bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add new infra architecture 5

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-19 15:15:04 +01:00
parent e96405b828
commit b78399da2c
84 changed files with 1027 additions and 2125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
infrastructure/platform/mail/mailu-helm/dev/values.yaml
View File

@@ -1,5 +1,20 @@
# Dev-specific Mailu Helm values for Bakery-IA
# Overrides base configuration for development environment
# Development-tuned Mailu configuration
global:
# Use the unbound service IP - will be replaced during deployment
custom_dns_servers: "unbound-dns.bakery-ia.svc.cluster.local" # Using service DNS name instead of IP
# Component-specific DNS configuration
admin:
dnsPolicy: "None"
dnsConfig:
nameservers:
- "unbound-dns.bakery-ia.svc.cluster.local" # Using service DNS name instead of IP
rspamd:
dnsPolicy: "None"
dnsConfig:
nameservers:
- "unbound-dns.bakery-ia.svc.cluster.local" # Using service DNS name instead of IP
# Domain configuration for dev
domain: "bakery-ia.local"
@@ -12,7 +27,64 @@ externalRelay:
username: "postmaster@bakery-ia.local"
password: "mailgun-api-key-replace-in-production"
# Ingress configuration for dev - disabled to use with existing ingress
# Environment-specific configurations
persistence:
enabled: true
# Development: use default storage class
storageClass: "standard"
size: "5Gi"
# Resource optimizations for development
resources:
admin:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "256Mi"
front:
requests:
cpu: "50m"
memory: "64Mi"
limits:
cpu: "200m"
memory: "128Mi"
postfix:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "300m"
memory: "256Mi"
dovecot:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "300m"
memory: "256Mi"
rspamd:
requests:
cpu: "50m"
memory: "64Mi"
limits:
cpu: "200m"
memory: "128Mi"
clamav:
requests:
cpu: "100m"
memory: "256Mi"
limits:
cpu: "300m"
memory: "512Mi"
replicaCount: 1 # Single replica for development
# Security settings
secretKey: "generate-strong-key-here-for-development"
# Ingress configuration for development - disabled to use with existing ingress
ingress:
enabled: false # Disable chart's Ingress; use existing one
tls: false # Disable TLS in chart since ingress handles it
@@ -33,6 +105,15 @@ welcomeMessage:
# Log level for dev
logLevel: "DEBUG"
# Development-specific overrides
env:
DEBUG: "true"
LOG_LEVEL: "INFO"
# Disable or simplify monitoring in development
monitoring:
enabled: false
# Network Policy for dev
networkPolicy:
enabled: true

95
infrastructure/platform/mail/mailu-helm/prod/values.yaml
View File

@@ -1,5 +1,20 @@
# Production-specific Mailu Helm values for Bakery-IA
# Overrides base configuration for production environment
# Production-tuned Mailu configuration
global:
# Use the unbound service IP - will be replaced during deployment
custom_dns_servers: "unbound-dns.bakery-ia.svc.cluster.local" # Using service DNS name instead of IP
# Component-specific DNS configuration
admin:
dnsPolicy: "None"
dnsConfig:
nameservers:
- "unbound-dns.bakery-ia.svc.cluster.local" # Using service DNS name instead of IP
rspamd:
dnsPolicy: "None"
dnsConfig:
nameservers:
- "unbound-dns.bakery-ia.svc.cluster.local" # Using service DNS name instead of IP
# Domain configuration for production
domain: "bakewise.ai"
@@ -12,6 +27,63 @@ externalRelay:
username: "postmaster@bakewise.ai"
password: "PRODUCTION_MAILGUN_API_KEY" # This should be set via secret
# Environment-specific configurations
persistence:
enabled: true
# Production: use microk8s-hostpath or longhorn
storageClass: "longhorn" # Assuming Longhorn is available in production
size: "20Gi" # Larger storage for production email volume
# Resource allocations for production
resources:
admin:
requests:
cpu: "200m"
memory: "256Mi"
limits:
cpu: "1"
memory: "512Mi"
front:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "256Mi"
postfix:
requests:
cpu: "200m"
memory: "256Mi"
limits:
cpu: "1"
memory: "512Mi"
dovecot:
requests:
cpu: "200m"
memory: "256Mi"
limits:
cpu: "1"
memory: "512Mi"
rspamd:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "256Mi"
clamav:
requests:
cpu: "200m"
memory: "512Mi"
limits:
cpu: "1"
memory: "1Gi"
replicaCount: 1 # Can be increased in production as needed
# Security settings
secretKey: "generate-strong-key-here-for-production"
# Ingress configuration for production - disabled to use with existing ingress
ingress:
enabled: false # Disable chart's Ingress; use existing one
@@ -40,7 +112,24 @@ antivirus:
enabled: true
flavor: "clamav"
# Network Policy for production
# Production-specific settings
env:
DEBUG: "false"
LOG_LEVEL: "WARNING"
TLS_FLAVOR: "cert"
REDIS_PASSWORD: "secure-redis-password"
# Enable monitoring in production
monitoring:
enabled: true
# Production-specific security settings
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
# Network policies for production
networkPolicy:
enabled: true
ingressController:

21
infrastructure/platform/mail/mailu-helm/values.yaml
View File

@@ -1,6 +1,11 @@
# Base Mailu Helm values for Bakery-IA
# Preserves critical configurations from the original Kustomize setup
# Global DNS configuration for DNSSEC validation
global:
# This will be replaced with the actual Unbound service IP during deployment
custom_dns_servers: "unbound-dns.bakery-ia.svc.cluster.local" # Using service DNS name instead of IP
# Domain configuration
domain: "DOMAIN_PLACEHOLDER"
hostnames:
@@ -203,4 +208,18 @@ networkPolicy:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
app.kubernetes.io/component: controller
# DNS Policy Configuration for DNSSEC validation
# These settings ensure Mailu components use the Unbound DNS resolver
dnsPolicy: "None"
dnsConfig:
nameservers:
- "unbound-dns.bakery-ia.svc.cluster.local" # Points to the Unbound service in the bakery-ia namespace
options:
- name: ndots
value: "5"
- name: timeout
value: "5"
- name: attempts
value: "3"