208 lines
4.3 KiB
YAML
208 lines
4.3 KiB
YAML
# Corrected Mailu Helm values to work with existing infrastructure
|
|
|
|
# Domain configuration
|
|
domain: bakery-ia.local
|
|
hostnames:
|
|
- mail.bakery-ia.local
|
|
|
|
# Mailu version
|
|
mailuVersion: "2024.06"
|
|
secretKey: "cb61b934d47029a64117c0e4110c93f66bbcf5eaa15c84c42727fad78f7"
|
|
|
|
# Timezone
|
|
timezone: "Etc/UTC"
|
|
|
|
# Postmaster configuration
|
|
postmaster: "admin"
|
|
|
|
# TLS configuration
|
|
tls:
|
|
flavor: "notls" # Since we're using ingress for TLS
|
|
|
|
# Limits configuration
|
|
limits:
|
|
messageSizeLimitInMegabytes: 50
|
|
authRatelimit:
|
|
ip: "60/hour"
|
|
user: "100/day"
|
|
messageRatelimit:
|
|
value: "200/day"
|
|
|
|
# External relay configuration (Mailgun)
|
|
externalRelay:
|
|
host: "[smtp.mailgun.org]:587"
|
|
username: "postmaster@bakery-ia.local"
|
|
password: "mailgun-api-key-replace-in-production"
|
|
|
|
# Webmail configuration
|
|
webmail:
|
|
enabled: true
|
|
flavor: "roundcube"
|
|
|
|
# Antivirus and antispam configuration
|
|
antivirus:
|
|
enabled: false # Disabled in dev to save resources
|
|
antispam:
|
|
enabled: true
|
|
flavor: "rspamd"
|
|
|
|
# Welcome message
|
|
welcomeMessage:
|
|
enabled: false # Disabled during development
|
|
|
|
# Logging
|
|
logLevel: "DEBUG"
|
|
|
|
# Network configuration
|
|
subnet: "10.42.0.0/16"
|
|
|
|
# Redis configuration - using external Redis (shared cluster Redis)
|
|
externalRedis:
|
|
enabled: true
|
|
host: "redis-service" # Using the service name in the same namespace
|
|
port: 6380 # Using plain TCP port for internal cluster communication
|
|
adminQuotaDbId: 15
|
|
adminRateLimitDbId: 15
|
|
rspamdDbId: 15
|
|
|
|
# Database configuration - using existing PostgreSQL service
|
|
externalDatabase:
|
|
enabled: true
|
|
type: "postgresql"
|
|
host: "auth-db-service" # Using an existing PostgreSQL service in the namespace
|
|
port: 5432
|
|
database: "mailu" # This database needs to be created manually
|
|
username: "mailu"
|
|
password: "E8Kz47YmVzDlHGs1M9wAbJzxcKnGONCT"
|
|
|
|
# Persistence configuration
|
|
persistence:
|
|
single_pvc: true
|
|
size: 10Gi
|
|
storageClass: ""
|
|
accessModes: [ReadWriteOnce]
|
|
|
|
# Ingress configuration - disabled to use with existing ingress
|
|
ingress:
|
|
enabled: false # Disable chart's Ingress; use existing one
|
|
tls: false # Disable TLS in chart since ingress handles it
|
|
tlsFlavorOverride: notls # No TLS on internal NGINX; expect external proxy to handle TLS
|
|
realIpHeader: X-Forwarded-For # Header for client IP from your Ingress
|
|
realIpFrom: 0.0.0.0/0 # Trust all proxies (restrict to your Ingress pod CIDR for security)
|
|
path: /
|
|
pathType: ImplementationSpecific
|
|
|
|
# Optional: Enable PROXY protocol for mail protocols if your Ingress supports TCP proxying
|
|
proxyProtocol:
|
|
smtp: false
|
|
smtps: false
|
|
submission: false
|
|
imap: false
|
|
imaps: false
|
|
pop3: false
|
|
pop3s: false
|
|
manageSieve: false
|
|
|
|
# Front configuration
|
|
front:
|
|
image:
|
|
tag: "2024.06"
|
|
replicaCount: 1
|
|
service:
|
|
type: ClusterIP
|
|
ports:
|
|
http: 80
|
|
https: 443
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
|
|
# Admin configuration
|
|
admin:
|
|
image:
|
|
tag: "2024.06"
|
|
replicaCount: 1
|
|
service:
|
|
type: ClusterIP
|
|
port: 80
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
limits:
|
|
cpu: 300m
|
|
memory: 512Mi
|
|
|
|
# Postfix configuration
|
|
postfix:
|
|
image:
|
|
tag: "2024.06"
|
|
replicaCount: 1
|
|
service:
|
|
type: ClusterIP
|
|
ports:
|
|
smtp: 25
|
|
submission: 587
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
|
|
# Dovecot configuration
|
|
dovecot:
|
|
image:
|
|
tag: "2024.06"
|
|
replicaCount: 1
|
|
service:
|
|
type: ClusterIP
|
|
ports:
|
|
imap: 143
|
|
imaps: 993
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
|
|
# Rspamd configuration
|
|
rspamd:
|
|
image:
|
|
tag: "2024.06"
|
|
replicaCount: 1
|
|
service:
|
|
type: ClusterIP
|
|
ports:
|
|
rspamd: 11333
|
|
rspamd-admin: 11334
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 512Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
|
|
# Network Policy
|
|
networkPolicy:
|
|
enabled: true
|
|
ingressController:
|
|
namespace: ingress-nginx
|
|
podSelector: |
|
|
matchLabels:
|
|
app.kubernetes.io/name: ingress-nginx
|
|
app.kubernetes.io/instance: ingress-nginx
|
|
app.kubernetes.io/component: controller
|
|
monitoring:
|
|
namespace: monitoring
|
|
podSelector: |
|
|
matchLabels:
|
|
app: signoz-prometheus |