Add new infra architecture 5

infrastructure/platform/mail/mailu-helm/prod/values.yaml

@@ -1,5 +1,20 @@
-# Production-specific Mailu Helm values for Bakery-IA
-# Overrides base configuration for production environment
+# Production-tuned Mailu configuration
+global:
+  # Use the unbound service IP - will be replaced during deployment
+  custom_dns_servers: "unbound-dns.bakery-ia.svc.cluster.local"  # Using service DNS name instead of IP
+
+# Component-specific DNS configuration
+admin:
+  dnsPolicy: "None"
+  dnsConfig:
+    nameservers:
+      - "unbound-dns.bakery-ia.svc.cluster.local"  # Using service DNS name instead of IP
+
+rspamd:
+  dnsPolicy: "None"
+  dnsConfig:
+    nameservers:
+      - "unbound-dns.bakery-ia.svc.cluster.local"  # Using service DNS name instead of IP
 
 # Domain configuration for production
 domain: "bakewise.ai"
@@ -12,6 +27,63 @@ externalRelay:
   username: "postmaster@bakewise.ai"
   password: "PRODUCTION_MAILGUN_API_KEY"  # This should be set via secret
 
+# Environment-specific configurations
+persistence:
+  enabled: true
+  # Production: use microk8s-hostpath or longhorn
+  storageClass: "longhorn"  # Assuming Longhorn is available in production
+  size: "20Gi"  # Larger storage for production email volume
+
+# Resource allocations for production
+resources:
+  admin:
+    requests:
+      cpu: "200m"
+      memory: "256Mi"
+    limits:
+      cpu: "1"
+      memory: "512Mi"
+  front:
+    requests:
+      cpu: "100m"
+      memory: "128Mi"
+    limits:
+      cpu: "500m"
+      memory: "256Mi"
+  postfix:
+    requests:
+      cpu: "200m"
+      memory: "256Mi"
+    limits:
+      cpu: "1"
+      memory: "512Mi"
+  dovecot:
+    requests:
+      cpu: "200m"
+      memory: "256Mi"
+    limits:
+      cpu: "1"
+      memory: "512Mi"
+  rspamd:
+    requests:
+      cpu: "100m"
+      memory: "128Mi"
+    limits:
+      cpu: "500m"
+      memory: "256Mi"
+  clamav:
+    requests:
+      cpu: "200m"
+      memory: "512Mi"
+    limits:
+      cpu: "1"
+      memory: "1Gi"
+
+replicaCount: 1  # Can be increased in production as needed
+
+# Security settings
+secretKey: "generate-strong-key-here-for-production"
+
 # Ingress configuration for production - disabled to use with existing ingress
 ingress:
   enabled: false  # Disable chart's Ingress; use existing one
@@ -40,7 +112,24 @@ antivirus:
   enabled: true
   flavor: "clamav"
 
-# Network Policy for production
+# Production-specific settings
+env:
+  DEBUG: "false"
+  LOG_LEVEL: "WARNING"
+  TLS_FLAVOR: "cert"
+  REDIS_PASSWORD: "secure-redis-password"
+
+# Enable monitoring in production
+monitoring:
+  enabled: true
+
+# Production-specific security settings
+securityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  fsGroup: 1000
+
+# Network policies for production
 networkPolicy:
   enabled: true
   ingressController: