClusterIP`
			`ports:`
			`http: 80`
			`https: 443`
			`resources:`
			`requests:`
			`cpu: 100m`
			`memory: 128Mi`
			`limits:`
			`cpu: 200m`
			`memory: 256Mi`

			`# Admin configuration - with DNSSEC workaround`
			`admin:`
			`image:`
			`tag: "2024.06"`
			`replicaCount: 1`
			`service:`
			`type: ClusterIP`
			`port: 80`
			`resources:`
			`requests:`
			`cpu: 100m`
			`memory: 256Mi`
			`limits:`
			`cpu: 300m`
			`memory: 512Mi`
			`# Add environment variables to disable DNSSEC validation`
			`extraEnvVars:`
			`- name: "FLASK_SKIP_DNSSEC_VALIDATION"`
			`value: "true"`

			`# Postfix configuration`
			`postfix:`
			`image:`
			`tag: "2024.06"`
			`replicaCount: 1`
			`service:`
			`type: ClusterIP`
			`ports:`
			`smtp: 25`
			`submission: 587`
			`resources:`
			`requests:`
			`cpu: 100m`
			`memory: 256Mi`
			`limits:`
			`cpu: 500m`
			`memory: 512Mi`

			`# Dovecot configuration`
			`dovecot:`
			`image:`
			`tag: "2024.06"`
			`replicaCount: 1`
			`service:`
			`type: ClusterIP`
			`ports:`
			`imap: 143`
			`imaps: 993`
			`resources:`
			`requests:`
			`cpu: 100m`
			`memory: 256Mi`
			`limits:`
			`cpu: 500m`
			`memory: 512Mi`

			`# Rspamd configuration`
			`rspamd:`
			`image:`
			`tag: "2024.06"`
			`replicaCount: 1`
			`service:`
			`type: ClusterIP`
			`ports:`
			`rspamd: 11333`
			`rspamd-admin: 11334`
			`resources:`
			`requests:`
			`cpu: 200m`
			`memory: 512Mi`
			`limits:`
			`cpu: 1000m`
			`memory: 1Gi`

			`# Network Policy`
			`networkPolicy:`
			`enabled: true`
			`ingressController:`
			`namespace: ingress-nginx`
			`podSelector: \|`
			`matchLabels:`
			`app.kubernetes.io/name: ingress-nginx`
			`app.kubernetes.io/instance: ingress-nginx`
			`app.kubernetes.io/component: controller`
			`monitoring:`
			`namespace: monitoring`
			`podSelector: \|`
			`matchLabels:`
			`app: signoz-prometheus`