bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix resources isues 22

Browse Source
This commit is contained in:
Bakery Admin
2026-01-22 21:04:26 +01:00
parent ea48f52173
commit 6fdfff6488
4 changed files with 53 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
infrastructure/cicd/tekton-helm/templates/task-kaniko-build.yaml
View File

@@ -53,7 +53,7 @@ spec:
- name: DOCKER_CONFIG - name: DOCKER_CONFIG
value: /tekton/home/.docker value: /tekton/home/.docker
script: | script: |
#!/bin/bash #!/busybox/sh
set -e set -e
echo "===================================================================" echo "==================================================================="
@@ -65,13 +65,13 @@ spec:
echo "Git Revision: $(params.git-revision)" echo "Git Revision: $(params.git-revision)"
echo "===================================================================" echo "==================================================================="
# Split services parameter by comma # Split services parameter by comma using POSIX-compatible method
IFS=',' read -ra SERVICES <<< "$(params.services)" SERVICES="$(params.services)"
# Build each service # Build each service - iterate using tr to convert commas to newlines
for service in "${SERVICES[@]}"; do echo "$SERVICES" | tr ',' '\n' | while read service; do
service=$(echo "$service" | xargs) # Trim whitespace service=$(echo "$service" | tr -d ' ') # Trim whitespace
if [ -n "$service" ] && [ "$service" != "none" ]; then if [ -n "$service" ] && [ "$service" != "none" ] && [ "$service" != "infrastructure" ] && [ "$service" != "shared" ]; then
echo "" echo ""
echo "Building service: $service" echo "Building service: $service"
echo "-------------------------------------------------------------------" echo "-------------------------------------------------------------------"

8
infrastructure/cicd/tekton-helm/templates/task-run-tests.yaml
View File

@@ -35,9 +35,9 @@ spec:
type: RuntimeDefault type: RuntimeDefault
workingDir: $(workspaces.source.path) workingDir: $(workspaces.source.path)
script: | script: |
#!/bin/bash #!/bin/sh
set -e set -e
echo "============================================" echo "============================================"
echo "Running Unit Tests" echo "Running Unit Tests"
echo "Services: $(params.services)" echo "Services: $(params.services)"
@@ -78,9 +78,9 @@ spec:
type: RuntimeDefault type: RuntimeDefault
workingDir: $(workspaces.source.path) workingDir: $(workspaces.source.path)
script: | script: |
#!/bin/bash #!/bin/sh
set -e set -e
echo "============================================" echo "============================================"
echo "Running Integration Tests" echo "Running Integration Tests"
echo "Services: $(params.services)" echo "Services: $(params.services)"

43
infrastructure/platform/mail/mailu-helm/prod/mailu-ingress.yaml
View File

@@ -9,29 +9,46 @@ metadata:
environment: production environment: production
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-production cert-manager.io/cluster-issuer: letsencrypt-production
# Proxy settings for large attachments and long connections
nginx.ingress.kubernetes.io/proxy-body-size: "100m" nginx.ingress.kubernetes.io/proxy-body-size: "100m"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
# SSL redirect
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true"
# CRITICAL: Headers for Mailu compatibility to fix webmail redirect loop # CRITICAL: Disable proxy buffering for webmail streaming/long-polling
# This prevents the "stuck loading" issue with Roundcube webmail
# Reference: https://github.com/Mailu/Mailu/issues/2850
nginx.ingress.kubernetes.io/proxy-buffering: "off"
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
# WebSocket support for webmail real-time features
nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
nginx.ingress.kubernetes.io/upstream-hash-by: "$remote_addr"
# CRITICAL: Configuration snippet for Mailu header handling
# Fixes redirect loops by ensuring Mailu sees the correct protocol
# Reference: https://mailu.io/2.0/reverse.html
nginx.ingress.kubernetes.io/configuration-snippet: | nginx.ingress.kubernetes.io/configuration-snippet: |
# Set proper headers for Mailu # CRITICAL: Force X-Forwarded-Proto to https to prevent redirect loops
more_set_headers "X-Forwarded-Proto $scheme"; # Mailu's internal nginx checks this header to decide if redirect is needed
more_set_headers "X-Forwarded-Port $server_port"; proxy_set_header X-Forwarded-Proto https;
more_set_headers "X-Original-Forwarded-For $http_x_forwarded_for"; proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Ssl on;
# Handle redirects properly to prevent loops for webmail # Real IP headers for Mailu logging and rate limiting
proxy_redirect https://$host https://$host;
proxy_redirect http://$host https://$host;
# Ensure proper host header
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Additional proxy settings for Mailu # Fix redirects from Mailu internal services (admin, webmail)
nginx.ingress.kubernetes.io/proxy-set-headers: "X-Forwarded-Proto https" # Don't add trailing slash to prevent 404 on redirects
proxy_redirect http://localhost https://$host;
proxy_redirect https://localhost https://$host;
proxy_redirect http://$host https://$host;
# Disable buffering for streaming responses (webmail)
proxy_buffering off;
proxy_cache off;
spec: spec:
ingressClassName: nginx ingressClassName: nginx
tls: tls:

18
infrastructure/platform/mail/mailu-helm/prod/values.yaml
View File

@@ -103,18 +103,24 @@ replicaCount: 1 # Can be increased in production as needed
secretKey: "generate-strong-key-here-for-production" secretKey: "generate-strong-key-here-for-production"
# Ingress configuration for production - disabled to use with existing ingress # Ingress configuration for production - disabled to use with existing ingress
# External nginx-ingress handles TLS termination and proxies to Mailu front
ingress: ingress:
enabled: false # Disable chart's Ingress; use existing one enabled: false # Disable chart's Ingress; use existing mailu-ingress.yaml
tls: false # Disable TLS in chart since ingress handles it tls: false # Disable TLS in chart since ingress handles it
tlsFlavorOverride: notls # No TLS on internal NGINX; expect external proxy to handle TLS tlsFlavorOverride: notls # No TLS on internal NGINX; external ingress handles TLS
realIpHeader: X-Forwarded-For # Header for client IP from your Ingress # CRITICAL: Real IP header configuration for proper client IP detection
realIpFrom: 0.0.0.0/0 # Trust all proxies (restrict to your Ingress pod CIDR for security) # This must match the header set by nginx-ingress (X-Real-IP)
# Reference: https://mailu.io/2.0/reverse.html
realIpHeader: X-Real-IP
realIpFrom: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" # Trust cluster pod CIDRs
path: / path: /
pathType: ImplementationSpecific pathType: ImplementationSpecific
# TLS flavor for production (uses Let's Encrypt) # TLS flavor for production
# "notls" because external ingress handles TLS termination
# The ingress sends X-Forwarded-Proto: https to tell Mailu the original protocol
tls: tls:
flavor: "cert" flavor: "notls"
# Welcome message (enabled in production) # Welcome message (enabled in production)
welcomeMessage: welcomeMessage: