Add new infra architecture 5

2026-01-19 15:15:04 +01:00
parent e96405b828
commit b78399da2c
84 changed files with 1027 additions and 2125 deletions
--- a/infrastructure/platform/mail/mailu-helm/values.yaml
+++ b/infrastructure/platform/mail/mailu-helm/values.yaml
@@ -1,6 +1,11 @@
 # Base Mailu Helm values for Bakery-IA
 # Preserves critical configurations from the original Kustomize setup

+# Global DNS configuration for DNSSEC validation
+global:
+  # This will be replaced with the actual Unbound service IP during deployment
+  custom_dns_servers: "unbound-dns.bakery-ia.svc.cluster.local"  # Using service DNS name instead of IP
+
 # Domain configuration
 domain: "DOMAIN_PLACEHOLDER"
 hostnames:
@@ -203,4 +208,18 @@ networkPolicy:
      matchLabels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/instance: ingress-nginx
-        app.kubernetes.io/component: controller
+        app.kubernetes.io/component: controller
+
+# DNS Policy Configuration for DNSSEC validation
+# These settings ensure Mailu components use the Unbound DNS resolver
+dnsPolicy: "None"
+dnsConfig:
+  nameservers:
+    - "unbound-dns.bakery-ia.svc.cluster.local"  # Points to the Unbound service in the bakery-ia namespace
+  options:
+    - name: ndots
+      value: "5"
+    - name: timeout
+      value: "5"
+    - name: attempts
+      value: "3"