# Base Mailu Helm values for Bakery-IA # Preserves critical configurations from the original Kustomize setup # Domain configuration domain: "DOMAIN_PLACEHOLDER" hostnames: - "mail.DOMAIN_PLACEHOLDER" # Mailu version to match the original setup mailuVersion: "2024.06" # Secret key for authentication cookies secretKey: "cb61b934d47029a64117c0e4110c93f66bbcf5eaa15c84c42727fad78f7" # Timezone timezone: "Etc/UTC" # Postmaster configuration postmaster: "admin" # TLS configuration tls: flavor: "cert" # Limits configuration limits: messageSizeLimitInMegabytes: 50 authRatelimit: ip: "60/hour" user: "100/day" messageRatelimit: value: "200/day" # External relay configuration (Mailgun) externalRelay: host: "[smtp.mailgun.org]:587" username: "postmaster@DOMAIN_PLACEHOLDER" password: "mailgun-api-key-replace-in-production" # Webmail configuration webmail: enabled: true flavor: "roundcube" # Antivirus and antispam configuration antivirus: enabled: false # Disabled in dev to save resources antispam: enabled: true flavor: "rspamd" # Welcome message welcomeMessage: enabled: false # Disabled during development # Logging logLevel: "INFO" # Network configuration subnet: "10.42.0.0/16" # Redis configuration - using external Redis (shared cluster Redis) externalRedis: enabled: true host: "redis-service.bakery-ia.svc.cluster.local" port: 6380 adminQuotaDbId: 15 adminRateLimitDbId: 15 rspamdDbId: 15 # Database configuration - using external database externalDatabase: enabled: true type: "postgresql" host: "postgres-service.bakery-ia.svc.cluster.local" port: 5432 database: "mailu" username: "mailu" password: "E8Kz47YmVzDlHGs1M9wAbJzxcKnGONCT" # Persistence configuration persistence: single_pvc: true size: 10Gi storageClass: "" accessModes: [ReadWriteOnce] # Ingress configuration - disabled to use with existing ingress ingress: enabled: false # Disable chart's Ingress; use existing one tls: false # Disable TLS in chart since ingress handles it tlsFlavorOverride: notls # No TLS on internal NGINX; expect external proxy to handle TLS realIpHeader: X-Forwarded-For # Header for client IP from your Ingress realIpFrom: 0.0.0.0/0 # Trust all proxies (restrict to your Ingress pod CIDR for security) path: / pathType: ImplementationSpecific # Optional: Enable PROXY protocol for mail protocols if your Ingress supports TCP proxying proxyProtocol: smtp: false smtps: false submission: false imap: false imaps: false pop3: false pop3s: false manageSieve: false # Front configuration front: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: http: 80 https: 443 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 200m memory: 256Mi # Admin configuration admin: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP port: 80 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 300m memory: 512Mi # Postfix configuration postfix: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: smtp: 25 submission: 587 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi # Dovecot configuration dovecot: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: imap: 143 imaps: 993 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi # Rspamd configuration rspamd: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: rspamd: 11333 rspamd-admin: 11334 resources: requests: cpu: 200m memory: 512Mi limits: cpu: 1000m memory: 1Gi # Network Policy networkPolicy: enabled: true ingressController: namespace: ingress-nginx podSelector: | matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller