bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
66dfd50fbc22de02f830bd721c0b6767cf82b2d5
bakery-ia/infrastructure/platform/mail/mailu-helm/values.yaml
Urtzi Alfaro 66dfd50fbc Add new infra architecture 12
2026-01-21 16:21:24 +01:00

235 lines
5.4 KiB
YAML
Raw Blame History

# Base Mailu Helm values for Bakery-IA
# Preserves critical configurations from the original Kustomize setup
# Global DNS configuration for DNSSEC validation
global:
# Using Unbound DNS resolver directly for DNSSEC validation
# Unbound service is available at unbound-dns.bakery-ia.svc.cluster.local
# Static ClusterIP configured in unbound-helm/values.yaml
custom_dns_servers: "10.96.53.53" # Unbound DNS static ClusterIP
# Domain configuration
domain: "DOMAIN_PLACEHOLDER"
hostnames:
- "mail.DOMAIN_PLACEHOLDER"
# Mailu version to match the original setup
mailuVersion: "2024.06"
# Secret key for authentication cookies
secretKey: "cb61b934d47029a64117c0e4110c93f66bbcf5eaa15c84c42727fad78f7"
# Timezone
timezone: "Etc/UTC"
# Postmaster configuration
postmaster: "admin"
# Initial admin account configuration
# This creates an admin user as part of the Helm deployment
# Credentials can be provided directly or via Kubernetes secret
initialAccount:
enabled: true
username: "admin"
domain: "" # Set in environment-specific values (dev/prod)
password: "" # Leave empty to use existingSecret
existingSecret: "mailu-admin-credentials"
existingSecretPasswordKey: "password"
mode: "ifmissing" # Only create if account doesn't exist
# TLS configuration
tls:
flavor: "notls" # Disable TLS for development
# Limits configuration
limits:
messageSizeLimitInMegabytes: 50
authRatelimit:
ip: "60/hour"
user: "100/day"
messageRatelimit:
value: "200/day"
# External relay configuration (Mailgun)
# Mailu will relay all outbound emails through Mailgun SMTP
# Credentials are loaded from Kubernetes secret for security
externalRelay:
host: "[smtp.mailgun.org]:587"
# Use existing secret for credentials (recommended for security)
secretName: "mailu-mailgun-credentials"
usernameKey: "RELAY_USERNAME"
passwordKey: "RELAY_PASSWORD"
# Webmail configuration
webmail:
enabled: true
type: "roundcube"
# Antivirus and antispam configuration
antivirus:
enabled: false # Disabled in dev to save resources
antispam:
enabled: true
flavor: "rspamd"
# Welcome message
welcomeMessage:
enabled: false # Disabled during development
# Logging
logLevel: "INFO"
# Network configuration
subnet: "10.42.0.0/16"
# Redis configuration - using internal Redis (built-in)
externalRedis:
enabled: false
# host: "redis-service.bakery-ia.svc.cluster.local"
# port: 6380
adminQuotaDbId: 15
adminRateLimitDbId: 15
rspamdDbId: 15
# Database configuration - using default SQLite (built-in)
externalDatabase:
enabled: false
# type: "postgresql"
# host: "postgres-service.bakery-ia.svc.cluster.local"
# port: 5432
# database: "mailu"
# username: "mailu"
# password: "E8Kz47YmVzDlHGs1M9wAbJzxcKnGONCT"
# Persistence configuration
persistence:
single_pvc: true
size: 10Gi
storageClass: ""
accessModes: [ReadWriteOnce]
# Ingress configuration - disabled to use with existing ingress
ingress:
enabled: false # Disable chart's Ingress; use existing one
tls: false # Disable TLS in chart since ingress handles it
tlsFlavorOverride: notls # No TLS on internal NGINX; expect external proxy to handle TLS
realIpHeader: X-Forwarded-For # Header for client IP from your Ingress
realIpFrom: 0.0.0.0/0 # Trust all proxies (restrict to your Ingress pod CIDR for security)
path: /
pathType: ImplementationSpecific
# Optional: Enable PROXY protocol for mail protocols if your Ingress supports TCP proxying
proxyProtocol:
smtp: false
smtps: false
submission: false
imap: false
imaps: false
pop3: false
pop3s: false
manageSieve: false
# Front configuration
front:
image:
tag: "2024.06"
replicaCount: 1
service:
type: ClusterIP
ports:
http: 80
https: 443
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 256Mi
# Admin configuration
admin:
image:
tag: "2024.06"
replicaCount: 1
service:
type: ClusterIP
port: 80
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 300m
memory: 512Mi
# Postfix configuration
postfix:
image:
tag: "2024.06"
replicaCount: 1
service:
type: ClusterIP
ports:
smtp: 25
submission: 587
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
# Dovecot configuration
dovecot:
image:
tag: "2024.06"
replicaCount: 1
service:
type: ClusterIP
ports:
imap: 143
imaps: 993
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
# Rspamd configuration
rspamd:
image:
tag: "2024.06"
replicaCount: 1
service:
type: ClusterIP
ports:
rspamd: 11333
rspamd-admin: 11334
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
# Network Policy
networkPolicy:
enabled: true
ingressController:
namespace: ingress-nginx
podSelector: |
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
# DNS Policy Configuration
# Use Kubernetes DNS (ClusterFirst) for internal service resolution
# DNSSEC validation for email is handled by rspamd component
# Note: For production with DNSSEC needs, configure CoreDNS to forward to Unbound
dnsPolicy: "ClusterFirst"
Reference in New Issue View Git Blame Copy Permalink