Add new infra architecture 3

2026-01-19 13:57:50 +01:00
parent 8461226a97
commit 9edcc8c231
110 changed files with 2568 additions and 4636 deletions
--- a/mailu-values-corrected.yaml
+++ b/mailu-values-corrected.yaml
@@ -0,0 +1,208 @@
+# Corrected Mailu Helm values to work with existing infrastructure
+
+# Domain configuration
+domain: bakery-ia.local
+hostnames:
+  - mail.bakery-ia.local
+
+# Mailu version
+mailuVersion: "2024.06"
+secretKey: "cb61b934d47029a64117c0e4110c93f66bbcf5eaa15c84c42727fad78f7"
+
+# Timezone
+timezone: "Etc/UTC"
+
+# Postmaster configuration
+postmaster: "admin"
+
+# TLS configuration
+tls:
+  flavor: "notls"  # Since we're using ingress for TLS
+
+# Limits configuration
+limits:
+  messageSizeLimitInMegabytes: 50
+  authRatelimit:
+    ip: "60/hour"
+    user: "100/day"
+  messageRatelimit:
+    value: "200/day"
+
+# External relay configuration (Mailgun)
+externalRelay:
+  host: "[smtp.mailgun.org]:587"
+  username: "postmaster@bakery-ia.local"
+  password: "mailgun-api-key-replace-in-production"
+
+# Webmail configuration
+webmail:
+  enabled: true
+  flavor: "roundcube"
+
+# Antivirus and antispam configuration
+antivirus:
+  enabled: false  # Disabled in dev to save resources
+antispam:
+  enabled: true
+  flavor: "rspamd"
+
+# Welcome message
+welcomeMessage:
+  enabled: false  # Disabled during development
+
+# Logging
+logLevel: "DEBUG"
+
+# Network configuration
+subnet: "10.42.0.0/16"
+
+# Redis configuration - using external Redis (shared cluster Redis)
+externalRedis:
+  enabled: true
+  host: "redis-service"  # Using the service name in the same namespace
+  port: 6380  # Using plain TCP port for internal cluster communication
+  adminQuotaDbId: 15
+  adminRateLimitDbId: 15
+  rspamdDbId: 15
+
+# Database configuration - using existing PostgreSQL service
+externalDatabase:
+  enabled: true
+  type: "postgresql"
+  host: "auth-db-service"  # Using an existing PostgreSQL service in the namespace
+  port: 5432
+  database: "mailu"  # This database needs to be created manually
+  username: "mailu"
+  password: "E8Kz47YmVzDlHGs1M9wAbJzxcKnGONCT"
+
+# Persistence configuration
+persistence:
+  single_pvc: true
+  size: 10Gi
+  storageClass: ""
+  accessModes: [ReadWriteOnce]
+
+# Ingress configuration - disabled to use with existing ingress
+ingress:
+  enabled: false  # Disable chart's Ingress; use existing one
+  tls: false      # Disable TLS in chart since ingress handles it
+  tlsFlavorOverride: notls  # No TLS on internal NGINX; expect external proxy to handle TLS
+  realIpHeader: X-Forwarded-For  # Header for client IP from your Ingress
+  realIpFrom: 0.0.0.0/0  # Trust all proxies (restrict to your Ingress pod CIDR for security)
+  path: /
+  pathType: ImplementationSpecific
+
+  # Optional: Enable PROXY protocol for mail protocols if your Ingress supports TCP proxying
+  proxyProtocol:
+    smtp: false
+    smtps: false
+    submission: false
+    imap: false
+    imaps: false
+    pop3: false
+    pop3s: false
+    manageSieve: false
+
+# Front configuration
+front:
+  image:
+    tag: "2024.06"
+  replicaCount: 1
+  service:
+    type: ClusterIP
+    ports:
+      http: 80
+      https: 443
+  resources:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 200m
+      memory: 256Mi
+
+# Admin configuration
+admin:
+  image:
+    tag: "2024.06"
+  replicaCount: 1
+  service:
+    type: ClusterIP
+    port: 80
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 300m
+      memory: 512Mi
+
+# Postfix configuration
+postfix:
+  image:
+    tag: "2024.06"
+  replicaCount: 1
+  service:
+    type: ClusterIP
+    ports:
+      smtp: 25
+      submission: 587
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 500m
+      memory: 512Mi
+
+# Dovecot configuration
+dovecot:
+  image:
+    tag: "2024.06"
+  replicaCount: 1
+  service:
+    type: ClusterIP
+    ports:
+      imap: 143
+      imaps: 993
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 500m
+      memory: 512Mi
+
+# Rspamd configuration
+rspamd:
+  image:
+    tag: "2024.06"
+  replicaCount: 1
+  service:
+    type: ClusterIP
+    ports:
+      rspamd: 11333
+      rspamd-admin: 11334
+  resources:
+    requests:
+      cpu: 200m
+      memory: 512Mi
+    limits:
+      cpu: 1000m
+      memory: 1Gi
+
+# Network Policy
+networkPolicy:
+  enabled: true
+  ingressController:
+    namespace: ingress-nginx
+    podSelector: |
+      matchLabels:
+        app.kubernetes.io/name: ingress-nginx
+        app.kubernetes.io/instance: ingress-nginx
+        app.kubernetes.io/component: controller
+  monitoring:
+    namespace: monitoring
+    podSelector: |
+      matchLabels:
+        app: signoz-prometheus