Fix resources isues 5

infrastructure/platform/mail/mailu-helm/dev/values.yaml

@@ -1,34 +1,19 @@
 # Development-tuned Mailu configuration
 global:
-  # Using Unbound DNS for DNSSEC validation (required by Mailu admin)
-  # This value is dynamically set via --set during helm install:
-  #   UNBOUND_IP=$(kubectl get svc unbound-dns -n bakery-ia -o jsonpath='{.spec.clusterIP}')
-  #   helm upgrade --install mailu ... --set global.custom_dns_servers="$UNBOUND_IP"
-  # Default fallback to Kubernetes DNS (will be overridden by --set)
-  custom_dns_servers: "10.96.0.10"  # Override with Unbound IP via --set
+  # Using Kubernetes CoreDNS for DNS resolution
+  # CoreDNS is configured with DNS-over-TLS (Cloudflare) for DNSSEC validation
+  # Default to Kubernetes DNS IP (will be overridden dynamically if needed)
+  custom_dns_servers: "10.96.0.10"  # Kubernetes DNS IP
 
 # Redis configuration - use built-in Mailu Redis (no authentication needed)
 externalRedis:
   enabled: false
 
-# Component-specific DNS configuration
-# Admin requires DNSSEC validation - use Unbound DNS (forwards cluster.local to kube-dns)
-# NOTE: dnsConfig.nameservers is dynamically set via --set during helm install
+# DNS configuration - use Kubernetes DNS (ClusterFirst)
+# CoreDNS provides DNSSEC validation via DNS-over-TLS to Cloudflare
 admin:
-  dnsPolicy: "None"
-  dnsConfig:
-    nameservers:
-      - "10.96.0.10"   # Override with Unbound IP via --set admin.dnsConfig.nameservers[0]
-    searches:
-      - "bakery-ia.svc.cluster.local"
-      - "svc.cluster.local"
-      - "cluster.local"
-    options:
-      - name: ndots
-        value: "5"
+  dnsPolicy: "ClusterFirst"
 
-# RSPAMD needs Unbound for DNSSEC validation (DKIM/SPF/DMARC checks)
-# Using ClusterFirst with search domains + Kubernetes DNS which can forward to Unbound
 rspamd:
   dnsPolicy: "ClusterFirst"